search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* keyserver.c (path_makes_direct): New. (keyserver_spawn): Used here
[gnupg.git] / g10 / card-util.c
blob0c8365405b253637cea4ceba4c98ce43844f33e8
1 /* card-util.c - Utility functions for the OpenPGP card.
2 * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
19 * USA.
20 */
21
22 #include <config.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <errno.h>
27 #include <assert.h>
28
29 #if GNUPG_MAJOR_VERSION != 1
30 #include "gpg.h"
31 #endif /*GNUPG_MAJOR_VERSION != 1*/
32 #include "util.h"
33 #include "i18n.h"
34 #include "ttyio.h"
35 #include "status.h"
36 #include "options.h"
37 #include "main.h"
38 #include "keyserver-internal.h"
39 #if GNUPG_MAJOR_VERSION == 1
40 #ifdef HAVE_LIBREADLINE
41 #include <stdio.h>
42 #include <readline/readline.h>
43 #endif /*HAVE_LIBREADLINE*/
44 #include "cardglue.h"
45 #else /*GNUPG_MAJOR_VERSION!=1*/
46 #include "call-agent.h"
47 #endif /*GNUPG_MAJOR_VERSION!=1*/
48
49 #define CONTROL_D ('D' - 'A' + 1)
50
51
52 /* Change the PIN of a an OpenPGP card. This is an interactive
53 function. */
54 void
55 change_pin (int chvno, int allow_admin)
56 {
57 struct agent_card_info_s info;
58 int rc;
59
60 rc = agent_learn (&info);
61 if (rc)
62 {
63 log_error (_("OpenPGP card not available: %s\n"),
64 gpg_strerror (rc));
65 return;
66 }
67
68 log_info (_("OpenPGP card no. %s detected\n"),
69 info.serialno? info.serialno : "[none]");
70
71 agent_clear_pin_cache (info.serialno);
72
73 if (opt.batch)
74 {
75 agent_release_card_info (&info);
76 log_error (_("can't do this in batch mode\n"));
77 return;
78 }
79
80 if(!allow_admin)
81 {
82 rc = agent_scd_change_pin (1, info.serialno);
83 if (rc)
84 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
85 else
86 {
87 write_status (STATUS_SC_OP_SUCCESS);
88 tty_printf ("PIN changed.\n");
89 }
90 }
91 else
92 for (;;)
93 {
94 char *answer;
95
96 tty_printf ("\n");
97 tty_printf ("1 - change PIN\n"
98 "2 - unblock PIN\n"
99 "3 - change Admin PIN\n"
100 "Q - quit\n");
101 tty_printf ("\n");
102
103 answer = cpr_get("cardutil.change_pin.menu",_("Your selection? "));
104 cpr_kill_prompt();
105 if (strlen (answer) != 1)
106 continue;
107
108 rc = 0;
109 if (*answer == '1')
110 {
111 rc = agent_scd_change_pin (1, info.serialno);
112 if (rc)
113 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
114 else
115 {
116 write_status (STATUS_SC_OP_SUCCESS);
117 tty_printf ("PIN changed.\n");
118 }
119 }
120 else if (*answer == '2')
121 {
122 rc = agent_scd_change_pin (101, info.serialno);
123 if (rc)
124 tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc));
125 else
126 {
127 write_status (STATUS_SC_OP_SUCCESS);
128 tty_printf ("PIN unblocked and new PIN set.\n");
129 }
130 }
131 else if (*answer == '3')
132 {
133 rc = agent_scd_change_pin (3, info.serialno);
134 if (rc)
135 tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
136 else
137 {
138 write_status (STATUS_SC_OP_SUCCESS);
139 tty_printf ("PIN changed.\n");
140 }
141 }
142 else if (*answer == 'q' || *answer == 'Q')
143 {
144 break;
145 }
146 }
147
148 agent_release_card_info (&info);
149 }
150
151 static const char *
152 get_manufacturer (unsigned int no)
153 {
154 /* Note: Make sure that there is no colon or linefeed in the string. */
155 switch (no)
156 {
157 case 0:
158 case 0xffff: return "test card";
159 case 0x0001: return "PPC Card Systems";
160 case 0x0002: return "Prism";
161 case 0x0003: return "OpenFortress";
162 default: return "unknown";
163 }
164 }
165
166
167 static void
168 print_sha1_fpr (FILE *fp, const unsigned char *fpr)
169 {
170 int i;
171
172 if (fpr)
173 {
174 for (i=0; i < 20 ; i+=2, fpr += 2 )
175 {
176 if (i == 10 )
177 tty_fprintf (fp, " ");
178 tty_fprintf (fp, " %02X%02X", *fpr, fpr[1]);
179 }
180 }
181 else
182 tty_fprintf (fp, " [none]");
183 tty_fprintf (fp, "\n");
184 }
185
186
187 static void
188 print_sha1_fpr_colon (FILE *fp, const unsigned char *fpr)
189 {
190 int i;
191
192 if (fpr)
193 {
194 for (i=0; i < 20 ; i++, fpr++)
195 fprintf (fp, "%02X", *fpr);
196 }
197 putc (':', fp);
198 }
199
200
201 static void
202 print_name (FILE *fp, const char *text, const char *name)
203 {
204 tty_fprintf (fp, "%s", text);
205
206 /* FIXME: tty_printf_utf8_string2 eats everything after and
207 including an @ - e.g. when printing an url. */
208 if (name && *name)
209 {
210 if (fp)
211 print_utf8_string2 (fp, name, strlen (name), '\n');
212 else
213 tty_print_utf8_string2 (name, strlen (name), 0);
214 }
215 else
216 tty_fprintf (fp, _("[not set]"));
217 tty_fprintf (fp, "\n");
218 }
219
220 static void
221 print_isoname (FILE *fp, const char *text, const char *tag, const char *name)
222 {
223 if (opt.with_colons)
224 fprintf (fp, "%s:", tag);
225 else
226 tty_fprintf (fp, "%s", text);
227
228 if (name && *name)
229 {
230 char *p, *given, *buf = xstrdup (name);
231
232 given = strstr (buf, "<<");
233 for (p=buf; *p; p++)
234 if (*p == '<')
235 *p = ' ';
236 if (given && given[2])
237 {
238 *given = 0;
239 given += 2;
240 if (opt.with_colons)
241 print_string (fp, given, strlen (given), ':');
