search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix i18n bug.
[gnupg.git] / g10 / card-util.c
blobf825034b6e45f8fb77b44d5339793c2615cfa43d
1 /* card-util.c - Utility functions for the OpenPGP card.
2 * Copyright (C) 2003, 2004, 2005, 2009 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <config.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <errno.h>
25 #include <assert.h>
26
27 #if GNUPG_MAJOR_VERSION != 1
28 # include "gpg.h"
29 #endif /*GNUPG_MAJOR_VERSION != 1*/
30 #include "util.h"
31 #include "i18n.h"
32 #include "ttyio.h"
33 #include "status.h"
34 #include "options.h"
35 #include "main.h"
36 #include "keyserver-internal.h"
37 #if GNUPG_MAJOR_VERSION == 1
38 # ifdef HAVE_LIBREADLINE
39 # define GNUPG_LIBREADLINE_H_INCLUDED
40 # include <stdio.h>
41 # include <readline/readline.h>
42 # endif /*HAVE_LIBREADLINE*/
43 # include "cardglue.h"
44 #else /*GNUPG_MAJOR_VERSION!=1*/
45 # include "call-agent.h"
46 #endif /*GNUPG_MAJOR_VERSION!=1*/
47
48 #define CONTROL_D ('D' - 'A' + 1)
49
50
51 static void
52 write_sc_op_status (gpg_error_t err)
53 {
54 switch (gpg_err_code (err))
55 {
56 case 0:
57 write_status (STATUS_SC_OP_SUCCESS);
58 break;
59 #if GNUPG_MAJOR_VERSION != 1
60 case GPG_ERR_CANCELED:
61 write_status_text (STATUS_SC_OP_FAILURE, "1");
62 break;
63 case GPG_ERR_BAD_PIN:
64 write_status_text (STATUS_SC_OP_FAILURE, "2");
65 break;
66 default:
67 write_status (STATUS_SC_OP_FAILURE);
68 break;
69 #endif /* GNUPG_MAJOR_VERSION != 1 */
70 }
71 }
72
73
74 /* Change the PIN of a an OpenPGP card. This is an interactive
75 function. */
76 void
77 change_pin (int unblock_v2, int allow_admin)
78 {
79 struct agent_card_info_s info;
80 int rc;
81
82 rc = agent_learn (&info);
83 if (rc)
84 {
85 log_error (_("OpenPGP card not available: %s\n"),
86 gpg_strerror (rc));
87 return;
88 }
89
90 log_info (_("OpenPGP card no. %s detected\n"),
91 info.serialno? info.serialno : "[none]");
92
93 agent_clear_pin_cache (info.serialno);
94
95 if (opt.batch)
96 {
97 agent_release_card_info (&info);
98 log_error (_("can't do this in batch mode\n"));
99 return;
100 }
101
102
103 if (unblock_v2)
104 {
105 if (!info.is_v2)
106 log_error (_("This command is only available for version 2 cards\n"));
107 else if (!info.chvretry[1])
108 log_error (_("Reset Code not or not anymore available\n"));
109 else
110 {
111 rc = agent_scd_change_pin (2, info.serialno);
112 write_sc_op_status (rc);
113 if (rc)
114 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
115 else
116 tty_printf ("PIN changed.\n");
117 }
118 }
119 else if (!allow_admin)
120 {
121 rc = agent_scd_change_pin (1, info.serialno);
122 write_sc_op_status (rc);
123 if (rc)
124 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
125 else
126 tty_printf ("PIN changed.\n");
127 }
128 else
129 for (;;)
130 {
131 char *answer;
132
133 tty_printf ("\n");
134 tty_printf ("1 - change PIN\n"
135 "2 - unblock PIN\n"
136 "3 - change Admin PIN\n"
137 "4 - set the Reset Code\n"
138 "Q - quit\n");
139 tty_printf ("\n");
140
141 answer = cpr_get("cardutil.change_pin.menu",_("Your selection? "));
142 cpr_kill_prompt();
143 if (strlen (answer) != 1)
144 continue;
145
146 rc = 0;
147 if (*answer == '1')
148 {
149 /* Change PIN. */
150 rc = agent_scd_change_pin (1, info.serialno);
151 write_sc_op_status (rc);
152 if (rc)
153 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
154 else
155 tty_printf ("PIN changed.\n");
156 }
157 else if (*answer == '2')
158 {
159 /* Unblock PIN. */
160 rc = agent_scd_change_pin (101, info.serialno);
161 write_sc_op_status (rc);
162 if (rc)
163 tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc));
164 else
165 tty_printf ("PIN unblocked and new PIN set.\n");
166 }
167 else if (*answer == '3')
168 {
169 /* Change Admin PIN. */
170 rc = agent_scd_change_pin (3, info.serialno);
171 write_sc_op_status (rc);
172 if (rc)
173 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
174 else
175 tty_printf ("PIN changed.\n");
176 }
177 else if (*answer == '4')
178 {
179 /* Set a new Reset Code. */
180 rc = agent_scd_change_pin (102, info.serialno);
181 write_sc_op_status (rc);
182 if (rc)
183 tty_printf ("Error setting the Reset Code: %s\n",
184 gpg_strerror (rc));
185 else
186 tty_printf ("Reset Code set.\n");
187 }
188 else if (*answer == 'q' || *answer == 'Q')
189 {
190 break;
191 }
192 }
193
194 agent_release_card_info (&info);
195 }
196
197 static const char *
198 get_manufacturer (unsigned int no)
199 {
200 /* Note: Make sure that there is no colon or linefeed in the string. */
201 switch (no)
202 {
203 case 0x0001: return "PPC Card Systems";
204 case 0x0002: return "Prism";
205 case 0x0003: return "OpenFortress";
206 case 0x0004: return "Wewid AB";
207 case 0x0005: return "ZeitControl";
208
209 case 0x002A: return "Magrathea";
210 /* 0x00000 and 0xFFFF are defined as test cards per spec,
211 0xFFF00 to 0xFFFE are assigned for use with randomly created
212 serial numbers. */
213 case 0x0000:
214 case 0xffff: return "test card";
215 default: return (no & 0xff00) == 0xff00? "unmanaged S/N range":"unknown";
216 }
217 }
218
219
220 static void
221 print_sha1_fpr (FILE *fp, const unsigned char *fpr)
222 {
223 int i;
224
225 if (fpr)
226 {
227 for (i=0; i < 20 ; i+=2, fpr += 2 )
228 {
229 if (i == 10 )
230 tty_fprintf (fp, " ");
231 tty_fprintf (fp, " %02X%02X", *fpr, fpr[1]);
232 }
233 }
234 else
235 tty_fprintf (fp, " [none]");
236 tty_fprintf (fp, "\n");
237 }
238
239
240 static void
241 print_sha1_fpr_colon (FILE *fp, const unsigned char *fpr)
242 {
243 int i;
244
245 if (fpr)
246 {
247 for (i=0; i < 20 ; i++, fpr++)
248 fprintf (fp, "%02X", *fpr);
249 }
250 putc (':', fp);
251 }
252
253
254 static void
255 print_name (FILE *fp, const char *text, const char *name)
256 {
257 tty_fprintf (fp, "%s", text);
258
259 /* FIXME: tty_printf_utf8_string2 eats everything after and
260 including an @ - e.g. when printing an url. */
