2 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015
3 Ben Kibbey <bjk@luxsci.net>
5 This file is part of libpwmd.
7 Libpwmd is free software: you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation, either version 2 of the License, or
10 (at your option) any later version.
12 Libpwmd is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with Libpwmd. If not, see <http://www.gnu.org/licenses/>.
31 #include <sys/types.h>
32 #include <sys/socket.h>
42 #include <sys/select.h>
62 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
63 #include <sys/types.h>
64 #include <sys/socket.h>
66 #include <netinet/in.h>
69 #define FINISH(rc) (gpg_err_source(rc) == GPG_ERR_SOURCE_UNKNOWN) \
79 hook_read (assuan_context_t ctx
, assuan_fd_t fd
, void *data
, size_t len
)
81 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
82 pwm_t
*pwm
= assuan_get_pointer (ctx
);
85 if (pwm
&& pwm
->tcp
&& pwm
->tcp
->ssh
)
86 return read_hook_ssh (pwm
->tcp
->ssh
, fd
, data
, len
);
89 if (pwm
&& pwm
->tcp
&& pwm
->tcp
->tls
)
90 return read_hook_tls (pwm
, fd
, data
, len
);
94 return read ((int) fd
, data
, len
);
98 hook_write (assuan_context_t ctx
, assuan_fd_t fd
, const void *data
,
102 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
103 pwm_t
*pwm
= assuan_get_pointer (ctx
);
106 if (pwm
&& pwm
->tcp
&& pwm
->tcp
->ssh
)
107 return write_hook_ssh (pwm
->tcp
->ssh
, fd
, data
, len
);
110 if (pwm
&& pwm
->tcp
&& pwm
->tcp
->tls
)
111 return write_hook_tls (pwm
, fd
, data
, len
);
115 /* libassuan cannot handle EAGAIN when doing writes. */
118 wrote
= write ((int) fd
, data
, len
);
119 if (wrote
== -1 && errno
== EAGAIN
)
122 while (wrote
== -1 && errno
== EAGAIN
);
128 hook_waitpid (assuan_context_t ctx
, pid_t pid
, int action
, int *status
,
131 return waitpid (pid
, status
, options
);
137 static int initialized
;
140 // May be called more than once.
141 gnutls_global_init ();
151 bindtextdomain ("libpwmd", LOCALEDIR
);
165 gnutls_global_deinit ();
170 _connect_finalize (pwm_t
* pwm
)
175 int n
= assuan_get_active_fds (pwm
->ctx
, 0, active
, N_ARRAY (active
));
178 return GPG_ERR_EBADFD
;
182 pwm
->pinentry_pid
= -1;
185 rc
= pwmd_command (pwm
, &result
, NULL
, NULL
, NULL
, "GETINFO VERSION");
188 pwm
->version
= strtoul (result
, NULL
, 16);
192 if (!rc
&& pwm
->name
)
193 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
, "OPTION NAME=%s",
200 connect_uds (pwm_t
* pwm
, const char *path
)
202 char *socketpath
= NULL
;
208 return GPG_ERR_INV_ARG
;
210 pwbuf
= _getpwuid (&pw
);
212 return gpg_error_from_syserror ();
215 socketpath
= pwmd_strdup_printf ("%s/.pwmd/socket", pw
.pw_dir
);
217 socketpath
= _expand_homedir ((char *) path
, &pw
);
221 return GPG_ERR_ENOMEM
;
223 rc
= assuan_socket_connect (pwm
->ctx
, socketpath
, ASSUAN_INVALID_FD
, 0);
224 pwmd_free (socketpath
);
225 return rc
? rc
: _connect_finalize (pwm
);
229 init_handle (pwm_t
* pwm
)
232 static struct assuan_malloc_hooks mhooks
= {
233 pwmd_malloc
, pwmd_realloc
, pwmd_free
235 static struct assuan_system_hooks shooks
= {
236 ASSUAN_SYSTEM_HOOKS_VERSION
,
244 NULL
, //sendmsg both are used for FD passing
252 rc
= assuan_new_ext (&pwm
->ctx
, GPG_ERR_SOURCE_DEFAULT
, &mhooks
, NULL
,
257 assuan_set_pointer (pwm
->ctx
, pwm
);
258 assuan_ctx_set_system_hooks (pwm
->ctx
, &shooks
);
262 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
264 free_tcp (pwm_t
*pwm
)
266 struct tcp_s
*tcp
= pwm
->tcp
;
272 _free_ssh_conn (tcp
->ssh
);
278 pwmd_free (tcp
->host
);
281 freeaddrinfo (tcp
->addrs
);
285 pthread_cond_destroy (&tcp
->dns_cond
);
286 pthread_mutex_destroy (&tcp
->dns_mutex
);
292 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
294 resolve_host_thread (void *arg
)
297 struct addrinfo hints
= { 0 };
303 hints
.ai_family
= AF_UNSPEC
;
306 hints
.ai_family
= AF_INET
;
309 hints