242 else if (fp)
243 print_utf8_string2 (fp, given, strlen (given), '\n');
244 else
245 tty_print_utf8_string2 (given, strlen (given), 0);
246
247 if (opt.with_colons)
248 putc (':', fp);
249 else if (*buf)
250 tty_fprintf (fp, " ");
251 }
252
253 if (opt.with_colons)
254 print_string (fp, buf, strlen (buf), ':');
255 else if (fp)
256 print_utf8_string2 (fp, buf, strlen (buf), '\n');
257 else
258 tty_print_utf8_string2 (buf, strlen (buf), 0);
259 xfree (buf);
260 }
261 else
262 {
263 if (opt.with_colons)
264 putc (':', fp);
265 else
266 tty_fprintf (fp, _("[not set]"));
267 }
268
269 if (opt.with_colons)
270 fputs (":\n", fp);
271 else
272 tty_fprintf (fp, "\n");
273 }
274
275 /* Return true if the SHA1 fingerprint FPR consists only of zeroes. */
276 static int
277 fpr_is_zero (const char *fpr)
278 {
279 int i;
280
281 for (i=0; i < 20 && !fpr[i]; i++)
282 ;
283 return (i == 20);
284 }
285
286
287 /* Print all available information about the current card. */
288 void
289 card_status (FILE *fp, char *serialno, size_t serialnobuflen)
290 {
291 struct agent_card_info_s info;
292 PKT_public_key *pk = xcalloc (1, sizeof *pk);
293 int rc;
294 unsigned int uval;
295 const unsigned char *thefpr;
296 int i;
297
298 if (serialno && serialnobuflen)
299 *serialno = 0;
300
301 rc = agent_learn (&info);
302 if (rc)
303 {
304 if (opt.with_colons)
305 fputs ("AID:::\n", fp);
306 log_error (_("OpenPGP card not available: %s\n"),
307 gpg_strerror (rc));
308 xfree (pk);
309 return;
310 }
311
312 if (opt.with_colons)
313 fprintf (fp, "AID:%s:", info.serialno? info.serialno : "");
314 else
315 tty_fprintf (fp, "Application ID ...: %s\n",
316 info.serialno? info.serialno : "[none]");
317 if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
318 || strlen (info.serialno) != 32 )
319 {
320 if (opt.with_colons)
321 fputs ("unknown:\n", fp);
322 log_info ("not an OpenPGP card\n");
323 agent_release_card_info (&info);
324 xfree (pk);
325 return;
326 }
327
328 if (!serialno)
329 ;
330 else if (strlen (serialno)+1 > serialnobuflen)
331 log_error ("serial number longer than expected\n");
332 else
333 strcpy (serialno, info.serialno);
334
335 if (opt.with_colons)
336 fputs ("openpgp-card:\n", fp);
337
338
339 if (opt.with_colons)
340 {
341 fprintf (fp, "version:%.4s:\n", info.serialno+12);
342 uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
343 fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval));
344 fprintf (fp, "serial:%.8s:\n", info.serialno+20);
345
346 print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
347
348 fputs ("lang:", fp);
349 if (info.disp_lang)
350 print_string (fp, info.disp_lang, strlen (info.disp_lang), ':');
351 fputs (":\n", fp);
352
353 fprintf (fp, "sex:%c:\n", (info.disp_sex == 1? 'm':
354 info.disp_sex == 2? 'f' : 'u'));
355
356 fputs ("url:", fp);
357 if (info.pubkey_url)
358 print_string (fp, info.pubkey_url, strlen (info.pubkey_url), ':');
359 fputs (":\n", fp);
360
361 fputs ("login:", fp);
362 if (info.login_data)
363 print_string (fp, info.login_data, strlen (info.login_data), ':');
364 fputs (":\n", fp);
365
366 fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached);
367 fprintf (fp, "maxpinlen:%d:%d:%d:\n",
368 info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
369 fprintf (fp, "pinretry:%d:%d:%d:\n",
370 info.chvretry[0], info.chvretry[1], info.chvretry[2]);
371 fprintf (fp, "sigcount:%lu:::\n", info.sig_counter);
372
373 for (i=0; i < 4; i++)
374 {
375 if (info.private_do[i])
376 {
377 fprintf (fp, "private_do:%d:", i+1);
378 print_string (fp, info.private_do[i],
379 strlen (info.private_do[i]), ':');
380 fputs (":\n", fp);
381 }
382 }
383
384 fputs ("cafpr:", fp);
385 print_sha1_fpr_colon (fp, info.cafpr1valid? info.cafpr1:NULL);
386 print_sha1_fpr_colon (fp, info.cafpr2valid? info.cafpr2:NULL);
387 print_sha1_fpr_colon (fp, info.cafpr3valid? info.cafpr3:NULL);
388 putc ('\n', fp);
389 fputs ("fpr:", fp);
390 print_sha1_fpr_colon (fp, info.fpr1valid? info.fpr1:NULL);
391 print_sha1_fpr_colon (fp, info.fpr2valid? info.fpr2:NULL);
392 print_sha1_fpr_colon (fp, info.fpr3valid? info.fpr3:NULL);
393 putc ('\n', fp);
394 fprintf (fp, "fprtime:%lu:%lu:%lu:\n",
395 (unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
396 (unsigned long)info.fpr3time);
397 }
398 else
399 {
400 tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
401 info.serialno[12] == '0'?"":info.serialno+12,
402 info.serialno[13],
403 info.serialno[14] == '0'?"":info.serialno+14,
404 info.serialno[15]);
405 tty_fprintf (fp, "Manufacturer .....: %s\n",
406 get_manufacturer (xtoi_2(info.serialno+16)*256
407 + xtoi_2 (info.serialno+18)));
408 tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
409
410 print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
411 print_name (fp, "Language prefs ...: ", info.disp_lang);
412 tty_fprintf (fp, "Sex ..............: %s\n",
413 info.disp_sex == 1? _("male"):
414 info.disp_sex == 2? _("female") : _("unspecified"));
415 print_name (fp, "URL of public key : ", info.pubkey_url);
416 print_name (fp, "Login data .......: ", info.login_data);
