search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed libpth support with --enable-tcp.
[libpwmd.git] / libpwmd.c
blobd526fc8645aa5065cb5a9eefc480be4760e10408
1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
2 /*
3 Copyright (C) 2006-2008 Ben Kibbey <bjk@luxsci.net>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02110-1301 USA
18 */
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <unistd.h>
22 #include <err.h>
23 #include <errno.h>
24 #include <ctype.h>
25 #include <string.h>
26 #include <sys/socket.h>
27 #include <sys/un.h>
28 #include <signal.h>
29 #include <stdarg.h>
30 #include <string.h>
31 #include <sys/wait.h>
32 #include <fcntl.h>
33 #include <pwd.h>
34 #include <time.h>
35 #include <sys/types.h>
36 #include <limits.h>
37 #include <sys/select.h>
38 #include <netdb.h>
39 #include <netinet/in.h>
40 #include <sys/socket.h>
41 #include <libpwmd.h>
42
43 #ifdef HAVE_CONFIG_H
44 #include <config.h>
45 #endif
46
47 #ifdef WITH_LIBPTH
48 #include <pth.h>
49 #endif
50
51 #ifdef HAVE_LIBGNUTLS
52 #include <gnutls/gnutls.h>
53 #include <gnutls/x509.h>
54 #define DNS_USE_GETTIMEOFDAY_FOR_ID 1
55 #include <event.h>
56 #include <evdns.h>
57 #ifdef WITH_LIBPTH
58 #include <gcrypt.h>
59 GCRY_THREAD_OPTION_PTH_IMPL;
60 #endif
61 #endif
62
63 #ifdef HAVE_ASSUAN_H
64 #include <assuan.h>
65 #endif
66
67 #ifdef HAVE_SETLOCALE
68 #include <locale.h>
69 #endif
70
71 #include "gettext.h"
72 #define N_(msgid) dgettext("libpwmd", msgid)
73
74 #ifndef MEM_DEBUG
75 #include "mem.h"
76 #else
77 #define xfree free
78 #define xrealloc realloc
79 #define xmalloc malloc
80 #define xstrdup strdup
81 #define xcalloc calloc
82 #endif
83
84 #include "types.h"
85
86 #ifdef WITH_PINENTRY
87 static pwm_t *gpwm;
88 static int gelapsed, gtimeout;
89 static gpg_error_t pinentry_command(pwm_t *pwm, char **result, const char *cmd);
90 static gpg_error_t global_error;
91 #endif
92
93 const char *pwmd_strerror(gpg_error_t e)
94 {
95 gpg_err_code_t code = gpg_err_code(e);
96
97 if (code >= GPG_ERR_USER_1 && code < gpg_err_code(EPWMD_MAX)) {
98 switch (code) {
99 case GPG_ERR_USER_1:
100 default:
101 return N_("Unknown error");
102 case GPG_ERR_USER_2:
103 return N_("No cache slots available");
104 case GPG_ERR_USER_3:
105 return N_("Recursion loop");
106 case GPG_ERR_USER_4:
107 return N_("No file is open");
108 case GPG_ERR_USER_5:
109 return N_("General LibXML error");
110 case GPG_ERR_USER_6:
111 return N_("File modified");
112 case GPG_ERR_USER_7:
113 return N_("Access denied");
114 }
115 }
116
117 return gpg_strerror(e);
118 }
119
120 gpg_error_t pwmd_init()
121 {
122 static int initialized;
123
124 if (initialized)
125 return 0;
126
127 #ifdef HAVE_LIBGNUTLS
128 #ifdef WITH_LIBPTH
129 gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
130 #endif
131 gnutls_global_set_mem_functions(xmalloc, xmalloc, NULL, xrealloc, xfree);
132 gnutls_global_init ();
133 event_init();
134 evdns_init();
135 #endif
136 #ifdef ENABLE_NLS
137 bindtextdomain("libpwmd", LOCALEDIR);
138 #endif
139 gpg_err_init();
140 assuan_set_malloc_hooks(xmalloc, xrealloc, xfree);
141 assuan_set_assuan_err_source(GPG_ERR_SOURCE_DEFAULT);
142 initialized = 1;
143 return 0;
144 }
145
146 static pwm_t *_socket_connect_finalize(pwm_t *pwm, assuan_context_t ctx)
147 {
148 int active[2];
149 int n = assuan_get_active_fds(ctx, 0, active, sizeof(active));
150
151 pwm->fd = n <= 0 ? -1 : dup(active[0]);
152 pwm->ctx = ctx;
153 #ifdef WITH_PINENTRY
154 pwm->pid = -1;
155 pwm->pinentry_tries = 3;
156 #endif
157 assuan_set_pointer(ctx, pwm);
158 return pwm;
159 }
160
161 #ifdef HAVE_LIBGNUTLS
162 static int read_hook(assuan_context_t ctx, assuan_fd_t fd, void *data,
163 size_t len, ssize_t *ret)
164 {
165 pwm_t *pwm = assuan_get_pointer(ctx);
166
167 if (!pwm || !pwm->session)
168 *ret = read((int)fd, data, len);
169 else {
170 do {
171 *ret = gnutls_record_recv(pwm->session, data, len);
172
173 if (*ret == GNUTLS_E_REHANDSHAKE) {
174 *ret = gnutls_rehandshake(pwm->session);
175
176 if (*ret == GNUTLS_E_WARNING_ALERT_RECEIVED ||
177 *ret == GNUTLS_A_NO_RENEGOTIATION) {
178 gnutls_perror(*ret);
179 continue;
180 }
181
182 if (*ret != GNUTLS_E_SUCCESS) {
183 gnutls_perror(*ret);
184 *ret = 0;
185 break;
186 }
187
188 *ret = gnutls_handshake(pwm->session);
189
190 if (*ret != GNUTLS_E_SUCCESS) {
191 gnutls_perror(*ret);
192 *ret = 0;
193 break;
194 }
195
196 continue;
197 }
198 } while (*ret == GNUTLS_E_INTERRUPTED || *ret == GNUTLS_E_AGAIN);
199 }
200
201 return *ret <= 0 ? 0 : 1;
202 }
203
204 static int write_hook(assuan_context_t ctx, assuan_fd_t fd, const void *data,
205 size_t len, ssize_t *ret)
206 {
207 pwm_t *pwm = assuan_get_pointer(ctx);
208
209 if (!pwm || !pwm->session)
210 *ret = write((int)fd, data, len);
211 else {
212 do {
213 *ret = gnutls_record_send(pwm->session, data, len);
214 } while (*ret == GNUTLS_E_INTERRUPTED || *ret == GNUTLS_E_AGAIN);
215 }
216
217 return *ret <= 0 ? 0 : 1;
218 }
219
220 static void _tls_deinit(pwm_t *pwm)
221 {
222 if (pwm->session) {
223 gnutls_bye(pwm->session, GNUTLS_SHUT_WR);
224 gnutls_deinit(pwm->session);
225 }
226
227 if (pwm->x509)
228 gnutls_certificate_free_credentials(pwm->x509);
229
230 pwm->session = NULL;
231 pwm->x509 = NULL;
232 }
233
234 static gpg_error_t verify_certificate(pwm_t *pwm)
235 {
236 unsigned int status;
237 const gnutls_datum_t *cert_list;
238 unsigned int cert_list_size;
239 int i;
240 gnutls_x509_crt_t cert;
241 gpg_error_t rc;
242
243 rc = gnutls_certificate_verify_peers2(pwm->session, &status);
244
245 if (rc < 0) {
246 gnutls_perror(rc);
247 return GPG_ERR_BAD_CERT;
248 }
249
250 if (status & GNUTLS_CERT_INVALID)
251 return GPG_ERR_BAD_CERT;
252
253 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
254 return GPG_ERR_BAD_SIGNATURE;
255
256 if (status & GNUTLS_CERT_REVOKED)
257 return GPG_ERR_CERT_REVOKED;
258
259 if (gnutls_certificate_type_get(pwm->session) != GNUTLS_CRT_X509)
260 return GPG_ERR_UNSUPPORTED_CERT;
261
262 if (gnutls_x509_crt_init(&cert) < 0)
263 return gpg_error_from_errno(ENOMEM);
264
265 cert_list = gnutls_certificate_get_peers(pwm->session, &cert_list_size);
266
267 if (!cert_list) {
268 rc = GPG_ERR_MISSING_CERT;
269 goto done;
270 }
271
272 for (i = 0; i < cert_list_size; i++) {
273 if (gnutls_x509_crt_import(cert, &cert_list[i], GNUTLS_X509_FMT_DER) < 0) {
274 rc = GPG_ERR_BAD_CERT_CHAIN;
275 goto done;
276 }
277
278 if (gnutls_x509_crt_get_expiration_time(cert) < time(0)) {
279 rc = GPG_ERR_CERT_EXPIRED;
280 goto done;
281 }
282
283 if (gnutls_x509_crt_get_activation_time(cert) > time(0)) {
284 rc = GPG_ERR_CERT_TOO_YOUNG;
285 goto done;
286 }
287
288 if (pwm->tcp_conn->verify) {
289 if (!gnutls_x509_crt_check_hostname(cert, pwm->tcp_conn->host)) {
290 rc = GPG_ERR_BAD_CERT_CHAIN;
291 goto done;
292 }
293 }
294 }
295
296 done:
297 gnutls_x509_crt_deinit(cert);
298 return rc;
299 }
300
301 static gpg_error_t _tls_init(pwm_t *pwm)
302 {
303 gpg_error_t rc;
304 const char *errstr;
305
306 rc = gnutls_certificate_allocate_credentials(&pwm->x509);
307
308 if (rc)
309 return gpg_error_from_errno(ENOMEM);
310
311 /* The client certificate must be signed by the CA of the pwmd server
312 * certificate in order for the client to authenticate successfully. Man in
313 * the middle attacks are still possible if the attacker is running a pwmd
314 * that doesn't require client certificate authentication. So require the
315 * client to verify the server certificate.