.ai_family
= AF_INET6
;
313 hints
.ai_socktype
= SOCK_STREAM
;
314 snprintf (portstr
, sizeof (portstr
), "%i", pwm
->tcp
->port
);
315 int *n
= pwmd_malloc (sizeof (int));
316 pthread_cleanup_push (pwmd_free
, n
);
317 *n
= getaddrinfo (pwm
->tcp
->host
, portstr
, &hints
, &pwm
->tcp
->addrs
);
318 pthread_cleanup_pop (0);
319 pthread_cond_broadcast (&pwm
->tcp
->dns_cond
);
325 tcp_connect_common (pwm_t
* pwm
)
327 #define TS_TIMEOUT 50000000L
334 n
= pthread_create (&tid
, NULL
, resolve_host_thread
, pwm
);
336 return gpg_error_from_errno (n
);
338 pthread_mutex_lock (&pwm
->tcp
->dns_mutex
);
345 clock_gettime (CLOCK_REALTIME
, &ts
);
346 if (ts
.tv_nsec
+ TS_TIMEOUT
>= 1000000000LL) {
351 ts
.tv_nsec
+= TS_TIMEOUT
;
355 #ifdef HAVE_PTHREAD_CANCEL
356 pthread_cancel (tid
);
357 pthread_join (tid
, NULL
);
359 pthread_join (tid
, (void **)&result
);
362 return GPG_ERR_CANCELED
;
365 n
= pthread_cond_timedwait (&pwm
->tcp
->dns_cond
, &pwm
->tcp
->dns_mutex
,
369 if (pwm
->socket_timeout
&& ts
.tv_sec
- now
>= pwm
->socket_timeout
)
371 #ifdef HAVE_PTHREAD_CANCEL
372 pthread_cancel (tid
);
373 pthread_join (tid
, NULL
);
375 pthread_join (tid
, (void **)&result
);
378 return GPG_ERR_ETIMEDOUT
;
385 #ifdef HAVE_PTHREAD_CANCEL
386 pthread_cancel (tid
);
387 pthread_join (tid
, NULL
);
389 pthread_join (tid
, (void **)&result
);
392 return gpg_error_from_errno (n
);
395 pthread_join (tid
, (void **)&result
);
402 return GPG_ERR_UNKNOWN_HOST
; //FIXME
404 for (pwm
->tcp
->addr
= pwm
->tcp
->addrs
; pwm
->tcp
->addr
;
405 pwm
->tcp
->addr
= pwm
->tcp
->addrs
->ai_next
)
407 pwm
->fd
= socket (pwm
->tcp
->addr
->ai_family
, SOCK_STREAM
, 0);
410 rc
= gpg_error_from_syserror ();
411 if (pwm
->tcp
->addr
== pwm
->tcp
->addrs
->ai_next
)
416 if (fcntl (pwm
->fd
, F_SETFL
, O_NONBLOCK
) == -1)
418 rc
= gpg_error_from_syserror ();
422 if (connect (pwm
->fd
, pwm
->tcp
->addr
->ai_addr
,
423 pwm
->tcp
->addr
->ai_family
== AF_INET6
424 ? sizeof (struct sockaddr_in6
)
425 : sizeof (struct sockaddr
)) == -1)
430 unsigned elapsed
= 0;
432 rc
= gpg_error_from_syserror ();
433 if (gpg_err_code (rc
) != GPG_ERR_EINPROGRESS
)
437 if (pwm
->tcp
->addr
== pwm
->tcp
->addrs
->ai_next
)
446 FD_SET (pwm
->fd
, &wfds
);
447 n
= select (pwm
->fd
+1, NULL
, &wfds
, NULL
, &tv
);
449 if (!n
|| pwm
->cancel
)
452 rc
= gpg_error (GPG_ERR_CANCELED
);
453 else if (++elapsed
>= pwm
->socket_timeout
)
454 rc
= gpg_error (GPG_ERR_ETIMEDOUT
);
460 socklen_t len
= sizeof(int);
462 getsockopt (pwm
->fd
, SOL_SOCKET
, SO_ERROR
, &n
, &len
);
464 rc
= gpg_error_from_errno (n
);
467 rc
= gpg_error_from_syserror ();
473 if (pwm
->tcp
->addr
== pwm
->tcp
->addrs
->ai_next
474 || gpg_err_code (rc
) == GPG_ERR_ETIMEDOUT
486 if (fcntl (pwm
->fd
, F_SETFL
, 0) == -1)
487 rc
= gpg_error_from_syserror ();
494 command_start (pwm_t
*pwm
)
500 pwmd_connect (pwm_t
* pwm
, const char *url
, ...)
506 return FINISH (GPG_ERR_INV_ARG
);
509 rc
= init_handle (pwm
);
516 if (!(pwm
->opts
& OPT_SIGPIPE
))
517 signal (SIGPIPE
, SIG_IGN
);
522 rc
= GPG_ERR_UNSUPPORTED_PROTOCOL
;
524 if (p
&& (*p
== '/' || *p
== '~'))
525 rc
= connect_uds (pwm
, p
);
526 else if (!p
|| !strncmp (p
, "file://", 7))
530 #ifdef DEFAULT_PWMD_SOCKET
532 p
= DEFAULT_PWMD_SOCKET
;
534 rc
= connect_uds (pwm
, p
);
536 else if (!strncmp (p
, "ssh://", 6) || !strncmp (p
, "ssh6://", 7) ||
537 !strncmp (p
, "ssh4://", 7))
540 return FINISH (GPG_ERR_NOT_IMPLEMENTED
);
544 char *username
= NULL
;
546 if (!strncmp (p
, "ssh6://", 7))
548 pwm
->prot
= PWMD_IPV6
;
551 else if (!strncmp (p
, "ssh4://", 7))
553 pwm
->prot
= PWMD_IPV4
;
558 pwm
->prot
= PWMD_IP_ANY
;
562 rc
= _parse_ssh_url (p
, &host
, &port
, &username
);
566 char *identity
= NULL
;
567 char *knownhosts
= NULL
;
570 identity
= va_arg (ap
, char *);
572 if (!identity
&& !pwm
->use_agent
)
573 rc
