Page MenuHome GnuPG
Files F35337354

No OneTemporary
Actions

View Options

diff --git a/doc/pinentry.texi b/doc/pinentry.texi
index 1fb19a4..e8970a6 100644
--- a/doc/pinentry.texi
+++ b/doc/pinentry.texi
@@ -1,919 +1,865 @@
\input texinfo @c -*-texinfo-*-
@c %**start of header
@setfilename pinentry.info
@include version.texi
@macro copyrightnotice
Copyright @copyright{} 2002, 2005, 2015 g10 Code GmbH
@end macro
@macro permissionnotice
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 2 of the License, or (at your
option) any later version. The text of the license can be found in the
section entitled ``Copying''.
@end macro
@macro pinentry
@sc{pinentry}
@end macro
@settitle Using the PIN-Entry
@c Create a separate index for command line options.
@defcodeindex op
@c Merge the standard indexes into a single one.
@syncodeindex fn cp
@syncodeindex vr cp
@syncodeindex ky cp
@syncodeindex pg cp
@syncodeindex tp cp
@c printing stuff taken from gcc.
@macro gnupgtabopt{body}
@code{\body\}
@end macro
@macro gnupgoptlist{body}
@smallexample
\body\
@end smallexample
@end macro
@c Makeinfo handles the above macro OK, TeX needs manual line breaks;
@c they get lost at some point in handling the macro. But if @macro is
@c used here rather than @alias, it produces double line breaks.
@iftex
@alias gol = *
@end iftex
@ifnottex
@macro gol
@end macro
@end ifnottex
@c %**end of header
@ifnottex
@dircategory GNU Utilities
@direntry
* pinentry: (pinentry). Securely ask for a passphrase or PIN.
@end direntry
This file documents the use and the internals of the @pinentry{}.
This is edition @value{EDITION}, last updated @value{UPDATED}, of
@cite{The `PINEntry' Manual}, for version @value{VERSION}.
@sp 1
Published by g10 Code GmbH@*
Hüttenstr. 61@*
40699 Erkrath, Germany
@sp 1
@copyrightnotice{}
@sp 1
@permissionnotice{}
@end ifnottex
@setchapternewpage odd
@titlepage
@title Using the PIN-Entry
@subtitle Version @value{VERSION}
@subtitle @value{UPDATED}
@author Werner Koch @code{(wk@@gnupg.org)}
@page
@vskip 0pt plus 1filll
@copyrightnotice{}
@sp 2
@permissionnotice{}
@end titlepage
@summarycontents
@contents
@page
@node Top
@top Introduction
@cindex introduction
This manual documents how to use the @pinentry{} and its protocol.
The @pinentry{} is a small GUI application used to enter PINs or
passphrases. It is usually invoked by @sc{gpg-agent}
(@pxref{Invoking GPG-AGENT, ,Invoking the gpg-agent, gnupg,
The `GNU Privacy Guard' Manual}, for details).
@pinentry{} comes in several flavors to fit the look and feel of the
used GUI toolkit: A @sc{GTK+} based one named @code{pinentry-gtk}; a
@sc{Qt} based one named @code{pinentry-qt}; and, two non-graphical
ones @code{pinentry-curses}, which uses curses, and
@code{pinentry-tty}, which doesn't require anything more than a simple
terminal. Not all of them are necessarily available on your
installation. If curses is supported on your system, the GUI-based
flavors fall back to curses when the @code{DISPLAY} variable is not
set.
@menu
* Using pinentry:: How to use the beast.
* Front ends:: Description and comparison of the front ends
Developer information
* Protocol:: The Assuan protocol description.
* Implementation Details:: For those extending or writing a new pinentry.
Miscellaneous
* Copying:: GNU General Public License says
how you can copy and share PIN-Entry
as well as this manual.
Indices
* Option Index:: Index to command line options.
* Index:: Index of concepts and symbol names.
@end menu
@node Using pinentry
@chapter How to use the @pinentry{}
@c man begin DESCRIPTION
You may run @pinentry{} directly from the command line and pass the
commands according to the Assuan protocol via stdin/stdout.
@c man end
@c man begin OPTIONS
Here is a list of options supported by all flavors of pinentry:
@table @gnupgtabopt
@item --version
@opindex version
Print the program version and licensing information.
@item --help
@opindex help
Print a usage message summarizing the most useful command line options.
@item --debug
@itemx -d
@opindex debug
@opindex d
Turn on some debugging. Mostly useful for the maintainers. Note that
this may reveal sensitive information like the entered passphrase.
@c @item --enhanced
@c @itemx -e
@c @opindex enhanced
@c @opindex e
@c Ask for timeouts and insurance, too. Note that this is currently not
@c fully supported.
@item --no-global-grab
@itemx -g
@opindex no-global-grab
@opindex g
Grab the keyboard only when the window is focused. Use this option if
you are debugging software using the @pinentry{}; otherwise you may
not be able to to access your X session anymore (unless you have other
means to connect to the machine to kill the @pinentry{}).
@item --parent-wid @var{n}
@opindex parent-wid
Use window ID @var{n} as the parent window for positioning the window.
Note, that this is not fully supported by all flavors of @pinentry{}.
@item --timeout @var{seconds}
@opindex timeout
Give up waiting for input from the user after the specified number of
seconds and return an error. The error returned is the same as if the
Cancel button was selected. To disable the timeout and wait
indefinitely, set this to 0, which is the default.
@item --display @var{string}
@itemx --ttyname @var{string}
@itemx --ttytype @var{string}
@itemx --lc-ctype @var{string}
@itemx --lc-messages @var{string}
@opindex display
@opindex ttyname
@opindex ttytype
@opindex lc-ctype
@opindex lc-messa
These options are used to pass localization information to
@pinentry{}. They are required because @pinentry{} is usually called
by some background process which does not have any information about
the locale and terminal to use. It is also possible to pass these
options using Assuan protocol options.
@end table
@node Front ends
@chapter Front Ends
There are several different flavors of @pinentry{}. Concretely, there
are Gtk+2, Qt@tie{}4/5, TQt, EFL, FLTK, Gnome@tie{}3, Emacs, curses and
tty variants. These different implementations provide higher levels
of integration with a specific environment. For instance, the
Gnome@tie{}3 @pinentry{} uses Gnome@tie{}3 widgets to display the
prompts. For Gnome@tie{}3 users, this higher level of integration
provides a more consistent aesthetic. However, this comes at a cost.
Because this @pinentry{} uses so many components, there is a larger
chance of a failure. In particular, there is a larger chance that the
passphrase is saved in memory and that memory is exposed to an
attacker (consider the OpenSSL Heartbeat vulnerability).
