| blob | 86792d8d74cb04f6ce08ce6d0f50a457ff3d74c5 |
1 /* call-pinentry.c - fork of the pinentry to query stuff from the user
2 * Copyright (C) 2001, 2002, 2004, 2007, 2008 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
20 #include <config.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <ctype.h>
26 #include <assert.h>
27 #include <unistd.h>
28 #include <sys/stat.h>
29 #ifndef HAVE_W32_SYSTEM
30 # include <sys/wait.h>
31 # include <sys/types.h>
32 # include <signal.h>
33 #endif
34 #include <pth.h>
35 #include <assuan.h>
41 #ifdef _POSIX_OPEN_MAX
42 #define MAX_OPEN_FDS _POSIX_OPEN_MAX
43 #else
44 #define MAX_OPEN_FDS 20
45 #endif
48 /* Because access to the pinentry must be serialized (it is and shall
49 be a global mutual dialog) we should better timeout further
50 requests after some time. 2 minutes seem to be a reasonable
51 time. */
52 #define LOCK_TIMEOUT (1*60)
54 /* The assuan context of the current pinentry. */
57 /* The control variable of the connection owning the current pinentry.
58 This is only valid if ENTRY_CTX is not NULL. Note, that we care
59 only about the value of the pointer and that it should never be
60 dereferenced. */
63 /* A mutex used to serialize access to the pinentry. */
66 /* The thread ID of the popup working thread. */
69 /* A flag used in communication between the popup working thread and
70 its stop function. */
75 /* Data to be passed to our callbacks, */
76 struct entry_parm_s
77 {
81 };
85 \f
86 /* This function must be called once to initialize this module. This
87 has to be done before a second thread is spawned. We can't do the
88 static initialization because Pth emulation code might not be able
89 to do a static init; in particular, it is not possible for W32. */
90 void
92 {
96 {
99 }
100 }
104 static void
106 {
107 #ifdef _W32_PTH_H
109 #else
114 else
116 #endif
117 }
120 /* This function may be called to print infromation pertaining to the
121 current state of this module to the log. */
122 void
124 {
130 }
132 /* Called to make sure that a popup window owned by the current
133 connection gets closed. */
134 void
136 {
138 {
140 }
141 }
144 /* Unlock the pinentry so that another thread can start one and
145 disconnect that pinentry - we do this after the unlock so that a
146 stalled pinentry does not block other threads. Fixme: We should
147 have a timeout in Assuan for the disconnect operation. */
148 static int
150 {
155 {
159 }
162 }
165 /* To make sure we leave no secrets in our image after forking of the
166 pinentry, we use this callback. */
167 static void
169 {
173 {
179 }
180 }
182 static int
184 {
188 /* There is only the pid in the server's response. */
192 {
196 }
198 }
200 /* Fork off the pin entry if this has not already been done. Note,
201 that this function must always be used to aquire the lock for the
202 pinentry - we will serialize _all_ pinentry calls.
203 */
204 static int
206 {
209 assuan_context_t ctx;
213 pth_event_t evt;
219 {
222 else
228 }
239 #ifdef HAVE_W32_SYSTEM
242 #endif
244 {
245 #ifndef HAVE_W32_SYSTEM
247 #endif
249 /* At least Windows XP fails here with EBADF. According to docs
250 and Wine an fflush(NULL) is the same as _flushall. However
251 the Wime implementaion does not flush stdin,stdout and stderr
252 - see above. Lets try to ignore the error. */
253 #ifndef HAVE_W32_SYSTEM
255 #endif
256 }
263 else
264 pgmname++;
266 /* OS X needs the entire file name in argv[0], so that it can locate
267 the resource bundle. For other systems we stick to the usual
268 convention of supplying only the name of the program. */
269 #ifdef __APPLE__
276 {
280 }
281 else
286 {
290 }
293 /* Connect to the pinentry and perform initial handshaking. Note
294 that atfork is used to change the environment for pinentry. We
295 start the server in detached mode to suppress the console window
296 under Windows. */
300 {
304 }
316 {
321 NULL);
325 }
327 {
332 NULL);
335 }
337 {
342 NULL);
345 }
347 {
352 NULL);
355 }
358 /* Tell the pinentry the name of a file it shall touch after having
359 messed with the tty. This is optional and only supported by
360 newer pinentries and thus we do no error checking. */
367 {
371 ;
372 else
373 {
375 NULL);
377 }
378 }
381 /* Now ask the Pinentry for its PID. If the Pinentry is new enough
382 it will send the pid back and we will use an inquire to notify
383 our client. The client may answer the inquiry either with END or
384 with CAN to cancel the pinentry. */
389 {
392 }
395 else
396 {
401 }
404 }
407 /* Returns True is the pinentry is currently active. If WAITSECONDS is
408 greater than zero the function will wait for this many seconds
409 before returning. */
410 int
412 {
416 {
417 pth_event_t evt;
422 {
425 else
429 }
431 }
432 else
433 {
436 }
441 }
444 static int
446 {
452 /* we expect the pin to fit on one line */
