| blob | c8d0ed46f4602974e65ac34d68ab28573c08ece3 |
1 /* call-pinentry.c - fork of the pinentry to query stuff from the user
2 * Copyright (C) 2001, 2002, 2004, 2007 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
20 #include <config.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <ctype.h>
26 #include <assert.h>
27 #include <unistd.h>
28 #include <sys/stat.h>
29 #ifndef HAVE_W32_SYSTEM
30 #include <sys/wait.h>
31 #endif
32 #include <pth.h>
33 #include <assuan.h>
39 #ifdef _POSIX_OPEN_MAX
40 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
41 #else
42 #define MAX_OPEN_FDS 20
43 #endif
46 /* Because access to the pinentry must be serialized (it is and shall
47 be a global mutual dialog) we should better timeout further
48 requests after some time. 2 minutes seem to be a reasonable
49 time. */
50 #define LOCK_TIMEOUT (1*60)
52 /* The assuan context of the current pinentry. */
55 /* The control variable of the connection owning the current pinentry.
56 This is only valid if ENTRY_CTX is not NULL. Note, that we care
57 only about the value of the pointer and that it should never be
58 dereferenced. */
61 /* A mutex used to serialize access to the pinentry. */
64 /* The thread ID of the popup working thread. */
67 /* A flag used in communication between the popup working thread and
68 its stop function. */
73 /* Data to be passed to our callbacks, */
74 struct entry_parm_s
75 {
79 };
83 \f
84 /* This function must be called once to initialize this module. This
85 has to be done before a second thread is spawned. We can't do the
86 static initialization because Pth emulation code might not be able
87 to do a static init; in particular, it is not possible for W32. */
88 void
90 {
94 {
97 }
98 }
102 static void
104 {
105 #ifdef _W32_PTH_H
107 #else
112 else
114 #endif
115 }
118 /* This function may be called to print infromation pertaining to the
119 current state of this module to the log. */
120 void
122 {
128 }
130 /* Called to make sure that a popup window owned by the current
131 connection gets closed. */
132 void
134 {
136 {
138 }
139 }
142 /* Unlock the pinentry so that another thread can start one and
143 disconnect that pinentry - we do this after the unlock so that a
144 stalled pinentry does not block other threads. Fixme: We should
145 have a timeout in Assuan for the disconnect operation. */
146 static int
148 {
153 {
157 }
160 }
163 /* To make sure we leave no secrets in our image after forking of the
164 pinentry, we use this callback. */
165 static void
167 {
171 {
177 }
178 }
181 /* Fork off the pin entry if this has not already been done. Note,
182 that this function must always be used to aquire the lock for the
183 pinentry - we will serialize _all_ pinentry calls.
184 */
185 static int
187 {
190 assuan_context_t ctx;
194 pth_event_t evt;
199 {
202 else
208 }
219 #ifdef HAVE_W32_SYSTEM
222 #endif
224 {
225 #ifndef HAVE_W32_SYSTEM
227 #endif
229 /* At least Windows XP fails here with EBADF. According to docs
230 and Wine an fflush(NULL) is the same as _flushall. However
231 the Wime implementaion does not flush stdin,stdout and stderr
232 - see above. Lets try to ignore the error. */
233 #ifndef HAVE_W32_SYSTEM
235 #endif
236 }
243 else
244 pgmname++;
246 /* OS X needs the entire file name in argv[0], so that it can locate
247 the resource bundle. For other systems we stick to the usual
248 convention of supplying only the name of the program. */
249 #ifdef __APPLE__
256 {
260 }
261 else
266 {
270 }
273 /* Connect to the pinentry and perform initial handshaking. Note
274 that atfork is used to change the environment for pinentry. */
278 {
282 }
294 {
299 NULL);
303 }
305 {
310 NULL);
313 }
315 {
320 NULL);
323 }
325 {
330 NULL);
333 }
336 /* Tell the pinentry the name of a file it shall touch after having
337 messed with the tty. This is optional and only supported by
338 newer pinentries and thus we do no error checking. */
345 {
349 ;
350 else
351 {
353 NULL);
355 }
356 }
359 }
361 /* Returns True is the pinentry is currently active. If WAITSECONDS is
362 greater than zero the function will wait for this many seconds
363 before returning. */
364 int
366 {
368 {
369 pth_event_t evt;
374 {
377 else
381 }
383 }
384 else
385 {
388 }
393 }
396 static int
398 {
404 /* we expect the pin to fit on one line */
408 /* fixme: we should make sure that the assuan buffer is allocated in
409 secure memory or read the response byte by byte */
414 }
417 static int
419 {
421 ;
423 }
426 /* Return a new malloced string by unescaping the string S. Escaping