316 */
317 rc = gnutls_certificate_set_x509_trust_file (pwm->x509, pwm->tcp_conn->ca,
318 GNUTLS_X509_FMT_PEM);
319
320 if (rc == -1) {
321 gnutls_perror(rc);
322 rc = GPG_ERR_INV_CERT_OBJ;
323 goto fail;
324 }
325
326 rc = gnutls_certificate_set_x509_key_file(pwm->x509, pwm->tcp_conn->cert,
327 pwm->tcp_conn->key, GNUTLS_X509_FMT_PEM);
328
329 if (rc != GNUTLS_E_SUCCESS) {
330 gnutls_perror(rc);
331 rc = GPG_ERR_INV_CERT_OBJ;
332 goto fail;
333 }
334
335 rc = gnutls_init(&pwm->session, GNUTLS_CLIENT);
336
337 if (rc != GNUTLS_E_SUCCESS) {
338 gnutls_perror(rc);
339 rc = GPG_ERR_INV_CERT_OBJ;
340 goto fail;
341 }
342
343 rc = gnutls_priority_set_direct(pwm->session,
344 pwm->tcp_conn->priority ? pwm->tcp_conn->priority : "SECURE256",
345 &errstr);
346
347 if (rc != GNUTLS_E_SUCCESS) {
348 gnutls_perror(rc);
349 rc = GPG_ERR_INV_CERT_OBJ;
350 goto fail;
351 }
352
353 rc = gnutls_credentials_set(pwm->session, GNUTLS_CRD_CERTIFICATE, pwm->x509);
354
355 if (rc != GNUTLS_E_SUCCESS) {
356 gnutls_perror(rc);
357 rc = GPG_ERR_INV_CERT_OBJ;
358 goto fail;
359 }
360
361 gnutls_transport_set_ptr(pwm->session,
362 (gnutls_transport_ptr_t)pwm->tcp_conn->fd);
363 rc = gnutls_handshake(pwm->session);
364
365 if (rc != GNUTLS_E_SUCCESS) {
366 gnutls_perror(rc);
367 rc = GPG_ERR_INV_CERT_OBJ;
368 _tls_deinit(pwm);
369 return rc;
370 }
371
372 rc = verify_certificate(pwm);
373
374 fail:
375 if (rc)
376 _tls_deinit(pwm);
377
378 return rc;
379 }
380
381 static void _tls_assuan_deinit(assuan_context_t ctx)
382 {
383 pwm_t *pwm = assuan_get_pointer(ctx);
384
385 _tls_deinit(pwm);
386 }
387
388 static void free_tcp_conn(pwmd_tcp_conn_t *conn)
389 {
390 if (!conn)
391 return;
392
393 if (conn->cert)
394 xfree(conn->cert);
395
396 if (conn->key)
397 xfree(conn->key);
398
399 if (conn->ca)
400 xfree(conn->ca);
401
402 if (conn->host)
403 xfree(conn->host);
404
405
406 if (conn->priority)
407 xfree(conn->priority);
408
409 xfree(conn);
410 }
411
412 /*
413 * Sets common options from both pwmd_tcp_connect() and
414 * pwmd_tcp_connect_async().
415 */
416 static gpg_error_t init_tcp_conn(pwmd_tcp_conn_t **dst, char *host, int port,
417 const char *cert, const char *key, const char *ca, int verify,
418 const char *priority)
419 {
420 char buf[PATH_MAX];
421 struct passwd *pw = getpwuid(getuid());
422 pwmd_tcp_conn_t *conn;
423 gpg_error_t rc = 0;
424
425 if (!host)
426 return GPG_ERR_INV_ARG;
427
428 conn = xcalloc(1, sizeof(pwmd_tcp_conn_t));
429 if (!conn)
430 return gpg_error_from_errno(ENOMEM);
431
432 conn->port = port == -1 ? 6466 : port;
433 conn->host = xstrdup(host);
434
435 if (!conn->host) {
436 rc = gpg_error_from_errno(ENOMEM);
437 goto fail;
438 }
439
440 if (!cert) {
441 snprintf(buf, sizeof(buf), "%s/.pwmd/client-cert.pem", pw->pw_dir);
442 conn->cert = xstrdup(buf);
443 }
444 else
445 conn->cert = xstrdup(cert);
446
447 if (!conn->cert) {
448 rc = gpg_error_from_errno(ENOMEM);
449 goto fail;
450 }
451
452 if (!key) {
453 snprintf(buf, sizeof(buf), "%s/.pwmd/client-key.pem", pw->pw_dir);
454 conn->key = xstrdup(buf);
455 }
456 else
457 conn->key = xstrdup(key);
458
459 if (!conn->key) {
460 rc = gpg_error_from_errno(ENOMEM);
461 goto fail;
462 }
463
464 if (!ca) {
465 snprintf(buf, sizeof(buf), "%s/.pwmd/ca-cert.pem", pw->pw_dir);
466 conn->ca = xstrdup(buf);
467 }
468 else
469 conn->ca = xstrdup(ca);
470
471 if (!conn->ca) {
472 rc = gpg_error_from_errno(ENOMEM);
473 goto fail;
474 }
475
476 conn->fd = socket(PF_INET, SOCK_STREAM, 0);
477
478 if (conn->fd == -1) {
479 rc = gpg_error_from_syserror();
480 goto fail;
481 }
482
483 conn->verify = verify;
484 conn->priority = xstrdup(priority);
485
486 if (!conn->priority) {
487 rc = gpg_error_from_errno(ENOMEM);
488 goto fail;
489 }
490
491 *dst = conn;
492 return 0;
493
494 fail:
495 free_tcp_conn(conn);
496 return rc;
497 }
498
499 static gpg_error_t do_connect(pwm_t *pwm, void *addr)
500 {
501 struct sockaddr_in their_addr;
502
503 pwm->cmd = ASYNC_CMD_CONNECT;
504 their_addr.sin_family = AF_INET;
505 their_addr.sin_port = htons(pwm->tcp_conn->port);
506 their_addr.sin_addr = *((struct in_addr *)addr);
507 memset(their_addr.sin_zero, '\0', sizeof their_addr.sin_zero);
508
509 if (connect(pwm->tcp_conn->fd, (struct sockaddr *)&their_addr,
510 sizeof(their_addr)) == -1)
511 return gpg_error_from_syserror();
512
513 return 0;
514 }
515
516 static void dns_resolve_cb(int result, char type, int count, int ttl,
517 void *addrs, void *arg)
518 {
519 pwm_t *pwm = arg;
520
521 if (result != DNS_ERR_NONE) {
522 switch (result) {
523 case DNS_ERR_NOTEXIST:
524 pwm->tcp_conn->rc = GPG_ERR_UNKNOWN_HOST;
525 break;
526 case DNS_ERR_SERVERFAILED:
527 pwm->tcp_conn->rc = GPG_ERR_EHOSTDOWN;
528 break;
529 case DNS_ERR_TIMEOUT:
530 pwm->tcp_conn->rc = GPG_ERR_TIMEOUT;
531 break;
532 default:
533 //FIXME
534 pwm->tcp_conn->rc = GPG_ERR_EHOSTUNREACH;
535 break;
536 }
537
538 return;
539 }
540
541 fcntl(pwm->tcp_conn->fd, F_SETFL, O_NONBLOCK);