417 if (info.private_do[0])
418 print_name (fp, "Private DO 1 .....: ", info.private_do[0]);
419 if (info.private_do[1])
420 print_name (fp, "Private DO 2 .....: ", info.private_do[1]);
421 if (info.private_do[2])
422 print_name (fp, "Private DO 3 .....: ", info.private_do[2]);
423 if (info.private_do[3])
424 print_name (fp, "Private DO 4 .....: ", info.private_do[3]);
425 if (info.cafpr1valid)
426 {
427 tty_fprintf (fp, "CA fingerprint %d .:", 1);
428 print_sha1_fpr (fp, info.cafpr1);
429 }
430 if (info.cafpr2valid)
431 {
432 tty_fprintf (fp, "CA fingerprint %d .:", 2);
433 print_sha1_fpr (fp, info.cafpr2);
434 }
435 if (info.cafpr3valid)
436 {
437 tty_fprintf (fp, "CA fingerprint %d .:", 3);
438 print_sha1_fpr (fp, info.cafpr3);
439 }
440 tty_fprintf (fp, "Signature PIN ....: %s\n",
441 info.chv1_cached? _("not forced"): _("forced"));
442 tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n",
443 info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]);
444 tty_fprintf (fp, "PIN retry counter : %d %d %d\n",
445 info.chvretry[0], info.chvretry[1], info.chvretry[2]);
446 tty_fprintf (fp, "Signature counter : %lu\n", info.sig_counter);
447 tty_fprintf (fp, "Signature key ....:");
448 print_sha1_fpr (fp, info.fpr1valid? info.fpr1:NULL);
449 if (info.fpr1valid && info.fpr1time)
450 tty_fprintf (fp, " created ....: %s\n",
451 isotimestamp (info.fpr1time));
452 tty_fprintf (fp, "Encryption key....:");
453 print_sha1_fpr (fp, info.fpr2valid? info.fpr2:NULL);
454 if (info.fpr2valid && info.fpr2time)
455 tty_fprintf (fp, " created ....: %s\n",
456 isotimestamp (info.fpr2time));
457 tty_fprintf (fp, "Authentication key:");
458 print_sha1_fpr (fp, info.fpr3valid? info.fpr3:NULL);
459 if (info.fpr3valid && info.fpr3time)
460 tty_fprintf (fp, " created ....: %s\n",
461 isotimestamp (info.fpr3time));
462 tty_fprintf (fp, "General key info..: ");
463
464 thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
465 info.fpr3valid? info.fpr3 : NULL);
466 if ( thefpr && !get_pubkey_byfprint (pk, thefpr, 20))
467 {
468 KBNODE keyblock = NULL;
469
470 print_pubkey_info (fp, pk);
471
472 if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
473 print_card_key_info (fp, keyblock);
474 else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) )
475 {
476 release_kbnode (keyblock);
477 keyblock = NULL;
478
479 if (!auto_create_card_key_stub (info.serialno,
480 info.fpr1valid? info.fpr1:NULL,
481 info.fpr2valid? info.fpr2:NULL,
482 info.fpr3valid? info.fpr3:NULL))
483 {
484 if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
485 print_card_key_info (fp, keyblock);
486 }
487 }
488
489 release_kbnode (keyblock);
490 }
491 else
492 tty_fprintf (fp, "[none]\n");
493 }
494
495 free_public_key (pk);
496 agent_release_card_info (&info);
497 }
498
499
500 static char *
501 get_one_name (const char *prompt1, const char *prompt2)
502 {
503 char *name;
504 int i;
505
506 for (;;)
507 {
508 name = cpr_get (prompt1, prompt2);
509 if (!name)
510 return NULL;
511 trim_spaces (name);
512 cpr_kill_prompt ();
513 for (i=0; name[i] && name[i] >= ' ' && name[i] <= 126; i++)
514 ;
515
516 /* The name must be in Latin-1 and not UTF-8 - lacking the code
517 to ensure this we restrict it to ASCII. */
518 if (name[i])
519 tty_printf (_("Error: Only plain ASCII is currently allowed.\n"));
520 else if (strchr (name, '<'))
521 tty_printf (_("Error: The \"<\" character may not be used.\n"));
522 else if (strstr (name, " "))
523 tty_printf (_("Error: Double spaces are not allowed.\n"));
524 else
525 return name;
526 xfree (name);
527 }
528 }
529
530
531
532 static int
533 change_name (void)
534 {
535 char *surname = NULL, *givenname = NULL;
536 char *isoname, *p;
537 int rc;
538
539 surname = get_one_name ("keygen.smartcard.surname",
540 _("Cardholder's surname: "));
541 givenname = get_one_name ("keygen.smartcard.givenname",
542 _("Cardholder's given name: "));
543 if (!surname || !givenname || (!*surname && !*givenname))
544 {
545 xfree (surname);
546 xfree (givenname);
547 return -1; /*canceled*/
548 }
549
550 isoname = xmalloc ( strlen (surname) + 2 + strlen (givenname) + 1);
551 strcpy (stpcpy (stpcpy (isoname, surname), "<<"), givenname);
552 xfree (surname);
553 xfree (givenname);
554 for (p=isoname; *p; p++)
555 if (*p == ' ')
556 *p = '<';
557
558 if (strlen (isoname) > 39 )
559 {
560 tty_printf (_("Error: Combined name too long "
561 "(limit is %d characters).\n"), 39);
562 xfree (isoname);
563 return -1;
564 }
565
566 rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname), NULL );
567 if (rc)
568 log_error ("error setting Name: %s\n", gpg_strerror (rc));
569
570 xfree (isoname);
571 return rc;
572 }
573
574
575 static int
576 change_url (void)
577 {
578 char *url;
579 int rc;
580
581 url = cpr_get ("cardedit.change_url", _("URL to retrieve public key: "));
582 if (!url)
583 return -1;
584 trim_spaces (url);
585 cpr_kill_prompt ();
586
587 if (strlen (url) > 254 )
588 {
589 tty_printf (_("Error: URL too long "
590 "(limit is %d characters).\n"), 254);
591 xfree (url);
592 return -1;
593 }
594