261 if (name && *name)
262 {
263 if (fp)
264 print_utf8_string2 (fp, name, strlen (name), '\n');
265 else
266 tty_print_utf8_string2 (name, strlen (name), 0);
267 }
268 else
269 tty_fprintf (fp, _("[not set]"));
270 tty_fprintf (fp, "\n");
271 }
272
273 static void
274 print_isoname (FILE *fp, const char *text, const char *tag, const char *name)
275 {
276 if (opt.with_colons)
277 fprintf (fp, "%s:", tag);
278 else
279 tty_fprintf (fp, "%s", text);
280
281 if (name && *name)
282 {
283 char *p, *given, *buf = xstrdup (name);
284
285 given = strstr (buf, "<<");
286 for (p=buf; *p; p++)
287 if (*p == '<')
288 *p = ' ';
289 if (given && given[2])
290 {
291 *given = 0;
292 given += 2;
293 if (opt.with_colons)
294 print_string (fp, given, strlen (given), ':');
295 else if (fp)
296 print_utf8_string2 (fp, given, strlen (given), '\n');
297 else
298 tty_print_utf8_string2 (given, strlen (given), 0);
299
300 if (opt.with_colons)
301 putc (':', fp);
302 else if (*buf)
303 tty_fprintf (fp, " ");
304 }
305
306 if (opt.with_colons)
307 print_string (fp, buf, strlen (buf), ':');
308 else if (fp)
309 print_utf8_string2 (fp, buf, strlen (buf), '\n');
310 else
311 tty_print_utf8_string2 (buf, strlen (buf), 0);
312 xfree (buf);
313 }
314 else
315 {
316 if (opt.with_colons)
317 putc (':', fp);
318 else
319 tty_fprintf (fp, _("[not set]"));
320 }
321
322 if (opt.with_colons)
323 fputs (":\n", fp);
324 else
325 tty_fprintf (fp, "\n");
326 }
327
328 /* Return true if the SHA1 fingerprint FPR consists only of zeroes. */
329 static int
330 fpr_is_zero (const char *fpr)
331 {
332 int i;
333
334 for (i=0; i < 20 && !fpr[i]; i++)
335 ;
336 return (i == 20);
337 }
338
339
340 /* Return true if the SHA1 fingerprint FPR consists only of 0xFF. */
341 static int
342 fpr_is_ff (const char *fpr)
343 {
344 int i;
345
346 for (i=0; i < 20 && fpr[i] == '\xff'; i++)
347 ;
348 return (i == 20);
349 }
350
351
352 /* Print all available information about the current card. */
353 void
354 card_status (FILE *fp, char *serialno, size_t serialnobuflen)
355 {
356 struct agent_card_info_s info;
357 PKT_public_key *pk = xcalloc (1, sizeof *pk);
358 int rc;
359 unsigned int uval;
360 const unsigned char *thefpr;
361 int i;
362
363 if (serialno && serialnobuflen)
364 *serialno = 0;
365
366 rc = agent_learn (&info);
367 if (rc)
368 {
369 if (opt.with_colons)
370 fputs ("AID:::\n", fp);
371 log_error (_("OpenPGP card not available: %s\n"),
372 gpg_strerror (rc));
373 xfree (pk);
374 return;
375 }
376
377 if (opt.with_colons)
378 fprintf (fp, "AID:%s:", info.serialno? info.serialno : "");
379 else
380 tty_fprintf (fp, "Application ID ...: %s\n",
381 info.serialno? info.serialno : "[none]");
382 if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
383 || strlen (info.serialno) != 32 )
384 {
385 if (info.apptype && !strcmp (info.apptype, "NKS"))
386 {
387 if (opt.with_colons)
388 fputs ("netkey-card:\n", fp);
389 log_info ("this is a NetKey card\n");
390 }
391 else if (info.apptype && !strcmp (info.apptype, "DINSIG"))
392 {
393 if (opt.with_colons)
394 fputs ("dinsig-card:\n", fp);
395 log_info ("this is a DINSIG compliant card\n");
396 }
397 else if (info.apptype && !strcmp (info.apptype, "P15"))
398 {
399 if (opt.with_colons)
400 fputs ("pkcs15-card:\n", fp);
401 log_info ("this is a PKCS#15 compliant card\n");
402 }
403 else if (info.apptype && !strcmp (info.apptype, "GELDKARTE"))
404 {
405 if (opt.with_colons)
406 fputs ("geldkarte-card:\n", fp);
407 log_info ("this is a Geldkarte compliant card\n");
408 }
409 else
410 {
411 if (opt.with_colons)
412 fputs ("unknown:\n", fp);
413 }
414 log_info ("not an OpenPGP card\n");
415 agent_release_card_info (&info);
416 xfree (pk);
417 return;
418 }
419
420 if (!serialno)
421 ;
422 else if (strlen (serialno)+1 > serialnobuflen)
423 log_error ("serial number longer than expected\n");
424 else
425 strcpy (serialno, info.serialno);
426
427 if (opt.with_colons)
428 fputs ("openpgp-card:\n", fp);
429
430
431 if (opt.with_colons)
432 {
433 fprintf (fp, "version:%.4s:\n", info.serialno+12);
434 uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
435 fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval));
436 fprintf (fp, "serial:%.8s:\n", info.serialno+20);
437
438 print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
439
440 fputs ("lang:", fp);
441 if (info.disp_lang)
442 print_string (fp, info.disp_lang, strlen (info.disp_lang), ':');
443 fputs (":\n", fp);
444
445 fprintf (fp, "sex:%c:\n", (info.disp_sex == 1? 'm':
446 info.disp_sex == 2? 'f' : 'u'));
447
448 fputs ("url:", fp);
449 if (info.pubkey_url)
450 print_string (fp, info.pubkey_url, strlen (info.pubkey_url), ':');
451 fputs (":\n", fp);
452
453 fputs ("login:", fp);
454 if (info.login_data)
455 print_string (fp, info.login_data, strlen (info.login_data), ':');
456 fputs (":\n", fp);
457
458 fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
459 for (i=0; i < DIM (info.key_attr); i++)
460 if (info.key_attr[0].algo)
461 fprintf (fp, "keyattr:%d:%d:%u:\n", i+1,
462 info.key_attr[i].algo, info.key_attr[i].nbits);
463 fprintf (fp, "maxpinlen:%d:%d:%d:\n",
464 info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
465 fprintf (fp, "pinretry:%d:%d:%d:\n",
466 info.chvretry[0], info.chvretry[1], info.chvretry[2]);
467 fprintf (fp, "sigcount:%lu:::\n", info.sig_counter);
468
469 for (i=0; i < 4; i++)
470 {
471 if (info.private_do[i])
472 {
473 fprintf (fp, "private_do:%d:", i+1);
474 print_string (fp, info.private_do[i],
475 strlen (info.private_do[i]), ':');
476 fputs (":\n", fp);
477 }
478 }
479
480 fputs ("cafpr:", fp);
481 print_sha1_fpr_colon (fp, info.cafpr1valid? info.cafpr1:NULL);
482 print_sha1_fpr_colon (fp, info.cafpr2valid? info.cafpr2:NULL);
483 print_sha1_fpr_colon (fp, info.cafpr3valid? info.cafpr3:NULL);
484 putc ('\n', fp);
485 fputs ("fpr:", fp);
486 print_sha1_fpr_colon (fp, info.fpr1valid? info.fpr1:NULL);