542 pwm->tcp_conn->rc = do_connect(pwm, &addrs[0]);
543 }
544
545 pwm_t *pwmd_tcp_connect_async(char *host, int port, gpg_error_t *rc,
546 const char *cert, const char *key, const char *ca, int verify,
547 const char *priority)
548 {
549 #ifndef HAVE_LIBGNUTLS
550 *rc = GPG_ERR_NOT_IMPLEMENTED;
551 return NULL;
552 #else
553 pwmd_tcp_conn_t *conn;
554 pwm_t *pwm;
555
556 *rc = init_tcp_conn(&conn, host, port, cert, key, ca, verify, priority);
557
558 if (*rc)
559 return NULL;
560
561 if ((pwm = (pwm_t *)xcalloc(1, sizeof(pwm_t))) == NULL) {
562 *rc = gpg_error_from_syserror();
563 free_tcp_conn(conn);
564 return NULL;
565 }
566
567 pwm->tcp_conn = conn;
568 pwm->cmd = ASYNC_CMD_DNS;
569 pwm->state = ASYNC_PROCESS;
570 evdns_resolv_conf_parse(DNS_OPTIONS_ALL, "/etc/resolv.conf");
571 evdns_resolve_ipv4(pwm->tcp_conn->host, 0, dns_resolve_cb, pwm);
572 return pwm;
573 #endif
574 }
575
576 static pwm_t *setup_context(pwm_t *pwm, gpg_error_t *rc)
577 {
578 assuan_context_t ctx;
579 struct assuan_io_hooks io_hooks = {read_hook, write_hook};
580 int fd = pwm->tcp_conn->fd;
581
582 *rc = _tls_init(pwm);
583 free_tcp_conn(pwm->tcp_conn);
584 pwm->tcp_conn = NULL;
585
586 if (*rc)
587 goto fail;
588
589 assuan_set_io_hooks(&io_hooks);
590 *rc = assuan_socket_connect_fd(&ctx, fd, 0, pwm);
591
592 if (*rc)
593 goto fail;
594
595 assuan_set_finish_handler(ctx, _tls_assuan_deinit);
596 return _socket_connect_finalize(pwm, ctx);
597
598 fail:
599 _tls_deinit(pwm);
600 xfree(pwm);
601 return NULL;
602 }
603
604 pwm_t *pwmd_tcp_connect(char *host, int port, gpg_error_t *rc, const char *cert,
605 const char *key, const char *ca, int verify, const char *priority)
606 {
607 struct hostent *he;
608 pwm_t *pwm = NULL;
609 pwmd_tcp_conn_t *conn;
610
611 *rc = init_tcp_conn(&conn, host, port, cert, key, ca, verify, priority);
612
613 if (*rc)
614 return NULL;
615
616 if ((he = gethostbyname(conn->host)) == NULL) {
617 // FIXME
618 *rc = gpg_error_from_syserror();
619 free_tcp_conn(conn);
620 return NULL;
621 }
622
623 if ((pwm = (pwm_t *)xcalloc(1, sizeof(pwm_t))) == NULL) {
624 *rc = gpg_error_from_syserror();
625 goto fail;
626 }
627
628 pwm->tcp_conn = conn;
629 *rc = do_connect(pwm, he->h_addr);
630
631 if (*rc)
632 goto fail;
633
634 return setup_context(pwm, rc);
635
636 fail:
637 xfree(pwm);
638
639 if (conn->fd >= 0)
640 close(conn->fd);
641
642 free_tcp_conn(conn);
643 return NULL;
644 }
645 #endif
646
647 pwm_t *pwmd_connect(const char *path, gpg_error_t *rc)
648 {
649 pwm_t *pwm = NULL;
650 char *socketpath = NULL;
651 struct passwd *pw;
652 assuan_context_t ctx;
653
654 if (!path) {
655 pw = getpwuid(getuid());
656 socketpath = (char *)xmalloc(strlen(pw->pw_dir) + strlen("/.pwmd/socket") + 1);
657 sprintf(socketpath, "%s/.pwmd/socket", pw->pw_dir);
658 }
659 else
660 socketpath = xstrdup(path);
661
662 *rc = assuan_socket_connect_ext(&ctx, socketpath, -1, 0);
663 xfree(socketpath);
664
665 if (*rc)
666 return NULL;
667
668 if ((pwm = (pwm_t *)xcalloc(1, sizeof(pwm_t))) == NULL) {
669 *rc = gpg_error_from_syserror();
670 return NULL;
671 }
672
673 return _socket_connect_finalize(pwm, ctx);
674 }
675
676 gpg_error_t pwmd_pending_line(pwm_t *pwm, char **line, size_t *len)
677 {
678 if (!pwm)
679 return GPG_ERR_INV_ARG;
680
681 if (assuan_pending_line(pwm->ctx))
682 return assuan_read_line(pwm->ctx, line, len);
683
684 return GPG_ERR_NO_DATA;
685 }
686
687 void pwmd_close(pwm_t *pwm)
688 {
689 if (!pwm)
690 return;
691
692 if (pwm->ctx)
693 assuan_disconnect(pwm->ctx);
694
695 if (pwm->password)
696 xfree(pwm->password);
697
698 if (pwm->title)
699 xfree(pwm->title);
700
701 if (pwm->desc)
702 xfree(pwm->desc);
703
704 if (pwm->prompt)
705 xfree(pwm->prompt);
706
707 if (pwm->pinentry_tty)
708 xfree(pwm->pinentry_tty);
709
710 if (pwm->pinentry_display)
711 xfree(pwm->pinentry_display);
712
713 if (pwm->pinentry_term)
714 xfree(pwm->pinentry_term);
715
716 if (pwm->filename)
717 xfree(pwm->filename);
718
719 xfree(pwm);
720 }
721
722 static int mem_realloc_cb(void *data, const void *buffer, size_t len)
723 {
724 membuf_t *mem = (membuf_t *)data;
725 void *p;
726
727 if (!buffer)
728 return 0;
729
730 if ((p = xrealloc(mem->buf, mem->len + len)) == NULL)
731 return 1;
732
733 mem->buf = p;
734 memcpy((char *)mem->buf + mem->len, buffer, len);
735 mem->len += len;
736 return 0;
737 }
738
739 void pwmd_free_result(void *data)
740 {
741 xfree(data);
742 }
743
744 static int _inquire_cb(void *data, const char *keyword)
745 {
746 pwm_t *pwm = (pwm_t *)data;
747 gpg_error_t rc = 0;
748 int flags = fcntl(pwm->fd, F_GETFL);
749
750 /* Shouldn't get this far without a callback. */
751 if (!pwm->inquire_func)
752 return GPG_ERR_INV_ARG;
753
754 /*
755 * Since the socket file descriptor is probably set to non-blocking, set to
756 * blocking to prevent GPG_ERR_EAGAIN errors. This should be fixes when
757 * asynchronous INQUIRE is supported by either libassuan or a later
758 * libpwmd.