427 is percent escaping and '+'/space mapping. A binary Nul will
428 silently be replaced by a 0xFF. Function returns NULL to indicate
429 an out of memory status. PArsing stops at the end of the string or
430 a white space character. */
433 {
440 {
442 {
443 s++;
447 d++;
449 }
451 {
453 s++;
454 }
455 else
457 }
460 }
463 /* Estimate the quality of the passphrase PW and return a value in the
464 range 0..100. */
465 static int
467 {
477 length ++;
482 }
485 /* Handle the QUALITY inquiry. */
486 static int
488 {
496 {
499 line++;
504 else
505 {
512 }
513 }
514 else
515 {
518 }
521 }
526 \f
527 /* Call the Entry and ask for the PIN. We do check for a valid PIN
528 number here and repeat it as long as we have invalid formed
529 numbers. */
530 int
535 {
556 else
576 /* If a passphrase quality indicator has been requested and a
577 minimum passphrase length has not been disabled, send the command
578 to the pinentry. */
580 {
584 /* TRANSLATORS: This string is displayed by pinentry as the
585 label for the quality bar. */
601 else
602 {
603 /* TRANSLATORS: This string is a tooltip, shown by pinentry
604 when hovering over the quality bar. Please use an
605 appropriate string to describe what this is about. The
606 length of the tooltip is limited to about 900 characters.
607 If you do not translate this entry, a default english
608 text (see source) will be used. */
612 "Please ask your administrator for "
614 }
627 }
630 {
637 }
640 {
647 {
648 /* TRANLATORS: The string is appended to an error message in
649 the pinentry. The %s is the actual error message, the
650 two %d give the current and maximum number of tries. */
659 }
663 /* Most pinentries out in the wild return the old Assuan error code
664 for canceled which gets translated to an assuan Cancel error and
665 not to the code for a user cancel. Fix this here. */
677 {
678 /* do some basic checks on the entered PIN. */
686 }
689 {
690 /* More checks by utilizing the optional callback. */
701 }
705 }
709 }
712 \f
713 /* Ask for the passphrase using the supplied arguments. The returned
714 passphrase needs to be freed by the caller. */
715 int
719 {
739 else
753 {
759 }
770 /* Most pinentries out in the wild return the old Assuan error code
771 for canceled which gets translated to an assuan Cancel error and
772 not to the code for a user cancel. Fix this here. */
777 else
780 }
783 \f
784 /* Pop up the PIN-entry, display the text and the prompt and ask the
785 user to confirm this. We return 0 for success, ie. the user
786 confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
787 other error. */
788 int
791 {
801 else
805 /* Most pinentries out in the wild return the old Assuan error code
806 for canceled which gets translated to an assuan Cancel error and
807 not to the code for a user cancel. Fix this here. */
815 {
821 }
823 {
829 }
836 }
839 \f
840 /* Pop up the PINentry, display the text DESC and a button with the
841 text OK_BTN (which may be NULL to use the default of "OK") and waut
842 for the user to hit this button. The return value is not
843 relevant. */
844 int
846 {
856 else
860 /* Most pinentries out in the wild return the old Assuan error code
861 for canceled which gets translated to an assuan Cancel error and
862 not to the code for a user cancel. Fix this here. */
870 {
877 }
885 }
888 /* The thread running the popup message. */
891 {
892 /* We use the --one-button hack instead of the MESSAGE command to
893 allow the use of old Pinentries. Those old Pinentries will then
894 show an additional Cancel button but that is mostly a visual
895 annoyance. */
900 }
903 /* Pop up a message window similar to the confirm one but keep it open
904 until agent_popup_message_stop has been called. It is crucial for
905 the caller to make sure that the stop function gets called as soon
906 as the message is not anymore required because the message is
907 system modal and all other attempts to use the pinentry will fail
908 (after a timeout). */
909 int
911 {
914 pth_attr_t tattr;
922 else
930 {
936 }
946 {
952 }
956 }
958 /* Close a popup window. */
959 void
961 {
963 pid_t pid;
966 {
969 }
976 #ifdef HAVE_W32_SYSTEM
977 /* Older versions of assuan set PID to 0 on Windows to indicate an
978 invalid value. */
981 {
984 /* Arbitrary error code. */
986 }
987 #else
990 because we already waited for the process, we need to tell
991 assuan that it should not wait again (done by
992 unlock_pinentry). */
995 }
998 interaction of SIGINT with Pth. */
999 #endif
1001 /* Now wait for the thread to terminate. */
1009 /* Now we can close the connection. */
1011 }