To understand how many components touch the passphrase, consider again
the Gnome@tie{}3 implementation. When a user presses a button on the
keyboard, the key is passed from the kernel to the X@tie{}server to
the toolkit (Gtk+) and to the actual text entry widget. Along the
way, the key is saved in memory and processed. In fact, the key
presses are probably read using standard C library functions, which
buffer the input. None of this code is careful to make sure the
contents of the memory are not leaked by keeping the data in unpagable
memory and wiping it when the buffer is freed. However, even if they
did, there is still the problem that when a computer hibernates, the
system writes unpagable memory to disk anyway. Further, many
installations are virtualized (e.g., running on Xen) and have little
control over their actual environment.
The curses variant uses a significant smaller software stack and the
tty variant uses an even smaller one. However, if they are run in an
X@tie{}terminal, then a similar number of components are handling the
passphrase as in the Gnome@tie{}3 case! Thus, to be most secure, you
need to direct GPG@tie{}Agent to use a fixed virtual console. Since
you need to remain logged in for GPG@tie{}Agent to use that console,
you should run there and have @code{screen} or @code{tmux} lock the
tty.
The Emacs pinentry implementation interacts with a running Emacs
session and directs the Emacs instance to display the passphrase
prompt. Since this doesn't work very well if there is no Emacs
running, the generic @pinentry{} backend checks if a
@pinentry{}-enabled Emacs should be used. Specifically, it looks to
see if the @code{INSIDE_EMACS} variable is set and then attempts to
establish a connection to the specified address. If this is the case,
then instead of, e.g., @code{pinentry-gtk2} displaying a Gtk+2
pinentry, it interacts with the Emacs session. This functionality can
be explicitly disabled by passing @code{--disable-inside-emacs} to
@code{configure} when building @pinentry{}.
Having Emacs get the passphrase is convenient, however, it is a
significant security risk. Emacs is a huge program, which doesn't
provide any process isolation to speak of. As such, having it handle
the passphrase adds a huge chunk of code to the user's trusted computing
base. Because of this concern, Emacs doesn't enable this by default,
unless the @code{allow-emacs-pinentry} option is explicitly set in his
or her @code{.gnupg/gpg-agent.conf} file.
Similar to the inside-emacs check, the @pinentry{} frontends check
whether the @code{DISPLAY} variable is set and a working X server is
available. If this is not the case, then they fallback to the curses
front end. This can also be disabled by passing
@code{--disable-fallback-curses} to @code{configure} at build time.
@c
@c Assuan Protocol
@c
@node Protocol
@chapter @pinentry{}'s Assuan Protocol
The @pinentry{} should never service more than one connection at once.
It is reasonable to exec the @pinentry{} prior to a request.
The @pinentry{} does not need to stay in memory because the
@sc{gpg-agent} has the ability to cache passphrases. The usual way to
run the @pinentry{} is by setting up a pipe (not a socket) and then
fork/exec the @pinentry{}. The communication is then done by means of
the protocol described here until the client is satisfied with the
result.
Although it is called a @pinentry{}, it allows entering reasonably
long strings (strings that are up to 2048 characters long are
supported by every pinentry). The client using the @pinentry{} has to
check for correctness.
Note that all strings are expected to be encoded as UTF-8; @pinentry{}
takes care of converting it to the locally used codeset. To include
linefeeds or other special characters, you may percent-escape them
(e.g., a line feed is encoded as @code{%0A}, the percent sign itself
is encoded as @code{%25}, etc.).
The following is a list of supported commands:
@table @gnupgtabopt
@item Set the timeout before returning an error
@example
C: SETTIMEOUT 30
S: OK
@end example
@item Set the descriptive text to display
@example
C: SETDESC Enter PIN for Richard Nixon <nobody@@trickydicky.gov>
S: OK
@end example
@item Set the prompt to show
When asking for a PIN, set the text just before the widget for
passphrase entry.
@example
C: SETPROMPT PIN:
S: OK
@end example
You should use an underscore in the text only if you know that a
modern version of pinentry is used. Modern versions underline the
next character after the underscore and use the first such underlined
character as a keyboard accelerator. Use a double underscore to
escape an underscore.
@item Set the window title
This command may be used to change the default window title. When
using this feature you should take care that the window is still
identifiable as the pinentry.
@example
C: SETTITLE Tape Recorder Room
S: OK
@end example
@item Set the button texts
There are three texts which should be used to override the English
defaults:
To set the text for the button signaling confirmation (in UTF-8).
See SETPROMPT on how to use an keyboard accelerator.
@example
C: SETOK Yes
S: OK
@end example
To set the text for the button signaling cancellation or disagreement
(in UTF-8). See SETPROMPT on how to use an keyboard accelerator.
@example
C: SETCANCEL No
S: OK
@end example
In case three buttons are required, use the following command to set
the text (UTF-8) for the non-affirmative response button. The
affirmative button text is still set using SETOK and the CANCEL button
text with SETCANCEL. See SETPROMPT on how to use an keyboard
accelerator.
@example
C: SETNOTOK Do not do this
S: OK
@end example
@item Set the Error text
This is used by the client to display an error message. In contrast
to the other commands, the error message is automatically reset with
a GETPIN or CONFIRM, and is only displayed when asking for a PIN.
@example
C: SETERROR Invalid PIN entered - please try again
S: OK
@end example
@item Enable a passphrase quality indicator
Adds a quality indicator to the GETPIN window. This indicator is
updated as the passphrase is typed. The clients needs to implement an
inquiry named "QUALITY" which gets passed the current passphrase
(percent-plus escaped) and should send back a string with a single
numerical value between -100 and 100. Negative values will be
displayed in red.
@example
C: SETQUALITYBAR
S: OK
@end example
If a custom label for the quality bar is required, just add that label
as an argument as a percent-escaped string. You will need this
feature to translate the label because @pinentry{} has no internal
gettext except for stock strings from the toolkit library.
If you want to show a tooltip for the quality bar, you may use
@example
C: SETQUALITYBAR_TT string
S: OK
@end example
@noindent
With STRING being a percent escaped string shown as the tooltip.
@item Enable enforcement of passphrase constraints
This will make the pinentry check whether the new passphrase entered by
the user satisfies the passphrase constraints before passing the passphrase
to gpg-agent and closing the pinentry. This gives the user the chance to
modify the passphrase until the constraints are satisfied without retyping
the passphrase.
@example
C: OPTION constraints-enforce
S: OK
@end example
To inform the user about the constraints a short hint and a longer hint
can be set using
@example
C: OPTION constraints-hint-short=At least 8 characters
S: OK
C: OPTION constraints-hint-long=The passphrase must ...
S: OK
@end example
Additionally, a title for the dialog showing details in case of unsatisfied
constraints can be set using
@example
C: OPTION constraints-error-title=Passphrase Not Allowed
S: OK
@end example
All strings have to be percent escaped.