487 print_sha1_fpr_colon (fp, info.fpr2valid? info.fpr2:NULL);
488 print_sha1_fpr_colon (fp, info.fpr3valid? info.fpr3:NULL);
489 putc ('\n', fp);
490 fprintf (fp, "fprtime:%lu:%lu:%lu:\n",
491 (unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
492 (unsigned long)info.fpr3time);
493 }
494 else
495 {
496 tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
497 info.serialno[12] == '0'?"":info.serialno+12,
498 info.serialno[13],
499 info.serialno[14] == '0'?"":info.serialno+14,
500 info.serialno[15]);
501 tty_fprintf (fp, "Manufacturer .....: %s\n",
502 get_manufacturer (xtoi_2(info.serialno+16)*256
503 + xtoi_2 (info.serialno+18)));
504 tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
505
506 print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
507 print_name (fp, "Language prefs ...: ", info.disp_lang);
508 tty_fprintf (fp, "Sex ..............: %s\n",
509 info.disp_sex == 1? _("male"):
510 info.disp_sex == 2? _("female") : _("unspecified"));
511 print_name (fp, "URL of public key : ", info.pubkey_url);
512 print_name (fp, "Login data .......: ", info.login_data);
513 if (info.private_do[0])
514 print_name (fp, "Private DO 1 .....: ", info.private_do[0]);
515 if (info.private_do[1])
516 print_name (fp, "Private DO 2 .....: ", info.private_do[1]);
517 if (info.private_do[2])
518 print_name (fp, "Private DO 3 .....: ", info.private_do[2]);
519 if (info.private_do[3])
520 print_name (fp, "Private DO 4 .....: ", info.private_do[3]);
521 if (info.cafpr1valid)
522 {
523 tty_fprintf (fp, "CA fingerprint %d .:", 1);
524 print_sha1_fpr (fp, info.cafpr1);
525 }
526 if (info.cafpr2valid)
527 {
528 tty_fprintf (fp, "CA fingerprint %d .:", 2);
529 print_sha1_fpr (fp, info.cafpr2);
530 }
531 if (info.cafpr3valid)
532 {
533 tty_fprintf (fp, "CA fingerprint %d .:", 3);
534 print_sha1_fpr (fp, info.cafpr3);
535 }
536 tty_fprintf (fp, "Signature PIN ....: %s\n",
537 info.chv1_cached? _("not forced"): _("forced"));
538 if (info.key_attr[0].algo)
539 {
540 tty_fprintf (fp, "Key attributes ...:");
541 for (i=0; i < DIM (info.key_attr); i++)
542 tty_fprintf (fp, " %u%c",
543 info.key_attr[i].nbits,
544 info.key_attr[i].algo == 1? 'R':
545 info.key_attr[i].algo == 17? 'D': '?');
546 tty_fprintf (fp, "\n");
547 }
548 tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
549 info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
550 tty_fprintf (fp, "PIN retry counter : %d %d %d\n",
551 info.chvretry[0], info.chvretry[1], info.chvretry[2]);
552 tty_fprintf (fp, "Signature counter : %lu\n", info.sig_counter);
553 tty_fprintf (fp, "Signature key ....:");
554 print_sha1_fpr (fp, info.fpr1valid? info.fpr1:NULL);
555 if (info.fpr1valid && info.fpr1time)
556 tty_fprintf (fp, " created ....: %s\n",
557 isotimestamp (info.fpr1time));
558 tty_fprintf (fp, "Encryption key....:");
559 print_sha1_fpr (fp, info.fpr2valid? info.fpr2:NULL);
560 if (info.fpr2valid && info.fpr2time)
561 tty_fprintf (fp, " created ....: %s\n",
562 isotimestamp (info.fpr2time));
563 tty_fprintf (fp, "Authentication key:");
564 print_sha1_fpr (fp, info.fpr3valid? info.fpr3:NULL);
565 if (info.fpr3valid && info.fpr3time)
566 tty_fprintf (fp, " created ....: %s\n",
567 isotimestamp (info.fpr3time));
568 tty_fprintf (fp, "General key info..: ");
569
570 thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
571 info.fpr3valid? info.fpr3 : NULL);
572 /* If the fingerprint is all 0xff, the key has no asssociated
573 OpenPGP certificate. */
574 if ( thefpr && !fpr_is_ff (thefpr)
575 && !get_pubkey_byfprint (pk, thefpr, 20))
576 {
577 KBNODE keyblock = NULL;
578
579 print_pubkey_info (fp, pk);
580
581 if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
582 print_card_key_info (fp, keyblock);
583 else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) )
584 {
585 release_kbnode (keyblock);
586 keyblock = NULL;
587
588 if (!auto_create_card_key_stub (info.serialno,
589 info.fpr1valid? info.fpr1:NULL,
590 info.fpr2valid? info.fpr2:NULL,
591 info.fpr3valid? info.fpr3:NULL))
592 {
593 if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
594 print_card_key_info (fp, keyblock);
595 }
596 }
597
598 release_kbnode (keyblock);
599 }
600 else
601 tty_fprintf (fp, "[none]\n");
602 }
603
604 free_public_key (pk);
605 agent_release_card_info (&info);
606 }
607
608
609 static char *
610 get_one_name (const char *prompt1, const char *prompt2)
611 {
612 char *name;
613 int i;
614
615 for (;;)
616 {
617 name = cpr_get (prompt1, prompt2);
618 if (!name)
619 return NULL;
620 trim_spaces (name);
621 cpr_kill_prompt ();
622 for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++)
623 ;
624
625 /* The name must be in Latin-1 and not UTF-8 - lacking the code
626 to ensure this we restrict it to ASCII. */
627 if (name[i])
628 tty_printf (_("Error: Only plain ASCII is currently allowed.\n"));
629 else if (strchr (name, '<'))
630 tty_printf (_("Error: The \"<\" character may not be used.\n"));
631 else if (strstr (name, " "))
632 tty_printf (_("Error: Double spaces are not allowed.\n"));
633 else
634 return name;
635 xfree (name);
636 }
637 }
638
639
640
641 static int
642 change_name (void)
643 {
644 char *surname = NULL, *givenname = NULL;
645 char *isoname, *p;
646 int rc;
647
648 surname = get_one_name ("keygen.smartcard.surname",
649 _("Cardholder's surname: "));
650 givenname = get_one_name ("keygen.smartcard.givenname",
651 _("Cardholder's given name: "));
652 if (!surname || !givenname || (!*surname && !*givenname))
653 {
654 xfree (surname);
655 xfree (givenname);
656 return -1; /*canceled*/
657 }
658
659 isoname = xmalloc ( strlen (surname) + 2 + strlen (givenname) + 1);
660 strcpy (stpcpy (stpcpy (isoname, surname), "<<"), givenname);
661 xfree (surname);
662 xfree (givenname);
663 for (p=isoname; *p; p++)
664 if (*p == ' ')
665 *p = '<';
666
667 if (strlen (isoname) > 39 )
668 {
669 tty_printf (_("Error: Combined name too long "
