LCOV - code coverage report
Current view: top level - agent - call-pinentry.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 167 625 26.7 %
Date: 2016-09-12 13:01:59 Functions: 6 23 26.1 %

          Line data    Source code
       1             : /* call-pinentry.c - Spawn the pinentry to query stuff from the user
       2             :  * Copyright (C) 2001, 2002, 2004, 2007, 2008,
       3             :  *               2010  Free Software Foundation, Inc.
       4             :  *
       5             :  * This file is part of GnuPG.
       6             :  *
       7             :  * GnuPG is free software; you can redistribute it and/or modify
       8             :  * it under the terms of the GNU General Public License as published by
       9             :  * the Free Software Foundation; either version 3 of the License, or
      10             :  * (at your option) any later version.
      11             :  *
      12             :  * GnuPG is distributed in the hope that it will be useful,
      13             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :  * GNU General Public License for more details.
      16             :  *
      17             :  * You should have received a copy of the GNU General Public License
      18             :  * along with this program; if not, see <http://www.gnu.org/licenses/>.
      19             :  */
      20             : 
      21             : #include <config.h>
      22             : #include <errno.h>
      23             : #include <stdio.h>
      24             : #include <stdlib.h>
      25             : #include <string.h>
      26             : #include <ctype.h>
      27             : #include <assert.h>
      28             : #include <unistd.h>
      29             : #include <sys/stat.h>
      30             : #ifndef HAVE_W32_SYSTEM
      31             : # include <sys/wait.h>
      32             : # include <sys/types.h>
      33             : # include <signal.h>
      34             : #endif
      35             : #include <npth.h>
      36             : 
      37             : #include "agent.h"
      38             : #include <assuan.h>
      39             : #include "sysutils.h"
      40             : #include "i18n.h"
      41             : 
      42             : #ifdef _POSIX_OPEN_MAX
      43             : #define MAX_OPEN_FDS _POSIX_OPEN_MAX
      44             : #else
      45             : #define MAX_OPEN_FDS 20
      46             : #endif
      47             : 
      48             : 
      49             : /* Because access to the pinentry must be serialized (it is and shall
      50             :    be a global mutually exclusive dialog) we better timeout pending
      51             :    requests after some time.  1 minute seem to be a reasonable
      52             :    time. */
      53             : #define LOCK_TIMEOUT  (1*60)
      54             : 
      55             : /* The assuan context of the current pinentry. */
      56             : static assuan_context_t entry_ctx;
      57             : 
      58             : /* The control variable of the connection owning the current pinentry.
      59             :    This is only valid if ENTRY_CTX is not NULL.  Note, that we care
      60             :    only about the value of the pointer and that it should never be
      61             :    dereferenced.  */
      62             : static ctrl_t entry_owner;
      63             : 
      64             : /* A mutex used to serialize access to the pinentry. */
      65             : static npth_mutex_t entry_lock;
      66             : 
      67             : /* The thread ID of the popup working thread. */
      68             : static npth_t  popup_tid;
      69             : 
      70             : /* A flag used in communication between the popup working thread and
      71             :    its stop function. */
      72             : static int popup_finished;
      73             : 
      74             : 
      75             : 
      76             : /* Data to be passed to our callbacks, */
      77             : struct entry_parm_s
      78             : {
      79             :   int lines;
      80             :   size_t size;
      81             :   unsigned char *buffer;
      82             : };
      83             : 
      84             : 
      85             : 
      86             : 
      87             : /* This function must be called once to initialize this module.  This
      88             :    has to be done before a second thread is spawned.  We can't do the
      89             :    static initialization because Pth emulation code might not be able
      90             :    to do a static init; in particular, it is not possible for W32. */
      91             : void
      92          48 : initialize_module_call_pinentry (void)
      93             : {
      94             :   static int initialized;
      95             : 
      96          48 :   if (!initialized)
      97             :     {
      98          48 :       if (npth_mutex_init (&entry_lock, NULL))
      99           0 :         initialized = 1;
     100             :     }
     101          48 : }
     102             : 
     103             : 
     104             : 
     105             : /* This function may be called to print infromation pertaining to the
     106             :    current state of this module to the log. */
     107             : void
     108           0 : agent_query_dump_state (void)
     109             : {
     110           0 :   log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld popup_tid=%p\n",
     111           0 :             entry_ctx, (long)assuan_get_pid (entry_ctx), (void*)popup_tid);
     112           0 : }
     113             : 
     114             : /* Called to make sure that a popup window owned by the current
     115             :    connection gets closed. */
     116             : void
     117         721 : agent_reset_query (ctrl_t ctrl)
     118             : {
     119         721 :   if (entry_ctx && popup_tid && entry_owner == ctrl)
     120             :     {
     121           0 :       agent_popup_message_stop (ctrl);
     122             :     }
     123         721 : }
     124             : 
     125             : 
     126             : /* Unlock the pinentry so that another thread can start one and
     127             :    disconnect that pinentry - we do this after the unlock so that a
     128             :    stalled pinentry does not block other threads.  Fixme: We should
     129             :    have a timeout in Assuan for the disconnect operation. */
     130             : static gpg_error_t
     131           9 : unlock_pinentry (gpg_error_t rc)
     132             : {
     133           9 :   assuan_context_t ctx = entry_ctx;
     134             :   int err;
     135             : 
     136           9 :   if (rc)
     137             :     {
     138           0 :       if (DBG_IPC)
     139           0 :         log_debug ("error calling pinentry: %s <%s>\n",
     140             :                    gpg_strerror (rc), gpg_strsource (rc));
     141             : 
     142             :       /* Change the source of the error to pinentry so that the final
     143             :          consumer of the error code knows that the problem is with
     144             :          pinentry.  For backward compatibility we do not do that for
     145             :          some common error codes.  */
     146           0 :       switch (gpg_err_code (rc))
     147             :         {
     148             :         case GPG_ERR_NO_PIN_ENTRY:
     149             :         case GPG_ERR_CANCELED:
     150             :         case GPG_ERR_FULLY_CANCELED:
     151             :         case GPG_ERR_ASS_UNKNOWN_INQUIRE:
     152             :         case GPG_ERR_ASS_TOO_MUCH_DATA:
     153             :         case GPG_ERR_NO_PASSPHRASE:
     154             :         case GPG_ERR_BAD_PASSPHRASE:
     155             :         case GPG_ERR_BAD_PIN:
     156           0 :           break;
     157             : 
     158             :         default:
     159           0 :           rc = gpg_err_make (GPG_ERR_SOURCE_PINENTRY, gpg_err_code (rc));
     160           0 :           break;
     161             :         }
     162             :     }
     163             : 
     164           9 :   entry_ctx = NULL;
     165           9 :   err = npth_mutex_unlock (&entry_lock);
     166           9 :   if (err)
     167             :     {
     168           0 :       log_error ("failed to release the entry lock: %s\n", strerror (err));
     169           0 :       if (!rc)
     170           0 :         rc = gpg_error_from_errno (err);
     171             :     }
     172           9 :   assuan_release (ctx);
     173           9 :   return rc;
     174             : }
     175             : 
     176             : 
     177             : /* To make sure we leave no secrets in our image after forking of the
     178             :    pinentry, we use this callback. */
     179             : static void
     180           0 : atfork_cb (void *opaque, int where)
     181             : {
     182           0 :   ctrl_t ctrl = opaque;
     183             : 
     184           0 :   if (!where)
     185             :     {
     186           0 :       int iterator = 0;
     187             :       const char *name, *assname, *value;
     188             : 
     189           0 :       gcry_control (GCRYCTL_TERM_SECMEM);
     190             : 
     191           0 :       while ((name = session_env_list_stdenvnames (&iterator, &assname)))
     192             :         {
     193             :           /* For all new envvars (!ASSNAME) and the two medium old
     194             :              ones which do have an assuan name but are conveyed using
     195             :              environment variables, update the environment of the
     196             :              forked process.  */
     197           0 :           if (!assname
     198           0 :               || !strcmp (name, "XAUTHORITY")
     199           0 :               || !strcmp (name, "PINENTRY_USER_DATA"))
     200             :             {
     201           0 :               value = session_env_getenv (ctrl->session_env, name);
     202           0 :               if (value)
     203           0 :                 gnupg_setenv (name, value, 1);
     204             :             }
     205             :         }
     206             :     }
     207           0 : }
     208             : 
     209             : 
     210             : static gpg_error_t
     211           0 : getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
     212             : {
     213           0 :   unsigned long *pid = opaque;
     214             :   char pidbuf[50];
     215             : 
     216             :   /* There is only the pid in the server's response.  */
     217           0 :   if (length >= sizeof pidbuf)
     218           0 :     length = sizeof pidbuf -1;
     219           0 :   if (length)
     220             :     {
     221           0 :       strncpy (pidbuf, buffer, length);
     222           0 :       pidbuf[length] = 0;
     223           0 :       *pid = strtoul (pidbuf, NULL, 10);
     224             :     }
     225           0 :   return 0;
     226             : }
     227             : 
     228             : /* Fork off the pin entry if this has not already been done.  Note,
     229             :    that this function must always be used to acquire the lock for the
     230             :    pinentry - we will serialize _all_ pinentry calls.