@item Enable an action for generating a passphrase
Adds an action for generating a random passphrase to the GETPIN window.
The action is only available when asking for a new passphrase, i.e. if
SETREPEAT has been called.
@example
C: SETGENPIN Suggest
S: OK
@end example
If you want to provide a tooltip for the action, you may use
@example
C: SETGENPIN_TT Suggest a random passphrase
S: OK
@end example
@item Enable passphrase formatting
Passphrase formatting will group the characters of the passphrase into
groups of four characters separated by non-breaking spaces or a similar
separator. This is useful in combination with passphrase generation to make
-the generated passphrase easier readable. There are four different modes
-controlling passphrase formatting.
+the generated passphrase easier readable.
@example
- C: OPTION formatted-passphrase=1
+ C: OPTION formatted-passphrase
S: OK
@end example
-The different modes are:
-@table @code
-@item 0
-Passphrase formatting is disabled. The option to change it is not shown,
-so that the user cannot turn it on.
-@item 1
-Passphrase formatting is disabled. The option to change it is shown, so
-that the user can turn it on.
-@item 2
-Passphrase formatting is enabled. The option to change it is shown, but
-disabled, so that the user cannot turn it off.
-@item 3
-Passphrase formatting is enabled. The option to change it is shown, so
-that the user can turn it off.
-@end table
Note: If passphrase formatting is enabled, then, depending on the concrete
pinentry, all occurrences of the character used as separator may be stripped
from the entered passphrase.
-The following options allow setting translated strings used by passphrase
-formatting.
-@table @code
-@item formatted-passphrase-label
-This is used as label for the option.
-@item formatted-passphrase-tt
-This is used as tooltip for the option.
-@item formatted-passphrase-hint
-This is used as hint for the user if passphrase formatting is enabled.
-@end table
-Example:
+To provide a hint for the user that is shown if passphrase formatting is
+enabled use
@example
- C: OPTION formatted-passphrase-label=Format the passphrase
- S: OK
- C: OPTION formatted-passphrase-tt=Makes the passphrase easier readable.
- S: OK
C: OPTION formatted-passphrase-hint=Blanks are not part of the passphrase.
S: OK
@end example
@item Ask for a PIN
The meat of this tool is to ask for a passphrase of PIN, it is done with
this command:
@example
C: GETPIN
S: D no more tapes
S: OK
@end example
Note that the passphrase is transmitted in clear using standard data
responses. Expect it to be in UTF-8.
@item Ask for confirmation
To ask for a confirmation (yes or no), you can use this command:
@example
C: CONFIRM
S: OK
@end example
The client should use SETDESC to set an appropriate text before
issuing this command, and may use SETPROMPT to set the button texts.
The value returned is either OK for YES or the error code
@code{ASSUAN_Not_Confirmed}.
@item Show a message
To show a message, you can use this command:
@example
C: MESSAGE
S: OK
@end example
alternatively you may add an option to confirm:
@example
C: CONFIRM --one-button
S: OK
@end example
The client should use SETDESC to set an appropriate text before issuing
this command, and may use SETOK to set the text for the dismiss button.
The value returned is OK or an error message.
@item Set the output device
When using X, the @pinentry{} program must be invoked with an
appropriate @code{DISPLAY} environment variable or the
@code{--display} option.
When using a text terminal:
@example
C: OPTION ttyname=/dev/tty3
S: OK
C: OPTION ttytype=vt100
S: OK
C: OPTION lc-ctype=de_DE.UTF-8
S: OK
@end example
The client should use the @code{ttyname} option to set the output TTY
file name, the @code{ttytype} option to the @code{TERM} variable
appropriate for this tty and @code{lc-ctype} to the locale which
defines the character set to use for this terminal.
@item Set the default strings
To avoid having translations in Pinentry proper, the caller may set
certain translated strings which are used by @pinentry{} as default
strings.
@example
C: OPTION default-ok=_Korrekt
S: OK
C: OPTION default-cancel=Abbruch
S: OK
C: OPTION default-prompt=PIN eingeben:
S: OK
@end example
The strings are subject to accelerator marking, see SETPROMPT for
details.
@item Passphrase caching
Some environments, such as GNOME, cache passwords and passphrases.
The @pinentry{} should only use an external cache if the
@code{allow-external-password-cache} option was set and a stable key
identifier (using SETKEYINFO) was provided. In this case, if the
passphrase was read from the cache, the @pinentry{} should send the
@code{PASSWORD_FROM_CACHE} status message before returning the
passphrase. This indicates to GPG Agent that it should not increment
the passphrase retry counter.
@example
C: OPTION allow-external-password-cache
S: OK
C: SETKEYINFO key-grip
S: OK
C: getpin
S: S PASSWORD_FROM_CACHE
S: D 1234
S: OK
@end example
Note: if @code{allow-external-password-cache} is not specified, an
external password cache must not be used: this can lead to subtle
bugs. In particular, if this option is not specified, then GPG Agent
does not recognize the @code{PASSWORD_FROM_CACHE} status message and
will count trying a cached password against the password retry count.
If the password retry count is 1, then the user will never have the
opportunity to correct the cached password.
Note: it is strongly recommended that a pinentry supporting this
feature provide the user an option to enable it manually. That is,
saving a passphrase in an external password manager should be opt-in.
The key identifier provided SETKEYINFO must be considered opaque and
may change in the future. It currently has the form
@code{X/HEXSTRING} where @code{X} is either @code{n}, @code{s}, or
@code{u}. In the former two cases, the HEXSTRING corresponds to the
key grip. The key grip is not the OpenPGP Key ID, but it can be
mapped to the key using the following:
@example
# gpg2 --with-keygrip --list-secret-keys
@end example
@noindent
and searching the output for the key grip. The same command-line
options can also be used with gpgsm.
@end table
@node Implementation Details
@chapter Implementation Details
The pinentry source code can be divided into three categories. There
is a backend module, which lives in @code{pinentry/}, there are
utility functions, e.g., in @code{secmem/}, and there are various
frontends.
All of the low-level logic lives in the backend. This frees the
frontends from having to implement, e.g., the Assuan protocol. When
the backend receives an option, it updates the state in a
@code{pinentry_t} struct. The frontend is called when the client
either calls @code{GETPIN}, @code{CONFIRM} or @code{MESSAGE}. In
these cases, the backend invokes the @code{pinentry_cmd_handler},
which is passed the @code{pinentry_t} struct.
When the callback is invoked, the frontend should create a window
based on the state in the @code{pinentry_t} struct. For instance, the
title to use for the dialog's window (if any) is stored in the
@code{title} field. If the is @code{NULL}, the frontend should choose
a reasonable default value. (Default is not always provided, because
different tool kits and environments have different reasonable
defaults.)
The widget needs to support a number of different interactions with
the user. Each of them is described below.