595 rc = agent_scd_setattr ("PUBKEY-URL", url, strlen (url), NULL );
596 if (rc)
597 log_error ("error setting URL: %s\n", gpg_strerror (rc));
598 xfree (url);
599 return rc;
600 }
601
602
603 /* Fetch the key from the URL given on the card or try to get it from
604 the default keyserver. */
605 static int
606 fetch_url(void)
607 {
608 #if GNUPG_MAJOR_VERSION == 1
609 int rc;
610 struct agent_card_info_s info;
611
612 memset(&info,0,sizeof(info));
613
614 rc=agent_scd_getattr("PUBKEY-URL",&info);
615 if(rc)
616 log_error("error retrieving URL from card: %s\n",gpg_strerror(rc));
617 else
618 {
619 struct keyserver_spec *spec=NULL;
620
621 rc=agent_scd_getattr("KEY-FPR",&info);
622 if(rc)
623 log_error("error retrieving key fingerprint from card: %s\n",
624 gpg_strerror(rc));
625 else if (info.pubkey_url && *info.pubkey_url)
626 {
627 spec=parse_keyserver_uri(info.pubkey_url,1,NULL,0);
628 if(spec && info.fpr1valid)
629 {
630 /* This is not perfectly right. Currently, all card
631 fingerprints are 20 digits, but what about
632 fingerprints for a future v5 key? We should get the
633 length from somewhere lower in the code. In any
634 event, the fpr/keyid is not meaningful for straight
635 HTTP fetches, but using it allows the card to point
636 to HKP and LDAP servers as well. */
637 rc=keyserver_import_fprint(info.fpr1,20,spec);
638 free_keyserver_spec(spec);
639 }
640 }
641 else if (info.fpr1valid)
642 {
643 rc = keyserver_import_fprint (info.fpr1, 20, opt.keyserver);
644 }
645 }
646
647 return rc;
648 #else
649 return 0;
650 #endif
651 }
652
653
654 static int
655 change_login (const char *args)
656 {
657 char *data;
658 int n;
659 int rc;
660
661 if (args && *args == '<') /* Read it from a file */
662 {
663 FILE *fp;
664
665 for (args++; spacep (args); args++)
666 ;
667 fp = fopen (args, "rb");
668 #if GNUPG_MAJOR_VERSION == 1
669 if (fp && is_secured_file (fileno (fp)))
670 {
671 fclose (fp);
672 fp = NULL;
673 errno = EPERM;
674 }
675 #endif
676 if (!fp)
677 {
678 tty_printf (_("can't open `%s': %s\n"), args, strerror (errno));
679 return -1;
680 }
681
682 data = xmalloc (254);
683 n = fread (data, 1, 254, fp);
684 fclose (fp);
685 if (n < 0)
686 {
687 tty_printf (_("error reading `%s': %s\n"), args, strerror (errno));
688 xfree (data);
689 return -1;
690 }
691 }
692 else
693 {
694 data = cpr_get ("cardedit.change_login",
695 _("Login data (account name): "));
696 if (!data)
697 return -1;
698 trim_spaces (data);
699 cpr_kill_prompt ();
700 n = strlen (data);
701 }
702
703 if (n > 254 )
704 {
705 tty_printf (_("Error: Login data too long "
706 "(limit is %d characters).\n"), 254);
707 xfree (data);
708 return -1;
709 }
710
711 rc = agent_scd_setattr ("LOGIN-DATA", data, n, NULL );
712 if (rc)
713 log_error ("error setting login data: %s\n", gpg_strerror (rc));
714 xfree (data);
715 return rc;
716 }
717
718 static int
719 change_private_do (const char *args, int nr)
720 {
721 char do_name[] = "PRIVATE-DO-X";
722 char *data;
723 int n;
724 int rc;
725
726 assert (nr >= 1 && nr <= 4);
727 do_name[11] = '0' + nr;
728
729 if (args && (args = strchr (args, '<'))) /* Read it from a file */
730 {
731 FILE *fp;
732
733 /* Fixme: Factor this duplicated code out. */
734 for (args++; spacep (args); args++)
735 ;
736 fp = fopen (args, "rb");
737 #if GNUPG_MAJOR_VERSION == 1
738 if (fp && is_secured_file (fileno (fp)))
739 {
740 fclose (fp);
741 fp = NULL;
742 errno = EPERM;
743 }
744 #endif
745 if (!fp)
746 {
747 tty_printf (_("can't open `%s': %s\n"), args, strerror (errno));
748 return -1;
749 }
750
751 data = xmalloc (254);
752 n = fread (data, 1, 254, fp);
753 fclose (fp);
754 if (n < 0)
755 {
756 tty_printf (_("error reading `%s': %s\n"), args, strerror (errno));
757 xfree (data);
758 return -1;
759 }
760 }
761 else
762 {
763 data = cpr_get ("cardedit.change_private_do",
764 _("Private DO data: "));
765 if (!data)
766 return -1;
767 trim_spaces (data);
768 cpr_kill_prompt ();
769 n = strlen (data);
770 }
771
772 if (n > 254 )
773 {
774 tty_printf (_("Error: Private DO too long "
775 "(limit is %d characters).\n"), 254);
776 xfree (data);
777 return -1;
778 }
779
780 rc = agent_scd_setattr (do_name, data, n, NULL );
781 if (rc)
782 log_error ("error setting private DO: %s\n", gpg_strerror (rc));
783 xfree (data);
784 return rc;
785 }
786
787 static int
788 change_lang (void)
789 {
790 char *data, *p;
791 int rc;
792
793 data = cpr_get ("cardedit.change_lang",
794 _("Language preferences: "));
795 if (!data)
796 return -1;
797 trim_spaces (data);
798 cpr_kill_prompt ();
799
800 if (strlen (data) > 8 || (strlen (data) & 1))
801 {
802 tty_printf (_("Error: invalid length of preference string.\n"));
803 xfree (data);
804 return -1;
805 }
806
807 for (p=data; *p && *p >= 'a' && *p <= 'z'; p++)
808 ;
809 if (*p)
810 {
811 tty_printf (_("Error: invalid characters in preference string.\n"));
812 xfree (data);
813 return -1;
814 }
815
816 rc = agent_scd_setattr ("DISP-LANG", data, strlen (data), NULL );
817 if (rc)
818 log_error ("error setting lang: %s\n", gpg_strerror (rc));
819 xfree (data);