     231             :  */
     232             : static gpg_error_t
     233           9 : start_pinentry (ctrl_t ctrl)
     234             : {
     235           9 :   int rc = 0;
     236             :   const char *full_pgmname;
     237             :   const char *pgmname;
     238             :   assuan_context_t ctx;
     239             :   const char *argv[5];
     240             :   assuan_fd_t no_close_list[3];
     241             :   int i;
     242             :   const char *tmpstr;
     243             :   unsigned long pinentry_pid;
     244             :   const char *value;
     245             :   struct timespec abstime;
     246             :   int err;
     247             : 
     248           9 :   npth_clock_gettime (&abstime);
     249           9 :   abstime.tv_sec += LOCK_TIMEOUT;
     250           9 :   err = npth_mutex_timedlock (&entry_lock, &abstime);
     251           9 :   if (err)
     252             :     {
     253           0 :       if (err == ETIMEDOUT)
     254           0 :         rc = gpg_error (GPG_ERR_TIMEOUT);
     255             :       else
     256           0 :         rc = gpg_error_from_errno (rc);
     257           0 :       log_error (_("failed to acquire the pinentry lock: %s\n"),
     258             :                  gpg_strerror (rc));
     259           0 :       return rc;
     260             :     }
     261             : 
     262           9 :   entry_owner = ctrl;
     263             : 
     264           9 :   if (entry_ctx)
     265           0 :     return 0;
     266             : 
     267           9 :   if (opt.verbose)
     268           0 :     log_info ("starting a new PIN Entry\n");
     269             : 
     270             : #ifdef HAVE_W32_SYSTEM
     271             :   fflush (stdout);
     272             :   fflush (stderr);
     273             : #endif
     274           9 :   if (fflush (NULL))
     275             :     {
     276             : #ifndef HAVE_W32_SYSTEM
     277           0 :       gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
     278             : #endif
     279           0 :       log_error ("error flushing pending output: %s\n", strerror (errno));
     280             :       /* At least Windows XP fails here with EBADF.  According to docs
     281             :          and Wine an fflush(NULL) is the same as _flushall.  However
     282             :          the Wine implementaion does not flush stdin,stdout and stderr
     283             :          - see above.  Let's try to ignore the error. */
     284             : #ifndef HAVE_W32_SYSTEM
     285           0 :       return unlock_pinentry (tmperr);
     286             : #endif
     287             :     }
     288             : 
     289           9 :   full_pgmname = opt.pinentry_program;
     290           9 :   if (!full_pgmname || !*full_pgmname)
     291           0 :     full_pgmname = gnupg_module_name (GNUPG_MODULE_NAME_PINENTRY);
     292           9 :   if ( !(pgmname = strrchr (full_pgmname, '/')))
     293           0 :     pgmname = full_pgmname;
     294             :   else
     295           9 :     pgmname++;
     296             : 
     297             :   /* OS X needs the entire file name in argv[0], so that it can locate
     298             :      the resource bundle.  For other systems we stick to the usual
     299             :      convention of supplying only the name of the program.  */
     300             : #ifdef __APPLE__
     301             :   argv[0] = full_pgmname;
     302             : #else /*!__APPLE__*/
     303           9 :   argv[0] = pgmname;
     304             : #endif /*__APPLE__*/
     305             : 
     306           9 :   if (!opt.keep_display
     307           9 :       && (value = session_env_getenv (ctrl->session_env, "DISPLAY")))
     308             :     {
     309           9 :       argv[1] = "--display";
     310           9 :       argv[2] = value;
     311           9 :       argv[3] = NULL;
     312             :     }
     313             :   else
     314           0 :     argv[1] = NULL;
     315             : 
     316           9 :   i=0;
     317           9 :   if (!opt.running_detached)
     318             :     {
     319           0 :       if (log_get_fd () != -1)
     320           0 :         no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
     321           0 :       no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
     322             :     }
     323           9 :   no_close_list[i] = ASSUAN_INVALID_FD;
     324             : 
     325           9 :   rc = assuan_new (&ctx);
     326           9 :   if (rc)
     327             :     {
     328           0 :       log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
     329           0 :       return rc;
     330             :     }
     331             :   /* We don't want to log the pinentry communication to make the logs
     332             :      easier to read.  We might want to add a new debug option to enable
     333             :      pinentry logging.  */
     334             : #ifdef ASSUAN_NO_LOGGING
     335           9 :   assuan_set_flag (ctx, ASSUAN_NO_LOGGING, !opt.debug_pinentry);
     336             : #endif
     337             : 
     338             :   /* Connect to the pinentry and perform initial handshaking.  Note
     339             :      that atfork is used to change the environment for pinentry.  We
     340             :      start the server in detached mode to suppress the console window
     341             :      under Windows.  */
     342           9 :   rc = assuan_pipe_connect (ctx, full_pgmname, argv,
     343             :                             no_close_list, atfork_cb, ctrl,
     344             :                             ASSUAN_PIPE_CONNECT_DETACHED);
     345           9 :   if (rc)
     346             :     {
     347           0 :       log_error ("can't connect to the PIN entry module '%s': %s\n",
     348             :                  full_pgmname, gpg_strerror (rc));
     349           0 :       assuan_release (ctx);
     350           0 :       return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
     351             :     }
     352           9 :   entry_ctx = ctx;
     353             : 
     354           9 :   if (DBG_IPC)
     355           0 :     log_debug ("connection to PIN entry established\n");
     356             : 
     357           9 :   rc = assuan_transact (entry_ctx,
     358           9 :                         opt.no_grab? "OPTION no-grab":"OPTION grab",
     359             :                         NULL, NULL, NULL, NULL, NULL, NULL);
     360           9 :   if (rc)
     361           0 :     return unlock_pinentry (rc);
     362             : 
     363           9 :   value = session_env_getenv (ctrl->session_env, "GPG_TTY");
     364           9 :   if (value)
     365             :     {
     366             :       char *optstr;
     367           0 :       if (asprintf (&optstr, "OPTION ttyname=%s", value) < 0 )
     368           0 :         return unlock_pinentry (out_of_core ());
     369           0 :       rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
     370             :                             NULL);
     371           0 :       xfree (optstr);
     372           0 :       if (rc)
     373           0 :         return unlock_pinentry (rc);
     374             :     }
     375           9 :   value = session_env_getenv (ctrl->session_env, "TERM");
     376           9 :   if (value)
     377             :     {
     378             :       char *optstr;
     379           9 :       if (asprintf (&optstr, "OPTION ttytype=%s", value) < 0 )
     380           0 :         return unlock_pinentry (out_of_core ());
     381           9 :       rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
     382             :                             NULL);
     383           9 :       xfree (optstr);
     384           9 :       if (rc)
     385           0 :         return unlock_pinentry (rc);
     386             :     }
     387           9 :   if (ctrl->lc_ctype)
     388             :     {
     389             :       char *optstr;
     390           8 :       if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 )
     391           0 :         return unlock_pinentry (out_of_core ());
     392           8 :       rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
     393             :                             NULL);
     394           8 :       xfree (optstr);
     395           8 :       if (rc)
     396           0 :         return unlock_pinentry (rc);
     397             :     }
     398           9 :   if (ctrl->lc_messages)
     399             :     {
     400             :       char *optstr;
     401           0 :       if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 )
     402           0 :         return unlock_pinentry (out_of_core ());
     403           0 :       rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
     404             :                             NULL);
     405           0 :       xfree (optstr);
     406           0 :       if (rc)
     407           0 :         return unlock_pinentry (rc);
     408             :     }
     409             : 
     410             : 
     411           9 :   if (opt.allow_external_cache)
     412             :     {
     413             :       /* Indicate to the pinentry that it may read from an external cache.