@table @gnupgtabopt
@item Passphrase Confirmation
When creating a new key, the passphrase should be entered twice. The
client (typically GPG Agent) indicates this to the @pinentry{} by
invoking @code{SETREPEAT}. In this case, the backend sets the
@code{repeat_passphrase} field to a copy of the passed string. The
value of this field should be used to label a second text input.
It is the frontend's responsibility to check that the passwords match.
If they don't match, the frontend should display an error message and
continue to prompt the user.
If the passwords do match, then, when the user presses the okay
button, the @code{repeat_okay} field should be set to @code{1} (this
causes the backend to emit the @code{S PIN_REPEATED} status message).
@item Message Box
Sometimes GPG Agent needs to display a message. In this case, the
@code{pin} variable is @code{NULL}.
At the Assuan level, this mode is selected by using either the
@code{MESSAGE} or the @code{CONFIRM} command instead of the
@code{GETPIN} command. The @code{MESSAGE} command never shows the
cancel or an other button. The same holds for @code{CONFIRM} if it
was passed the ``--one-button'' argument. If @code{CONFIRM} was not
passed this argument, the dialog for @code{CONFIRM} should show both
the @code{ok} and the @code{cancel} buttons and optionally the
@code{notok} button. The frontend can determine whether the dialog is
a one-button dialog by inspecting the @code{one_button} variable.
@item Passphrase Entry
If neither of the above cases holds, then GPG Agent is simply
requesting the passphrase. In this case, the @code{ok} and
@code{cancel} buttons should be displayed.
@end table
The layout of the three variants is quite similar. Here are the
relevant elements that describe the layout:
@table @gnupgtabopt
@item @code{title}
The window's title.
@item @code{description}
The reason for the dialog. When requesting a passphrase, this
describes the key. When showing a message box, this is the message to
show.
@item @code{error}
If GPG Agent determines that the passphrase was incorrect, it will
call @code{GETPIN} again (up to a configurable number of times) to
again prompt the user. In this case, this variable contains a
description of the error message. This text should typically be
highlighted in someway.
@item @code{prompt}, @code{default-prompt}
The string to associate with the passphrase entry box.
There is a subtle difference between @code{prompt} and
@code{default-prompt}. @code{default-prompt} means that a stylized
prompt (e.g., an icon suggesting a prompt) may be used. @code{prompt}
means that the entry's meaning is not consistent with such a style
and, as such, no icon should be used.
If both variables are set, the @code{prompt} variant takes precedence.
@item @code{repeat_passphrase}
The string to associate with the second passphrase entry box. The
second passphrase entry box should only be shown if this is not
@code{NULL}.
@item @code{ok}, @code{default-ok}
The string to show in the @code{ok} button.
If there are any @code{_} characters, the following character should
be used as an accelerator. (A double underscore means a plain
underscore should be shown.) If the frontend does not support
accelerators, then the underscores should be removed manually.
There is a subtle difference between @code{ok} and @code{default-ok}.
@code{default-ok} means that a stylized OK button should be used. For
instance, it could include a check mark. @code{ok} means that the
button's meaning is not consistent with such an icon and, as such, no
icon should be used. Thus, if the @code{ok} button should have the
text ``No password required'' then @code{ok} should be used because a
check mark icon doesn't make sense.
If this variable is @code{NULL}, the frontend should choose a
reasonable default.
If both variables are set, the @code{ok} variant takes precedence.
@item @code{cancel}, @code{default-cancel}
Like the @code{ok} and @code{default-ok} buttons except these strings
are used for the cancel button.
This button should not be shown if @code{one_button} is set.
@code{default-notok}
Like the @code{default-ok} button except this string is used for the
other button.
This button should only be displayed when showing a message box. If
these variables are @code{NULL} or @code{one_button} is set, this
button should not be displayed.
@item @code{quality_bar}
If this is set, a widget should be used to show the password's
quality. The value of this field is a label for the widget.
Note: to update the password quality, whenever the password changes,
call the @code{pinentry_inq_quality} function and then update the
password quality widget correspondingly.
@item @code{quality_bar_tt}
A tooltip for the quality bar.
@item @code{constraints_enforce}
If this is not 0, then passphrase constraints are enforced by gpg-agent.
In this case pinentry can use the @code{pinentry_inq_checkpin} function
for checking whether the new passphrase satisfies the constraints before
passing it to gpg-agent.
@item @code{constraints_hint_short}
A short translated hint for the user with the constraints for new
passphrases to be displayed near the passphrase input field.
@item @code{constraints_hint_short}
A longer translated hint for the user with the constraints for new
passphrases to be displayed for example as tooltip.
@item @code{constraints_error_title}
A short translated title for an error dialog informing the user about
unsatisfied passphrase constraints.
@item @code{genpin_label}
If this is set, a generate action should be shown. The value of this
field is a label for the action.
Note: Call the @code{pinentry_inq_genpin} function to request a randomly
generated passphrase.
@item @code{genpin_tt}
The tooltip for the generate action.
@item @code{formatted_passphrase}
-Specifies whether the option to enable passphrase formatting should be
-shown, whether it should be on or off by default, and whether the user
-is allowed to change it. This option should only be available, if a new
-passphrase is requested, i.e. if @code{repeat_passphrase} is not @code{NULL}.
-Possible values are:
-@table @code
-@item 0
-Passphrase formatting is disabled. The option to change it is not shown,
-so that the user cannot turn it on.
-@item 1
-Passphrase formatting is disabled. The option to change it is shown, so
-that the user can turn it on.
-@item 2
-Passphrase formatting is enabled. The option to change it is shown, but
-disabled, so that the user cannot turn it off.
-@item 3
-Passphrase formatting is enabled. The option to change it is shown, so
-that the user can turn it off.
-@end table
+If this is not 0, then passphrase formatting should be enabled. If it is
+enabled, then the unmasked passphrase should be grouped into groups of four
+characters separated by non-breaking spaces or a similar separator.
-If passphrase formatting is enabled, then the passphrase should be grouped
-into groups of four characters, e.g. separated by non-breaking spaces or a
-similar separator (if the user requested the passphrase to be displayed).
To simplify the implementation all occurrences of the character used as
separator can be stripped from the entered passphrase, if formatting is
enabled.
-@item @code{formatted_passphrase_label}
-The label for the formatted passphrase option.
-
-@item @code{formatted_passphrase_tt}
-The tooltip for the formatted passphrase option.
-
@item @code{formatted_passphrase_hint}
A hint to be shown if passphrase formatting is enabled. It should be shown
near the passphrase input field.
@item @code{default_pwmngr}
If @code{may_cache_password} and @code{keyinfo} are set and the user
consents, then the @pinentry{} may cache the password with an external
manager. Note: getting the user's consent is essential, because
password managers often provide a different level of security. If the
above condition is true and @code{tried_password_cache} is false, then
a check box with the specified string should be displayed. The check
box must default to off.