670 "(limit is %d characters).\n"), 39);
671 xfree (isoname);
672 return -1;
673 }
674
675 rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname), NULL );
676 if (rc)
677 log_error ("error setting Name: %s\n", gpg_strerror (rc));
678
679 xfree (isoname);
680 return rc;
681 }
682
683
684 static int
685 change_url (void)
686 {
687 char *url;
688 int rc;
689
690 url = cpr_get ("cardedit.change_url", _("URL to retrieve public key: "));
691 if (!url)
692 return -1;
693 trim_spaces (url);
694 cpr_kill_prompt ();
695
696 if (strlen (url) > 254 )
697 {
698 tty_printf (_("Error: URL too long "
699 "(limit is %d characters).\n"), 254);
700 xfree (url);
701 return -1;
702 }
703
704 rc = agent_scd_setattr ("PUBKEY-URL", url, strlen (url), NULL );
705 if (rc)
706 log_error ("error setting URL: %s\n", gpg_strerror (rc));
707 xfree (url);
708 write_sc_op_status (rc);
709 return rc;
710 }
711
712
713 /* Fetch the key from the URL given on the card or try to get it from
714 the default keyserver. */
715 static int
716 fetch_url(void)
717 {
718 int rc;
719 struct agent_card_info_s info;
720
721 memset(&info,0,sizeof(info));
722
723 rc=agent_scd_getattr("PUBKEY-URL",&info);
724 if(rc)
725 log_error("error retrieving URL from card: %s\n",gpg_strerror(rc));
726 else
727 {
728 struct keyserver_spec *spec=NULL;
729
730 rc=agent_scd_getattr("KEY-FPR",&info);
731 if(rc)
732 log_error("error retrieving key fingerprint from card: %s\n",
733 gpg_strerror(rc));
734 else if (info.pubkey_url && *info.pubkey_url)
735 {
736 spec=parse_keyserver_uri(info.pubkey_url,1,NULL,0);
737 if(spec && info.fpr1valid)
738 {
739 /* This is not perfectly right. Currently, all card
740 fingerprints are 20 digits, but what about
741 fingerprints for a future v5 key? We should get the
742 length from somewhere lower in the code. In any
743 event, the fpr/keyid is not meaningful for straight
744 HTTP fetches, but using it allows the card to point
745 to HKP and LDAP servers as well. */
746 rc=keyserver_import_fprint(info.fpr1,20,spec);
747 free_keyserver_spec(spec);
748 }
749 }
750 else if (info.fpr1valid)
751 {
752 rc = keyserver_import_fprint (info.fpr1, 20, opt.keyserver);
753 }
754 }
755
756 return rc;
757 }
758
759
760 /* Read data from file FNAME up to MAXLEN characters. On error return
761 -1 and store NULL at R_BUFFER; on success return the number of
762 bytes read and store the address of a newly allocated buffer at
763 R_BUFFER. */
764 static int
765 get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
766 {
767 FILE *fp;
768 char *data;
769 int n;
770
771 *r_buffer = NULL;
772
773 fp = fopen (fname, "rb");
774 #if GNUPG_MAJOR_VERSION == 1
775 if (fp && is_secured_file (fileno (fp)))
776 {
777 fclose (fp);
778 fp = NULL;
779 errno = EPERM;
780 }
781 #endif
782 if (!fp)
783 {
784 tty_printf (_("can't open `%s': %s\n"), fname, strerror (errno));
785 return -1;
786 }
787
788 data = xtrymalloc (maxlen? maxlen:1);
789 if (!data)
790 {
791 tty_printf (_("error allocating enough memory: %s\n"), strerror (errno));
792 fclose (fp);
793 return -1;
794 }
795
796 if (maxlen)
797 n = fread (data, 1, maxlen, fp);
798 else
799 n = 0;
800 fclose (fp);
801 if (n < 0)
802 {
803 tty_printf (_("error reading `%s': %s\n"), fname, strerror (errno));
804 xfree (data);
805 return -1;
806 }
807 *r_buffer = data;
808 return n;
809 }
810
811
812 /* Write LENGTH bytes from BUFFER to file FNAME. Return 0 on
813 success. */
814 static int
815 put_data_to_file (const char *fname, const void *buffer, size_t length)
816 {
817 FILE *fp;
818
819 fp = fopen (fname, "wb");
820 #if GNUPG_MAJOR_VERSION == 1
821 if (fp && is_secured_file (fileno (fp)))
822 {
823 fclose (fp);
824 fp = NULL;
825 errno = EPERM;
826 }
827 #endif
828 if (!fp)
829 {
830 tty_printf (_("can't create `%s': %s\n"), fname, strerror (errno));
831 return -1;
832 }
833
834 if (length && fwrite (buffer, length, 1, fp) != 1)
835 {
836 tty_printf (_("error writing `%s': %s\n"), fname, strerror (errno));
837 fclose (fp);
838 return -1;
839 }
840 fclose (fp);
841 return 0;
842 }
843
844
845 static int
846 change_login (const char *args)
847 {
848 char *data;
849 int n;
850 int rc;
851
852 if (args && *args == '<') /* Read it from a file */
853 {
854 for (args++; spacep (args); args++)
855 ;
856 n = get_data_from_file (args, 254, &data);
857 if (n < 0)
858 return -1;
859 }
860 else
861 {
862 data = cpr_get ("cardedit.change_login",
863 _("Login data (account name): "));
864 if (!data)
865 return -1;
866 trim_spaces (data);
867 cpr_kill_prompt ();
868 n = strlen (data);
869 }
870
871 if (n > 254 )
872 {
873 tty_printf (_("Error: Login data too long "
874 "(limit is %d characters).\n"), 254);
875 xfree (data);
876 return -1;
877 }
878
879 rc = agent_scd_setattr ("LOGIN-DATA", data, n, NULL );
880 if (rc)
881 log_error ("error setting login data: %s\n", gpg_strerror (rc));
882 xfree (data);
883 write_sc_op_status (rc);
884 return rc;
885 }
886
887 static int
888 change_private_do (const char *args, int nr)
889 {
890 char do_name[] = "PRIVATE-DO-X";
891 char *data;
892 int n;
893 int rc;
894
895 assert (nr >= 1 && nr <= 4);
896 do_name[11] = '0' + nr;
897
898 if (args && (args = strchr (args, '<'))) /* Read it from a file */
899 {
900 for (args++; spacep (args); args++)
901 ;
902 n = get_data_from_file (args, 254, &data);
903 if (n < 0)
904 return -1;
905 }
906 else
907 {
908 data = cpr_get ("cardedit.change_private_do",
909 _("Private DO data: "));
910 if (!data)
911 return -1;
912 trim_spaces (data);
913 cpr_kill_prompt ();
914 n = strlen (data);
915 }
916
917 if (n > 254 )
918 {
919 tty_printf (_("Error: Private DO too long "
920 "(limit is %d characters).\n"), 254);
921 xfree (data);
922 return -1;
923 }
924
925 rc = agent_scd_setattr (do_name, data, n, NULL );
926 if (rc)
927 log_error ("error setting private DO: %s\n", gpg_strerror (rc));
928 xfree (data);