     414             : 
     415             :          It is essential that the pinentry respect this.  If the
     416             :          cached password is not up to date and retry == 1, then, using
     417             :          a version of GPG Agent that doesn't support this, won't issue
     418             :          another pin request and the user won't get a chance to
     419             :          correct the password.  */
     420           9 :       rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache",
     421             :                             NULL, NULL, NULL, NULL, NULL, NULL);
     422           9 :       if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
     423           0 :         return unlock_pinentry (rc);
     424             :     }
     425             : 
     426           9 :   if (opt.allow_emacs_pinentry)
     427             :     {
     428             :       /* Indicate to the pinentry that it may read passphrase through
     429             :          Emacs minibuffer, if possible.  */
     430           0 :       rc = assuan_transact (entry_ctx, "OPTION allow-emacs-prompt",
     431             :                             NULL, NULL, NULL, NULL, NULL, NULL);
     432           0 :       if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
     433           0 :         return unlock_pinentry (rc);
     434             :     }
     435             : 
     436             : 
     437             :   {
     438             :     /* Provide a few default strings for use by the pinentries.  This
     439             :        may help a pinentry to avoid implementing localization code.  */
     440             :     static struct { const char *key, *value; int what; } tbl[] = {
     441             :       /* TRANSLATORS: These are labels for buttons etc used in
     442             :          Pinentries.  An underscore indicates that the next letter
     443             :          should be used as an accelerator.  Double the underscore for
     444             :          a literal one.  The actual to be translated text starts after
     445             :          the second vertical bar.  Note that gpg-agent has been set to
     446             :          utf-8 so that the strings are in the expected encoding.  */
     447             :       { "ok",     N_("|pinentry-label|_OK") },
     448             :       { "cancel", N_("|pinentry-label|_Cancel") },
     449             :       { "yes",    N_("|pinentry-label|_Yes") },
     450             :       { "no",     N_("|pinentry-label|_No") },
     451             :       { "prompt", N_("|pinentry-label|PIN:") },
     452             :       { "pwmngr", N_("|pinentry-label|_Save in password manager"), 1 },
     453             :       { "cf-visi",N_("Do you really want to make your "
     454             :                      "passphrase visible on the screen?") },
     455             :       { "tt-visi",N_("|pinentry-tt|Make passphrase visible") },
     456             :       { "tt-hide",N_("|pinentry-tt|Hide passphrase") },
     457             :       { NULL, NULL}
     458             :     };
     459             :     char *optstr;
     460             :     int idx;
     461             :     const char *s, *s2;
     462             : 
     463          90 :     for (idx=0; tbl[idx].key; idx++)
     464             :       {
     465          81 :         if (!opt.allow_external_cache && tbl[idx].what == 1)
     466           0 :           continue;  /* No need for it.  */
     467          81 :         s = L_(tbl[idx].value);
     468          81 :         if (*s == '|' && (s2=strchr (s+1,'|')))
     469          72 :           s = s2+1;
     470          81 :         if (asprintf (&optstr, "OPTION default-%s=%s", tbl[idx].key, s) < 0 )
     471           0 :           return unlock_pinentry (out_of_core ());
     472          81 :         assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
     473             :                          NULL);
     474          81 :         xfree (optstr);
     475             :       }
     476             :   }
     477             : 
     478             :   /* Tell the pinentry that we would prefer that the given character
     479             :      is used as the invisible character by the entry widget.  */
     480           9 :   if (opt.pinentry_invisible_char)
     481             :     {
     482             :       char *optstr;
     483           0 :       if ((optstr = xtryasprintf ("OPTION invisible-char=%s",
     484             :                                   opt.pinentry_invisible_char)))
     485             :         {
     486           0 :           assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
     487             :                            NULL);
     488             :           /* We ignore errors because this is just a fancy thing and
     489             :              older pinentries do not support this feature.  */
     490           0 :           xfree (optstr);
     491             :         }
     492             :     }
     493             : 
     494           9 :   if (opt.pinentry_timeout)
     495             :     {
     496             :       char *optstr;
     497           0 :       if ((optstr = xtryasprintf ("SETTIMEOUT %lu", opt.pinentry_timeout)))
     498             :         {
     499           0 :           assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
     500             :                            NULL);
     501             :           /* We ignore errors because this is just a fancy thing.  */
     502           0 :           xfree (optstr);
     503             :         }
     504             :     }
     505             : 
     506             :   /* Tell the pinentry the name of a file it shall touch after having
     507             :      messed with the tty.  This is optional and only supported by
     508             :      newer pinentries and thus we do no error checking. */
     509           9 :   tmpstr = opt.pinentry_touch_file;
     510           9 :   if (tmpstr && !strcmp (tmpstr, "/dev/null"))
     511           0 :     tmpstr = NULL;
     512           9 :   else if (!tmpstr)
     513           9 :     tmpstr = get_agent_socket_name ();
     514           9 :   if (tmpstr)
     515             :     {
     516             :       char *optstr;
     517             : 
     518           9 :       if (asprintf (&optstr, "OPTION touch-file=%s", tmpstr ) < 0 )
     519             :         ;
     520             :       else
     521             :         {
     522           9 :           assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
     523             :                            NULL);
     524           9 :           xfree (optstr);
     525             :         }
     526             :     }
     527             : 
     528             : 
     529             :   /* Now ask the Pinentry for its PID.  If the Pinentry is new enough
     530             :      it will send the pid back and we will use an inquire to notify
     531             :      our client.  The client may answer the inquiry either with END or
     532             :      with CAN to cancel the pinentry. */
     533           9 :   rc = assuan_transact (entry_ctx, "GETINFO pid",
     534             :                         getinfo_pid_cb, &pinentry_pid,
     535             :                         NULL, NULL, NULL, NULL);
     536           9 :   if (rc)
     537             :     {
     538           0 :       log_info ("You may want to update to a newer pinentry\n");
     539           0 :       rc = 0;
     540             :     }
     541           9 :   else if (!rc && (pid_t)pinentry_pid == (pid_t)(-1))
     542           0 :     log_error ("pinentry did not return a PID\n");
     543             :   else
     544             :     {
     545           9 :       rc = agent_inq_pinentry_launched (ctrl, pinentry_pid);
     546           9 :       if (gpg_err_code (rc) == GPG_ERR_CANCELED
     547           9 :           || gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED)
     548           0 :         return unlock_pinentry (gpg_err_make (GPG_ERR_SOURCE_DEFAULT,
     549             :                                               gpg_err_code (rc)));
     550           9 :       rc = 0;
     551             :     }
     552             : 
     553           9 :   return 0;
     554             : }
     555             : 
     556             : 
     557             : /* Returns True if the pinentry is currently active. If WAITSECONDS is
     558             :    greater than zero the function will wait for this many seconds
     559             :    before returning.  */
     560             : int
     561           0 : pinentry_active_p (ctrl_t ctrl, int waitseconds)
     562             : {
     563             :   int err;
     564             :   (void)ctrl;
     565             : 
     566           0 :   if (waitseconds > 0)
     567             :     {
     568             :       struct timespec abstime;
     569             :       int rc;
     570             : 
     571           0 :       npth_clock_gettime (&abstime);
     572           0 :       abstime.tv_sec += waitseconds;
     573           0 :       err = npth_mutex_timedlock (&entry_lock, &abstime);
     574           0 :       if (err)
     575             :         {
     576           0 :           if (err == ETIMEDOUT)
     577           0 :             rc = gpg_error (GPG_ERR_TIMEOUT);
     578             :           else