@item @code{default-cf-visi}
The string to show with a question if you want to confirm that
the user wants to change the visibility of the password.
@item @code{default-tt-visi}
Tooltip for an action that would reveal the entered password.
@item @code{default-tt-hide}
Tooltip for an action that would hide the password revealed
by the action labeld with @code{default-tt-visi}
@item @code{default-capshint}
A hint to be shown if Caps Lock is on.
@end table
When the handler is done, it should store the passphrase in
@code{pin}, if appropriate. This variable is allocated in secure
memory. Use @code{pinentry_setbufferlen} to size the buffer.
The actual return code is dependent on whether the dialog is in
message mode or in passphrase mode.
If the dialog is in message mode and the user pressed ok, return 1.
Otherwise, return 0. If an error occurred, indicate this by setting it
in @code{specific_err} or setting @code{locale_err} to @code{1} (for
locale specific errors). If the dialog was canceled, then the handler
should set the @code{canceled} variable to @code{1}. If the not ok
button was pressed, don't do anything else.
If the dialog is in passphrase mode return @code{1} if the user
entered a password and pressed ok. If an error occurred, return
@code{-1} and set @code{specific_err} or @code{locale_err}, as above.
If the user canceled the dialog box, return @code{-1}.
If the window was closed, then the handler should set the
@code{close_button} variable and otherwise act as if the cancel button
was pressed.
@c ---------------------------------------------------------------------
@c Legal Blurbs
@c ---------------------------------------------------------------------
@include gpl.texi
@c ---------------------------------------------------------------------
@c Indexes
@c ---------------------------------------------------------------------
@node Option Index
@unnumbered Option Index
@printindex op
@node Index
@unnumbered Index
@printindex cp
@c ---------------------------------------------------------------------
@c Epilogue
@c ---------------------------------------------------------------------
@bye
diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c
index 6269bae..1ccdb50 100644
--- a/pinentry/pinentry.c
+++ b/pinentry/pinentry.c
@@ -1,2243 +1,2223 @@
/* pinentry.c - The PIN entry support library
* Copyright (C) 2002, 2003, 2007, 2008, 2010, 2015, 2016, 2021 g10 Code GmbH
*
* This file is part of PINENTRY.
*
* PINENTRY is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* PINENTRY is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: GPL-2.0+
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef HAVE_W32CE_SYSTEM
# include <errno.h>
#endif
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <assert.h>
#ifndef HAVE_W32_SYSTEM
# include <sys/utsname.h>
#endif
#ifndef HAVE_W32CE_SYSTEM
# include <locale.h>
#endif
#ifdef HAVE_LANGINFO_H
#include <langinfo.h>
#endif
#include <limits.h>
#ifdef HAVE_W32CE_SYSTEM
# include <windows.h>
#endif
#undef WITH_UTF8_CONVERSION
#if defined FALLBACK_CURSES || defined PINENTRY_CURSES || defined PINENTRY_GTK
# include <iconv.h>
# define WITH_UTF8_CONVERSION 1
#endif
#include <assuan.h>
#include "memory.h"
#include "secmem-util.h"
#include "argparse.h"
#include "pinentry.h"
#include "password-cache.h"
#ifdef INSIDE_EMACS
# include "pinentry-emacs.h"
#endif
#ifdef FALLBACK_CURSES
# include "pinentry-curses.h"
#endif
#ifdef HAVE_W32CE_SYSTEM
#define getpid() GetCurrentProcessId ()
#endif
/* Keep the name of our program here. */
static char this_pgmname[50];
struct pinentry pinentry;
static const char *flavor_flag;
/* Because gtk_init removes the --display arg from the command lines
* and our command line parser is called after gtk_init (so that it
* does not see gtk specific options) we don't have a way to get hold
* of the --display option. Our solution is to remember --display in
* the call to pinentry_have_display and set it then in our
* parser. */
static char *remember_display;
/* Flag to remember whether a warning has been printed. */
#ifdef WITH_UTF8_CONVERSION
static int lc_ctype_unknown_warning;
#endif
static void
pinentry_reset (int use_defaults)
{
/* GPG Agent sets these options once when it starts the pinentry.
Don't reset them. */
int grab = pinentry.grab;
char *ttyname = pinentry.ttyname;
char *ttytype = pinentry.ttytype_l;
char *ttyalert = pinentry.ttyalert;
char *lc_ctype = pinentry.lc_ctype;
char *lc_messages = pinentry.lc_messages;
int allow_external_password_cache = pinentry.allow_external_password_cache;
char *default_ok = pinentry.default_ok;
char *default_cancel = pinentry.default_cancel;
char *default_prompt = pinentry.default_prompt;
char *default_pwmngr = pinentry.default_pwmngr;
char *default_cf_visi = pinentry.default_cf_visi;
char *default_tt_visi = pinentry.default_tt_visi;
char *default_tt_hide = pinentry.default_tt_hide;
char *default_capshint = pinentry.default_capshint;
char *touch_file = pinentry.touch_file;
unsigned long owner_pid = pinentry.owner_pid;
int owner_uid = pinentry.owner_uid;
char *owner_host = pinentry.owner_host;
int constraints_enforce = pinentry.constraints_enforce;
char *constraints_hint_short = pinentry.constraints_hint_short;
char *constraints_hint_long = pinentry.constraints_hint_long;
char *constraints_error_title = pinentry.constraints_error_title;
/* These options are set from the command line. Don't reset
them. */
int debug = pinentry.debug;
char *display = pinentry.display;
int parent_wid = pinentry.parent_wid;
pinentry_color_t color_fg = pinentry.color_fg;
int color_fg_bright = pinentry.color_fg_bright;
pinentry_color_t color_bg = pinentry.color_bg;
pinentry_color_t color_so = pinentry.color_so;
int color_so_bright = pinentry.color_so_bright;
int timeout = pinentry.timeout;
char *invisible_char = pinentry.invisible_char;
/* Free any allocated memory. */
if (use_defaults)
{
free (pinentry.ttyname);
free (pinentry.ttytype_l);
free (pinentry.ttyalert);
free (pinentry.lc_ctype);
free (pinentry.lc_messages);
free (pinentry.default_ok);
free (pinentry.default_cancel);
free (pinentry.default_prompt);
free (pinentry.default_pwmngr);
free (pinentry.default_cf_visi);
free (pinentry.default_tt_visi);
free (pinentry.default_tt_hide);
free (pinentry.default_capshint);
free (pinentry.touch_file);
free (pinentry.owner_host);
free (pinentry.display);
free (pinentry.constraints_hint_short);
free (pinentry.constraints_hint_long);
free (pinentry.constraints_error_title);
}
free (pinentry.title);
free (pinentry.description);
free (pinentry.error);
free (pinentry.prompt);