929 write_sc_op_status (rc);
930 return rc;
931 }
932
933
934 static int
935 change_cert (const char *args)
936 {
937 char *data;
938 int n;
939 int rc;
940
941 if (args && *args == '<') /* Read it from a file */
942 {
943 for (args++; spacep (args); args++)
944 ;
945 n = get_data_from_file (args, 16384, &data);
946 if (n < 0)
947 return -1;
948 }
949 else
950 {
951 tty_printf ("usage error: redirectrion to file required\n");
952 return -1;
953 }
954
955 rc = agent_scd_writecert ("OPENPGP.3", data, n);
956 if (rc)
957 log_error ("error writing certificate to card: %s\n", gpg_strerror (rc));
958 xfree (data);
959 write_sc_op_status (rc);
960 return rc;
961 }
962
963
964 static int
965 read_cert (const char *args)
966 {
967 const char *fname;
968 void *buffer;
969 size_t length;
970 int rc;
971
972 if (args && *args == '>') /* Write it to a file */
973 {
974 for (args++; spacep (args); args++)
975 ;
976 fname = args;
977 }
978 else
979 {
980 tty_printf ("usage error: redirectrion to file required\n");
981 return -1;
982 }
983
984 rc = agent_scd_readcert ("OPENPGP.3", &buffer, &length);
985 if (rc)
986 log_error ("error reading certificate from card: %s\n", gpg_strerror (rc));
987 else
988 rc = put_data_to_file (fname, buffer, length);
989 xfree (buffer);
990 write_sc_op_status (rc);
991 return rc;
992 }
993
994
995 static int
996 change_lang (void)
997 {
998 char *data, *p;
999 int rc;
1000
1001 data = cpr_get ("cardedit.change_lang",
1002 _("Language preferences: "));
1003 if (!data)
1004 return -1;
1005 trim_spaces (data);
1006 cpr_kill_prompt ();
1007
1008 if (strlen (data) > 8 || (strlen (data) & 1))
1009 {
1010 tty_printf (_("Error: invalid length of preference string.\n"));
1011 xfree (data);
1012 return -1;
1013 }
1014
1015 for (p=data; *p && *p >= 'a' && *p <= 'z'; p++)
1016 ;
1017 if (*p)
1018 {
1019 tty_printf (_("Error: invalid characters in preference string.\n"));
1020 xfree (data);
1021 return -1;
1022 }
1023
1024 rc = agent_scd_setattr ("DISP-LANG", data, strlen (data), NULL );
1025 if (rc)
1026 log_error ("error setting lang: %s\n", gpg_strerror (rc));
1027 xfree (data);
1028 write_sc_op_status (rc);
1029 return rc;
1030 }
1031
1032
1033 static int
1034 change_sex (void)
1035 {
1036 char *data;
1037 const char *str;
1038 int rc;
1039
1040 data = cpr_get ("cardedit.change_sex",
1041 _("Sex ((M)ale, (F)emale or space): "));
1042 if (!data)
1043 return -1;
1044 trim_spaces (data);
1045 cpr_kill_prompt ();
1046
1047 if (!*data)
1048 str = "9";
1049 else if ((*data == 'M' || *data == 'm') && !data[1])
1050 str = "1";
1051 else if ((*data == 'F' || *data == 'f') && !data[1])
1052 str = "2";
1053 else
1054 {
1055 tty_printf (_("Error: invalid response.\n"));
1056 xfree (data);
1057 return -1;
1058 }
1059
1060 rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL );
1061 if (rc)
1062 log_error ("error setting sex: %s\n", gpg_strerror (rc));
1063 xfree (data);
1064 write_sc_op_status (rc);
1065 return rc;
1066 }
1067
1068
1069 static int
1070 change_cafpr (int fprno)
1071 {
1072 char *data;
1073 const char *s;
1074 int i, c, rc;
1075 unsigned char fpr[20];
1076
1077 data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: "));
1078 if (!data)
1079 return -1;
1080 trim_spaces (data);
1081 cpr_kill_prompt ();
1082
1083 for (i=0, s=data; i < 20 && *s; )
1084 {
1085 while (spacep(s))
1086 s++;
1087 if (*s == ':')
1088 s++;
1089 while (spacep(s))
1090 s++;
1091 c = hextobyte (s);
1092 if (c == -1)
1093 break;
1094 fpr[i++] = c;
1095 s += 2;
1096 }
1097 xfree (data);
1098 if (i != 20 || *s)
1099 {
1100 tty_printf (_("Error: invalid formatted fingerprint.\n"));
1101 return -1;
1102 }
1103
1104 rc = agent_scd_setattr (fprno==1?"CA-FPR-1":
1105 fprno==2?"CA-FPR-2":
1106 fprno==3?"CA-FPR-3":"x", fpr, 20, NULL );
1107 if (rc)
1108 log_error ("error setting cafpr: %s\n", gpg_strerror (rc));
1109 write_sc_op_status (rc);
1110 return rc;
1111 }
1112
1113
1114
1115 static void
1116 toggle_forcesig (void)
1117 {
1118 struct agent_card_info_s info;
1119 int rc;
1120 int newstate;
1121
1122 memset (&info, 0, sizeof info);
1123 rc = agent_scd_getattr ("CHV-STATUS", &info);
1124 if (rc)
1125 {
1126 log_error ("error getting current status: %s\n", gpg_strerror (rc));
1127 return;
1128 }
1129 newstate = !info.chv1_cached;
1130 agent_release_card_info (&info);
1131
1132 rc = agent_scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1, NULL);
1133 if (rc)
1134 log_error ("error toggling signature PIN flag: %s\n", gpg_strerror (rc));
1135 write_sc_op_status (rc);
1136 }
1137
1138
1139 /* Helper for the key generation/edit functions. */
1140 static int
1141 get_info_for_key_operation (struct agent_card_info_s *info)
1142 {
1143 int rc;
1144
1145 memset (info, 0, sizeof *info);
1146 rc = agent_scd_getattr ("SERIALNO", info);
1147 if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
1148 || strlen (info->serialno) != 32 )
1149 {
1150 log_error (_("key operation not possible: %s\n"),
1151 rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
1152 return rc? rc: -1;
1153 }
1154 rc = agent_scd_getattr ("KEY-FPR", info);
1155 if (!rc)
1156 rc = agent_scd_getattr ("CHV-STATUS", info);
1157 if (!rc)
1158 rc = agent_scd_getattr ("DISP-NAME", info);
1159 if (rc)
1160 log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
1161 return rc;
1162 }
1163
1164
1165 /* Helper for the key generation/edit functions. */
1166 static int
1167 check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
1168 {
1169 int rc = 0;
1170
1171 agent_clear_pin_cache (info->serialno);
1172
1173 *forced_chv1 = !info->chv1_cached;
1174 if (*forced_chv1)
1175 { /* Switch off the forced mode so that during key generation we
1176 don't get bothered with PIN queries for each
1177 self-signature. */
1178 rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1, info->serialno);
1179 if (rc)
1180 {
1181 log_error ("error clearing forced signature PIN flag: %s\n",