     579           0 :             rc = gpg_error (GPG_ERR_INTERNAL);
     580           0 :           return rc;
     581             :         }
     582             :     }
     583             :   else
     584             :     {
     585           0 :       err = npth_mutex_trylock (&entry_lock);
     586           0 :       if (err)
     587           0 :         return gpg_error (GPG_ERR_LOCKED);
     588             :     }
     589             : 
     590           0 :   err = npth_mutex_unlock (&entry_lock);
     591           0 :   if (err)
     592           0 :     log_error ("failed to release the entry lock at %d: %s\n", __LINE__,
     593           0 :                strerror (errno));
     594           0 :   return 0;
     595             : }
     596             : 
     597             : 
     598             : static gpg_error_t
     599           9 : getpin_cb (void *opaque, const void *buffer, size_t length)
     600             : {
     601           9 :   struct entry_parm_s *parm = opaque;
     602             : 
     603           9 :   if (!buffer)
     604           0 :     return 0;
     605             : 
     606             :   /* we expect the pin to fit on one line */
     607           9 :   if (parm->lines || length >= parm->size)
     608           0 :     return gpg_error (GPG_ERR_ASS_TOO_MUCH_DATA);
     609             : 
     610             :   /* fixme: we should make sure that the assuan buffer is allocated in
     611             :      secure memory or read the response byte by byte */
     612           9 :   memcpy (parm->buffer, buffer, length);
     613           9 :   parm->buffer[length] = 0;
     614           9 :   parm->lines++;
     615           9 :   return 0;
     616             : }
     617             : 
     618             : 
     619             : static int
     620           0 : all_digitsp( const char *s)
     621             : {
     622           0 :   for (; *s && *s >= '0' && *s <= '9'; s++)
     623             :     ;
     624           0 :   return !*s;
     625             : }
     626             : 
     627             : 
     628             : /* Return a new malloced string by unescaping the string S.  Escaping
     629             :    is percent escaping and '+'/space mapping.  A binary Nul will
     630             :    silently be replaced by a 0xFF.  Function returns NULL to indicate
     631             :    an out of memory status.  Parsing stops at the end of the string or
     632             :    a white space character. */
     633             : static char *
     634           0 : unescape_passphrase_string (const unsigned char *s)
     635             : {
     636             :   char *buffer, *d;
     637             : 
     638           0 :   buffer = d = xtrymalloc_secure (strlen ((const char*)s)+1);
     639           0 :   if (!buffer)
     640           0 :     return NULL;
     641           0 :   while (*s && !spacep (s))
     642             :     {
     643           0 :       if (*s == '%' && s[1] && s[2])
     644             :         {
     645           0 :           s++;
     646           0 :           *d = xtoi_2 (s);
     647           0 :           if (!*d)
     648           0 :             *d = '\xff';
     649           0 :           d++;
     650           0 :           s += 2;
     651             :         }
     652           0 :       else if (*s == '+')
     653             :         {
     654           0 :           *d++ = ' ';
     655           0 :           s++;
     656             :         }
     657             :       else
     658           0 :         *d++ = *s++;
     659             :     }
     660           0 :   *d = 0;
     661           0 :   return buffer;
     662             : }
     663             : 
     664             : 
     665             : /* Estimate the quality of the passphrase PW and return a value in the
     666             :    range 0..100.  */
     667             : static int
     668           0 : estimate_passphrase_quality (const char *pw)
     669             : {
     670           0 :   int goodlength = opt.min_passphrase_len + opt.min_passphrase_len/3;
     671             :   int length;
     672             :   const char *s;
     673             : 
     674           0 :   if (goodlength < 1)
     675           0 :     return 0;
     676             : 
     677           0 :   for (length = 0, s = pw; *s; s++)
     678           0 :     if (!spacep (s))
     679           0 :       length ++;
     680             : 
     681           0 :   if (length > goodlength)
     682           0 :     return 100;
     683           0 :   return ((length*10) / goodlength)*10;
     684             : }
     685             : 
     686             : 
     687             : /* Handle the QUALITY inquiry. */
     688             : static gpg_error_t
     689           0 : inq_quality (void *opaque, const char *line)
     690             : {
     691           0 :   assuan_context_t ctx = opaque;
     692             :   const char *s;
     693             :   char *pin;
     694             :   int rc;
     695             :   int percent;
     696             :   char numbuf[20];
     697             : 
     698           0 :   if ((s = has_leading_keyword (line, "QUALITY")))
     699             :     {
     700           0 :       pin = unescape_passphrase_string (s);
     701           0 :       if (!pin)
     702           0 :         rc = gpg_error_from_syserror ();
     703             :       else
     704             :         {
     705           0 :           percent = estimate_passphrase_quality (pin);
     706           0 :           if (check_passphrase_constraints (NULL, pin, NULL))
     707           0 :             percent = -percent;
     708           0 :           snprintf (numbuf, sizeof numbuf, "%d", percent);
     709           0 :           rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
     710           0 :           xfree (pin);
     711             :         }
     712             :     }
     713             :   else
     714             :     {
     715           0 :       log_error ("unsupported inquiry '%s' from pinentry\n", line);
     716           0 :       rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
     717             :     }
     718             : 
     719           0 :   return rc;
     720             : }
     721             : 
     722             : 
     723             : /* Helper for agent_askpin and agent_get_passphrase.  */
     724             : static gpg_error_t
     725           0 : setup_qualitybar (ctrl_t ctrl)
     726             : {
     727             :   int rc;
     728             :   char line[ASSUAN_LINELENGTH];
     729             :   char *tmpstr, *tmpstr2;
     730             :   const char *tooltip;
     731             : 
     732             :   (void)ctrl;
     733             : 
     734             :   /* TRANSLATORS: This string is displayed by Pinentry as the label
     735             :      for the quality bar.  */
     736           0 :   tmpstr = try_percent_escape (L_("Quality:"), "\t\r\n\f\v");
     737           0 :   snprintf (line, DIM(line)-1, "SETQUALITYBAR %s", tmpstr? tmpstr:"");
     738           0 :   line[DIM(line)-1] = 0;
     739           0 :   xfree (tmpstr);
     740           0 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
     741           0 :   if (rc == 103 /*(Old assuan error code)*/
     742           0 :       || gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
     743             :     ; /* Ignore Unknown Command from old Pinentry versions.  */
     744           0 :   else if (rc)
     745           0 :     return rc;
     746             : 
     747           0 :   tmpstr2 = gnupg_get_help_string ("pinentry.qualitybar.tooltip", 0);
     748           0 :   if (tmpstr2)
     749           0 :     tooltip = tmpstr2;
     750             :   else
     751             :     {
     752             :       /* TRANSLATORS: This string is a tooltip, shown by pinentry when
     753             :          hovering over the quality bar.  Please use an appropriate
     754             :          string to describe what this is about.  The length of the
     755             :          tooltip is limited to about 900 characters.  If you do not
     756             :          translate this entry, a default english text (see source)
     757             :          will be used. */
     758           0 :       tooltip =  L_("pinentry.qualitybar.tooltip");
     759           0 :       if (!strcmp ("pinentry.qualitybar.tooltip", tooltip))
     760           0 :         tooltip = ("The quality of the text entered above.\n"
     761             :                    "Please ask your administrator for "
     762             :                    "details about the criteria.");
     763             :     }
     764           0 :   tmpstr = try_percent_escape (tooltip, "\t\r\n\f\v");
     765           0 :   xfree (tmpstr2);
     766           0 :   snprintf (line, DIM(line)-1, "SETQUALITYBAR_TT %s", tmpstr? tmpstr:"");
     767           0 :   line[DIM(line)-1] = 0;
     768           0 :   xfree (tmpstr);
     769           0 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
     770           0 :   if (rc == 103 /*(Old assuan error code)*/
     771           0 :           || gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
     772             :     ; /* Ignore Unknown Command from old pinentry versions.  */
     773           0 :   else if (rc)
     774           0 :     return rc;
     775             : 
     776           0 :   return 0;