free (pinentry.ok);
free (pinentry.notok);
free (pinentry.cancel);
secmem_free (pinentry.pin);
free (pinentry.repeat_passphrase);
free (pinentry.repeat_error_string);
free (pinentry.quality_bar);
free (pinentry.quality_bar_tt);
- free (pinentry.formatted_passphrase_label);
- free (pinentry.formatted_passphrase_tt);
free (pinentry.formatted_passphrase_hint);
free (pinentry.keyinfo);
free (pinentry.specific_err_info);
/* Reset the pinentry structure. */
memset (&pinentry, 0, sizeof (pinentry));
/* Restore options without a default we want to preserve. */
pinentry.invisible_char = invisible_char;
/* Restore other options or set defaults. */
if (use_defaults)
{
/* Pinentry timeout in seconds. */
pinentry.timeout = 60;
/* Global grab. */
pinentry.grab = 1;
pinentry.color_fg = PINENTRY_COLOR_DEFAULT;
pinentry.color_fg_bright = 0;
pinentry.color_bg = PINENTRY_COLOR_DEFAULT;
pinentry.color_so = PINENTRY_COLOR_DEFAULT;
pinentry.color_so_bright = 0;
pinentry.owner_uid = -1;
}
else /* Restore the options. */
{
pinentry.grab = grab;
pinentry.ttyname = ttyname;
pinentry.ttytype_l = ttytype;
pinentry.ttyalert = ttyalert;
pinentry.lc_ctype = lc_ctype;
pinentry.lc_messages = lc_messages;
pinentry.allow_external_password_cache = allow_external_password_cache;
pinentry.default_ok = default_ok;
pinentry.default_cancel = default_cancel;
pinentry.default_prompt = default_prompt;
pinentry.default_pwmngr = default_pwmngr;
pinentry.default_cf_visi = default_cf_visi;
pinentry.default_tt_visi = default_tt_visi;
pinentry.default_tt_hide = default_tt_hide;
pinentry.default_capshint = default_capshint;
pinentry.touch_file = touch_file;
pinentry.owner_pid = owner_pid;
pinentry.owner_uid = owner_uid;
pinentry.owner_host = owner_host;
pinentry.constraints_enforce = constraints_enforce;
pinentry.constraints_hint_short = constraints_hint_short;
pinentry.constraints_hint_long = constraints_hint_long;
pinentry.constraints_error_title = constraints_error_title;
pinentry.debug = debug;
pinentry.display = display;
pinentry.parent_wid = parent_wid;
pinentry.color_fg = color_fg;
pinentry.color_fg_bright = color_fg_bright;
pinentry.color_bg = color_bg;
pinentry.color_so = color_so;
pinentry.color_so_bright = color_so_bright;
pinentry.timeout = timeout;
}
}
static gpg_error_t
pinentry_assuan_reset_handler (assuan_context_t ctx, char *line)
{
(void)ctx;
(void)line;
pinentry_reset (0);
return 0;
}
#ifdef WITH_UTF8_CONVERSION
char *
pinentry_utf8_to_local (const char *lc_ctype, const char *text)
{
iconv_t cd;
const char *input = text;
size_t input_len = strlen (text) + 1;
char *output;
size_t output_len;
char *output_buf;
size_t processed;
char *old_ctype;
char *target_encoding;
/* If no locale setting could be determined, simply copy the
string. */
if (!lc_ctype)
{
if (! lc_ctype_unknown_warning)
{
fprintf (stderr, "%s: no LC_CTYPE known - assuming UTF-8\n",
this_pgmname);
lc_ctype_unknown_warning = 1;
}
return strdup (text);
}
old_ctype = strdup (setlocale (LC_CTYPE, NULL));
if (!old_ctype)
return NULL;
setlocale (LC_CTYPE, lc_ctype);
target_encoding = nl_langinfo (CODESET);
if (!target_encoding)
target_encoding = "?";
setlocale (LC_CTYPE, old_ctype);
free (old_ctype);
/* This is overkill, but simplifies the iconv invocation greatly. */
output_len = input_len * MB_LEN_MAX;
output_buf = output = malloc (output_len);
if (!output)
return NULL;
cd = iconv_open (target_encoding, "UTF-8");
if (cd == (iconv_t) -1)
{
fprintf (stderr, "%s: can't convert from UTF-8 to %s: %s\n",
this_pgmname, target_encoding, strerror (errno));
free (output_buf);
return NULL;
}
processed = iconv (cd, (ICONV_CONST char **)&input, &input_len,
&output, &output_len);
iconv_close (cd);
if (processed == (size_t) -1 || input_len)
{
fprintf (stderr, "%s: error converting from UTF-8 to %s: %s\n",
this_pgmname, target_encoding, strerror (errno));
free (output_buf);
return NULL;
}
return output_buf;
}
#endif /*WITH_UTF8_CONVERSION*/
/* Convert TEXT which is encoded according to LC_CTYPE to UTF-8. With
SECURE set to true, use secure memory for the returned buffer.
Return NULL on error. */
#ifdef WITH_UTF8_CONVERSION
char *
pinentry_local_to_utf8 (char *lc_ctype, char *text, int secure)
{
char *old_ctype;
char *source_encoding;
iconv_t cd;
const char *input = text;
size_t input_len = strlen (text) + 1;
char *output;
size_t output_len;
char *output_buf;
size_t processed;
/* If no locale setting could be determined, simply copy the
string. */
if (!lc_ctype)
{
if (! lc_ctype_unknown_warning)
{
fprintf (stderr, "%s: no LC_CTYPE known - assuming UTF-8\n",
this_pgmname);
lc_ctype_unknown_warning = 1;
}
output_buf = secure? secmem_malloc (input_len) : malloc (input_len);
if (output_buf)
strcpy (output_buf, input);
return output_buf;
}
old_ctype = strdup (setlocale (LC_CTYPE, NULL));
if (!old_ctype)
return NULL;
setlocale (LC_CTYPE, lc_ctype);
source_encoding = nl_langinfo (CODESET);
setlocale (LC_CTYPE, old_ctype);
free (old_ctype);
/* This is overkill, but simplifies the iconv invocation greatly. */
output_len = input_len * MB_LEN_MAX;
output_buf = output = secure? secmem_malloc (output_len):malloc (output_len);
if (!output)
return NULL;
cd = iconv_open ("UTF-8", source_encoding);
if (cd == (iconv_t) -1)
{
fprintf (stderr, "%s: can't convert from %s to UTF-8: %s\n",
this_pgmname, source_encoding? source_encoding : "?",
strerror (errno));
if (secure)
secmem_free (output_buf);
else
free (output_buf);
return NULL;
}
processed = iconv (cd, (ICONV_CONST char **)&input, &input_len,
&output, &output_len);
iconv_close (cd);
if (processed == (size_t) -1 || input_len)
{
fprintf (stderr, "%s: error converting from %s to UTF-8: %s\n",
this_pgmname, source_encoding? source_encoding : "?",
strerror (errno));
if (secure)
secmem_free (output_buf);
else
free (output_buf);
return NULL;
}
return output_buf;
}
#endif /*WITH_UTF8_CONVERSION*/
/* Copy TEXT or TEXTLEN to BUFFER and escape as required. Return a
pointer to the end of the new buffer. Note that BUFFER must be
large enough to keep the entire text; allocataing it 3 times of
TEXTLEN is sufficient. */
static char *
copy_and_escape (char *buffer, const void *text, size_t textlen)
{
int i;
const unsigned char *s = (unsigned char *)text;
char *p = buffer;
for (i=0; i < textlen; i++)
{
if (s[i] < ' ' || s[i] == '+')
{
snprintf (p, 4, "%%%02X", s[i]);
p += 3;
}
else if (s[i] == ' ')
*p++ = '+';
else
*p++ = s[i];
}
return p;
}
/* Perform percent unescaping in STRING and return the new valid length
of the string. A terminating Nul character is inserted at the end of
the unescaped string.