= GPG_ERR_INV_ARG
;
575 knownhosts
= va_arg (ap
, char *);
580 rc
= _do_ssh_connect (pwm
, host
, port
, identity
, username
,
584 rc
= _connect_finalize (pwm
);
591 pwmd_free (username
);
592 pwm
->local_pinentry
= 1;
595 else if (!strncmp (p
, "tls://", 6) || !strncmp (p
, "tls6://", 7) ||
596 !strncmp (p
, "tls4://", 7))
599 return FINISH (GPG_ERR_NOT_IMPLEMENTED
);
604 if (!strncmp (p
, "tls6://", 7))
606 pwm
->prot
= PWMD_IPV6
;
609 else if (!strncmp (p
, "tls4://", 7))
611 pwm
->prot
= PWMD_IPV4
;
616 pwm
->prot
= PWMD_IP_ANY
;
620 rc
= _parse_tls_url (p
, &host
, &port
);
624 char *clientcert
= NULL
;
625 char *clientkey
= NULL
;
628 char *server_fp
= NULL
;
631 clientcert
= va_arg (ap
, char *);
634 rc
= GPG_ERR_INV_ARG
;
637 clientkey
= va_arg (ap
, char *);
639 rc
= GPG_ERR_INV_ARG
;
642 cacert
= va_arg (ap
, char *);
644 rc
= GPG_ERR_INV_ARG
;
647 prio
= va_arg (ap
, char *);
648 server_fp
= va_arg (ap
, char *);
656 rc
= _do_tls_connect (pwm
, host
, port
, clientcert
, clientkey
,
657 cacert
, prio
, server_fp
, pwm
->tls_verify
);
660 rc
= _connect_finalize (pwm
);
667 pwm
->local_pinentry
= 1;
678 disconnect (pwm_t
* pwm
)
684 assuan_release (pwm
->ctx
);
686 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
695 pwmd_close (pwm_t
* pwm
)
701 pwmd_free (pwm
->pinentry_error
);
702 pwmd_free (pwm
->pinentry_desc
);
703 pwmd_free (pwm
->pinentry_prompt
);
704 pwmd_free (pwm
->pinentry_tty
);
705 pwmd_free (pwm
->pinentry_display
);
706 pwmd_free (pwm
->pinentry_term
);
707 pwmd_free (pwm
->pinentry_lcctype
);
708 pwmd_free (pwm
->pinentry_lcmessages
);
709 pwmd_free (pwm
->filename
);
710 pwmd_free (pwm
->name
);
711 pwmd_free (pwm
->passphrase_info
);
712 pwmd_free (pwm
->passphrase_hint
);
716 _pinentry_disconnect (pwm
);
723 inquire_realloc_cb (void *data
, const void *buffer
, size_t len
)
725 membuf_t
*mem
= (membuf_t
*) data
;
731 if ((p
= pwmd_realloc (mem
->buf
, mem
->len
+ len
)) == NULL
)
732 return gpg_error (GPG_ERR_ENOMEM
);
735 memcpy ((char *) mem
->buf
+ mem
->len
, buffer
, len
);
741 get_password (pwm_t
* pwm
, char **result
, size_t * len
,
742 pwmd_pinentry_t w
, int echo
)
744 char buf
[LINE_MAX
] = { 0 }, *p
;
745 struct termios told
, tnew
;
754 if (!isatty (STDIN_FILENO
))
756 fprintf (stderr
, N_("Input is not from a terminal! Failing.\n"));
757 return GPG_ERR_ENOTTY
;
762 if (tcgetattr (STDIN_FILENO
, &told
) == -1)
763 return gpg_error_from_syserror ();
765 memcpy (&tnew
, &told
, sizeof (struct termios
));
766 tnew
.c_lflag
&= ~(ECHO
);
767 tnew
.c_lflag
|= ICANON
| ECHONL
;
769 if (tcsetattr (STDIN_FILENO
, TCSANOW
, &tnew
) == -1)
773 tcsetattr (STDIN_FILENO
, TCSANOW
, &told
);
774 return gpg_error_from_errno (n
);
780 case PWMD_PINENTRY_OPEN
:
781 fprintf (stderr
, N_("Password for %s: "), pwm
->filename
);
783 case PWMD_PINENTRY_OPEN_FAILED
:
784 fprintf (stderr
, N_("Invalid password. Password for %s: "),
787 case PWMD_PINENTRY_SAVE
:
788 fprintf (stderr
, N_("New password for %s: "), pwm
->filename
);
790 case PWMD_PINENTRY_SAVE_CONFIRM
:
791 fprintf (stderr
, N_("Confirm password: "));
797 if ((p
= fgets (buf
, sizeof (buf
), stdin
)) == NULL
)
800 tcsetattr (STDIN_FILENO
, TCSANOW
, &told
);
805 tcsetattr (STDIN_FILENO
, TCSANOW
, &told
);
810 return GPG_ERR_CANCELED
;
813 /* Strip the newline character. */
814 p
[strlen (p
) - 1] = 0;
818 key
= pwmd_strdup_printf ("%s", p
);
819 memset (buf
, 0, sizeof (buf
));
821 return GPG_ERR_ENOMEM
;
832 *result
= pwmd_strdup ("");
842 pwmd_password (pwm_t
* pwm
, const char *keyword
, char **data
, size_t * size
)
845 int new_password
= 0;
846 char *password
= NULL
, *newpass
= NULL
;
857 if (!strcmp (keyword
, "NEW_PASSPHRASE"))
860 if (!new_password
&& pwm
->pinentry_try
)
864 if (pwm
->disable_pinentry
)
866 rc
= get_password (pwm
, &password
, size
,
867 new_password
? PWMD_PINENTRY_SAVE