     777             : }
     778             : 
     779             : enum
     780             :   {
     781             :     PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0,
     782             :     PINENTRY_STATUS_PIN_REPEATED = 1 << 8,
     783             :     PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9
     784             :   };
     785             : 
     786             : /* Check the button_info line for a close action.  Also check for the
     787             :    PIN_REPEATED flag.  */
     788             : static gpg_error_t
     789           0 : pinentry_status_cb (void *opaque, const char *line)
     790             : {
     791           0 :   unsigned int *flag = opaque;
     792             :   const char *args;
     793             : 
     794           0 :   if ((args = has_leading_keyword (line, "BUTTON_INFO")))
     795             :     {
     796           0 :       if (!strcmp (args, "close"))
     797           0 :         *flag |= PINENTRY_STATUS_CLOSE_BUTTON;
     798             :     }
     799           0 :   else if (has_leading_keyword (line, "PIN_REPEATED"))
     800             :     {
     801           0 :       *flag |= PINENTRY_STATUS_PIN_REPEATED;
     802             :     }
     803           0 :   else if (has_leading_keyword (line, "PASSWORD_FROM_CACHE"))
     804             :     {
     805           0 :       *flag |= PINENTRY_STATUS_PASSWORD_FROM_CACHE;
     806             :     }
     807             : 
     808           0 :   return 0;
     809             : }
     810             : 
     811             : 
     812             : 
     813             : 
     814             : /* Call the Entry and ask for the PIN.  We do check for a valid PIN
     815             :    number here and repeat it as long as we have invalid formed
     816             :    numbers.  KEYINFO and CACHE_MODE are used to tell pinentry something
     817             :    about the key. */
     818             : gpg_error_t
     819           9 : agent_askpin (ctrl_t ctrl,
     820             :               const char *desc_text, const char *prompt_text,
     821             :               const char *initial_errtext,
     822             :               struct pin_entry_info_s *pininfo,
     823             :               const char *keyinfo, cache_mode_t cache_mode)
     824             : {
     825             :   gpg_error_t rc;
     826             :   char line[ASSUAN_LINELENGTH];
     827             :   struct entry_parm_s parm;
     828           9 :   const char *errtext = NULL;
     829           9 :   int is_pin = 0;
     830             :   int saveflag;
     831             :   unsigned int pinentry_status;
     832             : 
     833           9 :   if (opt.batch)
     834           0 :     return 0; /* fixme: we should return BAD PIN */
     835             : 
     836           9 :   if (ctrl->pinentry_mode != PINENTRY_MODE_ASK)
     837             :     {
     838           0 :       if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL)
     839           0 :         return gpg_error (GPG_ERR_CANCELED);
     840           0 :       if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
     841             :         {
     842             :           unsigned char *passphrase;
     843             :           size_t size;
     844             : 
     845           0 :           *pininfo->pin = 0; /* Reset the PIN. */
     846           0 :           rc = pinentry_loopback(ctrl, "PASSPHRASE", &passphrase, &size,
     847           0 :                   pininfo->max_length - 1);
     848           0 :           if (rc)
     849           0 :             return rc;
     850             : 
     851           0 :           memcpy(&pininfo->pin, passphrase, size);
     852           0 :           xfree(passphrase);
     853           0 :           pininfo->pin[size] = 0;
     854           0 :           if (pininfo->check_cb)
     855             :             {
     856             :               /* More checks by utilizing the optional callback. */
     857           0 :               pininfo->cb_errtext = NULL;
     858           0 :               rc = pininfo->check_cb (pininfo);
     859             :             }
     860           0 :           return rc;
     861             :         }
     862           0 :       return gpg_error(GPG_ERR_NO_PIN_ENTRY);
     863             :     }
     864             : 
     865           9 :   if (!pininfo || pininfo->max_length < 1)
     866           0 :     return gpg_error (GPG_ERR_INV_VALUE);
     867           9 :   if (!desc_text && pininfo->min_digits)
     868           0 :     desc_text = L_("Please enter your PIN, so that the secret key "
     869             :                    "can be unlocked for this session");
     870           9 :   else if (!desc_text)
     871           0 :     desc_text = L_("Please enter your passphrase, so that the secret key "
     872             :                    "can be unlocked for this session");
     873             : 
     874           9 :   if (prompt_text)
     875           0 :     is_pin = !!strstr (prompt_text, "PIN");
     876             :   else
     877           9 :     is_pin = desc_text && strstr (desc_text, "PIN");
     878             : 
     879           9 :   rc = start_pinentry (ctrl);
     880           9 :   if (rc)
     881           0 :     return rc;
     882             : 
     883             :   /* If we have a KEYINFO string and are normal, user, or ssh cache
     884             :      mode, we tell that the Pinentry so it may use it for own caching
     885             :      purposes.  Most pinentries won't have this implemented and thus
     886             :      we do not error out in this case.  */
     887           9 :   if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
     888           1 :                   || cache_mode == CACHE_MODE_USER
     889           1 :                   || cache_mode == CACHE_MODE_SSH))
     890           0 :     snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
     891             :               cache_mode == CACHE_MODE_USER? 'u' :
     892           0 :               cache_mode == CACHE_MODE_SSH? 's' : 'n',
     893             :               keyinfo);
     894             :   else
     895           9 :     snprintf (line, DIM(line)-1, "SETKEYINFO --clear");
     896             : 
     897           9 :   rc = assuan_transact (entry_ctx, line,
     898             :                         NULL, NULL, NULL, NULL, NULL, NULL);
     899           9 :   if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
     900           0 :     return unlock_pinentry (rc);
     901             : 
     902           9 :   snprintf (line, DIM(line)-1, "SETDESC %s", desc_text);
     903           9 :   line[DIM(line)-1] = 0;
     904           9 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
     905           9 :   if (rc)
     906           0 :     return unlock_pinentry (rc);
     907             : 
     908          18 :   snprintf (line, DIM(line)-1, "SETPROMPT %s",
     909           9 :             prompt_text? prompt_text : is_pin? L_("PIN:") : L_("Passphrase:"));
     910           9 :   line[DIM(line)-1] = 0;
     911           9 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
     912           9 :   if (rc)
     913           0 :     return unlock_pinentry (rc);
     914             : 
     915             :   /* If a passphrase quality indicator has been requested and a
     916             :      minimum passphrase length has not been disabled, send the command
     917             :      to the pinentry.  */
     918           9 :   if (pininfo->with_qualitybar && opt.min_passphrase_len )
     919             :     {
     920           0 :       rc = setup_qualitybar (ctrl);
     921           0 :       if (rc)
     922           0 :         return unlock_pinentry (rc);
     923             :     }
     924             : 
     925           9 :   if (initial_errtext)
     926             :     {
     927           0 :       snprintf (line, DIM(line)-1, "SETERROR %s", initial_errtext);
     928           0 :       line[DIM(line)-1] = 0;
     929           0 :       rc = assuan_transact (entry_ctx, line,
     930             :                             NULL, NULL, NULL, NULL, NULL, NULL);
     931           0 :       if (rc)
     932           0 :         return unlock_pinentry (rc);
     933             :     }
     934             : 
     935           9 :   if (pininfo->with_repeat)
     936             :     {
     937           4 :       snprintf (line, DIM(line)-1, "SETREPEATERROR %s",
     938             :                 L_("does not match - try again"));
     939           4 :       line[DIM(line)-1] = 0;
     940           4 :       rc = assuan_transact (entry_ctx, line,
     941             :                             NULL, NULL, NULL, NULL, NULL, NULL);
     942           4 :       if (rc)
     943           0 :         pininfo->with_repeat = 0; /* Pinentry does not support it.  */
     944             :     }
     945           9 :   pininfo->repeat_okay = 0;
     946             : 
     947           9 :   for (;pininfo->failed_tries < pininfo->max_tries; pininfo->failed_tries++)
     948             :     {
     949           9 :       memset (&parm, 0, sizeof parm);
     950           9 :       parm.size = pininfo->max_length;
     951           9 :       *pininfo->pin = 0; /* Reset the PIN. */
     952           9 :       parm.buffer = (unsigned char*)pininfo->pin;
     953             : 
