| blob | 172a88914a6dd9cc799f125885e513824f873d1f |
1 /* call-pinentry.c - fork of the pinentry to query stuff from the user
2 * Copyright (C) 2001, 2002, 2004, 2007, 2008 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
20 #include <config.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <ctype.h>
26 #include <assert.h>
27 #include <unistd.h>
28 #include <sys/stat.h>
29 #ifndef HAVE_W32_SYSTEM
30 # include <sys/wait.h>
31 # include <sys/types.h>
32 # include <signal.h>
33 #endif
34 #include <pth.h>
37 #include <assuan.h>
41 #ifdef _POSIX_OPEN_MAX
42 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
43 #else
44 #define MAX_OPEN_FDS 20
45 #endif
48 /* Because access to the pinentry must be serialized (it is and shall
49 be a global mutual dialog) we should better timeout further
50 requests after some time. 2 minutes seem to be a reasonable
51 time. */
52 #define LOCK_TIMEOUT (1*60)
54 /* The assuan context of the current pinentry. */
57 /* The control variable of the connection owning the current pinentry.
58 This is only valid if ENTRY_CTX is not NULL. Note, that we care
59 only about the value of the pointer and that it should never be
60 dereferenced. */
63 /* A mutex used to serialize access to the pinentry. */
66 /* The thread ID of the popup working thread. */
69 /* A flag used in communication between the popup working thread and
70 its stop function. */
75 /* Data to be passed to our callbacks, */
76 struct entry_parm_s
77 {
81 };
85 \f
86 /* This function must be called once to initialize this module. This
87 has to be done before a second thread is spawned. We can't do the
88 static initialization because Pth emulation code might not be able
89 to do a static init; in particular, it is not possible for W32. */
90 void
92 {
96 {
99 }
100 }
104 static void
106 {
107 #ifdef _W32_PTH_H
110 #else
115 else
117 #endif
118 }
121 /* This function may be called to print infromation pertaining to the
122 current state of this module to the log. */
123 void
125 {
131 }
133 /* Called to make sure that a popup window owned by the current
134 connection gets closed. */
135 void
137 {
139 {
141 }
142 }
145 /* Unlock the pinentry so that another thread can start one and
146 disconnect that pinentry - we do this after the unlock so that a
147 stalled pinentry does not block other threads. Fixme: We should
148 have a timeout in Assuan for the disconnect operation. */
149 static int
151 {
156 {
160 }
163 }
166 /* To make sure we leave no secrets in our image after forking of the
167 pinentry, we use this callback. */
168 static void
170 {
174 {
181 {
182 /* For all new envvars (!ASSNAME) and the two medium old
183 ones which do have an assuan name but are conveyed using
184 environment variables, update the environment of the
185 forked process. */
189 {
193 }
194 }
195 }
196 }
199 static gpg_error_t
201 {
205 /* There is only the pid in the server's response. */
209 {
213 }
215 }
217 /* Fork off the pin entry if this has not already been done. Note,
218 that this function must always be used to aquire the lock for the
219 pinentry - we will serialize _all_ pinentry calls.
220 */
221 static int
223 {
226 assuan_context_t ctx;
230 pth_event_t evt;
237 {
240 else
246 }
257 #ifdef HAVE_W32_SYSTEM
260 #endif
262 {
263 #ifndef HAVE_W32_SYSTEM
265 #endif
267 /* At least Windows XP fails here with EBADF. According to docs
268 and Wine an fflush(NULL) is the same as _flushall. However
269 the Wime implementaion does not flush stdin,stdout and stderr
270 - see above. Lets try to ignore the error. */
271 #ifndef HAVE_W32_SYSTEM
273 #endif
274 }
281 else
282 pgmname++;
284 /* OS X needs the entire file name in argv[0], so that it can locate
285 the resource bundle. For other systems we stick to the usual
286 convention of supplying only the name of the program. */
287 #ifdef __APPLE__
295 {
299 }
300 else
305 {
309 }
314 {
317 }
319 /* Connect to the pinentry and perform initial handshaking. Note
320 that atfork is used to change the environment for pinentry. We
321 start the server in detached mode to suppress the console window
322 under Windows. */
326 {
331 }
345 {
350 NULL);
354 }
357 {
362 NULL);
365 }
367 {
372 NULL);
375 }
377 {
382 NULL);
385 }
388 /* Tell the pinentry the name of a file it shall touch after having
389 messed with the tty. This is optional and only supported by
390 newer pinentries and thus we do no error checking. */
397 {
401 ;
402 else
403 {
405 NULL);
407 }
408 }
411 /* Now ask the Pinentry for its PID. If the Pinentry is new enough
412 it will send the pid back and we will use an inquire to notify
413 our client. The client may answer the inquiry either with END or
414 with CAN to cancel the pinentry. */
419 {
422 }
425 else
426 {
431 }
434 }
437 /* Returns True is the pinentry is currently active. If WAITSECONDS is
438 greater than zero the function will wait for this many seconds
439 before returning. */
440 int
442 {
446 {
447 pth_event_t evt;
452 {
455 else
459 }
461 }
462 else
463 {
466 }
471 }
474 static gpg_error_t
476 {
482 /* we expect the pin to fit on one line */
486 /* fixme: we should make sure that the assuan buffer is allocated in
487 secure memory or read the response byte by byte */
492 }
495 static int
497 {