759 */
760 fcntl(pwm->fd, F_SETFL, 0);
761
762 for (;;) {
763 char *result = NULL;
764 size_t len;
765 gpg_error_t arc;
766
767 rc = pwm->inquire_func(pwm->inquire_data, keyword, rc, &result, &len);
768 rc = gpg_err_code(rc);
769
770 if (rc == GPG_ERR_EOF || !rc) {
771 if (len <= 0 || !result || !*result) {
772 rc = 0;
773 break;
774 }
775
776 arc = assuan_send_data(pwm->ctx, result, len);
777
778 if (rc == GPG_ERR_EOF) {
779 rc = arc;
780 break;
781 }
782
783 rc = arc;
784 }
785 else if (rc)
786 break;
787 }
788
789 fcntl(pwm->fd, F_SETFL, flags);
790 return rc;
791 }
792
793 gpg_error_t pwmd_finalize(pwm_t *pwm)
794 {
795 if (!pwm || pwm->cmd == ASYNC_CMD_NONE || pwm->state != ASYNC_DONE)
796 return GPG_ERR_INV_ARG;
797
798 pwm->state = ASYNC_INIT;
799 pwm->cmd = ASYNC_CMD_NONE;
800
801 #ifdef HAVE_LIBGNUTLS
802 if (pwm->cmd == ASYNC_CMD_CONNECT || pwm->cmd == ASYNC_CMD_DNS) {
803 /* pwm is no longer a valid handle. */
804 if (pwm->tcp_conn->rc) {
805 free_tcp_conn(pwm->tcp_conn);
806 xfree(pwm);
807 }
808
809 free_tcp_conn(pwm->tcp_conn);
810 pwm->tcp_conn = NULL;
811 return 0;
812 }
813 #endif
814
815 if (pwm->fd < 0)
816 return GPG_ERR_INV_ARG;
817
818 pwm->state = ASYNC_INIT;
819 pwm->ntries = 0;
820 #ifdef WITH_PINENTRY
821 pwm->is_open_cmd = 0;
822 #endif
823 return 0;
824 }
825
826 static gpg_error_t do_nb_command(pwm_t *pwm, const char *cmd, const char *arg)
827 {
828 char *buf;
829 gpg_error_t rc;
830 size_t len = strlen(cmd) + 2;
831
832 len += arg ? strlen(arg) : 0;
833
834 if (pwm->state != ASYNC_INIT)
835 return GPG_ERR_UNEXPECTED;
836
837 buf = (char *)xmalloc(len);
838
839 if (!buf) {
840 rc = gpg_error_from_errno(ENOMEM);
841 goto fail;
842 }
843
844 snprintf(buf, len, "%s %s", cmd, arg ? arg : "");
845 rc = assuan_write_line(pwm->ctx, buf);
846 xfree(buf);
847
848 if (!rc)
849 pwm->state = ASYNC_PROCESS;
850
851 fail:
852 return rc;
853 }
854
855 gpg_error_t pwmd_open_async(pwm_t *pwm, const char *filename)
856 {
857 if (!pwm || !filename)
858 return GPG_ERR_INV_ARG;
859
860 /* For pinentry retries. */
861 if (!pwm->is_open_cmd) {
862 if (pwm->filename)
863 xfree(pwm->filename);
864
865 pwm->filename = xstrdup(filename);
866 }
867
868 pwm->is_open_cmd = 1;
869 return do_nb_command(pwm, "OPEN", filename);
870 }
871
872 gpg_error_t pwmd_save_async(pwm_t *pwm)
873 {
874 if (!pwm)
875 return GPG_ERR_INV_ARG;
876
877 return do_nb_command(pwm, "SAVE", NULL);
878 }
879
880 static gpg_error_t parse_assuan_line(pwm_t *pwm)
881 {
882 gpg_error_t rc;
883 char *line;
884 size_t len;
885
886 rc = assuan_read_line(pwm->ctx, &line, &len);
887
888 if (!rc) {
889 if (line[0] == 'O' && line[1] == 'K' &&
890 (line[2] == 0 || line[2] == ' ')) {
891 pwm->state = ASYNC_DONE;
892 }
893 else if (line[0] == '#') {
894 }
895 else if (line[0] == 'S' && (line[1] == 0 || line[1] == ' ')) {
896 if (pwm->status_func) {
897 pwm->status_func(pwm->status_data,
898 line[1] == 0 ? line+1 : line+2);
899 }
900 }
901 else if (line[0] == 'E' && line[1] == 'R' && line[2] == 'R' &&
902 (line[3] == 0 || line[3] == ' ')) {
903 line += 4;
904 rc = atoi(line);
905 pwm->state = ASYNC_DONE;
906 }
907 }
908
909 return rc;
910 }
911
912 pwmd_async_t pwmd_process(pwm_t *pwm, gpg_error_t *rc)
913 {
914 fd_set fds;
915 int n;
916 struct timeval tv = {0, 0};
917
918 *rc = 0;
919
920 if (!pwm) {
921 *rc = GPG_ERR_INV_ARG;
922 return ASYNC_DONE;
923 }
924
925 #ifdef HAVE_LIBGNUTLS
926 if (pwm->cmd == ASYNC_CMD_DNS) {
927 if (pwm->tcp_conn->rc) {
928 *rc = pwm->tcp_conn->rc;
929 close(pwm->tcp_conn->fd);
930 pwm->state = ASYNC_DONE;
931 }
932
933 event_loop(EVLOOP_NONBLOCK);
934 return pwm->state;
935 }
936 else if (pwm->cmd == ASYNC_CMD_CONNECT) {
937 if (pwm->tcp_conn->rc == GPG_ERR_EINPROGRESS) {
938 int ret;
939 socklen_t len = sizeof(int);
940
941 FD_ZERO(&fds);
942 FD_SET(pwm->tcp_conn->fd, &fds);
943 n = select(pwm->tcp_conn->fd+1, NULL, &fds, NULL, &tv);
944
945 if (!n || !FD_ISSET(pwm->tcp_conn->fd, &fds))
946 return pwm->state;
947 else if (n == -1) {
948 *rc = gpg_error_from_syserror();
949 close(pwm->tcp_conn->fd);
950 pwm->state = ASYNC_DONE;
951 return pwm->state;
952 }
953
954 ret = getsockopt(pwm->tcp_conn->fd, SOL_SOCKET, SO_ERROR, &n, &len);
955 if (ret || n) {
956 *rc = ret ? gpg_error_from_syserror() : gpg_error_from_errno(n);
957 close(pwm->tcp_conn->fd);
958 pwm->state = ASYNC_DONE;
959 return pwm->state;
960 }
961 }
962 else if (pwm->tcp_conn->rc) {
963 *rc = pwm->tcp_conn->rc;
964 close(pwm->tcp_conn->fd);
965 pwm->state = ASYNC_DONE;
966 return pwm->state;
967 }
968
969 fcntl(pwm->tcp_conn->fd, F_SETFL, 0);
970 setup_context(pwm, rc);
971 pwm->state = ASYNC_DONE;
972 return pwm->state;
973 }
974 #endif
975
976 if (pwm->fd < 0) {
977 *rc = GPG_ERR_INV_ARG;
978 return ASYNC_DONE;
979 }
980 else if (pwm->state == ASYNC_DONE)
981 return pwm->state;
982 else if (pwm->state == ASYNC_INIT) {
983 *rc = GPG_ERR_UNEXPECTED;
984 return ASYNC_DONE;
985 }
986
987 FD_ZERO(&fds);
988 FD_SET(pwm->fd, &fds);
989 #ifdef WITH_LIBPTH
990 n = pth_select(pwm->fd+1, &fds, NULL, NULL, &tv);
991 #else
992 n = select(pwm->fd+1, &fds, NULL, NULL, &tv);
993 #endif
994
995 if (n > 0) {
996 if (FD_ISSET(pwm->fd, &fds))
997 *rc = parse_assuan_line(pwm);
998 }
999
1000 while (!*rc && assuan_pending_line(pwm->ctx))
1001 *rc = parse_assuan_line(pwm);
1002
1003 if (pwm->is_open_cmd && gpg_err_code(*rc) == EPWMD_BADKEY &&
1004 ++pwm->ntries < pwm->pinentry_tries) {
1005 pwm->state = ASYNC_INIT;
1006 *rc = pwmd_open_async(pwm, pwm->filename);
1007 }
1008
1009 return pwm->state;
1010 }
1011