     954           9 :       if (errtext)
     955             :         {
     956             :           /* TRANSLATORS: The string is appended to an error message in
     957             :              the pinentry.  The %s is the actual error message, the
     958             :              two %d give the current and maximum number of tries. */
     959           0 :           snprintf (line, DIM(line)-1, L_("SETERROR %s (try %d of %d)"),
     960           0 :                     errtext, pininfo->failed_tries+1, pininfo->max_tries);
     961           0 :           line[DIM(line)-1] = 0;
     962           0 :           rc = assuan_transact (entry_ctx, line,
     963             :                                 NULL, NULL, NULL, NULL, NULL, NULL);
     964           0 :           if (rc)
     965           0 :             return unlock_pinentry (rc);
     966           0 :           errtext = NULL;
     967             :         }
     968             : 
     969           9 :       if (pininfo->with_repeat)
     970             :         {
     971           4 :           snprintf (line, DIM(line)-1, "SETREPEAT %s", L_("Repeat:"));
     972           4 :           line[DIM(line)-1] = 0;
     973           4 :           rc = assuan_transact (entry_ctx, line,
     974             :                                 NULL, NULL, NULL, NULL, NULL, NULL);
     975           4 :           if (rc)
     976           0 :             return unlock_pinentry (rc);
     977             :         }
     978             : 
     979           9 :       saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
     980           9 :       assuan_begin_confidential (entry_ctx);
     981           9 :       pinentry_status = 0;
     982           9 :       rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
     983             :                             inq_quality, entry_ctx,
     984             :                             pinentry_status_cb, &pinentry_status);
     985           9 :       assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
     986             :       /* Most pinentries out in the wild return the old Assuan error code
     987             :          for canceled which gets translated to an assuan Cancel error and
     988             :          not to the code for a user cancel.  Fix this here. */
     989           9 :       if (rc && gpg_err_source (rc)
     990           0 :           && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
     991           0 :         rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
     992             : 
     993             : 
     994             :       /* Change error code in case the window close button was clicked
     995             :          to cancel the operation.  */
     996           9 :       if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON)
     997           0 :           && gpg_err_code (rc) == GPG_ERR_CANCELED)
     998           0 :         rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
     999             : 
    1000           9 :       if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA)
    1001           0 :         errtext = is_pin? L_("PIN too long")
    1002           0 :                         : L_("Passphrase too long");
    1003           9 :       else if (rc)
    1004           0 :         return unlock_pinentry (rc);
    1005             : 
    1006           9 :       if (!errtext && pininfo->min_digits)
    1007             :         {
    1008             :           /* do some basic checks on the entered PIN. */
    1009           0 :           if (!all_digitsp (pininfo->pin))
    1010           0 :             errtext = L_("Invalid characters in PIN");
    1011           0 :           else if (pininfo->max_digits
    1012           0 :                    && strlen (pininfo->pin) > pininfo->max_digits)
    1013           0 :             errtext = L_("PIN too long");
    1014           0 :           else if (strlen (pininfo->pin) < pininfo->min_digits)
    1015           0 :             errtext = L_("PIN too short");
    1016             :         }
    1017             : 
    1018           9 :       if (!errtext && pininfo->check_cb)
    1019             :         {
    1020             :           /* More checks by utilizing the optional callback. */
    1021           5 :           pininfo->cb_errtext = NULL;
    1022           5 :           rc = pininfo->check_cb (pininfo);
    1023           5 :           if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
    1024           0 :               && pininfo->cb_errtext)
    1025           0 :             errtext = pininfo->cb_errtext;
    1026           5 :           else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
    1027           5 :                    || gpg_err_code (rc) == GPG_ERR_BAD_PIN)
    1028           0 :             errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase"));
    1029           5 :           else if (rc)
    1030           0 :             return unlock_pinentry (rc);
    1031             :         }
    1032             : 
    1033           9 :       if (!errtext)
    1034             :         {
    1035           9 :           if (pininfo->with_repeat
    1036           4 :               && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED))
    1037           0 :             pininfo->repeat_okay = 1;
    1038           9 :           return unlock_pinentry (0); /* okay, got a PIN or passphrase */
    1039             :         }
    1040             : 
    1041           0 :       if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
    1042             :         /* The password was read from the cache.  Don't count this
    1043             :            against the retry count.  */
    1044           0 :         pininfo->failed_tries --;
    1045             :     }
    1046             : 
    1047           0 :   return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
    1048             :                           : GPG_ERR_BAD_PASSPHRASE));
    1049             : }
    1050             : 
    1051             : 
    1052             : 
    1053             : /* Ask for the passphrase using the supplied arguments.  The returned
    1054             :    passphrase needs to be freed by the caller. */
    1055             : int
    1056           0 : agent_get_passphrase (ctrl_t ctrl,
    1057             :                       char **retpass, const char *desc, const char *prompt,
    1058             :                       const char *errtext, int with_qualitybar,
    1059             :                       const char *keyinfo, cache_mode_t cache_mode)
    1060             : {
    1061             : 
    1062             :   int rc;
    1063             :   char line[ASSUAN_LINELENGTH];
    1064             :   struct entry_parm_s parm;
    1065             :   int saveflag;
    1066             :   unsigned int pinentry_status;
    1067             : 
    1068           0 :   *retpass = NULL;
    1069           0 :   if (opt.batch)
    1070           0 :     return gpg_error (GPG_ERR_BAD_PASSPHRASE);
    1071             : 
    1072           0 :   if (ctrl->pinentry_mode != PINENTRY_MODE_ASK)
    1073             :     {
    1074           0 :       if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL)
    1075           0 :         return gpg_error (GPG_ERR_CANCELED);
    1076             : 
    1077           0 :       if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK)
    1078             :         {
    1079             :           size_t size;
    1080           0 :           size_t len = ASSUAN_LINELENGTH/2;
    1081             : 
    1082           0 :           return pinentry_loopback (ctrl, "PASSPHRASE",
    1083             :                                     (unsigned char **)retpass, &size, len);
    1084             :         }
    1085           0 :       return gpg_error (GPG_ERR_NO_PIN_ENTRY);
    1086             :     }
    1087             : 
    1088           0 :   rc = start_pinentry (ctrl);
    1089           0 :   if (rc)
    1090           0 :     return rc;
    1091             : 
    1092           0 :   if (!prompt)
    1093           0 :     prompt = desc && strstr (desc, "PIN")? L_("PIN:"): L_("Passphrase:");
    1094             : 
    1095             : 
    1096             :   /* If we have a KEYINFO string and are normal, user, or ssh cache
    1097             :      mode, we tell that the Pinentry so it may use it for own caching
    1098             :      purposes.  Most pinentries won't have this implemented and thus
    1099             :      we do not error out in this case.  */
    1100           0 :   if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
    1101           0 :                   || cache_mode == CACHE_MODE_USER
    1102           0 :                   || cache_mode == CACHE_MODE_SSH))
    1103           0 :     snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
    1104             :               cache_mode == CACHE_MODE_USER? 'u' :
    1105           0 :               cache_mode == CACHE_MODE_SSH? 's' : 'n',
    1106             :               keyinfo);
    1107             :   else
    1108           0 :     snprintf (line, DIM(line)-1, "SETKEYINFO --clear");
    1109             : 
    1110           0 :   rc = assuan_transact (entry_ctx, line,
    1111             :                         NULL, NULL, NULL, NULL, NULL, NULL);
    1112           0 :   if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
    1113           0 :     return unlock_pinentry (rc);