820 return rc;
821 }
822
823
824 static int
825 change_sex (void)
826 {
827 char *data;
828 const char *str;
829 int rc;
830
831 data = cpr_get ("cardedit.change_sex",
832 _("Sex ((M)ale, (F)emale or space): "));
833 if (!data)
834 return -1;
835 trim_spaces (data);
836 cpr_kill_prompt ();
837
838 if (!*data)
839 str = "9";
840 else if ((*data == 'M' || *data == 'm') && !data[1])
841 str = "1";
842 else if ((*data == 'F' || *data == 'f') && !data[1])
843 str = "2";
844 else
845 {
846 tty_printf (_("Error: invalid response.\n"));
847 xfree (data);
848 return -1;
849 }
850
851 rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL );
852 if (rc)
853 log_error ("error setting sex: %s\n", gpg_strerror (rc));
854 xfree (data);
855 return rc;
856 }
857
858
859 static int
860 change_cafpr (int fprno)
861 {
862 char *data;
863 const char *s;
864 int i, c, rc;
865 unsigned char fpr[20];
866
867 data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: "));
868 if (!data)
869 return -1;
870 trim_spaces (data);
871 cpr_kill_prompt ();
872
873 for (i=0, s=data; i < 20 && *s; )
874 {
875 while (spacep(s))
876 s++;
877 if (*s == ':')
878 s++;
879 while (spacep(s))
880 s++;
881 c = hextobyte (s);
882 if (c == -1)
883 break;
884 fpr[i++] = c;
885 s += 2;
886 }
887 xfree (data);
888 if (i != 20 || *s)
889 {
890 tty_printf (_("Error: invalid formatted fingerprint.\n"));
891 return -1;
892 }
893
894 rc = agent_scd_setattr (fprno==1?"CA-FPR-1":
895 fprno==2?"CA-FPR-2":
896 fprno==3?"CA-FPR-3":"x", fpr, 20, NULL );
897 if (rc)
898 log_error ("error setting cafpr: %s\n", gpg_strerror (rc));
899 return rc;
900 }
901
902
903
904 static void
905 toggle_forcesig (void)
906 {
907 struct agent_card_info_s info;
908 int rc;
909 int newstate;
910
911 memset (&info, 0, sizeof info);
912 rc = agent_scd_getattr ("CHV-STATUS", &info);
913 if (rc)
914 {
915 log_error ("error getting current status: %s\n", gpg_strerror (rc));
916 return;
917 }
918 newstate = !info.chv1_cached;
919 agent_release_card_info (&info);
920
921 rc = agent_scd_setattr ("CHV-STATUS-1", newstate? "\x01":"", 1, NULL);
922 if (rc)
923 log_error ("error toggling signature PIN flag: %s\n", gpg_strerror (rc));
924 }
925
926
927 /* Helper for the key generation/edit functions. */
928 static int
929 get_info_for_key_operation (struct agent_card_info_s *info)
930 {
931 int rc;
932
933 memset (info, 0, sizeof *info);
934 rc = agent_scd_getattr ("SERIALNO", info);
935 if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
936 || strlen (info->serialno) != 32 )
937 {
938 log_error (_("key operation not possible: %s\n"),
939 rc ? gpg_strerror (rc) : _("not an OpenPGP card"));
940 return rc? rc: -1;
941 }
942 rc = agent_scd_getattr ("KEY-FPR", info);
943 if (!rc)
944 rc = agent_scd_getattr ("CHV-STATUS", info);
945 if (!rc)
946 rc = agent_scd_getattr ("DISP-NAME", info);
947 if (rc)
948 log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
949 return rc;
950 }
951
952
953 /* Helper for the key generation/edit functions. */
954 static int
955 check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
956 {
957 int rc = 0;
958
959 agent_clear_pin_cache (info->serialno);
960
961 *forced_chv1 = !info->chv1_cached;
962 if (*forced_chv1)
963 { /* Switch of the forced mode so that during key generation we
964 don't get bothered with PIN queries for each
965 self-signature. */
966 rc = agent_scd_setattr ("CHV-STATUS-1", "\x01", 1, info->serialno);
967 if (rc)
968 {
969 log_error ("error clearing forced signature PIN flag: %s\n",
970 gpg_strerror (rc));
971 *forced_chv1 = 0;
972 }
973 }
974
975 if (!rc)
976 {
977 /* Check the PIN now, so that we won't get asked later for each
978 binding signature. */
979 rc = agent_scd_checkpin (info->serialno);
980 if (rc)
981 log_error ("error checking the PIN: %s\n", gpg_strerror (rc));
982 }
983 return rc;
984 }
985
986 /* Helper for the key generation/edit functions. */
987 static void
988 restore_forced_chv1 (int *forced_chv1)
989 {
990 int rc;
991
992 if (*forced_chv1)
993 { /* Switch back to forced state. */
994 rc = agent_scd_setattr ("CHV-STATUS-1", "", 1, NULL);
995 if (rc)
996 {
997 log_error ("error setting forced signature PIN flag: %s\n",
998 gpg_strerror (rc));
999 }
1000 }
1001 }
1002
1003 #if GNUPG_MAJOR_VERSION == 1
1004 /* Helper for the key generation/edit functions. */
1005 static void
1006 show_card_key_info (struct agent_card_info_s *info)
1007 {
1008 tty_fprintf (NULL, "Signature key ....:");
1009 print_sha1_fpr (NULL, info->fpr1valid? info->fpr1:NULL);
1010 tty_fprintf (NULL, "Encryption key....:");
1011 print_sha1_fpr (NULL, info->fpr2valid? info->fpr2:NULL);
1012 tty_fprintf (NULL, "Authentication key:");
1013 print_sha1_fpr (NULL, info->fpr3valid? info->fpr3:NULL);
1014 tty_printf ("\n");
1015 }
1016 #endif
1017
1018 #if GNUPG_MAJOR_VERSION == 1
1019 /* Helper for the key generation/edit functions. */
1020 static int
1021 replace_existing_key_p (struct agent_card_info_s *info, int keyno)
1022 {
1023 assert (keyno >= 0 && keyno <= 3);
1024
1025 if ((keyno == 1 && info->fpr1valid)
1026 || (keyno == 2 && info->fpr2valid)