1012 static gpg_error_t assuan_command(pwm_t *pwm, assuan_context_t ctx,
1013 char **result, const char *cmd)
1014 {
1015 membuf_t data;
1016 gpg_error_t rc;
1017
1018 data.len = 0;
1019 data.buf = NULL;
1020
1021 rc = assuan_transact(ctx, cmd, mem_realloc_cb, &data, _inquire_cb, pwm,
1022 pwm->status_func, pwm->status_data);
1023
1024 if (rc) {
1025 if (data.buf) {
1026 xfree(data.buf);
1027 data.buf = NULL;
1028 }
1029 }
1030 else {
1031 if (data.buf) {
1032 mem_realloc_cb(&data, "", 1);
1033 *result = (char *)data.buf;
1034 }
1035 }
1036
1037 return gpg_err_code(rc);
1038 }
1039
1040 gpg_error_t pwmd_inquire(pwm_t *pwm, const char *cmd, pwmd_inquire_fn fn,
1041 void *data)
1042 {
1043 if (!pwm || !cmd || !fn)
1044 return GPG_ERR_INV_ARG;
1045
1046 pwm->inquire_func = fn;
1047 pwm->inquire_data = data;
1048 return assuan_command(pwm, pwm->ctx, NULL, cmd);
1049 }
1050
1051 gpg_error_t pwmd_terminate_pinentry(pwm_t *pwm)
1052 {
1053 #ifndef WITH_PINENTRY
1054 return GPG_ERR_NOT_IMPLEMENTED;
1055 #else
1056 if (!pwm || pwm->pid == -1)
1057 return GPG_ERR_INV_ARG;
1058
1059 if (kill(pwm->pid, 0) == 0) {
1060 if (kill(pwm->pid, SIGTERM) == -1) {
1061 if (kill(pwm->pid, SIGKILL) == -1)
1062 return gpg_error_from_errno(errno);
1063 }
1064
1065 pwm->pin_error = GPG_ERR_TIMEOUT;
1066 }
1067 else
1068 return gpg_error_from_errno(errno);
1069
1070 return 0;
1071 #endif
1072 }
1073
1074 #ifdef WITH_PINENTRY
1075 static gpg_error_t set_pinentry_strings(pwm_t *pwm, int which)
1076 {
1077 char *buf;
1078 char tmp[ASSUAN_LINELENGTH];
1079 gpg_error_t error;
1080
1081 if (!pwm->title)
1082 pwm->title = xstrdup(N_("LibPWMD"));
1083
1084 if (!pwm->prompt)
1085 pwm->prompt = xstrdup(N_("Passphrase:"));
1086
1087 if (!pwm->desc && !which)
1088 pwm->desc = xstrdup(N_("Enter a passphrase."));
1089
1090 if (which == 1) {
1091 snprintf(tmp, sizeof(tmp), "SETERROR %s", N_("Invalid passphrase, please try again."));
1092 buf = xstrdup(tmp);
1093 }
1094 else if (which == 2) {
1095 snprintf(tmp, sizeof(tmp), "SETERROR %s", N_("Please type the passphrase again for confirmation."));
1096 buf = xstrdup(tmp);
1097 }
1098 else {
1099 buf = (char *)xmalloc(strlen("SETERROR ") + strlen(pwm->desc) + 1);
1100 sprintf(buf, "SETERROR %s", pwm->desc);
1101 }
1102
1103 error = pinentry_command(pwm, NULL, buf);
1104 xfree(buf);
1105
1106 if (error)
1107 return error;
1108
1109 buf = (char *)xmalloc(strlen("SETPROMPT ") + strlen(pwm->prompt) + 1);
1110 sprintf(buf, "SETPROMPT %s", pwm->prompt);
1111 error = pinentry_command(pwm, NULL, buf);
1112 xfree(buf);
1113
1114 if (error)
1115 return error;
1116
1117 buf = (char *)xmalloc(strlen("SETDESC ") + strlen(pwm->title) + 1);
1118 sprintf(buf, "SETDESC %s", pwm->title);
1119 error = pinentry_command(pwm, NULL, buf);
1120 xfree(buf);
1121 return error;
1122 }
1123
1124 static void update_pinentry_settings(pwm_t *pwm)
1125 {
1126 FILE *fp;
1127 char buf[LINE_MAX];
1128 struct passwd *pw = getpwuid(getuid());
1129 char *p;
1130
1131 snprintf(buf, sizeof(buf), "%s/.pwmd/pinentry.conf", pw->pw_dir);
1132
1133 if ((fp = fopen(buf, "r")) == NULL)
1134 return;
1135
1136 while ((p = fgets(buf, sizeof(buf), fp)) != NULL) {
1137 char name[32], val[256];
1138
1139 if (sscanf(p, " %31[a-zA-Z] = %255s", name, val) != 2)
1140 continue;
1141
1142 if (strcasecmp(name, "TTYNAME") == 0) {
1143 xfree(pwm->pinentry_tty);
1144 pwm->pinentry_tty = xstrdup(val);
1145 }
1146 else if (strcasecmp(name, "TTYTYPE") == 0) {
1147 xfree(pwm->pinentry_term);
1148 pwm->pinentry_term = xstrdup(val);
1149 }
1150 else if (strcasecmp(name, "DISPLAY") == 0) {
1151 xfree(pwm->pinentry_display);
1152 pwm->pinentry_display = xstrdup(val);
1153 }
1154 else if (strcasecmp(name, "PATH") == 0) {
1155 xfree(pwm->pinentry_path);
1156 pwm->pinentry_path = xstrdup(val);
1157 }
1158 }
1159
1160 fclose(fp);
1161 }
1162
1163 static gpg_error_t launch_pinentry(pwm_t *pwm)
1164 {
1165 int rc;
1166 assuan_context_t ctx;
1167 int child_list[] = {-1};
1168 char *display = getenv("DISPLAY");
1169 const char *argv[6];
1170 int have_display = 0;
1171 char *tty = NULL;
1172
1173 update_pinentry_settings(pwm);
1174
1175 if (pwm->pinentry_display || display)
1176 have_display = 1;
1177 else {
1178 tty = pwm->pinentry_tty ? pwm->pinentry_tty : ttyname(STDOUT_FILENO);
1179
1180 if (!tty)
1181 return gpg_error_from_errno(errno);
1182 }
1183
1184 if (!have_display && !tty)
1185 return GPG_ERR_ENOTTY;
1186
1187 argv[0] = "pinentry";
1188 argv[1] = have_display ? "--display" : "--ttyname";
1189 argv[2] = have_display ? pwm->pinentry_display ? pwm->pinentry_display : display : tty;
1190 argv[3] = NULL;
1191
1192 if (!have_display) {
1193 argv[3] = "--ttytype";
1194 argv[4] = pwm->pinentry_term ? pwm->pinentry_term : getenv("TERM");
1195 argv[5] = NULL;
1196 }
1197
1198 rc = assuan_pipe_connect(&ctx, pwm->pinentry_path ? pwm->pinentry_path : PINENTRY_PATH, argv, child_list);
1199
1200 if (rc)
1201 return rc;
1202
1203 pwm->pid = assuan_get_pid(ctx);
1204 pwm->pctx = ctx;
1205 return set_pinentry_strings(pwm, 0);
1206 }
1207
1208 static gpg_error_t pinentry_command(pwm_t *pwm, char **result, const char *cmd)
1209 {
1210 gpg_error_t n;
1211
1212 if (!pwm->pctx) {
1213 n = launch_pinentry(pwm);
1214
1215 if (n)
1216 return n;
1217 }
1218
1219 return assuan_command(pwm, pwm->pctx, result, cmd);
1220 }
1221
1222 static void pinentry_disconnect(pwm_t *pwm)
1223 {
1224 if (pwm->pctx)
1225 assuan_disconnect(pwm->pctx);
1226
1227 pwm->pctx = NULL;
1228 pwm->pid = -1;
1229 }
1230
1231 /*
1232 * Only called from a child process.
