search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Look for ~/.pwmd/pinentry.conf rather than ~/.pwmd/env. 'env' isn't
[pwmd.git] / src / pinentry.c
blobca74174932bab4f02ff1679d0f81c707d4ce90bd
1 /* vim:tw=78:ts=8:sw=4:set ft=c: */
2 /*
3 Copyright (C) 2007 Ben Kibbey <bjk@luxsci.net>
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19 #include <stdlib.h>
20 #include <gcrypt.h>
21 #include <glib.h>
22 #include <errno.h>
23 #include <pth.h>
24 #include <pwd.h>
25
26 #define _ASSUAN_ONLY_GPG_ERRORS 1
27 #include <assuan.h>
28
29 #ifdef HAVE_CONFIG_H
30 #include <config.h>
31 #endif
32
33 #include "mem.h"
34 #include "common.h"
35 #include "pinentry.h"
36 #include "pwmd_error.h"
37 #include "assuan-errors.h"
38
39 typedef struct {
40 size_t len;
41 void *buf;
42 } membuf_t;
43
44 static struct client_s *global_client;
45 static gint send_fd;
46
47 static gpg_error_t set_pinentry_strings(struct pinentry_s *pin, int which);
48
49 /* Borrowed from libassuan 1.0.4 svn 277 */
50 /* Helper to map old style Assuan error codes to gpg-error codes.
51 This is used internally to keep an compatible ABI. */
52 static assuan_error_t
53 _assuan_error (int oldcode)
54 {
55 unsigned int n;
56 int err_source = 0;
57
58 switch (oldcode)
59 {
60 case ASSUAN_General_Error: n = 257; break;
61 case ASSUAN_Accept_Failed: n = 258; break;
62 case ASSUAN_Connect_Failed: n = 259; break;
63 case ASSUAN_Invalid_Response: n = 260; break;
64 case ASSUAN_Invalid_Value: n = 261; break;
65 case ASSUAN_Line_Not_Terminated: n = 262; break;
66 case ASSUAN_Line_Too_Long: n = 263; break;
67 case ASSUAN_Nested_Commands: n = 264; break;
68 case ASSUAN_No_Data_Callback: n = 265; break;
69 case ASSUAN_No_Inquire_Callback: n = 266; break;
70 case ASSUAN_Not_A_Server: n = 267; break;
71 case ASSUAN_Not_Implemented: n = 69; break;
72 case ASSUAN_Parameter_Conflict: n = 280; break;
73 case ASSUAN_Problem_Starting_Server: n = 269; break;
74 case ASSUAN_Server_Fault: n = 80; break;
75 case ASSUAN_Syntax_Error: n = 276; break;
76 case ASSUAN_Too_Much_Data: n = 273; break;
77 case ASSUAN_Unexpected_Command: n = 274; break;
78 case ASSUAN_Unknown_Command: n = 275; break;
79 case ASSUAN_Canceled: n = 277; break;
80 case ASSUAN_No_Secret_Key: n = 17; break;
81 case ASSUAN_Not_Confirmed: n = 114; break;
82
83 case ASSUAN_Read_Error:
84 switch (errno)
85 {
86 case 0: n = 16381; /*GPG_ERR_MISSING_ERRNO*/ break;
87 case EAGAIN:
88 n = (6 | (1 << 15));
89 break;
90 default: n = 270; /*GPG_ERR_ASS_READ_ERROR*/ break;
91 }
92 break;
93
94 case ASSUAN_Write_Error:
95 switch (errno)
96 {
97 case 0: n = 16381; /*GPG_ERR_MISSING_ERRNO*/ break;
98 case EAGAIN:
99 n = (6 | (1 << 15));
100 break;
101 default: n = 271; /*GPG_ERR_ASS_WRITE_ERROR*/ break;
102 }
103 break;
104
105 case ASSUAN_Out_Of_Core:
106 switch (errno)
107 {
108 case 0: /* Should not happen but a user might have provided
109 an incomplete implemented malloc function. Give
110 him a chance to correct this fault but make sure
111 an error is indeed returned. */
112 n = 16381; /*GPG_ERR_MISSING_ERRNO*/
113 break;
114 case ENOMEM:
115 n = (86 | (1 << 15));
116 break;
117 default:
118 n = 16382; /*GPG_ERR_UNKNOWN_ERRNO*/
119 break;
120 }
121 break;
122
123 case -1: n = 16383 /*GPG_ERR_EOF*/; break;
124
125 default:
126 n = 257;
127 break;
128 }
129
130 return ((err_source << 24) | (n & 0x00ffffff));
131 }
132
133 static int mem_realloc_cb(void *data, const void *buffer, size_t len)
134 {
135 membuf_t *mem = (membuf_t *)data;
136 void *p;
137
138 if (!buffer)
139 return 0;
140
141 if ((p = xrealloc(mem->buf, mem->len + len)) == NULL)
142 return 1;
143
144 mem->buf = p;
145 memcpy((char *)mem->buf + mem->len, buffer, len);
146 mem->len += len;
147 return 0;
148 }
149
150 static gpg_error_t assuan_command(struct pinentry_s *pin, char **result,