:
868 error
? PWMD_PINENTRY_OPEN_FAILED
:
869 PWMD_PINENTRY_OPEN
, 0);
870 if (!rc
&& new_password
)
871 rc
= get_password (pwm
, &newpass
, size
, PWMD_PINENTRY_SAVE_CONFIRM
,
876 pwmd_pinentry_t which
;
880 ? PWMD_PINENTRY_SAVE_FAILED
: PWMD_PINENTRY_OPEN_FAILED
;
882 which
= new_password
? PWMD_PINENTRY_SAVE
: PWMD_PINENTRY_OPEN
;
884 rc
= pwmd_getpin (pwm
, pwm
->filename
, &password
, size
, which
);
885 if (!rc
&& new_password
)
886 rc
= pwmd_getpin (pwm
, pwm
->filename
, &newpass
, size
,
887 PWMD_PINENTRY_SAVE_CONFIRM
);
890 if (!rc
&& new_password
)
892 if ((!password
&& newpass
) || (!newpass
&& password
)
893 || (newpass
&& password
&& strcmp (newpass
, password
)))
895 if (pwm
->disable_pinentry
)
896 fprintf (stderr
, N_("Passphrases do not match.\n"));
898 pwmd_free (password
);
900 password
= newpass
= NULL
;
906 (void) pwmd_getpin (pwm
, pwm
->filename
, NULL
, NULL
, PWMD_PINENTRY_CLOSE
);
915 inquire_cb (void *data
, const char *keyword
)
917 pwm_t
*pwm
= (pwm_t
*) data
;
922 int new_password
= 0;
924 if (!strcmp (keyword
, "PASSPHRASE"))
926 else if (!strcmp (keyword
, "NEW_PASSPHRASE") || !strcmp (keyword
, "GENKEY"))
929 /* Shouldn't get this far without a callback. */
930 if (!pwm
->override_inquire
&& !pwm
->inquire_func
931 && !is_password
&& !new_password
)
932 return gpg_error (GPG_ERR_ASS_NO_INQUIRE_CB
);
941 if (!pwm
->override_inquire
&& (is_password
|| new_password
))
944 rc
= pwmd_password (data
, keyword
, &result
, &len
);
949 rc
= pwm
->inquire_func (pwm
->inquire_data
, keyword
, rc
, &result
,
952 /* gpg will truncate a passphrase at the first nil byte which may be bad
953 * for generated key files. */
954 if ((!rc
|| gpg_err_code (rc
) == GPG_ERR_EOF
)
955 && (is_password
|| new_password
))
957 if (len
&& result
&& *result
)
959 for (size_t n
= 0; n
< len
; n
++)
961 if (result
[n
] == 0 && n
+1 != len
)
962 rc
= GPG_ERR_INV_PASSPHRASE
;
968 if (rc
&& gpg_err_code (rc
) != GPG_ERR_EOF
)
970 #ifndef LIBASSUAN_2_1_0
971 gpg_error_t trc
= rc
;
973 /* Cancel this inquire. */
974 rc
= assuan_send_data (pwm
->ctx
, NULL
, 1);
980 /* There is a bug (or feature?) in assuan_send_data() that
981 * when cancelling an inquire the next read from the server is
982 * not done until the next command making the next command
983 * fail with GPG_ERR_ASS_UNEXPECTED_CMD.
985 rc
= assuan_read_line (pwm
->ctx
, &line
, &len
);
987 /* Restore the original error. This differs from the error
988 * returned from the pwmd command (GPG_ERR_CANCELED). This
989 * error is returned to the calling function.
998 if (gpg_err_code (rc
) == GPG_ERR_EOF
|| !rc
)
1000 if (len
<= 0 && !result
)
1005 else if ((len
<= 0 && result
) || (len
&& !result
))
1007 rc
= gpg_error (GPG_ERR_INV_ARG
);
1011 if (pwm
->inquire_maxlen
1012 && pwm
->inquire_sent
+ len
> pwm
->inquire_maxlen
)
1014 rc
= gpg_error (GPG_ERR_TOO_LARGE
);
1016 rc
= pwm
->inquire_func (pwm
->inquire_data
, keyword
, rc
,
1021 arc
= assuan_send_data (pwm
->ctx
, result
, len
);
1022 if (gpg_err_code (rc
) == GPG_ERR_EOF
)
1035 pwm
->inquire_sent
+= len
;
1037 if (pwm
->status_func
)
1039 char buf
[ASSUAN_LINELENGTH
];
1041 snprintf (buf
, sizeof (buf
), "XFER %zu %zu", pwm
->inquire_sent
,
1042 pwm
->inquire_total
);
1043 rc
= pwm
->status_func (pwm
->status_data
, buf
);
1057 parse_assuan_line (pwm_t
* pwm
)
1063 rc
= assuan_read_line (pwm
->ctx
, &line
, &len
);
1066 if (line
[0] == 'O' && line
[1] == 'K' &&
1067 (line
[2] == 0 || line
[2] == ' '))
1070 else if (line
[0] == '#')
1073 else if (line
[0] == 'S' && (line
[1] == 0 || line
[1] == ' '))
1075 if (pwm
->status_func
)
1077 rc
= pwm
->status_func (pwm
->status_data
,
1078 line
[1] == 0 ? line
+ 1 : line
+ 2);
1081 else if (line
[0] == 'E' && line
[1] == 'R' && line
[2] == 'R' &&
1082 (line
[3] == 0 || line
[3] == ' '))
1085 rc
= strtol (line