1027 || (keyno == 3 && info->fpr3valid))
1028 {
1029 tty_printf ("\n");
1030 log_info ("WARNING: such a key has already been stored on the card!\n");
1031 tty_printf ("\n");
1032 if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_key",
1033 _("Replace existing key? (y/N) ")))
1034 return -1;
1035 }
1036 return 0;
1037 }
1038 #endif
1039
1040
1041 static void
1042 generate_card_keys (const char *serialno)
1043 {
1044 struct agent_card_info_s info;
1045 int forced_chv1;
1046 int want_backup;
1047
1048 if (get_info_for_key_operation (&info))
1049 return;
1050
1051 #if GNUPG_MAJOR_VERSION == 1
1052 {
1053 char *answer=cpr_get("cardedit.genkeys.backup_enc",
1054 _("Make off-card backup of encryption key? (Y/n) "));
1055
1056 want_backup=answer_is_yes_no_default(answer,1);
1057 cpr_kill_prompt();
1058 xfree(answer);
1059 }
1060 #else
1061 want_backup = cpr_get_answer_is_yes
1062 ( "cardedit.genkeys.backup_enc",
1063 _("Make off-card backup of encryption key? (Y/n) "));
1064 /*FIXME: we need answer_is_yes_no_default()*/
1065 #endif
1066
1067 if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
1068 || (info.fpr2valid && !fpr_is_zero (info.fpr2))
1069 || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
1070 {
1071 tty_printf ("\n");
1072 log_info ("NOTE: keys are already stored on the card!\n");
1073 tty_printf ("\n");
1074 if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys",
1075 _("Replace existing keys? (y/N) ")))
1076 {
1077 agent_release_card_info (&info);
1078 return;
1079 }
1080 }
1081 else if (!info.disp_name || !*info.disp_name)
1082 {
1083 tty_printf ("\n");
1084 tty_printf (_("Please note that the factory settings of the PINs are\n"
1085 " PIN = `%s' Admin PIN = `%s'\n"
1086 "You should change them using the command --change-pin\n"),
1087 "123456", "12345678");
1088 tty_printf ("\n");
1089 }
1090
1091 if (check_pin_for_key_operation (&info, &forced_chv1))
1092 goto leave;
1093
1094 #if GNUPG_MAJOR_VERSION == 1
1095 generate_keypair (NULL, info.serialno,
1096 want_backup? opt.homedir:NULL);
1097 #else
1098 generate_keypair (NULL, info.serialno);
1099 #endif
1100
1101 leave:
1102 agent_release_card_info (&info);
1103 restore_forced_chv1 (&forced_chv1);
1104 }
1105
1106
1107 /* This function is used by the key edit menu to generate an arbitrary
1108 subkey. */
1109 int
1110 card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
1111 {
1112 #if GNUPG_MAJOR_VERSION == 1
1113 struct agent_card_info_s info;
1114 int okay = 0;
1115 int forced_chv1 = 0;
1116 int keyno;
1117
1118 if (get_info_for_key_operation (&info))
1119 return 0;
1120
1121 show_card_key_info (&info);
1122
1123 tty_printf (_("Please select the type of key to generate:\n"));
1124
1125 tty_printf (_(" (1) Signature key\n"));
1126 tty_printf (_(" (2) Encryption key\n"));
1127 tty_printf (_(" (3) Authentication key\n"));
1128
1129 for (;;)
1130 {
1131 char *answer = cpr_get ("cardedit.genkeys.subkeytype",
1132 _("Your selection? "));
1133 cpr_kill_prompt();
1134 if (*answer == CONTROL_D)
1135 {
1136 xfree (answer);
1137 goto leave;
1138 }
1139 keyno = *answer? atoi(answer): 0;
1140 xfree(answer);
1141 if (keyno >= 1 && keyno <= 3)
1142 break; /* Okay. */
1143 tty_printf(_("Invalid selection.\n"));
1144 }
1145
1146 if (replace_existing_key_p (&info, keyno))
1147 goto leave;
1148
1149 if (check_pin_for_key_operation (&info, &forced_chv1))
1150 goto leave;
1151
1152 okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
1153 keyno, info.serialno);
1154
1155 leave:
1156 agent_release_card_info (&info);
1157 restore_forced_chv1 (&forced_chv1);
1158 return okay;
1159 #else
1160 return 0;
1161 #endif
1162 }
1163
1164
1165 /* Store the key at NODE into the smartcard and modify NODE to
1166 carry the serialno stuff instead of the actual secret key
1167 parameters. USE is the usage for that key; 0 means any
1168 usage. */
1169 int
1170 card_store_subkey (KBNODE node, int use)
1171 {
1172 #if GNUPG_MAJOR_VERSION == 1
1173 struct agent_card_info_s info;
1174 int okay = 0;
1175 int rc;
1176 int keyno, i;
1177 PKT_secret_key *copied_sk = NULL;
1178 PKT_secret_key *sk;
1179 size_t n;
1180 const char *s;
1181 int allow_keyno[3];
1182
1183 assert (node->pkt->pkttype == PKT_SECRET_KEY
1184 || node->pkt->pkttype == PKT_SECRET_SUBKEY);
1185 sk = node->pkt->pkt.secret_key;
1186
1187 if (get_info_for_key_operation (&info))
1188 return 0;
1189
1190 show_card_key_info (&info);
1191
1192 if (!is_RSA (sk->pubkey_algo) || nbits_from_sk (sk) != 1024 )
1193 {
1194 tty_printf ("You may only store a 1024 bit RSA key on the card\n");
1195 tty_printf ("\n");
1196 goto leave;
1197 }
1198
1199 allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
1200 allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
1201 allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
1202
1203 tty_printf (_("Please select where to store the key:\n"));
1204
1205 if (allow_keyno[0])
1206 tty_printf (_(" (1) Signature key\n"));
1207 if (allow_keyno[1])
1208 tty_printf (_(" (2) Encryption key\n"));
1209 if (allow_keyno[2])