1182 gpg_strerror (rc));
1183 *forced_chv1 = 0;
1184 }
1185 }
1186
1187 if (!rc)
1188 {
1189 /* Check the PIN now, so that we won't get asked later for each
1190 binding signature. */
1191 rc = agent_scd_checkpin (info->serialno);
1192 if (rc)
1193 {
1194 log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
1195 write_sc_op_status (rc);
1196 }
1197 }
1198 return rc;
1199 }
1200
1201 /* Helper for the key generation/edit functions. */
1202 static void
1203 restore_forced_chv1 (int *forced_chv1)
1204 {
1205 int rc;
1206
1207 if (*forced_chv1)
1208 { /* Switch back to forced state. */
1209 rc = agent_scd_setattr ("CHV-STATUS-1", "", 1, NULL);
1210 if (rc)
1211 {
1212 log_error ("error setting forced signature PIN flag: %s\n",
1213 gpg_strerror (rc));
1214 }
1215 }
1216 }
1217
1218
1219 /* Helper for the key generation/edit functions. */
1220 static void
1221 show_card_key_info (struct agent_card_info_s *info)
1222 {
1223 tty_fprintf (NULL, "Signature key ....:");
1224 print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL);
1225 tty_fprintf (NULL, "Encryption key....:");
1226 print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL);
1227 tty_fprintf (NULL, "Authentication key:");
1228 print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL);
1229 tty_printf ("\n");
1230 }
1231
1232
1233 /* Helper for the key generation/edit functions. */
1234 static int
1235 replace_existing_key_p (struct agent_card_info_s *info, int keyno)
1236 {
1237 assert (keyno >= 0 && keyno <= 3);
1238
1239 if ((keyno == 1 && info->fpr1valid)
1240 || (keyno == 2 && info->fpr2valid)
1241 || (keyno == 3 && info->fpr3valid))
1242 {
1243 tty_printf ("\n");
1244 log_info ("WARNING: such a key has already been stored on the card!\n");
1245 tty_printf ("\n");
1246 if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key",
1247 _("Replace existing key? (y/N) ")))
1248 return -1;
1249 }
1250 return 0;
1251 }
1252
1253
1254 static void
1255 generate_card_keys (void)
1256 {
1257 struct agent_card_info_s info;
1258 int forced_chv1;
1259 int want_backup;
1260
1261 if (get_info_for_key_operation (&info))
1262 return;
1263
1264 #if GNUPG_MAJOR_VERSION == 1
1265 {
1266 char *answer=cpr_get("cardedit.genkeys.backup_enc",
1267 _("Make off-card backup of encryption key? (Y/n) "));
1268
1269 want_backup=answer_is_yes_no_default(answer,1);
1270 cpr_kill_prompt();
1271 xfree(answer);
1272 }
1273 #else
1274 want_backup = cpr_get_answer_is_yes
1275 ( "cardedit.genkeys.backup_enc",
1276 _("Make off-card backup of encryption key? (Y/n) "));
1277 /*FIXME: we need answer_is_yes_no_default()*/
1278 #endif
1279
1280 if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
1281 || (info.fpr2valid && !fpr_is_zero (info.fpr2))
1282 || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
1283 {
1284 tty_printf ("\n");
1285 log_info ("NOTE: keys are already stored on the card!\n");
1286 tty_printf ("\n");
1287 if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys",
1288 _("Replace existing keys? (y/N) ")))
1289 {
1290 agent_release_card_info (&info);
1291 return;
1292 }
1293 }
1294 else if (!info.disp_name || !*info.disp_name)
1295 {
1296 tty_printf ("\n");
1297 tty_printf (_("Please note that the factory settings of the PINs are\n"
1298 " PIN = `%s' Admin PIN = `%s'\n"
1299 "You should change them using the command --change-pin\n"),
1300 "123456", "12345678");
1301 tty_printf ("\n");
1302 }
1303
1304 if (check_pin_for_key_operation (&info, &forced_chv1))
1305 goto leave;
1306
1307 generate_keypair (NULL, info.serialno,
1308 want_backup? opt.homedir:NULL);
1309
1310 leave:
1311 agent_release_card_info (&info);
1312 restore_forced_chv1 (&forced_chv1);
1313 }
1314
1315
1316 /* This function is used by the key edit menu to generate an arbitrary
1317 subkey. */
1318 int
1319 card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
1320 {
1321 struct agent_card_info_s info;
1322 int okay = 0;
1323 int forced_chv1 = 0;
1324 int keyno;
1325
1326 if (get_info_for_key_operation (&info))
1327 return 0;
1328
1329 show_card_key_info (&info);
1330
1331 tty_printf (_("Please select the type of key to generate:\n"));
1332
1333 tty_printf (_(" (1) Signature key\n"));
1334 tty_printf (_(" (2) Encryption key\n"));
1335 tty_printf (_(" (3) Authentication key\n"));
1336
1337 for (;;)
1338 {
1339 char *answer = cpr_get ("cardedit.genkeys.subkeytype",
1340 _("Your selection? "));
1341 cpr_kill_prompt();
1342 if (*answer == CONTROL_D)
1343 {
1344 xfree (answer);
1345 goto leave;
1346 }
1347 keyno = *answer? atoi(answer): 0;
1348 xfree(answer);
1349 if (keyno >= 1 && keyno <= 3)
1350 break; /* Okay. */
1351 tty_printf(_("Invalid selection.\n"));
1352 }
1353
1354 if (replace_existing_key_p (&info, keyno))
1355 goto leave;
1356
1357 if (check_pin_for_key_operation (&info, &forced_chv1))
1358 goto leave;
1359
1360 okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
1361 keyno, info.serialno);
1362
1363 leave:
1364 agent_release_card_info (&info);
1365 restore_forced_chv1 (&forced_chv1);
1366 return okay;
1367 }
1368
1369
1370 /* Store the key at NODE into the smartcard and modify NODE to
1371 carry the serialno stuff instead of the actual secret key
1372 parameters. USE is the usage for that key; 0 means any
1373 usage. */
1374 int
1375 card_store_subkey (KBNODE node, int use)
1376 {
1377 struct agent_card_info_s info;
1378 int okay = 0;
1379 int rc;
1380 int keyno, i;
1381 PKT_secret_key *copied_sk = NULL;
1382 PKT_secret_key *sk;
1383 size_t n;
1384 const char *s;
1385 int allow_keyno[3];
1386
1387 assert (node->pkt->pkttype == PKT_SECRET_KEY
1388 || node->pkt->pkttype == PKT_SECRET_SUBKEY);
1389 sk = node->pkt->pkt.secret_key;
1390
1391 if (get_info_for_key_operation (&info))
1392 return 0;
1393
1394 show_card_key_info (&info);
1395
1396 if (!is_RSA (sk->pubkey_algo)
1397 || (!info.is_v2 && nbits_from_sk (sk) != 1024) )