, NULL
, 10);
1093 reset_handle (pwm_t
*pwm
)
1097 pwm
->pinentry_disabled
= 0;
1098 #ifdef WITH_PINENTRY
1100 _pinentry_disconnect (pwm
);
1102 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
1113 pwmd_disconnect (pwm_t
* pwm
)
1116 return FINISH (GPG_ERR_INV_ARG
);
1118 command_start (pwm
);
1121 return FINISH (GPG_ERR_INV_STATE
);
1128 /* Note that this should only be called when not in a command. */
1130 pwmd_process (pwm_t
* pwm
)
1134 struct timeval tv
= { 0, 0 };
1137 if (!pwm
|| pwm
->fd
== -1)
1138 return FINISH (GPG_ERR_INV_ARG
);
1140 return FINISH (GPG_ERR_INV_STATE
);
1143 FD_SET (pwm
->fd
, &fds
);
1144 n
= select (pwm
->fd
+ 1, &fds
, NULL
, NULL
, &tv
);
1147 return FINISH (gpg_error_from_syserror ());
1151 if (FD_ISSET (pwm
->fd
, &fds
))
1152 rc
= parse_assuan_line (pwm
);
1155 while (!rc
&& assuan_pending_line (pwm
->ctx
))
1156 rc
= parse_assuan_line (pwm
);
1158 #if defined (WITH_SSH) || defined (WITH_GNUTLS)
1159 if (gpg_err_code (rc
) == GPG_ERR_EOF
&& pwm
->tcp
)
1170 status_cb (void *data
, const char *line
)
1174 if (!strncmp (line
, "INQUIRE_MAXLEN ", 15))
1175 pwm
->inquire_maxlen
= strtol (line
+ 15, NULL
, 10);
1176 else if (!strncmp (line
, "PASSPHRASE_HINT ", 16))
1178 pwmd_free (pwm
->passphrase_hint
);
1179 pwm
->passphrase_hint
= pwmd_strdup (line
+16);
1181 else if (!strncmp (line
, "PASSPHRASE_INFO ", 16))
1183 pwmd_free (pwm
->passphrase_info
);
1184 pwm
->passphrase_info
= pwmd_strdup (line
+16);
1187 if (pwm
->status_func
)
1188 return pwm
->status_func (pwm
->status_data
, line
);
1194 _assuan_command (pwm_t
* pwm
, assuan_context_t ctx
,
1195 char **result
, size_t * len
, const char *cmd
)
1201 return FINISH (GPG_ERR_INV_ARG
);
1203 if (strlen (cmd
) >= ASSUAN_LINELENGTH
+ 1)
1204 return FINISH (GPG_ERR_LINE_TOO_LONG
);
1208 rc
= assuan_transact (ctx
, cmd
, inquire_realloc_cb
, &data
,
1210 pwm
->pctx
== ctx
? pwm
->_inquire_func
: inquire_cb
,
1211 pwm
->pctx
== ctx
? pwm
->_inquire_data
: pwm
,
1221 pwmd_free (data
.buf
);
1229 inquire_realloc_cb (&data
, "", 1);
1232 *result
= (char *) data
.buf
;
1234 pwmd_free (data
.buf
);
1241 pwm
->inquire_maxlen
= 0;
1246 pwmd_command_ap (pwm_t
* pwm
, char **result
, size_t * rlen
,
1247 pwmd_inquire_cb_t func
, void *user
, const char *cmd
,
1254 command_start (pwm
);
1263 return FINISH (GPG_ERR_INV_ARG
);
1265 return FINISH (GPG_ERR_INV_STATE
);
1268 * C99 allows the dst pointer to be null which will calculate the length
1269 * of the would-be result and return it.
1272 len
= vsnprintf (NULL
, 0, cmd
, ap
) + 1;
1273 buf
= (char *) pwmd_malloc (len
);
1277 return FINISH (GPG_ERR_ENOMEM
);
1280 len
= vsnprintf (buf
, len
, cmd
, ap2
);
1283 if (buf
[strlen (buf
) - 1] == '\n')
1284 buf
[strlen (buf
) - 1] = 0;
1285 if (buf
[strlen (buf
) - 1] == '\r')
1286 buf
[strlen (buf
) - 1] = 0;
1288 pwm
->inquire_func
= func
;
1289 pwm
->inquire_data
= user
;
1290 pwm
->inquire_sent
= 0;
1291 gpg_error_t rc
= _assuan_command (pwm
, pwm
->ctx
, result
, rlen
, buf
);
1297 pwmd_command (pwm_t
* pwm
, char **result
, size_t * len
,
1298 pwmd_inquire_cb_t func
, void *user
, const char *cmd
, ...)
1309 return FINISH (GPG_ERR_INV_ARG
);
1311 return FINISH (GPG_ERR_INV_STATE
);
1314 gpg_error_t rc
= pwmd_command_ap (pwm
, result
, len
, func
, user
, cmd
, ap
);
1320 send_pinentry_timeout (pwm_t
*pwm
)
1324 if ((pwm
->pinentry_timeout
>= 0
1325 && pwm
->pinentry_timeout
!= pwm
->current_pinentry_timeout
)
1326 || (pwm
->pinentry_timeout
== -1
1327 && pwm
->pinentry_timeout
!= pwm
->current_pinentry_timeout
))
1329 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
,
1330 "OPTION pinentry-timeout=%i",
1331 pwm
->pinentry_timeout
);
1333 pwm
->current_pinentry_timeout
= pwm
->pinentry_timeout
;
1340 send_pinentry_options (pwm_t
* pwm
)
1344 // Pwmd >= 3.1 uses gpgme to do the pinentry settings.