151 const char *cmd)
152 {
153 membuf_t data;
154 gpg_error_t rc;
155
156 data.len = 0;
157 data.buf = NULL;
158
159 rc = assuan_transact(pin->ctx, cmd, mem_realloc_cb, &data, NULL, NULL,
160 NULL, NULL);
161
162 if (rc) {
163 if (data.buf) {
164 xfree(data.buf);
165 data.buf = NULL;
166 }
167 }
168 else {
169 if (data.buf) {
170 mem_realloc_cb(&data, "", 1);
171 *result = (gchar *)data.buf;
172 }
173 }
174
175 return rc;
176 }
177
178 static gpg_error_t launch_pinentry(struct pinentry_s *pin)
179 {
180 int rc;
181 assuan_context_t ctx;
182 int child_list[] = {-1};
183 char *display = getenv("DISPLAY");
184 const char *argv[6];
185 int have_display = 0;
186 char *tty = NULL;
187
188 //update_pinentry_settings(pin);
189
190 if (pin->display || display)
191 have_display = 1;
192 else {
193 tty = pin->ttyname ? pin->ttyname : ttyname(STDOUT_FILENO);
194
195 if (!tty)
196 return _assuan_error(-1);
197
198 }
199
200 if (!display && !tty)
201 return _assuan_error(-1);
202
203 argv[0] = "pinentry";
204 argv[1] = have_display ? "--display" : "--ttyname";
205 argv[2] = have_display ? pin->display ? pin->display : display : tty;
206 argv[3] = NULL;
207
208 if (!have_display) {
209 argv[3] = "--ttytype";
210 argv[4] = pin->ttytype ? pin->ttytype : getenv("TERM");
211 argv[5] = NULL;
212 }
213
214 rc = assuan_pipe_connect(&ctx, pin->path ? pin->path : PINENTRY_PATH,
215 argv, child_list);
216
217 if (rc)
218 return _assuan_error(rc);
219
220 pin->pid = assuan_get_pid(ctx);
221 pin->ctx = ctx;
222 return set_pinentry_strings(pin, 0);
223 }
224
225 static gpg_error_t pinentry_command(struct pinentry_s *pin, gchar **result,
226 const gchar *cmd)
227 {
228 gpg_error_t error = 0;
229
230 if (!pin->ctx)
231 error = launch_pinentry(pin);
232
233 return error ? error : assuan_command(pin, result, cmd);
234 }
235
236 static gpg_error_t set_pinentry_strings(struct pinentry_s *pin, int which)
237 {
238 char *buf;
239 char tmp[ASSUAN_LINELENGTH];
240 gpg_error_t error;
241
242 if (!pin->title)
243 pin->title = xstrdup(N_("Password Manager Daemon"));
244
245 if (!pin->prompt)
246 pin->prompt = xstrdup(N_("Password:"));
247
248 if (!pin->desc && !which)
249 pin->desc = xstrdup(N_("Enter a password."));
250
251 if (which == 1) {
252 snprintf(tmp, sizeof(tmp), "SETERROR %s", N_("Invalid password, please try again."));
253 buf = xstrdup(tmp);
254 }
255 else if (which == 2) {
256 snprintf(tmp, sizeof(tmp), "SETERROR %s", N_("Please type the password again for confirmation."));
257 buf = xstrdup(tmp);
258 }
259 else {
260 buf = (char *)xmalloc(strlen("SETERROR ") + strlen(pin->desc) + 1);
261 sprintf(buf, "SETERROR %s", pin->desc);
262 }
263
264 error = pinentry_command(pin, NULL, buf);
265 xfree(buf);
266
267 if (error)
268 return error;
269
270 buf = (char *)xmalloc(strlen("SETPROMPT ") + strlen(pin->prompt) + 1);
271 sprintf(buf, "SETPROMPT %s", pin->prompt);
272 error = pinentry_command(pin, NULL, buf);
273 xfree(buf);
274
275 if (error)
276 return error;
277
278 buf = (char *)xmalloc(strlen("SETDESC ") + strlen(pin->title) + 1);
279 sprintf(buf, "SETDESC %s", pin->title);
280 error = pinentry_command(pin, NULL, buf);
281 xfree(buf);
282 return error;
283 }
284
285 static void pinentry_disconnect(struct pinentry_s *pin)
286 {
287 if (!pin)
288 return;
289
290 if (pin->ctx)
291 assuan_disconnect(pin->ctx);
292
293 pin->ctx = NULL;
294 pin->pid = 0;
295 }
296
297 static gpg_error_t do_getpin(struct pinentry_s *pin, char **result)
298 {
299 gpg_error_t error;
300
301 *result = NULL;
302 error = pinentry_command(pin, result, "GETPIN");
303
304 if (error)
305 error = _assuan_error(error);
306
307 if (!error && !*result)
308 error = EPWMD_KEY;
309
310 return error;
311 }
312
313 static gpg_error_t getpin(struct pinentry_s *pin, gchar **result, int which)