1233 */
1234 static void catchsig(int sig)
1235 {
1236 switch (sig) {
1237 case SIGALRM:
1238 if (gelapsed++ >= gtimeout) {
1239 global_error = pwmd_terminate_pinentry(gpwm);
1240
1241 if (!global_error)
1242 global_error = GPG_ERR_TIMEOUT;
1243
1244 break;
1245 }
1246
1247 alarm(1);
1248 break;
1249 default:
1250 break;
1251 }
1252 }
1253
1254 /*
1255 * Borrowed from libassuan.
1256 */
1257 static char *percent_escape(const char *atext)
1258 {
1259 const unsigned char *s;
1260 int len = strlen(atext) * 3 + 1;
1261 char *buf = (char *)xmalloc(len), *p = buf;
1262
1263 if (!buf)
1264 return NULL;
1265
1266 for (s=(const unsigned char *)atext; *s; s++) {
1267 if (*s < ' ') {
1268 sprintf (p, "%%%02X", *s);
1269 p += 3;
1270 }
1271 else
1272 *p++ = *s;
1273 }
1274
1275 *p = 0;
1276 return buf;
1277 }
1278 #endif
1279
1280 static gpg_error_t send_command(pwm_t *pwm, char **result, const char *cmd)
1281 {
1282 if (!cmd)
1283 return GPG_ERR_INV_ARG;
1284
1285 return assuan_command(pwm, pwm->ctx, result, cmd);
1286 }
1287
1288 /*
1289 * Avoid sending the BYE command here. libassuan will close the file
1290 * descriptor and release the assuan context. Use pwmd_close() instead.
1291 */
1292 gpg_error_t pwmd_command(pwm_t *pwm, char **result, const char *cmd, ...)
1293 {
1294 va_list ap;
1295 char *buf;
1296 size_t len;
1297 gpg_error_t error;
1298
1299 if (!pwm || !cmd)
1300 return GPG_ERR_INV_ARG;
1301
1302 *result = NULL;
1303 va_start(ap, cmd);
1304 /*
1305 * C99 allows the dst pointer to be null which will calculate the length
1306 * of the result and return it.
1307 */
1308 len = vsnprintf(NULL, 0, cmd, ap);
1309 buf = (char *)xmalloc(len + 1);
1310 len = vsnprintf(buf, len + 1, cmd, ap);
1311 va_end(ap);
1312 error = send_command(pwm, result, buf);
1313 xfree(buf);
1314 return error;
1315 }
1316
1317 #ifdef WITH_PINENTRY
1318 static gpg_error_t do_getpin(pwm_t *pwm, char **result)
1319 {
1320 if (gtimeout) {
1321 signal(SIGALRM, catchsig);
1322 alarm(1);
1323 }
1324
1325 *result = NULL;
1326 return pinentry_command(pwm, result, "GETPIN");
1327 }
1328
1329 static gpg_error_t getpin(pwm_t *pwm, char **result, int *try_n, int which)
1330 {
1331 int pin_try = *try_n;
1332 gpg_error_t error;
1333
1334 getpin_again:
1335 *try_n = pin_try;
1336
1337 if (pin_try == -1) {
1338 error = set_pinentry_strings(pwm, which);
1339
1340 if (error) {
1341 pinentry_disconnect(pwm);
1342 return error;
1343 }
1344 }
1345 else {
1346 if (pwm->pinentry_tries-1 != pin_try) {
1347 error = set_pinentry_strings(pwm, 1);
1348
1349 if (error) {
1350 pinentry_disconnect(pwm);
1351 return error;
1352 }
1353 }
1354 }
1355
1356 error = do_getpin(pwm, result);
1357
1358 /*
1359 * Since there was input cancel any timeout setting.
1360 */
1361 alarm(0);
1362
1363 if (error) {
1364 if (error == GPG_ERR_CANCELED)
1365 return GPG_ERR_CANCELED;
1366
1367 if (pin_try != -1 && pin_try--)
1368 goto getpin_again;
1369
1370 if (pwm->pctx)
1371 pinentry_disconnect(pwm);
1372
1373 *try_n = pin_try;
1374 return error;
1375 }
1376
1377 return 0;
1378 }
1379 #endif
1380
1381 gpg_error_t pwmd_open_nb_finalize(pwm_t *pwm, pwmd_nb_status_t *pw)
1382 {
1383 gpg_error_t error;
1384
1385 #ifndef WITH_PINENTRY
1386 return GPG_ERR_NOT_IMPLEMENTED;
1387 #endif
1388
1389 if (!pwm || !pw || !pw->filename[0])
1390 return GPG_ERR_INV_ARG;
1391
1392 close(pw->fd);
1393
1394 if (pw->error) {
1395 error = pw->error;
1396 goto fail;
1397 }
1398
1399 if (pwm->filename)
1400 xfree(pwm->filename);
1401
1402 pwm->filename = xstrdup(pw->filename);
1403 memset(pw, 0, sizeof(pwmd_nb_status_t));
1404 return 0;
1405
1406 fail:
1407 memset(pw, 0, sizeof(pwmd_nb_status_t));
1408 return error;
1409 }
1410
1411 static gpg_error_t do_open_command(pwm_t *pwm, const char *filename, char *password)
1412 {
1413 char buf[ASSUAN_LINELENGTH];
1414 gpg_error_t error;
1415 char *result = NULL;
1416
1417 snprintf(buf, sizeof(buf), "OPEN %s %s", filename, password ? password : "");
1418 error = send_command(pwm, &result, buf);
1419 memset(buf, 0, sizeof(buf));
1420
1421 if (error && result)
1422 xfree(result);
1423
1424 return error;
1425 }
1426
1427 static int do_pwmd_open(pwm_t *pwm, gpg_error_t *error, const char *filename,
1428 int nb, int timeout)
1429 {
1430 char *result = NULL;
1431 char *password = NULL;
1432 char path[PATH_MAX];
1433 #ifdef WITH_PINENTRY
1434 int pin_try;
1435 #endif
1436
1437 if (!pwm || !filename || !*filename) {
1438 *error = GPG_ERR_INV_ARG;
1439 return nb ? -1 : 1;
1440 }
1441
1442 #ifdef WITH_PINENTRY
1443 pin_try = pwm->pinentry_tries - 1;
1444 #endif
1445
1446 /*
1447 * Avoid calling pinentry if the password is cached on the server or if
1448 * this is a new file.
1449 */
1450 *error = pwmd_command(pwm, &result, "GETCONFIG data_directory");
1451
1452 if (*error)
1453 return nb ? -1 : 1;
1454
1455 snprintf(path, sizeof(path), "%s/%s", result, filename);
1456 pwmd_free_result(result);
1457
1458 if (access(path, R_OK) == -1) {
1459 if (errno == ENOENT)
1460 goto gotpassword;
1461 }
1462
1463 *error = pwmd_command(pwm, &result, "ISCACHED %s", filename);
1464
1465 if (*error == EPWMD_CACHE_NOT_FOUND) {
1466 if (pwm->passfunc) {
1467 password = pwm->passfunc(pwm, pwm->passdata);
1468 goto gotpassword;
1469 }
1470
1471 #ifdef WITH_PINENTRY
1472 /*
1473 * Get the password from pinentry.
1474 */
1475 if (pwm->use_pinentry) {
1476 /*
1477 * Nonblocking is wanted. fork() then return a file descriptor
1478 * that the client can use to read() from.