1345 if (pwm
->version
&& pwm
->version
>= 0x030100)
1348 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
,
1349 "OPTION disable-pinentry=0");
1350 if (!rc
&& pwm
->pinentry_tty
)
1351 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
, "OPTION TTYNAME=%s",
1354 if (!rc
&& pwm
->pinentry_term
)
1355 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
, "OPTION TTYTYPE=%s",
1356 pwm
->pinentry_term
);
1358 if (!rc
&& pwm
->pinentry_display
)
1359 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
, "OPTION DISPLAY=%s",
1360 pwm
->pinentry_display
);
1362 if (!rc
&& pwm
->pinentry_desc
)
1363 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
, "OPTION DESC=%s",
1364 pwm
->pinentry_desc
);
1366 if (!rc
&& pwm
->pinentry_lcctype
)
1367 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
, "OPTION LC_CTYPE=%s",
1368 pwm
->pinentry_lcctype
);
1370 if (!rc
&& pwm
->pinentry_lcmessages
)
1371 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
, "OPTION LC_MESSAGES=%s",
1372 pwm
->pinentry_lcmessages
);
1375 rc
= send_pinentry_timeout (pwm
);
1381 pwmd_socket_type (pwm_t
* pwm
, pwmd_socket_t
* result
)
1383 if (!pwm
|| !result
)
1384 return FINISH (GPG_ERR_INV_ARG
);
1386 *result
= PWMD_SOCKET_LOCAL
;
1389 return FINISH (GPG_ERR_INV_STATE
);
1391 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
1393 if (pwm
->tcp
&& pwm
->tcp
->ssh
)
1394 *result
= PWMD_SOCKET_SSH
;
1397 if (pwm
->tcp
&& pwm
->tcp
->tls
)
1398 *result
= PWMD_SOCKET_TLS
;
1405 disable_pinentry (pwm_t
*pwm
, int *disable
)
1408 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
1409 int no_pinentry
= pwm
->disable_pinentry
|| pwm
->tcp
|| pwm
->local_pinentry
;
1411 int no_pinentry
= pwm
->disable_pinentry
|| pwm
->local_pinentry
;
1415 *disable
= no_pinentry
;
1417 if (pwm
->pinentry_disabled
&& no_pinentry
)
1419 else if (!pwm
->pinentry_disabled
&& !no_pinentry
)
1422 rc
= pwmd_command (pwm
, NULL
, NULL
, NULL
, NULL
, "OPTION disable-pinentry=%i",
1425 pwm
->pinentry_disabled
= no_pinentry
;
1431 pwmd_open (pwm_t
* pwm
, const char *filename
, pwmd_inquire_cb_t cb
,
1435 int no_pinentry
= 0;
1437 if (!pwm
|| !filename
|| !*filename
)
1438 return FINISH (GPG_ERR_INV_ARG
);
1441 return FINISH (GPG_ERR_INV_STATE
);
1443 command_start (pwm
);
1444 rc
= disable_pinentry (pwm
, &no_pinentry
);
1445 if (!rc
&& !no_pinentry
)
1446 rc
= send_pinentry_options (pwm
);
1450 pwm
->pinentry_try
= 0;
1451 pwmd_free (pwm
->filename
);
1452 pwm
->filename
= pwmd_strdup (filename
);
1456 rc
= pwmd_command (pwm
, NULL
, NULL
, cb
, data
, "OPEN %s%s",
1457 (pwm
->opts
& OPT_LOCK_ON_OPEN
) ? "--lock " : "",
1460 while (gpg_err_code (rc
) == GPG_ERR_BAD_PASSPHRASE
1461 && pwm
->pinentry_disabled
1462 && ++pwm
->pinentry_try
< pwm
->pinentry_tries
);
1464 pwm
->pinentry_try
= 0;
1468 pwmd_free (pwm
->filename
);
1469 pwm
->filename
= NULL
;
1477 do_pwmd_save_passwd (pwm_t
* pwm
, const char *args
, pwmd_inquire_cb_t cb
,
1478 void *data
, int save
)
1483 return FINISH (GPG_ERR_INV_ARG
);
1485 return FINISH (GPG_ERR_INV_STATE
);
1487 command_start (pwm
);
1488 rc
= disable_pinentry (pwm
, NULL
);
1490 rc
= pwmd_command (pwm
, NULL
, NULL
, cb
, data
,
1491 save
? "SAVE %s" : "PASSWD %s", args
? args
: "");
1497 pwmd_passwd (pwm_t
* pwm
, const char *args
, pwmd_inquire_cb_t cb
, void *data
)
1499 return do_pwmd_save_passwd (pwm
, args
, cb
, data
, 0);
1503 pwmd_save (pwm_t
* pwm
, const char *args
, pwmd_inquire_cb_t cb
, void *data
)
1505 return do_pwmd_save_passwd (pwm
, args
, cb
, data
, 1);
1509 pwmd_get_set_opt (pwm_t
*pwm
, pwmd_option_t opt
, int get
, va_list ap
)
1513 char *arg1
, **charpp
;
1517 return GPG_ERR_INV_ARG
;
1519 command_start (pwm
);
1522 case PWMD_OPTION_SERVER_VERSION
:
1524 return GPG_ERR_NOT_SUPPORTED
;
1527 rc
= GPG_ERR_INV_ARG
;
1529 rc
= GPG_ERR_INV_STATE
;
1532 unsigned *u
= va_arg (ap
, unsigned *);
1537 case PWMD_OPTION_SIGPIPE
:
1540 intp
= va_arg (ap
, int *);
1541 *intp
= pwm
->opts
& OPT_SIGPIPE
? 1 : 0;
1545 n
= va_arg (ap
, int);
1547 rc
= GPG_ERR_INV_VALUE
;
1550 pwm
->opts
|= OPT_SIGPIPE
;
1552 pwm
->opts
&= ~OPT_SIGPIPE
;
1555 case PWMD_OPTION_LOCK_ON_OPEN
:
1558 intp
= va_arg (ap
, int *);
1559 *intp
= pwm
->opts
& OPT_LOCK_ON_OPEN
? 1 : 0;
1563 n
= va_arg (ap
, int);
1566 rc
= GPG_ERR_INV_VALUE
;
1569 pwm
->opts
|= OPT_LOCK_ON_OPEN
;
1571 pwm
->opts
&= ~OPT_LOCK_ON_OPEN
;
1574 case PWMD_OPTION_INQUIRE_TOTAL
:
1577 sizetp
= va_arg (ap
, size_t *);
1578 *sizetp
= pwm
->inquire_total
;
1582 pwm
->inquire_total
= va_arg (ap
, size_t);
1584 case PWMD_OPTION_STATUS_CB
:
1587 pwmd_status_cb_t
*cb
= va_arg (ap
, pwmd_status_cb_t
*);
1589 *cb
= pwm
->status_func
;
1593 pwm
->status_func
= va_arg (ap
, pwmd_status_cb_t
);
1595 case PWMD_OPTION_STATUS_DATA
:
1598 void **data
= va_arg (ap
, void **);
1600 *data
= pwm
->status_data
;
1604 pwm
->status_data
= va_arg (ap