314 {
315 gpg_error_t error = set_pinentry_strings(pin, which);
316
317 if (error) {
318 pinentry_disconnect(pin);
319 return error;
320 }
321
322 error = do_getpin(pin, result);
323 pinentry_disconnect(pin);
324 return error;
325 }
326
327 static void catchsig(gint sig)
328 {
329 pinentry_key_s pk;
330
331 switch (sig) {
332 case SIGTERM:
333 case SIGALRM:
334 if (global_client->pinentry->pid) {
335 kill(SIGTERM, global_client->pinentry->pid);
336 global_client->pinentry->pid = 0;
337 }
338
339 memset(&pk, 0, sizeof(pk));
340 pk.error = sig == SIGTERM ? GPG_ERR_ASS_CANCELED : GPG_ERR_TIMEOUT;
341 pth_write(send_fd, &pk, sizeof(pk));
342 cleanup_pinentry(global_client->pinentry);
343 free_client(global_client);
344 _exit(1);
345 break;
346 }
347 }
348
349 gpg_error_t pinentry_fork(assuan_context_t ctx)
350 {
351 struct client_s *client = assuan_get_pointer(ctx);
352 gpg_error_t error;
353 gint p[2];
354 pid_t pid;
355 pinentry_key_s pk;
356 gsize len;
357 gchar *result;
358
359 if (pipe(p) == -1) {
360 error = gpg_error_from_syserror();
361 return send_error(ctx, error);
362 }
363
364 pid = pth_fork();
365
366 switch (pid) {
367 case -1:
368 error = gpg_error_from_syserror();
369 close(p[0]);
370 close(p[1]);
371 return send_error(ctx, error);
372 case 0:
373 signal(SIGALRM, catchsig);
374 signal(SIGTERM, catchsig);
375 close(p[0]);
376 send_fd = p[1];
377 global_client = client;
378 alarm(client->pinentry->timeout);
379 pk.error = getpin(client->pinentry, &result, 0);
380 cleanup_pinentry(client->pinentry);
381 free_client(client);
382
383 if (pk.error) {
384 len = pth_write(p[1], &pk, sizeof(pk));
385 memset(&pk, 0, sizeof(pk));
386 close(p[1]);
387
388 if (len != sizeof(pk))
389 log_write("%s(%i): write: len != sizeof(pk)", __FUNCTION__, __LINE__);
390
391 _exit(1);
392 }
393
394 pk.error = 0;
395 strncpy(pk.key, result, sizeof(pk.key));
396 xfree(result);
397 len = pth_write(p[1], &pk, sizeof(pk));
398 memset(&pk, 0, sizeof(pk));
399 close(p[1]);
400
401 if (len != sizeof(pk))
402 log_write("%s(%i): write: len != sizeof(pk)", __FUNCTION__, __LINE__);
403
404 _exit(0);
405 default:
406 client->pinentry->fd = p[0];
407 client->pinentry->pid = pid;
408 client->pinentry->status = PINENTRY_INIT;
409 break;
410 }
411
412 /*
413 * Don't call assuan_process_done() here. That should be done in
414 * open_command_finalize() after the key has been read().
415 */
416 return 0;
417 }
418
419 void cleanup_pinentry(struct pinentry_s *pin)
420 {
421 if (!pin)
422 return;
423
424 if (pin->ctx && pin->pid)
425 pinentry_disconnect(pin);
426
427 xfree(pin->ttyname);
428 xfree(pin->ttytype);
429 xfree(pin->desc);
430 xfree(pin->title);
431 xfree(pin->prompt);
432 xfree(pin->path);
433 xfree(pin->display);
434 xfree(pin);
435 }
436
437 void set_pinentry_defaults(struct pinentry_s *pin)
438 {
439 FILE *fp;
440 gchar buf[PATH_MAX];
441 struct passwd *pw = getpwuid(getuid());
442 gchar *p;
443
444 g_snprintf(buf, sizeof(buf), "%s/.pwmd/pinentry.conf", pw->pw_dir);
445 fp = fopen(buf, "r");
446
447 if (fp) {
448 while ((p = fgets(buf, sizeof(buf), fp)) != NULL) {
449 gchar name[32] = {0}, value[256] = {0};
450
451 if (*p == '#')
452 continue;
453
454 if (p[strlen(p)-1] == '\n')
455 p[strlen(p)-1] = 0;
456
457 if (sscanf(p, " %31[a-zA-Z] = %255s", name, value) != 2)
458 continue;
459
460 if (g_strcasecmp("TTYNAME", name) == 0)
461 pin->ttyname = xstrdup(value);
462 else if (g_strcasecmp("TTYTYPE", name) == 0)
463 pin->ttytype = xstrdup(value);
464 else if (g_strcasecmp("DISPLAY", name) == 0)
465 pin->display = xstrdup(value);
466 else if (g_strcasecmp("PATH", name) == 0)
467 pin->path = xstrdup(value);
468 }
469
470 fclose(fp);
471 }
472
473 pin->use = get_key_file_boolean("default", "enable_pinentry");
474 }
A server for managing passphrases and anything else.