1398 {
1399 tty_printf ("You may only store a 1024 bit RSA key on the card\n");
1400 tty_printf ("\n");
1401 goto leave;
1402 }
1403
1404 allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
1405 allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
1406 allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
1407
1408 tty_printf (_("Please select where to store the key:\n"));
1409
1410 if (allow_keyno[0])
1411 tty_printf (_(" (1) Signature key\n"));
1412 if (allow_keyno[1])
1413 tty_printf (_(" (2) Encryption key\n"));
1414 if (allow_keyno[2])
1415 tty_printf (_(" (3) Authentication key\n"));
1416
1417 for (;;)
1418 {
1419 char *answer = cpr_get ("cardedit.genkeys.storekeytype",
1420 _("Your selection? "));
1421 cpr_kill_prompt();
1422 if (*answer == CONTROL_D || !*answer)
1423 {
1424 xfree (answer);
1425 goto leave;
1426 }
1427 keyno = *answer? atoi(answer): 0;
1428 xfree(answer);
1429 if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
1430 break; /* Okay. */
1431 tty_printf(_("Invalid selection.\n"));
1432 }
1433
1434 if (replace_existing_key_p (&info, keyno))
1435 goto leave;
1436
1437 /* Unprotect key. */
1438 switch (is_secret_key_protected (sk) )
1439 {
1440 case 0: /* Not protected. */
1441 break;
1442 case -1:
1443 log_error (_("unknown key protection algorithm\n"));
1444 goto leave;
1445 default:
1446 if (sk->protect.s2k.mode == 1001)
1447 {
1448 log_error (_("secret parts of key are not available\n"));
1449 goto leave;
1450 }
1451 if (sk->protect.s2k.mode == 1002)
1452 {
1453 log_error (_("secret key already stored on a card\n"));
1454 goto leave;
1455 }
1456 /* We better copy the key before we unprotect it. */
1457 copied_sk = sk = copy_secret_key (NULL, sk);
1458 rc = check_secret_key (sk, 0);
1459 if (rc)
1460 goto leave;
1461 }
1462
1463 rc = save_unprotected_key_to_card (sk, keyno);
1464 if (rc)
1465 {
1466 log_error (_("error writing key to card: %s\n"), gpg_strerror (rc));
1467 goto leave;
1468 }
1469
1470 /* Get back to the maybe protected original secret key. */
1471 if (copied_sk)
1472 {
1473 free_secret_key (copied_sk);
1474 copied_sk = NULL;
1475 }
1476 sk = node->pkt->pkt.secret_key;
1477
1478 /* Get rid of the secret key parameters and store the serial numer. */
1479 n = pubkey_get_nskey (sk->pubkey_algo);
1480 for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
1481 {
1482 gcry_mpi_release (sk->skey[i]);
1483 sk->skey[i] = NULL;
1484 }
1485 i = pubkey_get_npkey (sk->pubkey_algo);
1486 sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
1487 sk->is_protected = 1;
1488 sk->protect.s2k.mode = 1002;
1489 s = info.serialno;
1490 for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
1491 sk->protect.ivlen++, s += 2)
1492 sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
1493
1494 okay = 1;
1495
1496 leave:
1497 if (copied_sk)
1498 free_secret_key (copied_sk);
1499 agent_release_card_info (&info);
1500 return okay;
1501 }
1502
1503
1504 \f
1505 /* Data used by the command parser. This needs to be outside of the
1506 function scope to allow readline based command completion. */
1507 enum cmdids
1508 {
1509 cmdNOP = 0,
1510 cmdQUIT, cmdADMIN, cmdHELP, cmdLIST, cmdDEBUG, cmdVERIFY,
1511 cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR,
1512 cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT,
1513 cmdREADCERT, cmdUNBLOCK,
1514 cmdINVCMD
1515 };
1516
1517 static struct
1518 {
1519 const char *name;
1520 enum cmdids id;
1521 int admin_only;
1522 const char *desc;
1523 } cmds[] =
1524 {
1525 { "quit" , cmdQUIT , 0, N_("quit this menu")},
1526 { "q" , cmdQUIT , 0, NULL },
1527 { "admin" , cmdADMIN , 0, N_("show admin commands")},
1528 { "help" , cmdHELP , 0, N_("show this help")},
1529 { "?" , cmdHELP , 0, NULL },
1530 { "list" , cmdLIST , 0, N_("list all available data")},
1531 { "l" , cmdLIST , 0, NULL },
1532 { "debug" , cmdDEBUG , 0, NULL },
1533 { "name" , cmdNAME , 1, N_("change card holder's name")},
1534 { "url" , cmdURL , 1, N_("change URL to retrieve key")},
1535 { "fetch" , cmdFETCH , 0, N_("fetch the key specified in the card URL")},
1536 { "login" , cmdLOGIN , 1, N_("change the login name")},
1537 { "lang" , cmdLANG , 1, N_("change the language preferences")},
1538 { "sex" , cmdSEX , 1, N_("change card holder's sex")},
1539 { "cafpr" , cmdCAFPR , 1, N_("change a CA fingerprint")},
1540 { "forcesig", cmdFORCESIG, 1, N_("toggle the signature force PIN flag")},
1541 { "generate", cmdGENERATE, 1, N_("generate new keys")},
1542 { "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")},
1543 { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")},
1544 { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code") },
1545 /* Note, that we do not announce these command yet. */
1546 { "privatedo", cmdPRIVATEDO, 0, NULL },
1547 { "readcert", cmdREADCERT, 0, NULL },
1548 { "writecert", cmdWRITECERT, 1, NULL },
1549 { NULL, cmdINVCMD, 0, NULL }
1550 };
1551
1552
1553 #if GNUPG_MAJOR_VERSION == 1 && defined (HAVE_LIBREADLINE)
1554
1555 /* These two functions are used by readline for command completion. */
1556
1557 static char *
1558 command_generator(const char *text,int state)
1559 {
1560 static int list_index,len;
1561 const char *name;
1562
1563 /* If this is a new word to complete, initialize now. This includes
1564 saving the length of TEXT for efficiency, and initializing the
1565 index variable to 0. */
1566 if(!state)
1567 {
1568 list_index=0;
1569 len=strlen(text);
1570 }
1571
1572 /* Return the next partial match */
1573 while((name=cmds[list_index].name))
1574 {
1575 /* Only complete commands that have help text */
1576 if(cmds[list_index++].desc && strncmp(name,text,len)==0)
1577 return strdup(name);
1578 }
1579
1580 return NULL;
1581 }
1582
1583 static char **
1584 card_edit_completion(const char *text, int start, int end)
1585 {
1586 /* If we are at the start of a line, we try and command-complete.