*/
static size_t
do_unescape_inplace (char *s)
{
unsigned char *p, *p0;
p = p0 = s;
while (*s)
{
if (*s == '%' && s[1] && s[2])
{
s++;
*p++ = xtoi_2 (s);
s += 2;
}
else
*p++ = *s++;
}
*p = 0;
return (p - p0);
}
/* Return a malloced copy of the commandline for PID. If this is not
* possible NULL is returned. */
#ifndef HAVE_W32_SYSTEM
static char *
get_cmdline (unsigned long pid)
{
char buffer[200];
FILE *fp;
size_t i, n;
snprintf (buffer, sizeof buffer, "/proc/%lu/cmdline", pid);
buffer[sizeof buffer - 1] = 0;
fp = fopen (buffer, "rb");
if (!fp)
return NULL;
n = fread (buffer, 1, sizeof buffer - 1, fp);
if (n < sizeof buffer -1 && ferror (fp))
{
/* Some error occurred. */
fclose (fp);
return NULL;
}
fclose (fp);
if (n == 0)
return NULL;
/* Arguments are delimited by Nuls. We should do proper quoting but
* that can be a bit complicated, thus we simply replace the Nuls by
* spaces. */
for (i=0; i < n; i++)
if (!buffer[i] && i < n-1)
buffer[i] = ' ';
buffer[i] = 0; /* Make sure the last byte is the string terminator. */
return strdup (buffer);
}
#endif /*!HAVE_W32_SYSTEM*/
/* Atomically ask the kernel for information about process PID.
* Return a malloc'ed copy of the process name as long as the process
* uid matches UID. If it cannot determine that the process has uid
* UID, it returns NULL.
*
* This is not as informative as get_cmdline, but it verifies that the
* process does belong to the user in question.
*/
#ifndef HAVE_W32_SYSTEM
static char *
get_pid_name_for_uid (unsigned long pid, int uid)
{
char buffer[400];
FILE *fp;
size_t end, n;
char *uidstr;
snprintf (buffer, sizeof buffer, "/proc/%lu/status", pid);
buffer[sizeof buffer - 1] = 0;
fp = fopen (buffer, "rb");
if (!fp)
return NULL;
n = fread (buffer, 1, sizeof buffer - 1, fp);
if (n < sizeof buffer -1 && ferror (fp))
{
/* Some error occurred. */
fclose (fp);
return NULL;
}
fclose (fp);
if (n == 0)
return NULL;
/* Fixme: Is it specified that "Name" is always the first line? For
* robustness I would prefer to have a real parser here. -wk */
if (strncmp (buffer, "Name:\t", 6))
return NULL;
end = strcspn (buffer + 6, "\n") + 6;
buffer[end] = 0;
/* check that uid matches what we expect */
uidstr = strstr (buffer + end + 1, "\nUid:\t");
if (!uidstr)
return NULL;
if (atoi (uidstr + 6) != uid)
return NULL;
return strdup (buffer + 6);
}
#endif /*!HAVE_W32_SYSTEM*/
/* Return a malloced string with the title. The caller mus free the
* string. If no title is available or the title string has an error
* NULL is returned. */
char *
pinentry_get_title (pinentry_t pe)
{
char *title;
if (pe->title)
title = strdup (pe->title);
#ifndef HAVE_W32_SYSTEM
else if (pe->owner_pid)
{
char buf[200];
struct utsname utsbuf;
char *pidname = NULL;
char *cmdline = NULL;
if (pe->owner_host &&
!uname (&utsbuf) && utsbuf.nodename &&
!strcmp (utsbuf.nodename, pe->owner_host))
{
pidname = get_pid_name_for_uid (pe->owner_pid, pe->owner_uid);
if (pidname)
cmdline = get_cmdline (pe->owner_pid);
}
if (pe->owner_host && (cmdline || pidname))
snprintf (buf, sizeof buf, "[%lu]@%s (%s)",
pe->owner_pid, pe->owner_host, cmdline ? cmdline : pidname);
else if (pe->owner_host)
snprintf (buf, sizeof buf, "[%lu]@%s",
pe->owner_pid, pe->owner_host);
else
snprintf (buf, sizeof buf, "[%lu] <unknown host>",
pe->owner_pid);
buf[sizeof buf - 1] = 0;
free (pidname);
free (cmdline);
title = strdup (buf);
}
#endif /*!HAVE_W32_SYSTEM*/
else
title = strdup (this_pgmname);
return title;
}
/* Run a quality inquiry for PASSPHRASE of LENGTH. (We need LENGTH
because not all backends might be able to return a proper
C-string.). Returns: A value between -100 and 100 to give an
estimate of the passphrase's quality. Negative values are use if
the caller won't even accept that passphrase. Note that we expect
just one data line which should not be escaped in any represent a
numeric signed decimal value. Extra data is currently ignored but
should not be send at all. */
int
pinentry_inq_quality (pinentry_t pin, const char *passphrase, size_t length)
{
assuan_context_t ctx = pin->ctx_assuan;
const char prefix[] = "INQUIRE QUALITY ";
char *command;
char *line;
size_t linelen;
int gotvalue = 0;
int value = 0;
int rc;
if (!ctx)
return 0; /* Can't run the callback. */
if (length > 300)
length = 300; /* Limit so that it definitely fits into an Assuan
line. */
command = secmem_malloc (strlen (prefix) + 3*length + 1);
if (!command)
return 0;
strcpy (command, prefix);
copy_and_escape (command + strlen(command), passphrase, length);
rc = assuan_write_line (ctx, command);
secmem_free (command);
if (rc)
{
fprintf (stderr, "ASSUAN WRITE LINE failed: rc=%d\n", rc);
return 0;
}
for (;;)
{
do
{
rc = assuan_read_line (ctx, &line, &linelen);
if (rc)
{
fprintf (stderr, "ASSUAN READ LINE failed: rc=%d\n", rc);
return 0;
}
}
while (*line == '#' || !linelen);
if (line[0] == 'E' && line[1] == 'N' && line[2] == 'D'