    1114             : 
    1115             : 
    1116           0 :   if (desc)
    1117           0 :     snprintf (line, DIM(line)-1, "SETDESC %s", desc);
    1118             :   else
    1119           0 :     snprintf (line, DIM(line)-1, "RESET");
    1120           0 :   line[DIM(line)-1] = 0;
    1121           0 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
    1122           0 :   if (rc)
    1123           0 :     return unlock_pinentry (rc);
    1124             : 
    1125           0 :   snprintf (line, DIM(line)-1, "SETPROMPT %s", prompt);
    1126           0 :   line[DIM(line)-1] = 0;
    1127           0 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
    1128           0 :   if (rc)
    1129           0 :     return unlock_pinentry (rc);
    1130             : 
    1131           0 :   if (with_qualitybar && opt.min_passphrase_len)
    1132             :     {
    1133           0 :       rc = setup_qualitybar (ctrl);
    1134           0 :       if (rc)
    1135           0 :         return unlock_pinentry (rc);
    1136             :     }
    1137             : 
    1138           0 :   if (errtext)
    1139             :     {
    1140           0 :       snprintf (line, DIM(line)-1, "SETERROR %s", errtext);
    1141           0 :       line[DIM(line)-1] = 0;
    1142           0 :       rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
    1143           0 :       if (rc)
    1144           0 :         return unlock_pinentry (rc);
    1145             :     }
    1146             : 
    1147           0 :   memset (&parm, 0, sizeof parm);
    1148           0 :   parm.size = ASSUAN_LINELENGTH/2 - 5;
    1149           0 :   parm.buffer = gcry_malloc_secure (parm.size+10);
    1150           0 :   if (!parm.buffer)
    1151           0 :     return unlock_pinentry (out_of_core ());
    1152             : 
    1153           0 :   saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
    1154           0 :   assuan_begin_confidential (entry_ctx);
    1155           0 :   pinentry_status = 0;
    1156           0 :   rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
    1157             :                         inq_quality, entry_ctx,
    1158             :                         pinentry_status_cb, &pinentry_status);
    1159           0 :   assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
    1160             :   /* Most pinentries out in the wild return the old Assuan error code
    1161             :      for canceled which gets translated to an assuan Cancel error and
    1162             :      not to the code for a user cancel.  Fix this here. */
    1163           0 :   if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
    1164           0 :     rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
    1165             :   /* Change error code in case the window close button was clicked
    1166             :      to cancel the operation.  */
    1167           0 :   if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON)
    1168           0 :       && gpg_err_code (rc) == GPG_ERR_CANCELED)
    1169           0 :     rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
    1170             : 
    1171           0 :   if (rc)
    1172           0 :     xfree (parm.buffer);
    1173             :   else
    1174           0 :     *retpass = parm.buffer;
    1175           0 :   return unlock_pinentry (rc);
    1176             : }
    1177             : 
    1178             : 
    1179             : 
    1180             : /* Pop up the PIN-entry, display the text and the prompt and ask the
    1181             :    user to confirm this.  We return 0 for success, ie. the user
    1182             :    confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
    1183             :    other error.  If WITH_CANCEL it true an extra cancel button is
    1184             :    displayed to allow the user to easily return a GPG_ERR_CANCELED.
    1185             :    if the Pinentry does not support this, the user can still cancel by
    1186             :    closing the Pinentry window.  */
    1187             : int
    1188           0 : agent_get_confirmation (ctrl_t ctrl,
    1189             :                         const char *desc, const char *ok,
    1190             :                         const char *notok, int with_cancel)
    1191             : {
    1192             :   int rc;
    1193             :   char line[ASSUAN_LINELENGTH];
    1194             : 
    1195           0 :   if (ctrl->pinentry_mode != PINENTRY_MODE_ASK)
    1196             :     {
    1197           0 :       if (ctrl->pinentry_mode == PINENTRY_MODE_CANCEL)
    1198           0 :         return gpg_error (GPG_ERR_CANCELED);
    1199             : 
    1200           0 :       return gpg_error (GPG_ERR_NO_PIN_ENTRY);
    1201             :     }
    1202             : 
    1203           0 :   rc = start_pinentry (ctrl);
    1204           0 :   if (rc)
    1205           0 :     return rc;
    1206             : 
    1207           0 :   if (desc)
    1208           0 :     snprintf (line, DIM(line)-1, "SETDESC %s", desc);
    1209             :   else
    1210           0 :     snprintf (line, DIM(line)-1, "RESET");
    1211           0 :   line[DIM(line)-1] = 0;
    1212           0 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
    1213             :   /* Most pinentries out in the wild return the old Assuan error code
    1214             :      for canceled which gets translated to an assuan Cancel error and
    1215             :      not to the code for a user cancel.  Fix this here. */
    1216           0 :   if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
    1217           0 :     rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
    1218             : 
    1219           0 :   if (rc)
    1220           0 :     return unlock_pinentry (rc);
    1221             : 
    1222           0 :   if (ok)
    1223             :     {
    1224           0 :       snprintf (line, DIM(line)-1, "SETOK %s", ok);
    1225           0 :       line[DIM(line)-1] = 0;
    1226           0 :       rc = assuan_transact (entry_ctx,
    1227             :                             line, NULL, NULL, NULL, NULL, NULL, NULL);
    1228           0 :       if (rc)
    1229           0 :         return unlock_pinentry (rc);
    1230             :     }
    1231           0 :   if (notok)
    1232             :     {
    1233             :       /* Try to use the newer NOTOK feature if a cancel button is
    1234             :          requested.  If no cancel button is requested we keep on using
    1235             :          the standard cancel.  */
    1236           0 :       if (with_cancel)
    1237             :         {
    1238           0 :           snprintf (line, DIM(line)-1, "SETNOTOK %s", notok);
    1239           0 :           line[DIM(line)-1] = 0;
    1240           0 :           rc = assuan_transact (entry_ctx,
    1241             :                                 line, NULL, NULL, NULL, NULL, NULL, NULL);
    1242             :         }
    1243             :       else
    1244           0 :         rc = GPG_ERR_ASS_UNKNOWN_CMD;
    1245             : 
    1246           0 :       if (gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
    1247             :         {
    1248           0 :           snprintf (line, DIM(line)-1, "SETCANCEL %s", notok);
    1249           0 :           line[DIM(line)-1] = 0;
    1250           0 :           rc = assuan_transact (entry_ctx, line,
    1251             :                                 NULL, NULL, NULL, NULL, NULL, NULL);
    1252             :         }
    1253           0 :       if (rc)
    1254           0 :         return unlock_pinentry (rc);
    1255             :     }
    1256             : 
    1257           0 :   rc = assuan_transact (entry_ctx, "CONFIRM",
    1258             :                         NULL, NULL, NULL, NULL, NULL, NULL);
    1259           0 :   if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
    1260           0 :     rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
    1261             : 
    1262           0 :   return unlock_pinentry (rc);
    1263             : }
    1264             : 
    1265             : 
    1266             : 
    1267             : /* Pop up the PINentry, display the text DESC and a button with the
    1268             :    text OK_BTN (which may be NULL to use the default of "OK") and wait
    1269             :    for the user to hit this button.  The return value is not
    1270             :    relevant.  */
    1271             : int
    1272           0 : agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn)
    1273             : {
    1274             :   int rc;
    1275             :   char line[ASSUAN_LINELENGTH];
    1276             : 
    1277           0 :   if (ctrl->pinentry_mode != PINENTRY_MODE_ASK)
    1278           0 :     return gpg_error (GPG_ERR_CANCELED);
    1279             : 
    1280           0 :   rc = start_pinentry (ctrl);
    1281           0 :   if (rc)
    1282           0 :     return rc;
    1283             : 
    1284           0 :   if (desc)
    1285           0 :     snprintf (line, DIM(line)-1, "SETDESC %s", desc);
    1286             :   else
    1287           0 :     snprintf (line, DIM(line)-1, "RESET");
    1288           0 :   line[DIM(line)-1] = 0;
    1289           0 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
    1290             :   /* Most pinentries out in the wild return the old Assuan error code