1587 If not, just do nothing for now. */
1588
1589 if(start==0)
1590 return rl_completion_matches(text,command_generator);
1591
1592 rl_attempted_completion_over=1;
1593
1594 return NULL;
1595 }
1596 #endif /* GNUPG_MAJOR_VERSION == 1 && HAVE_LIBREADLINE */
1597
1598 /* Menu to edit all user changeable values on an OpenPGP card. Only
1599 Key creation is not handled here. */
1600 void
1601 card_edit (strlist_t commands)
1602 {
1603 enum cmdids cmd = cmdNOP;
1604 int have_commands = !!commands;
1605 int redisplay = 1;
1606 char *answer = NULL;
1607 int allow_admin=0;
1608 char serialnobuf[50];
1609
1610
1611 if (opt.command_fd != -1)
1612 ;
1613 else if (opt.batch && !have_commands)
1614 {
1615 log_error(_("can't do this in batch mode\n"));
1616 goto leave;
1617 }
1618
1619 for (;;)
1620 {
1621 int arg_number;
1622 const char *arg_string = "";
1623 const char *arg_rest = "";
1624 char *p;
1625 int i;
1626 int cmd_admin_only;
1627
1628 tty_printf("\n");
1629 if (redisplay )
1630 {
1631 if (opt.with_colons)
1632 {
1633 card_status (stdout, serialnobuf, DIM (serialnobuf));
1634 fflush (stdout);
1635 }
1636 else
1637 {
1638 card_status (NULL, serialnobuf, DIM (serialnobuf));
1639 tty_printf("\n");
1640 }
1641 redisplay = 0;
1642 }
1643
1644 do
1645 {
1646 xfree (answer);
1647 if (have_commands)
1648 {
1649 if (commands)
1650 {
1651 answer = xstrdup (commands->d);
1652 commands = commands->next;
1653 }
1654 else if (opt.batch)
1655 {
1656 answer = xstrdup ("quit");
1657 }
1658 else
1659 have_commands = 0;
1660 }
1661
1662 if (!have_commands)
1663 {
1664 #if GNUPG_MAJOR_VERSION == 1
1665 tty_enable_completion (card_edit_completion);
1666 #endif
1667 answer = cpr_get_no_help("cardedit.prompt", _("Command> "));
1668 cpr_kill_prompt();
1669 #if GNUPG_MAJOR_VERSION == 1
1670 tty_disable_completion ();
1671 #endif
1672 }
1673 trim_spaces(answer);
1674 }
1675 while ( *answer == '#' );
1676
1677 arg_number = 0; /* Yes, here is the init which egcc complains about */
1678 cmd_admin_only = 0;
1679 if (!*answer)
1680 cmd = cmdLIST; /* Default to the list command */
1681 else if (*answer == CONTROL_D)
1682 cmd = cmdQUIT;
1683 else
1684 {
1685 if ((p=strchr (answer,' ')))
1686 {
1687 *p++ = 0;
1688 trim_spaces (answer);
1689 trim_spaces (p);
1690 arg_number = atoi(p);
1691 arg_string = p;
1692 arg_rest = p;
1693 while (digitp (arg_rest))
1694 arg_rest++;
1695 while (spacep (arg_rest))
1696 arg_rest++;
1697 }
1698
1699 for (i=0; cmds[i].name; i++ )
1700 if (!ascii_strcasecmp (answer, cmds[i].name ))
1701 break;
1702
1703 cmd = cmds[i].id;
1704 cmd_admin_only = cmds[i].admin_only;
1705 }
1706
1707 if (!allow_admin && cmd_admin_only)
1708 {
1709 tty_printf ("\n");
1710 tty_printf (_("Admin-only command\n"));
1711 continue;
1712 }
1713
1714 switch (cmd)
1715 {
1716 case cmdHELP:
1717 for (i=0; cmds[i].name; i++ )
1718 if(cmds[i].desc
1719 && (!cmds[i].admin_only || (cmds[i].admin_only && allow_admin)))
1720 tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
1721 break;
1722
1723 case cmdADMIN:
1724 if ( !strcmp (arg_string, "on") )
1725 allow_admin = 1;
1726 else if ( !strcmp (arg_string, "off") )
1727 allow_admin = 0;
1728 else if ( !strcmp (arg_string, "verify") )
1729 {
1730 /* Force verification of the Admin Command. However,
1731 this is only done if the retry counter is at initial
1732 state. */
1733 char *tmp = xmalloc (strlen (serialnobuf) + 6 + 1);
1734 strcpy (stpcpy (tmp, serialnobuf), "[CHV3]");
1735 allow_admin = !agent_scd_checkpin (tmp);
1736 xfree (tmp);
1737 }
1738 else /* Toggle. */
1739 allow_admin=!allow_admin;
1740 if(allow_admin)
1741 tty_printf(_("Admin commands are allowed\n"));
1742 else
1743 tty_printf(_("Admin commands are not allowed\n"));
1744 break;
1745
1746 case cmdVERIFY:
1747 agent_scd_checkpin (serialnobuf);
1748 redisplay = 1;
1749 break;
1750
1751 case cmdLIST:
1752 redisplay = 1;
1753 break;
1754
1755 case cmdNAME:
1756 change_name ();
1757 break;
1758
1759 case cmdURL:
1760 change_url ();
1761 break;
1762
1763 case cmdFETCH:
1764 fetch_url();
1765 break;
1766
1767 case cmdLOGIN:
1768 change_login (arg_string);
1769 break;
1770
1771 case cmdLANG:
1772 change_lang ();
1773 break;
1774
1775 case cmdSEX:
1776 change_sex ();
1777 break;
1778
1779 case cmdCAFPR:
1780 if ( arg_number < 1 || arg_number > 3 )
1781 tty_printf ("usage: cafpr N\n"
1782 " 1 <= N <= 3\n");
1783 else
1784 change_cafpr (arg_number);
1785 break;
1786
1787 case cmdPRIVATEDO:
1788 if ( arg_number < 1 || arg_number > 4 )
1789 tty_printf ("usage: privatedo N\n"
1790 " 1 <= N <= 4\n");
1791 else
1792 change_private_do (arg_string, arg_number);
1793 break;
1794
1795 case cmdWRITECERT:
1796 if ( arg_number != 3 )
1797 tty_printf ("usage: writecert 3 < FILE\n");
1798 else
1799 change_cert (arg_rest);
1800 break;
1801
1802 case cmdREADCERT:
1803 if ( arg_number != 3 )
1804 tty_printf ("usage: readcert 3 > FILE\n");
1805 else
1806 read_cert (arg_rest);
1807 break;
1808
1809 case cmdFORCESIG:
1810 toggle_forcesig ();
1811 break;
1812
1813 case cmdGENERATE:
1814 generate_card_keys ();
1815 break;
1816
1817 case cmdPASSWD:
1818 change_pin (0, allow_admin);
1819 break;
1820
1821 case cmdUNBLOCK:
1822 change_pin (1, allow_admin);
1823 break;
1824
1825 case cmdQUIT:
1826 goto leave;
1827
1828 case cmdNOP:
1829 break;
1830
1831 case cmdINVCMD:
1832 default:
1833 tty_printf ("\n");
1834 tty_printf (_("Invalid command (try \"help\")\n"));
1835 break;
1836 } /* End command switch. */
1837 } /* End of main menu loop. */
1838
1839 leave:
1840 xfree (answer);
1841 }
1842
gnupg svn clone