456 /* fixme: we should make sure that the assuan buffer is allocated in
457 secure memory or read the response byte by byte */
462 }
465 static int
467 {
469 ;
471 }
474 /* Return a new malloced string by unescaping the string S. Escaping
475 is percent escaping and '+'/space mapping. A binary Nul will
476 silently be replaced by a 0xFF. Function returns NULL to indicate
477 an out of memory status. PArsing stops at the end of the string or
478 a white space character. */
481 {
488 {
490 {
491 s++;
495 d++;
497 }
499 {
501 s++;
502 }
503 else
505 }
508 }
511 /* Estimate the quality of the passphrase PW and return a value in the
512 range 0..100. */
513 static int
515 {
525 length ++;
530 }
533 /* Handle the QUALITY inquiry. */
534 static int
536 {
544 {
547 line++;
552 else
553 {
560 }
561 }
562 else
563 {
566 }
569 }
574 \f
575 /* Call the Entry and ask for the PIN. We do check for a valid PIN
576 number here and repeat it as long as we have invalid formed
577 numbers. */
578 int
583 {
604 else
624 /* If a passphrase quality indicator has been requested and a
625 minimum passphrase length has not been disabled, send the command
626 to the pinentry. */
628 {
632 /* TRANSLATORS: This string is displayed by pinentry as the
633 label for the quality bar. */
649 else
650 {
651 /* TRANSLATORS: This string is a tooltip, shown by pinentry
652 when hovering over the quality bar. Please use an
653 appropriate string to describe what this is about. The
654 length of the tooltip is limited to about 900 characters.
655 If you do not translate this entry, a default english
656 text (see source) will be used. */
660 "Please ask your administrator for "
662 }
675 }
678 {
685 }
688 {
695 {
696 /* TRANLATORS: The string is appended to an error message in
697 the pinentry. The %s is the actual error message, the
698 two %d give the current and maximum number of tries. */
707 }
711 /* Most pinentries out in the wild return the old Assuan error code
712 for canceled which gets translated to an assuan Cancel error and
713 not to the code for a user cancel. Fix this here. */
725 {
726 /* do some basic checks on the entered PIN. */
734 }
737 {
738 /* More checks by utilizing the optional callback. */
749 }
753 }
757 }
760 \f
761 /* Ask for the passphrase using the supplied arguments. The returned
762 passphrase needs to be freed by the caller. */
763 int
767 {
787 else
801 {
807 }
818 /* Most pinentries out in the wild return the old Assuan error code
819 for canceled which gets translated to an assuan Cancel error and
820 not to the code for a user cancel. Fix this here. */
825 else
828 }
831 \f
832 /* Pop up the PIN-entry, display the text and the prompt and ask the
833 user to confirm this. We return 0 for success, ie. the user
834 confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
835 other error. */
836 int
839 {
849 else
853 /* Most pinentries out in the wild return the old Assuan error code
854 for canceled which gets translated to an assuan Cancel error and
855 not to the code for a user cancel. Fix this here. */
863 {
869 }
871 {
877 }
884 }
887 \f
888 /* Pop up the PINentry, display the text DESC and a button with the
889 text OK_BTN (which may be NULL to use the default of "OK") and waut
890 for the user to hit this button. The return value is not
891 relevant. */
892 int
894 {
904 else
908 /* Most pinentries out in the wild return the old Assuan error code
909 for canceled which gets translated to an assuan Cancel error and
910 not to the code for a user cancel. Fix this here. */
918 {
925 }
933 }
936 /* The thread running the popup message. */
939 {
942 /* We use the --one-button hack instead of the MESSAGE command to
943 allow the use of old Pinentries. Those old Pinentries will then
944 show an additional Cancel button but that is mostly a visual
945 annoyance. */
950 }
953 /* Pop up a message window similar to the confirm one but keep it open
954 until agent_popup_message_stop has been called. It is crucial for
955 the caller to make sure that the stop function gets called as soon
956 as the message is not anymore required because the message is
957 system modal and all other attempts to use the pinentry will fail
958 (after a timeout). */
959 int
961 {
964 pth_attr_t tattr;
972 else
980 {
986 }
996 {
1002 }
1006 }
1008 /* Close a popup window. */
1009 void
1011 {
1013 pid_t pid;
1018 {
1021 }
1028 #ifdef HAVE_W32_SYSTEM
1029 /* Older versions of assuan set PID to 0 on Windows to indicate an
1030 invalid value. */
1033 {
1036 /* Arbitrary error code. */
1038 }
1039 #else
1042 because we already waited for the process, we need to tell
1043 assuan that it should not wait again (done by
1044 unlock_pinentry). */
1047 }
1050 interaction of SIGINT with Pth. */
1051 #endif
1053 /* Now wait for the thread to terminate. */
1061 /* Now we can close the connection. */
1063 }