1479 */
1480 if (nb) {
1481 int p[2];
1482 pid_t pid;
1483 pwmd_nb_status_t pw;
1484
1485 if (pipe(p) == -1) {
1486 *error = gpg_error_from_syserror();
1487 return -1;
1488 }
1489
1490 #ifdef WITH_LIBPTH
1491 pid = pth_fork();
1492 #else
1493 pid = fork();
1494 #endif
1495
1496 switch (pid) {
1497 case 0:
1498 close(p[0]);
1499 strncpy(pw.filename, filename, sizeof(pw.filename));
1500 pw.filename[sizeof(pw.filename)-1] = 0;
1501 pw.fd = p[0];
1502
1503 if (timeout > 0) {
1504 gpwm = pwm;
1505 gtimeout = timeout;
1506 gelapsed = 0;
1507 }
1508
1509 getpin_nb_again:
1510 *error = getpin(pwm, &password, &pin_try, 0);
1511
1512 if (*error) {
1513 getpin_nb_fail:
1514 if (pwm->pctx)
1515 pinentry_disconnect(pwm);
1516
1517 if (gtimeout && gelapsed >= gtimeout)
1518 *error = GPG_ERR_TIMEOUT;
1519
1520 pw.error = *error;
1521 #ifdef WITH_LIBPTH
1522 pth_write(p[1], &pw, sizeof(pw));
1523 #else
1524 write(p[1], &pw, sizeof(pw));
1525 #endif
1526 close(p[1]);
1527 _exit(1);
1528 }
1529
1530 /*
1531 * Don't count the time it takes to open the file
1532 * which may have many iterations.
1533 */
1534 signal(SIGALRM, SIG_DFL);
1535 *error = do_open_command(pwm, filename, password);
1536
1537 if (timeout)
1538 signal(SIGALRM, catchsig);
1539
1540 if (pwm->pctx && *error == EPWMD_BADKEY) {
1541 if (pin_try-- > 0)
1542 goto getpin_nb_again;
1543
1544 goto getpin_nb_fail;
1545 }
1546
1547 pinentry_disconnect(pwm);
1548 pw.error = 0;
1549 #ifdef WITH_LIBPTH
1550 pth_write(p[1], &pw, sizeof(pw));
1551 #else
1552 write(p[1], &pw, sizeof(pw));
1553 #endif
1554 close(p[1]);
1555 _exit(0);
1556 break;
1557 case -1:
1558 *error = gpg_error_from_syserror();
1559 close(p[0]);
1560 close(p[1]);
1561 return -1;
1562 default:
1563 break;
1564 }
1565
1566 close(p[1]);
1567 *error = 0;
1568 return p[0];
1569 }
1570 }
1571 else {
1572 #endif
1573 /*
1574 * Not using pinentry and the file was not found
1575 * in the cache.
1576 */
1577 password = pwm->password;
1578 #ifdef WITH_PINENTRY
1579 }
1580 #endif
1581 }
1582 else if (*error)
1583 return nb ? -1 : 1;
1584
1585 gotpassword:
1586 *error = do_open_command(pwm, filename, password);
1587
1588 /*
1589 * Keep the user defined password set with pwmd_setopt(). The password may
1590 * be needed later (pwmd_save()) depending on the pwmd file cache settings.
1591 */
1592 if (password && password != pwm->password)
1593 xfree(password);
1594
1595 #ifdef WITH_PINENTRY
1596 if (*error == EPWMD_BADKEY) {
1597 if (pin_try-- > 0 && !nb) {
1598 *error = pwmd_command(pwm, &result, "OPTION TITLE=%s",
1599 N_("Invalid passphrase, please try again."));
1600
1601 if (*error)
1602 return 1;
1603
1604 goto gotpassword;
1605 }
1606
1607 if (nb)
1608 pinentry_disconnect(pwm);
1609
1610 return nb ? -1 : 1;
1611 }
1612 #endif
1613
1614 if (!*error) {
1615 if (pwm->filename)
1616 xfree(pwm->filename);
1617
1618 pwm->filename = xstrdup(filename);
1619 }
1620
1621 /*
1622 * The file is cached or the file is a new file.
1623 */
1624 if (nb)
1625 return *error ? -1 : -2;
1626
1627 return *error ? 1 : 0;
1628 }
1629
1630 gpg_error_t pwmd_open(pwm_t *pwm, const char *filename)
1631 {
1632 gpg_error_t error;
1633
1634 do_pwmd_open(pwm, &error, filename, 0, 0);
1635 return error;
1636 }
1637
1638 int pwmd_open_nb(pwm_t *pwm, gpg_error_t *error, const char *filename,
1639 int timeout)
1640 {
1641 #ifndef WITH_PINENTRY
1642 *error = GPG_ERR_NOT_IMPLEMENTED;
1643 return -1;
1644 #else
1645 return do_pwmd_open(pwm, error, filename, 1, timeout);
1646 #endif
1647 }
1648
1649 #ifdef WITH_PINENTRY
1650 static gpg_error_t do_save_getpin(pwm_t *pwm, char **password)
1651 {
1652 int confirm = 0;
1653 gpg_error_t error;
1654 char *result = NULL;
1655 int pin_try = -1;
1656
1657 again:
1658 error = getpin(pwm, &result, &pin_try, confirm ? 2 : 0);
1659
1660 if (error) {
1661 if (pwm->pctx)
1662 pinentry_disconnect(pwm);
1663
1664 if (*password)
1665 xfree(*password);
1666
1667 return error;
1668 }
1669
1670 if (!confirm++) {
1671 *password = result;
1672 goto again;
1673 }
1674
1675 if (strcmp(*password, result)) {
1676 xfree(*password);
1677 xfree(result);
1678 pinentry_disconnect(pwm);
1679 error = EPWMD_BADKEY;
1680 return error;
1681 }
1682
1683 xfree(result);
1684 pinentry_disconnect(pwm);
1685 return 0;
1686 }
1687 #endif
1688
1689 static gpg_error_t do_save_command(pwm_t *pwm, char *password)
1690 {
1691 char buf[ASSUAN_LINELENGTH];
1692 gpg_error_t error;
1693 char *result = NULL;
1694
1695 snprintf(buf, sizeof(buf), "SAVE %s", password ? password : "");
1696 error = send_command(pwm, &result, buf);
1697 memset(&buf, 0, sizeof(buf));
1698
1699 if (error && result)
1700 xfree(result);
1701
1702 return error;
1703 }
1704
1705 gpg_error_t pwmd_save_nb_finalize(pwm_t *pwm, pwmd_nb_status_t *pw)
1706 {
1707 gpg_error_t rc;
1708
1709 #ifndef WITH_PINENTRY
1710 return GPG_ERR_NOT_IMPLEMENTED;
1711 #endif
1712
1713 if (!pwm || !pw || !pw->filename[0])
1714 return GPG_ERR_INV_ARG;
1715
1716 close(pw->fd);
1717 rc = pw->error;
1718 memset(pw, 0, sizeof(pwmd_nb_status_t));
1719 return rc;
1720 }
1721
1722 static int do_pwmd_save(pwm_t *pwm, gpg_error_t *error, int nb)
1723 {
1724 char *result = NULL;
1725 char *password = NULL;
1726
1727 if (!pwm) {
1728 *error = GPG_ERR_INV_ARG;
1729 return nb ? -1 : 1;
1730 }
1731
1732 if (pwm->use_pinentry || pwm->passfunc) {
1733 *error = pwmd_command(pwm, &result, "ISCACHED %s", pwm->filename);
1734
1735 if (*error == EPWMD_CACHE_NOT_FOUND) {
1736 #ifdef WITH_PINENTRY
1737 if (pwm->use_pinentry) {