, void *);
1606 case PWMD_OPTION_NO_PINENTRY
:
1609 intp
= va_arg (ap
, int *);
1610 *intp
= pwm
->disable_pinentry
;
1614 n
= va_arg (ap
, int);
1617 rc
= GPG_ERR_INV_VALUE
;
1619 pwm
->disable_pinentry
= n
;
1621 case PWMD_OPTION_LOCAL_PINENTRY
:
1624 intp
= va_arg (ap
, int *);
1625 *intp
= pwm
->local_pinentry
;
1629 n
= va_arg (ap
, int);
1632 rc
= GPG_ERR_INV_VALUE
;
1634 pwm
->local_pinentry
= n
;
1637 case PWMD_OPTION_PINENTRY_TIMEOUT
:
1640 intp
= va_arg (ap
, int *);
1641 *intp
= pwm
->pinentry_timeout
;
1645 n
= va_arg (ap
, int);
1648 rc
= GPG_ERR_INV_VALUE
;
1650 pwm
->pinentry_timeout
= n
;
1652 case PWMD_OPTION_PINENTRY_TRIES
:
1655 intp
= va_arg (ap
, int *);
1656 *intp
= pwm
->pinentry_tries
;
1660 n
= va_arg (ap
, int);
1661 pwm
->pinentry_tries
= n
;
1663 case PWMD_OPTION_PINENTRY_PATH
:
1666 charpp
= va_arg (ap
, char **);
1667 *charpp
= pwm
->pinentry_path
;
1671 arg1
= va_arg (ap
, char *);
1672 pwmd_free (pwm
->pinentry_path
);
1673 pwm
->pinentry_path
= arg1
? _expand_homedir (arg1
, NULL
) : NULL
;
1675 case PWMD_OPTION_PINENTRY_TTY
:
1678 charpp
= va_arg (ap
, char **);
1679 *charpp
= pwm
->pinentry_tty
;
1683 arg1
= va_arg (ap
, char *);
1684 pwmd_free (pwm
->pinentry_tty
);
1685 pwm
->pinentry_tty
= arg1
? pwmd_strdup (arg1
) : NULL
;
1687 case PWMD_OPTION_PINENTRY_DISPLAY
:
1690 charpp
= va_arg (ap
, char **);
1691 *charpp
= pwm
->pinentry_display
;
1695 arg1
= va_arg (ap
, char *);
1696 pwmd_free (pwm
->pinentry_display
);
1697 pwm
->pinentry_display
= arg1
? pwmd_strdup (arg1
) : NULL
;
1699 case PWMD_OPTION_PINENTRY_TERM
:
1702 charpp
= va_arg (ap
, char **);
1703 *charpp
= pwm
->pinentry_term
;
1707 arg1
= va_arg (ap
, char *);
1708 pwmd_free (pwm
->pinentry_term
);
1709 pwm
->pinentry_term
= arg1
? pwmd_strdup (arg1
) : NULL
;
1711 case PWMD_OPTION_PINENTRY_ERROR
:
1714 charpp
= va_arg (ap
, char **);
1715 *charpp
= pwm
->pinentry_error
;
1719 arg1
= va_arg (ap
, char *);
1720 pwmd_free (pwm
->pinentry_error
);
1721 pwm
->pinentry_error
= arg1
? _percent_escape (arg1
) : NULL
;
1723 case PWMD_OPTION_PINENTRY_PROMPT
:
1726 charpp
= va_arg (ap
, char **);
1727 *charpp
= pwm
->pinentry_prompt
;
1731 arg1
= va_arg (ap
, char *);
1732 pwmd_free (pwm
->pinentry_prompt
);
1733 pwm
->pinentry_prompt
= arg1
? _percent_escape (arg1
) : NULL
;
1735 case PWMD_OPTION_PINENTRY_DESC
:
1738 charpp
= va_arg (ap
, char **);
1739 *charpp
= pwm
->pinentry_desc
;
1743 arg1
= va_arg (ap
, char *);
1744 pwmd_free (pwm
->pinentry_desc
);
1745 pwm
->pinentry_desc
= arg1
? _percent_escape (arg1
) : NULL
;
1747 case PWMD_OPTION_PINENTRY_LC_CTYPE
:
1750 charpp
= va_arg (ap
, char **);
1751 *charpp
= pwm
->pinentry_lcctype
;
1755 arg1
= va_arg (ap
, char *);
1756 pwmd_free (pwm
->pinentry_lcctype
);
1757 pwm
->pinentry_lcctype
= arg1
? pwmd_strdup (arg1
) : NULL
;
1759 case PWMD_OPTION_PINENTRY_LC_MESSAGES
:
1762 charpp
= va_arg (ap
, char **);
1763 *charpp
= pwm
->pinentry_lcmessages
;
1767 arg1
= va_arg (ap
, char *);
1768 pwmd_free (pwm
->pinentry_lcmessages
);
1769 pwm
->pinentry_lcmessages
= arg1
? pwmd_strdup (arg1
) : NULL
;
1771 case PWMD_OPTION_KNOWNHOST_CB
:
1774 pwmd_knownhost_cb_t
*cb
= va_arg (ap
, pwmd_knownhost_cb_t
*);
1780 pwm
->kh_cb
= va_arg (ap
, pwmd_knownhost_cb_t
);
1782 case PWMD_OPTION_KNOWNHOST_DATA
:
1785 void **data
= va_arg (ap
, void **);
1787 *data
= pwm
->kh_data
;
1791 pwm
->kh_data
= va_arg (ap
, void *);
1793 case PWMD_OPTION_SSH_AGENT
:
1796 intp
= va_arg (ap
, int *);
1797 *intp
= pwm
->use_agent
;
1801 pwm
->use_agent
= va_arg (ap
, int);
1803 if (pwm
->use_agent
< 0 || pwm
->use_agent
> 1)
1806 rc
= GPG_ERR_INV_VALUE
;
1809 case PWMD_OPTION_TLS_VERIFY
:
1812 intp
= va_arg (ap
, int *);
1813 *intp
= pwm
->tls_verify
;
1817 pwm
->tls_verify
= va_arg (ap
, int);
1819 if (pwm
->tls_verify
< 0 || pwm
->tls_verify
> 1)
1821 pwm
->tls_verify
= 0;
1822 rc
= GPG_ERR_INV_VALUE
;
1825 case PWMD_OPTION_SOCKET_TIMEOUT
:
1828 intp
= va_arg (ap
, int *);
1829 *intp
= pwm
->socket_timeout
;
1833 pwm
->socket_timeout
= va_arg (ap
, int);
1834 if (pwm
->socket_timeout
< 0)
1836 pwm
->socket_timeout
= 0;
1837 rc
= GPG_ERR_INV_VALUE
;
1841 if (pwm
->tcp
&& pwm
->tcp
->ssh
&& pwm
->tcp
->ssh
->session
)
1843 pwm
->tcp
->ssh
->timeout
= pwm
->socket_timeout
;
1844 libssh2_session_set_timeout (pwm
->tcp
->ssh
->session
,
1845 pwm
->socket_timeout
* 1000);
1849 if (pwm
->tcp
&& pwm
->tcp
->tls
&& pwm
->tcp
->tls
->session
)
1850 pwm
->tcp
->tls
->timeout
= pwm
->socket_timeout
;
1853 case PWMD_OPTION_OVERRIDE_INQUIRE
:
1856 intp
= va_arg (ap
, int *);
1857 *intp
= pwm
->override_inquire
;
1861 pwm
->override_inquire
= va_arg (ap
, int);
1863 if (pwm
->override_inquire
< 0 || pwm
->override_inquire
> 1)
1865 pwm
->override_inquire
= 0;
1866 rc
= GPG_ERR_INV_VALUE
;
1870 rc
= GPG_ERR_UNKNOWN_OPTION
;
1878 pwmd_setopt (pwm_t
* pwm
, pwmd_option_t opt
, ...)