    1291             :      for canceled which gets translated to an assuan Cancel error and
    1292             :      not to the code for a user cancel.  Fix this here. */
    1293           0 :   if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
    1294           0 :     rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
    1295             : 
    1296           0 :   if (rc)
    1297           0 :     return unlock_pinentry (rc);
    1298             : 
    1299           0 :   if (ok_btn)
    1300             :     {
    1301           0 :       snprintf (line, DIM(line)-1, "SETOK %s", ok_btn);
    1302           0 :       line[DIM(line)-1] = 0;
    1303           0 :       rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL,
    1304             :                             NULL, NULL, NULL);
    1305           0 :       if (rc)
    1306           0 :         return unlock_pinentry (rc);
    1307             :     }
    1308             : 
    1309           0 :   rc = assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL,
    1310             :                         NULL, NULL, NULL);
    1311           0 :   if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
    1312           0 :     rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
    1313             : 
    1314           0 :   return unlock_pinentry (rc);
    1315             : }
    1316             : 
    1317             : 
    1318             : /* The thread running the popup message. */
    1319             : static void *
    1320           0 : popup_message_thread (void *arg)
    1321             : {
    1322             :   (void)arg;
    1323             : 
    1324             :   /* We use the --one-button hack instead of the MESSAGE command to
    1325             :      allow the use of old Pinentries.  Those old Pinentries will then
    1326             :      show an additional Cancel button but that is mostly a visual
    1327             :      annoyance. */
    1328           0 :   assuan_transact (entry_ctx, "CONFIRM --one-button",
    1329             :                    NULL, NULL, NULL, NULL, NULL, NULL);
    1330           0 :   popup_finished = 1;
    1331           0 :   return NULL;
    1332             : }
    1333             : 
    1334             : 
    1335             : /* Pop up a message window similar to the confirm one but keep it open
    1336             :    until agent_popup_message_stop has been called.  It is crucial for
    1337             :    the caller to make sure that the stop function gets called as soon
    1338             :    as the message is not anymore required because the message is
    1339             :    system modal and all other attempts to use the pinentry will fail
    1340             :    (after a timeout). */
    1341             : int
    1342           0 : agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn)
    1343             : {
    1344             :   int rc;
    1345             :   char line[ASSUAN_LINELENGTH];
    1346             :   npth_attr_t tattr;
    1347             :   int err;
    1348             : 
    1349           0 :   if (ctrl->pinentry_mode != PINENTRY_MODE_ASK)
    1350           0 :     return gpg_error (GPG_ERR_CANCELED);
    1351             : 
    1352           0 :   rc = start_pinentry (ctrl);
    1353           0 :   if (rc)
    1354           0 :     return rc;
    1355             : 
    1356           0 :   if (desc)
    1357           0 :     snprintf (line, DIM(line)-1, "SETDESC %s", desc);
    1358             :   else
    1359           0 :     snprintf (line, DIM(line)-1, "RESET");
    1360           0 :   line[DIM(line)-1] = 0;
    1361           0 :   rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
    1362           0 :   if (rc)
    1363           0 :     return unlock_pinentry (rc);
    1364             : 
    1365           0 :   if (ok_btn)
    1366             :     {
    1367           0 :       snprintf (line, DIM(line)-1, "SETOK %s", ok_btn);
    1368           0 :       line[DIM(line)-1] = 0;
    1369           0 :       rc = assuan_transact (entry_ctx, line, NULL,NULL,NULL,NULL,NULL,NULL);
    1370           0 :       if (rc)
    1371           0 :         return unlock_pinentry (rc);
    1372             :     }
    1373             : 
    1374           0 :   err = npth_attr_init (&tattr);
    1375           0 :   if (err)
    1376           0 :     return unlock_pinentry (gpg_error_from_errno (err));
    1377           0 :   npth_attr_setdetachstate (&tattr, NPTH_CREATE_JOINABLE);
    1378             : 
    1379           0 :   popup_finished = 0;
    1380           0 :   err = npth_create (&popup_tid, &tattr, popup_message_thread, NULL);
    1381           0 :   npth_attr_destroy (&tattr);
    1382           0 :   if (err)
    1383             :     {
    1384           0 :       rc = gpg_error_from_errno (err);
    1385           0 :       log_error ("error spawning popup message handler: %s\n",
    1386             :                  strerror (err) );
    1387           0 :       return unlock_pinentry (rc);
    1388             :     }
    1389           0 :   npth_setname_np (popup_tid, "popup-message");
    1390             : 
    1391           0 :   return 0;
    1392             : }
    1393             : 
    1394             : /* Close a popup window. */
    1395             : void
    1396           0 : agent_popup_message_stop (ctrl_t ctrl)
    1397             : {
    1398             :   int rc;
    1399             :   pid_t pid;
    1400             : 
    1401             :   (void)ctrl;
    1402             : 
    1403           0 :   if (!popup_tid || !entry_ctx)
    1404             :     {
    1405           0 :       log_debug ("agent_popup_message_stop called with no active popup\n");
    1406           0 :       return;
    1407             :     }
    1408             : 
    1409           0 :   pid = assuan_get_pid (entry_ctx);
    1410           0 :   if (pid == (pid_t)(-1))
    1411             :     ; /* No pid available can't send a kill. */
    1412           0 :   else if (popup_finished)
    1413             :     ; /* Already finished and ready for joining. */
    1414             : #ifdef HAVE_W32_SYSTEM
    1415             :   /* Older versions of assuan set PID to 0 on Windows to indicate an
    1416             :      invalid value.  */
    1417             :   else if (pid != (pid_t) INVALID_HANDLE_VALUE
    1418             :            && pid != 0)
    1419             :     {
    1420             :       HANDLE process = (HANDLE) pid;
    1421             : 
    1422             :       /* Arbitrary error code.  */
    1423             :       TerminateProcess (process, 1);
    1424             :     }
    1425             : #else
    1426           0 :   else if (pid && ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) )
    1427             :     { /* The daemon already died.  No need to send a kill.  However
    1428             :          because we already waited for the process, we need to tell
    1429             :          assuan that it should not wait again (done by
    1430             :          unlock_pinentry). */
    1431           0 :       if (rc == pid)
    1432           0 :         assuan_set_flag (entry_ctx, ASSUAN_NO_WAITPID, 1);
    1433             :     }
    1434           0 :   else if (pid > 0)
    1435           0 :     kill (pid, SIGINT);
    1436             : #endif
    1437             : 
    1438             :   /* Now wait for the thread to terminate. */
    1439           0 :   rc = npth_join (popup_tid, NULL);
    1440           0 :   if (rc)
    1441           0 :     log_debug ("agent_popup_message_stop: pth_join failed: %s\n",
    1442             :                strerror (rc));
    1443             :   /* Thread IDs are opaque, but we try our best here by resetting it
    1444             :      to the same content that a static global variable has.  */
    1445           0 :   memset (&popup_tid, '\0', sizeof (popup_tid));
    1446           0 :   entry_owner = NULL;
    1447             : 
    1448             :   /* Now we can close the connection. */
    1449           0 :   unlock_pinentry (0);
    1450             : }
    1451             : 
    1452             : int
    1453           0 : agent_clear_passphrase (ctrl_t ctrl,
    1454             :                         const char *keyinfo, cache_mode_t cache_mode)
    1455             : {
    1456             :   int rc;
    1457             :   char line[ASSUAN_LINELENGTH];
    1458             : 
    1459           0 :   if (! (keyinfo && (cache_mode == CACHE_MODE_NORMAL
    1460           0 :                      || cache_mode == CACHE_MODE_USER
    1461           0 :                      || cache_mode == CACHE_MODE_SSH)))
    1462           0 :     return gpg_error (GPG_ERR_NOT_SUPPORTED);
    1463             : 
    1464           0 :   rc = start_pinentry (ctrl);
    1465           0 :   if (rc)
    1466           0 :     return rc;
    1467             : 
    1468           0 :   snprintf (line, DIM(line)-1, "CLEARPASSPHRASE %c/%s",
    1469             :             cache_mode == CACHE_MODE_USER? 'u' :
    1470           0 :             cache_mode == CACHE_MODE_SSH? 's' : 'n',
    1471             :             keyinfo);
    1472           0 :   rc = assuan_transact (entry_ctx, line,
    1473             :                         NULL, NULL, NULL, NULL, NULL, NULL);
    1474             : 
    1475           0 :   return unlock_pinentry (rc);
    1476             : }

Generated by: LCOV version 1.11