1738 if (nb) {
1739 int p[2];
1740 pid_t pid;
1741 pwmd_nb_status_t pw;
1742
1743 if (pipe(p) == -1) {
1744 *error = gpg_error_from_syserror();
1745 return -1;
1746 }
1747
1748 #ifdef WITH_LIBPTH
1749 pid = pth_fork();
1750 #else
1751 pid = fork();
1752 #endif
1753
1754 switch (pid) {
1755 case 0:
1756 close(p[0]);
1757 strncpy(pw.filename, pwm->filename, sizeof(pw.filename));
1758 pw.filename[sizeof(pw.filename)-1] = 0;
1759 pw.fd = p[0];
1760
1761 do {
1762 password = NULL;
1763 *error = do_save_getpin(pwm, &password);
1764 } while (*error == EPWMD_BADKEY);
1765
1766 if (*error) {
1767 if (pwm->pctx)
1768 pinentry_disconnect(pwm);
1769
1770 pw.error = *error;
1771 #ifdef WITH_LIBPTH
1772 pth_write(p[1], &pw, sizeof(pw));
1773 #else
1774 write(p[1], &pw, sizeof(pw));
1775 #endif
1776 close(p[1]);
1777 _exit(1);
1778 }
1779
1780 *error = do_save_command(pwm, password);
1781 pinentry_disconnect(pwm);
1782 pw.error = *error;
1783 #ifdef WITH_LIBPTH
1784 pth_write(p[1], &pw, sizeof(pw));
1785 #else
1786 write(p[1], &pw, sizeof(pw));
1787 #endif
1788 close(p[1]);
1789 _exit(0);
1790 break;
1791 case -1:
1792 *error = gpg_error_from_syserror();
1793 close(p[0]);
1794 close(p[1]);
1795 return -1;
1796 default:
1797 break;
1798 }
1799
1800 close(p[1]);
1801 *error = 0;
1802 return p[0];
1803 }
1804
1805 *error = do_save_getpin(pwm, &password);
1806
1807 if (*error)
1808 return 1;
1809 }
1810 else {
1811 #endif
1812 if (pwm->passfunc)
1813 password = (*pwm->passfunc)(pwm, pwm->passdata);
1814 #ifdef WITH_PINENTRY
1815 }
1816 #endif
1817 }
1818 else {
1819 if (*error)
1820 return nb ? -1 : 1;
1821 }
1822 }
1823 else
1824 password = pwm->password;
1825
1826 *error = do_save_command(pwm, password);
1827
1828 if (password && password != pwm->password)
1829 xfree(password);
1830
1831 if (nb)
1832 return *error ? -1 : -2;
1833
1834 return *error ? 1 : 0;
1835 }
1836
1837 int pwmd_save_nb(pwm_t *pwm, gpg_error_t *error)
1838 {
1839 #ifndef WITH_PINENTRY
1840 *error = GPG_ERR_NOT_IMPLEMENTED;
1841 return -1;
1842 #else
1843 return do_pwmd_save(pwm, error, 1);
1844 #endif
1845 }
1846
1847 gpg_error_t pwmd_save(pwm_t *pwm)
1848 {
1849 gpg_error_t error;
1850
1851 do_pwmd_save(pwm, &error, 0);
1852 return error;
1853 }
1854
1855 gpg_error_t pwmd_setopt(pwm_t *pwm, pwmd_option_t opt, ...)
1856 {
1857 va_list ap;
1858 #ifdef WITH_PINENTRY
1859 int n = va_arg(ap, int);
1860 char *result;
1861 #endif
1862 char *arg1;
1863 gpg_error_t error = 0;
1864
1865 if (!pwm)
1866 return GPG_ERR_INV_ARG;
1867
1868 va_start(ap, opt);
1869
1870 switch (opt) {
1871 case PWMD_OPTION_STATUS_FUNC:
1872 pwm->status_func = va_arg(ap, pwmd_status_fn);
1873 break;
1874 case PWMD_OPTION_STATUS_DATA:
1875 pwm->status_data = va_arg(ap, void *);
1876 break;
1877 case PWMD_OPTION_PASSWORD_FUNC:
1878 pwm->passfunc = va_arg(ap, pwmd_password_fn);
1879 break;
1880 case PWMD_OPTION_PASSWORD_DATA:
1881 pwm->passdata = va_arg(ap, void *);
1882 break;
1883 case PWMD_OPTION_PASSWORD:
1884 arg1 = va_arg(ap, char *);
1885
1886 if (pwm->password)
1887 xfree(pwm->password);
1888
1889 pwm->password = xstrdup(arg1);
1890 break;
1891 #ifdef WITH_PINENTRY
1892 case PWMD_OPTION_PINENTRY:
1893 n = va_arg(ap, int);
1894
1895 if (n != 0 && n != 1) {
1896 va_end(ap);
1897 error = GPG_ERR_INV_VALUE;
1898 }
1899 else {
1900 pwm->use_pinentry = n;
1901 error = pwmd_command(pwm, &result, "OPTION PINENTRY=%i",
1902 !pwm->use_pinentry);
1903 }
1904 break;
1905 case PWMD_OPTION_PINENTRY_TRIES:
1906 n = va_arg(ap, int);
1907
1908 if (n <= 0) {
1909 va_end(ap);
1910 error = GPG_ERR_INV_VALUE;
1911 }
1912 else
1913 pwm->pinentry_tries = n;
1914 break;
1915 case PWMD_OPTION_PINENTRY_PATH:
1916 if (pwm->pinentry_path)
1917 xfree(pwm->pinentry_path);
1918
1919 pwm->pinentry_path = xstrdup(va_arg(ap, char *));
1920 break;
1921 case PWMD_OPTION_PINENTRY_TTY:
1922 if (pwm->pinentry_tty)
1923 xfree(pwm->pinentry_tty);
1924
1925 pwm->pinentry_tty = xstrdup(va_arg(ap, char *));
1926 break;
1927 case PWMD_OPTION_PINENTRY_DISPLAY:
1928 if (pwm->pinentry_display)
1929 xfree(pwm->pinentry_display);
1930
1931 pwm->pinentry_display = xstrdup(va_arg(ap, char *));
1932 break;
1933 case PWMD_OPTION_PINENTRY_TERM:
1934 if (pwm->pinentry_term)
1935 xfree(pwm->pinentry_term);
1936
1937 pwm->pinentry_term = xstrdup(va_arg(ap, char *));
1938 break;
1939 case PWMD_OPTION_PINENTRY_TITLE:
1940 if (pwm->title)
1941 xfree(pwm->title);
1942 pwm->title = percent_escape(va_arg(ap, char *));
1943 break;
1944 case PWMD_OPTION_PINENTRY_PROMPT:
1945 if (pwm->prompt)
1946 xfree(pwm->prompt);
1947 pwm->prompt = percent_escape(va_arg(ap, char *));
1948 break;
1949 case PWMD_OPTION_PINENTRY_DESC:
1950 if (pwm->desc)
1951 xfree(pwm->desc);
1952 pwm->desc = percent_escape(va_arg(ap, char *));
1953 break;
1954 #else
1955 case PWMD_OPTION_PINENTRY:
1956 case PWMD_OPTION_PINENTRY_TRIES:
1957 case PWMD_OPTION_PINENTRY_PATH:
1958 case PWMD_OPTION_PINENTRY_TTY:
1959 case PWMD_OPTION_PINENTRY_DISPLAY:
1960 case PWMD_OPTION_PINENTRY_TERM:
1961 case PWMD_OPTION_PINENTRY_TITLE:
1962 case PWMD_OPTION_PINENTRY_PROMPT:
1963 case PWMD_OPTION_PINENTRY_DESC:
1964 error = GPG_ERR_NOT_IMPLEMENTED;
1965 break;
1966 #endif
1967 default:
1968 error = GPG_ERR_NOT_IMPLEMENTED;
1969 break;
1970 }
1971
1972 va_end(ap);
1973 return error;
1974 }
1975
1976 gpg_error_t pwmd_assuan_ctx(pwm_t *pwm, assuan_context_t *ctx, int *fd)
1977 {
1978 if (!pwm)
1979 return GPG_ERR_INV_ARG;
1980
1981 *ctx = pwm->ctx;
1982 *fd = pwm->fd;
1983 return 0;
1984 }
An API for pwmd.