1884 rc
= pwmd_get_set_opt (pwm
, opt
, 0, ap
);
1890 pwmd_getopt (pwm_t
*pwm
, pwmd_option_t opt
, ...)
1896 rc
= pwmd_get_set_opt (pwm
, opt
, 1, ap
);
1902 pwmd_new (const char *name
, pwm_t
** pwm
)
1904 pwm_t
*h
= pwmd_calloc (1, sizeof (pwm_t
));
1908 return FINISH (GPG_ERR_ENOMEM
);
1912 h
->name
= pwmd_strdup (name
);
1916 return FINISH (GPG_ERR_ENOMEM
);
1921 h
->pinentry_timeout
= -1;
1922 h
->current_pinentry_timeout
= -1;
1923 h
->pinentry_tries
= 3;
1924 #if defined(WITH_SSH) || defined(WITH_GNUTLS)
1925 h
->prot
= PWMD_IP_ANY
;
1928 if (ttyname (STDOUT_FILENO
))
1932 ttyname_r (STDOUT_FILENO
, buf
, sizeof (buf
));
1933 h
->pinentry_tty
= pwmd_strdup (buf
);
1934 if (!h
->pinentry_tty
)
1936 rc
= GPG_ERR_ENOMEM
;
1941 if (getenv ("TERM") && h
->pinentry_tty
)
1943 h
->pinentry_term
= pwmd_strdup (getenv ("TERM"));
1944 if (!h
->pinentry_term
)
1946 rc
= GPG_ERR_ENOMEM
;
1951 if (getenv ("DISPLAY"))
1953 h
->pinentry_display
= pwmd_strdup (getenv ("DISPLAY"));
1954 if (!h
->pinentry_display
)
1956 rc
= GPG_ERR_ENOMEM
;
1961 update_pinentry_settings (h
);
1971 pwmd_free (void *ptr
)
1977 pwmd_malloc (size_t size
)
1979 return _xmalloc (size
);
1983 pwmd_calloc (size_t nmemb
, size_t size
)
1985 return _xcalloc (nmemb
, size
);
1989 pwmd_realloc (void *ptr
, size_t size
)
1991 return _xrealloc (ptr
, size
);
1995 pwmd_strdup (const char *str
)
2002 t
= _xmalloc ((len
+ 1) * sizeof (char));
2006 for (c
= 0; c
< len
; c
++)
2014 pwmd_strdup_printf (const char *fmt
, ...)
2025 len
= vsnprintf (NULL
, 0, fmt
, ap
);
2027 buf
= pwmd_malloc (++len
);
2029 vsnprintf (buf
, len
, fmt
, ap2
);
2036 pwmd_getpin (pwm_t
* pwm
, const char *filename
, char **result
,
2037 size_t * len
, pwmd_pinentry_t which
)
2039 #ifndef WITH_PINENTRY
2040 return FINISH (GPG_ERR_NOT_IMPLEMENTED
);
2042 command_start (pwm
);
2043 gpg_error_t rc
= _pwmd_getpin (pwm
, filename
, result
, len
, which
);
2052 return LIBPWMD_VERSION_STR
;
2060 #ifdef WITH_PINENTRY
2061 n
|= PWMD_FEATURE_PINENTRY
;
2064 n
|= PWMD_FEATURE_SSH
;
2067 n
|= PWMD_FEATURE_CRACK
;
2070 n
|= PWMD_FEATURE_GNUTLS
;
2076 pwmd_fd (pwm_t
* pwm
, int *fd
)
2079 return FINISH (GPG_ERR_INV_ARG
);
2082 return FINISH (GPG_ERR_INV_STATE
);
2089 pwmd_set_pointer (pwm_t
*pwm
, void *data
)
2091 pwm
->user_data
= data
;
2095 pwmd_get_pointer (pwm_t
*pwm
)
2097 return pwm
->user_data
;
2101 pwmd_tls_error (pwm_t
*pwm
)
2106 return pwm
? pwm
->tls_error
: 0;
2111 pwmd_cancel (pwm_t
*pwm
)
2114 return FINISH (GPG_ERR_INV_ARG
);
2116 if (pwm
->fd
== -1 && !pwm
->tcp
)
2117 return FINISH (GPG_ERR_INV_STATE
);
2119 /* Can only cancel the connection for the time being. */
2121 return FINISH (GPG_ERR_INV_STATE
);