1210 tty_printf (_(" (3) Authentication key\n"));
1211
1212 for (;;)
1213 {
1214 char *answer = cpr_get ("cardedit.genkeys.storekeytype",
1215 _("Your selection? "));
1216 cpr_kill_prompt();
1217 if (*answer == CONTROL_D || !*answer)
1218 {
1219 xfree (answer);
1220 goto leave;
1221 }
1222 keyno = *answer? atoi(answer): 0;
1223 xfree(answer);
1224 if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
1225 break; /* Okay. */
1226 tty_printf(_("Invalid selection.\n"));
1227 }
1228
1229 if (replace_existing_key_p (&info, keyno))
1230 goto leave;
1231
1232 /* Unprotect key. */
1233 switch (is_secret_key_protected (sk) )
1234 {
1235 case 0: /* Not protected. */
1236 break;
1237 case -1:
1238 log_error (_("unknown key protection algorithm\n"));
1239 goto leave;
1240 default:
1241 if (sk->protect.s2k.mode == 1001)
1242 {
1243 log_error (_("secret parts of key are not available\n"));
1244 goto leave;
1245 }
1246 if (sk->protect.s2k.mode == 1002)
1247 {
1248 log_error (_("secret key already stored on a card\n"));
1249 goto leave;
1250 }
1251 /* We better copy the key before we unprotect it. */
1252 copied_sk = sk = copy_secret_key (NULL, sk);
1253 rc = check_secret_key (sk, 0);
1254 if (rc)
1255 goto leave;
1256 }
1257
1258 rc = save_unprotected_key_to_card (sk, keyno);
1259 if (rc)
1260 goto leave;
1261
1262 /* Get back to the maybe protected original secret key. */
1263 if (copied_sk)
1264 {
1265 free_secret_key (copied_sk);
1266 copied_sk = NULL;
1267 }
1268 sk = node->pkt->pkt.secret_key;
1269
1270 /* Get rid of the secret key parameters and store the serial numer. */
1271 n = pubkey_get_nskey (sk->pubkey_algo);
1272 for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
1273 {
1274 mpi_free (sk->skey[i]);
1275 sk->skey[i] = NULL;
1276 }
1277 i = pubkey_get_npkey (sk->pubkey_algo);
1278 sk->skey[i] = mpi_set_opaque (NULL, xstrdup ("dummydata"), 10);
1279 sk->is_protected = 1;
1280 sk->protect.s2k.mode = 1002;
1281 s = info.serialno;
1282 for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
1283 sk->protect.ivlen++, s += 2)
1284 sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
1285
1286 okay = 1;
1287
1288 leave:
1289 if (copied_sk)
1290 free_secret_key (copied_sk);
1291 agent_release_card_info (&info);
1292 return okay;
1293 #else
1294 return 0;
1295 #endif
1296 }
1297
1298
1299 \f
1300 /* Data used by the command parser. This needs to be outside of the
1301 function scope to allow readline based command completion. */
1302 enum cmdids
1303 {
1304 cmdNOP = 0,
1305 cmdQUIT, cmdADMIN, cmdHELP, cmdLIST, cmdDEBUG, cmdVERIFY,
1306 cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSEX, cmdCAFPR,
1307 cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO,
1308 cmdINVCMD
1309 };
1310
1311 static struct
1312 {
1313 const char *name;
1314 enum cmdids id;
1315 int admin_only;
1316 const char *desc;
1317 } cmds[] =
1318 {
1319 { "quit" , cmdQUIT , 0, N_("quit this menu")},
1320 { "q" , cmdQUIT , 0, NULL },
1321 { "admin" , cmdADMIN , 0, N_("show admin commands")},
1322 { "help" , cmdHELP , 0, N_("show this help")},
1323 { "?" , cmdHELP , 0, NULL },
1324 { "list" , cmdLIST , 0, N_("list all available data")},
1325 { "l" , cmdLIST , 0, NULL },
1326 { "debug" , cmdDEBUG , 0, NULL },
1327 { "name" , cmdNAME , 1, N_("change card holder's name")},
1328 { "url" , cmdURL , 1, N_("change URL to retrieve key")},
1329 { "fetch" , cmdFETCH , 0, N_("fetch the key specified in the card URL")},
1330 { "login" , cmdLOGIN , 1, N_("change the login name")},
1331 { "lang" , cmdLANG , 1, N_("change the language preferences")},
1332 { "sex" , cmdSEX , 1, N_("change card holder's sex")},
1333 { "cafpr" , cmdCAFPR , 1, N_("change a CA fingerprint")},
1334 { "forcesig", cmdFORCESIG, 1, N_("toggle the signature force PIN flag")},
1335 { "generate", cmdGENERATE, 1, N_("generate new keys")},
1336 { "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")},
1337 { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")},
1338 /* Note, that we do not announce this command yet. */
1339 { "privatedo", cmdPRIVATEDO, 0, NULL },
1340 { NULL, cmdINVCMD, 0, NULL }
1341 };
1342
1343
1344 #if GNUPG_MAJOR_VERSION == 1 && defined (HAVE_LIBREADLINE)
1345
1346 /* These two functions are used by readline for command completion. */
1347
1348 static char *
1349 command_generator(const char *text,int state)
1350 {
1351 static int list_index,len;
1352 const char *name;
1353
1354 /* If this is a new word to complete, initialize now. This includes
1355 saving the length of TEXT for efficiency, and initializing the
1356 index variable to 0. */
1357 if(!state)
1358 {
1359 list_index=0;
1360 len=strlen(text);
1361 }
1362
1363 /* Return the next partial match */
1364 while((name=cmds[list_index].name))
1365 {
1366 /* Only complete commands that have help text */
1367 if(cmds[list_index++].desc && strncmp(name,text,len)==0)
1368 return strdup(name);
1369 }
1370
1371 return NULL;
1372 }
1373
1374 static char **
1375 card_edit_completion(const char *text, int start, int end)
1376 {
1377 /* If we are at the start of a line, we try and command-complete.