499 ;
501 }
504 /* Return a new malloced string by unescaping the string S. Escaping
505 is percent escaping and '+'/space mapping. A binary Nul will
506 silently be replaced by a 0xFF. Function returns NULL to indicate
507 an out of memory status. PArsing stops at the end of the string or
508 a white space character. */
511 {
518 {
520 {
521 s++;
525 d++;
527 }
529 {
531 s++;
532 }
533 else
535 }
538 }
541 /* Estimate the quality of the passphrase PW and return a value in the
542 range 0..100. */
543 static int
545 {
555 length ++;
560 }
563 /* Handle the QUALITY inquiry. */
564 static gpg_error_t
566 {
574 {
577 line++;
582 else
583 {
590 }
591 }
592 else
593 {
596 }
599 }
602 /* Helper for agent_askpin and agent_get_passphrase. */
603 static int
605 {
611 /* TRANSLATORS: This string is displayed by Pinentry as the label
612 for the quality bar. */
627 else
628 {
629 /* TRANSLATORS: This string is a tooltip, shown by pinentry when
630 hovering over the quality bar. Please use an appropriate
631 string to describe what this is about. The length of the
632 tooltip is limited to about 900 characters. If you do not
633 translate this entry, a default english text (see source)
634 will be used. */
638 "Please ask your administrator for "
640 }
654 }
657 \f
658 /* Call the Entry and ask for the PIN. We do check for a valid PIN
659 number here and repeat it as long as we have invalid formed
660 numbers. */
661 int
666 {
687 else
707 /* If a passphrase quality indicator has been requested and a
708 minimum passphrase length has not been disabled, send the command
709 to the pinentry. */
711 {
715 }
718 {
725 }
728 {
735 {
736 /* TRANLATORS: The string is appended to an error message in
737 the pinentry. The %s is the actual error message, the
738 two %d give the current and maximum number of tries. */
747 }
751 /* Most pinentries out in the wild return the old Assuan error code
752 for canceled which gets translated to an assuan Cancel error and
753 not to the code for a user cancel. Fix this here. */
765 {
766 /* do some basic checks on the entered PIN. */
774 }
777 {
778 /* More checks by utilizing the optional callback. */
789 }
793 }
797 }
800 \f
801 /* Ask for the passphrase using the supplied arguments. The returned
802 passphrase needs to be freed by the caller. */
803 int
807 {
827 else
841 {
845 }
848 {
854 }
865 /* Most pinentries out in the wild return the old Assuan error code
866 for canceled which gets translated to an assuan Cancel error and
867 not to the code for a user cancel. Fix this here. */
872 else
875 }
878 \f
879 /* Pop up the PIN-entry, display the text and the prompt and ask the
880 user to confirm this. We return 0 for success, ie. the user
881 confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
882 other error. If WITH_CANCEL it true an extra cancel button is
883 displayed to allow the user to easily return a GPG_ERR_CANCELED.
884 if the Pinentry does not support this, the user can still cancel by
885 closing the Pinentry window. */
886 int
890 {
900 else
904 /* Most pinentries out in the wild return the old Assuan error code
905 for canceled which gets translated to an assuan Cancel error and
906 not to the code for a user cancel. Fix this here. */
914 {
921 }
923 {
924 /* Try to use the newer NOTOK feature if a cancel button is
925 requested. If no cacnel button is requested we keep on using
926 the standard cancel. */
928 {
933 }
934 else
938 {
943 }
946 }
954 }
957 \f
958 /* Pop up the PINentry, display the text DESC and a button with the
959 text OK_BTN (which may be NULL to use the default of "OK") and waut
960 for the user to hit this button. The return value is not
961 relevant. */
962 int
964 {
974 else
978 /* Most pinentries out in the wild return the old Assuan error code
979 for canceled which gets translated to an assuan Cancel error and
980 not to the code for a user cancel. Fix this here. */
988 {
995 }
1003 }
1006 /* The thread running the popup message. */
1009 {
1012 /* We use the --one-button hack instead of the MESSAGE command to
1013 allow the use of old Pinentries. Those old Pinentries will then
1014 show an additional Cancel button but that is mostly a visual
1015 annoyance. */
1020 }
1023 /* Pop up a message window similar to the confirm one but keep it open
1024 until agent_popup_message_stop has been called. It is crucial for
1025 the caller to make sure that the stop function gets called as soon
1026 as the message is not anymore required because the message is
1027 system modal and all other attempts to use the pinentry will fail
1028 (after a timeout). */
1029 int
1031 {
1034 pth_attr_t tattr;
1042 else
1050 {
1056 }
1066 {
1072 }
1076 }
1078 /* Close a popup window. */
1079 void
1081 {
1083 pid_t pid;
1088 {
1091 }
1098 #ifdef HAVE_W32_SYSTEM
1099 /* Older versions of assuan set PID to 0 on Windows to indicate an
1100 invalid value. */
1103 {
1106 /* Arbitrary error code. */
1108 }
1109 #else
1112 because we already waited for the process, we need to tell
1113 assuan that it should not wait again (done by
1114 unlock_pinentry). */
1117 }
1120 interaction of SIGINT with Pth. */
1121 #endif
1123 /* Now wait for the thread to terminate. */
1131 /* Now we can close the connection. */
1133 }