1378 If not, just do nothing for now. */
1379
1380 if(start==0)
1381 return rl_completion_matches(text,command_generator);
1382
1383 rl_attempted_completion_over=1;
1384
1385 return NULL;
1386 }
1387 #endif /* GNUPG_MAJOR_VERSION == 1 && HAVE_LIBREADLINE */
1388
1389 /* Menu to edit all user changeable values on an OpenPGP card. Only
1390 Key creation is not handled here. */
1391 void
1392 card_edit (STRLIST commands)
1393 {
1394 enum cmdids cmd = cmdNOP;
1395 int have_commands = !!commands;
1396 int redisplay = 1;
1397 char *answer = NULL;
1398 int did_checkpin = 0, allow_admin=0;
1399 char serialnobuf[50];
1400
1401
1402 if (opt.command_fd != -1)
1403 ;
1404 else if (opt.batch && !have_commands)
1405 {
1406 log_error(_("can't do this in batch mode\n"));
1407 goto leave;
1408 }
1409
1410 for (;;)
1411 {
1412 int arg_number;
1413 const char *arg_string = "";
1414 char *p;
1415 int i;
1416 int cmd_admin_only;
1417
1418 tty_printf("\n");
1419 if (redisplay )
1420 {
1421 if (opt.with_colons)
1422 {
1423 card_status (stdout, serialnobuf, DIM (serialnobuf));
1424 fflush (stdout);
1425 }
1426 else
1427 {
1428 card_status (NULL, serialnobuf, DIM (serialnobuf));
1429 tty_printf("\n");
1430 }
1431 redisplay = 0;
1432 }
1433
1434 do
1435 {
1436 xfree (answer);
1437 if (have_commands)
1438 {
1439 if (commands)
1440 {
1441 answer = xstrdup (commands->d);
1442 commands = commands->next;
1443 }
1444 else if (opt.batch)
1445 {
1446 answer = xstrdup ("quit");
1447 }
1448 else
1449 have_commands = 0;
1450 }
1451
1452 if (!have_commands)
1453 {
1454 #if GNUPG_MAJOR_VERSION == 1
1455 tty_enable_completion (card_edit_completion);
1456 #endif
1457 answer = cpr_get_no_help("cardedit.prompt", _("Command> "));
1458 cpr_kill_prompt();
1459 #if GNUPG_MAJOR_VERSION == 1
1460 tty_disable_completion ();
1461 #endif
1462 }
1463 trim_spaces(answer);
1464 }
1465 while ( *answer == '#' );
1466
1467 arg_number = 0; /* Yes, here is the init which egcc complains about */
1468 cmd_admin_only = 0;
1469 if (!*answer)
1470 cmd = cmdLIST; /* Default to the list command */
1471 else if (*answer == CONTROL_D)
1472 cmd = cmdQUIT;
1473 else
1474 {
1475 if ((p=strchr (answer,' ')))
1476 {
1477 *p++ = 0;
1478 trim_spaces (answer);
1479 trim_spaces (p);
1480 arg_number = atoi(p);
1481 arg_string = p;
1482 }
1483
1484 for (i=0; cmds[i].name; i++ )
1485 if (!ascii_strcasecmp (answer, cmds[i].name ))
1486 break;
1487
1488 cmd = cmds[i].id;
1489 cmd_admin_only = cmds[i].admin_only;
1490 }
1491
1492 if (!allow_admin && cmd_admin_only)
1493 {
1494 tty_printf ("\n");
1495 tty_printf (_("Admin-only command\n"));
1496 continue;
1497 }
1498
1499 switch (cmd)
1500 {
1501 case cmdHELP:
1502 for (i=0; cmds[i].name; i++ )
1503 if(cmds[i].desc
1504 && (!cmds[i].admin_only || (cmds[i].admin_only && allow_admin)))
1505 tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
1506 break;
1507
1508 case cmdADMIN:
1509 if ( !strcmp (arg_string, "on") )
1510 allow_admin = 1;
1511 else if ( !strcmp (arg_string, "off") )
1512 allow_admin = 0;
1513 else if ( !strcmp (arg_string, "verify") )
1514 {
1515 /* Force verification of the Admin Command. However,
1516 this is only done if the retry counter is at initial
1517 state. */
1518 char *tmp = xmalloc (strlen (serialnobuf) + 6 + 1);
1519 strcpy (stpcpy (tmp, serialnobuf), "[CHV3]");
1520 allow_admin = !agent_scd_checkpin (tmp);
1521 xfree (tmp);
1522 }
1523 else /* Toggle. */
1524 allow_admin=!allow_admin;
1525 if(allow_admin)
1526 tty_printf(_("Admin commands are allowed\n"));
1527 else
1528 tty_printf(_("Admin commands are not allowed\n"));
1529 break;
1530
1531 case cmdVERIFY:
1532 agent_scd_checkpin (serialnobuf);
1533 redisplay = 1;
1534 break;
1535
1536 case cmdLIST:
1537 redisplay = 1;
1538 break;
1539
1540 case cmdNAME:
1541 change_name ();
1542 break;
1543
1544 case cmdURL:
1545 change_url ();
1546 break;
1547
1548 case cmdFETCH:
1549 fetch_url();
1550 break;
1551
1552 case cmdLOGIN:
1553 change_login (arg_string);
1554 break;
1555
1556 case cmdLANG:
1557 change_lang ();
1558 break;
1559
1560 case cmdSEX:
1561 change_sex ();
1562 break;
1563
1564 case cmdCAFPR:
1565 if ( arg_number < 1 || arg_number > 3 )
1566 tty_printf ("usage: cafpr N\n"
1567 " 1 <= N <= 3\n");
1568 else
1569 change_cafpr (arg_number);
1570 break;
1571
1572 case cmdPRIVATEDO:
1573 if ( arg_number < 1 || arg_number > 4 )
1574 tty_printf ("usage: privatedo N\n"
1575 " 1 <= N <= 4\n");
1576 else
1577 change_private_do (arg_string, arg_number);
1578 break;
1579
1580 case cmdFORCESIG:
1581 toggle_forcesig ();
1582 break;
1583
1584 case cmdGENERATE:
1585 generate_card_keys (serialnobuf);
1586 break;
1587
1588 case cmdPASSWD:
1589 change_pin (0, allow_admin);
1590 did_checkpin = 0; /* Need to reset it of course. */
1591 break;
1592
1593 case cmdQUIT:
1594 goto leave;
1595
1596 case cmdNOP:
1597 break;
1598
1599 case cmdINVCMD:
1600 default:
1601 tty_printf ("\n");
1602 tty_printf (_("Invalid command (try \"help\")\n"));
1603 break;
1604 } /* End command switch. */
1605 } /* End of main menu loop. */
1606
1607 leave:
1608 xfree (answer);
1609 }
1610
gnupg svn clone