&& (!line[3] || line[3] == ' '))
break; /* END command received*/
if (line[0] == 'C' && line[1] == 'A' && line[2] == 'N'
&& (!line[3] || line[3] == ' '))
break; /* CAN command received*/
if (line[0] == 'E' && line[1] == 'R' && line[2] == 'R'
&& (!line[3] || line[3] == ' '))
break; /* ERR command received*/
if (line[0] != 'D' || line[1] != ' ' || linelen < 3 || gotvalue)
continue;
gotvalue = 1;
value = atoi (line+2);
}
if (value < -100)
value = -100;
else if (value > 100)
value = 100;
return value;
}
/* Run a checkpin inquiry */
char *
pinentry_inq_checkpin (pinentry_t pin, const char *passphrase, size_t length)
{
assuan_context_t ctx = pin->ctx_assuan;
const char prefix[] = "INQUIRE CHECKPIN ";
char *command;
char *line;
size_t linelen;
int gotvalue = 0;
char *value = NULL;
int rc;
if (!ctx)
return 0; /* Can't run the callback. */
if (length > 300)
length = 300; /* Limit so that it definitely fits into an Assuan
line. */
command = secmem_malloc (strlen (prefix) + 3*length + 1);
if (!command)
return 0;
strcpy (command, prefix);
copy_and_escape (command + strlen(command), passphrase, length);
rc = assuan_write_line (ctx, command);
secmem_free (command);
if (rc)
{
fprintf (stderr, "ASSUAN WRITE LINE failed: rc=%d\n", rc);
return 0;
}
for (;;)
{
do
{
rc = assuan_read_line (ctx, &line, &linelen);
if (rc)
{
fprintf (stderr, "ASSUAN READ LINE failed: rc=%d\n", rc);
return 0;
}
}
while (*line == '#' || !linelen);
if (line[0] == 'E' && line[1] == 'N' && line[2] == 'D'
&& (!line[3] || line[3] == ' '))
break; /* END command received*/
if (line[0] == 'C' && line[1] == 'A' && line[2] == 'N'
&& (!line[3] || line[3] == ' '))
break; /* CAN command received*/
if (line[0] == 'E' && line[1] == 'R' && line[2] == 'R'
&& (!line[3] || line[3] == ' '))
break; /* ERR command received*/
if (line[0] != 'D' || line[1] != ' ' || linelen < 3 || gotvalue)
continue;
gotvalue = 1;
value = strdup (line + 2);
}
return value;
}
/* Run a genpin inquiry */
char *
pinentry_inq_genpin (pinentry_t pin)
{
assuan_context_t ctx = pin->ctx_assuan;
const char prefix[] = "INQUIRE GENPIN";
char *line;
size_t linelen;
int gotvalue = 0;
char *value = NULL;
int rc;
if (!ctx)
return 0; /* Can't run the callback. */
rc = assuan_write_line (ctx, prefix);
if (rc)
{
fprintf (stderr, "ASSUAN WRITE LINE failed: rc=%d\n", rc);
return 0;
}
for (;;)
{
do
{
rc = assuan_read_line (ctx, &line, &linelen);
if (rc)
{
fprintf (stderr, "ASSUAN READ LINE failed: rc=%d\n", rc);
free (value);
return 0;
}
}
while (*line == '#' || !linelen);
if (line[0] == 'E' && line[1] == 'N' && line[2] == 'D'
&& (!line[3] || line[3] == ' '))
break; /* END command received*/
if (line[0] == 'C' && line[1] == 'A' && line[2] == 'N'
&& (!line[3] || line[3] == ' '))
break; /* CAN command received*/
if (line[0] == 'E' && line[1] == 'R' && line[2] == 'R'
&& (!line[3] || line[3] == ' '))
break; /* ERR command received*/
if (line[0] != 'D' || line[1] != ' ' || linelen < 3 || gotvalue)
continue;
gotvalue = 1;
value = strdup (line + 2);
}
return value;
}
/* Try to make room for at least LEN bytes in the pinentry. Returns
new buffer on success and 0 on failure or when the old buffer is
sufficient. */
char *
pinentry_setbufferlen (pinentry_t pin, int len)
{
char *newp;
if (pin->pin_len)
assert (pin->pin);
else
assert (!pin->pin);
if (len < 2048)
len = 2048;
if (len <= pin->pin_len)
return pin->pin;
newp = secmem_realloc (pin->pin, len);
if (newp)
{
pin->pin = newp;
pin->pin_len = len;
}
else
{
secmem_free (pin->pin);
pin->pin = 0;
pin->pin_len = 0;
}
return newp;
}
static void
pinentry_setbuffer_clear (pinentry_t pin)
{
if (! pin->pin)
{
assert (pin->pin_len == 0);
return;
}
assert (pin->pin_len > 0);
secmem_free (pin->pin);
pin->pin = NULL;
pin->pin_len = 0;
}
static void
pinentry_setbuffer_init (pinentry_t pin)
{
pinentry_setbuffer_clear (pin);
pinentry_setbufferlen (pin, 0);
}
/* passphrase better be alloced with secmem_alloc. */
void
pinentry_setbuffer_use (pinentry_t pin, char *passphrase, int len)
{
if (! passphrase)
{
assert (len == 0);
pinentry_setbuffer_clear (pin);
return;
}
if (passphrase && len == 0)
len = strlen (passphrase) + 1;
if (pin->pin)
secmem_free (pin->pin);
pin->pin = passphrase;
pin->pin_len = len;
}
static struct assuan_malloc_hooks assuan_malloc_hooks = {
secmem_malloc, secmem_realloc, secmem_free
};
/* Initialize the secure memory subsystem, drop privileges and return.
Must be called early. */
void
pinentry_init (const char *pgmname)
{
/* Store away our name. */
if (strlen (pgmname) > sizeof this_pgmname - 2)
abort ();
strcpy (this_pgmname, pgmname);
gpgrt_check_version (NULL);
/* Initialize secure memory. 1 is too small, so the default size
will be used. */
secmem_init (1);
secmem_set_flags (SECMEM_WARN);
drop_privs ();
if (atexit (secmem_term))
{
/* FIXME: Could not register at-exit function, bail out. */
}
assuan_set_malloc_hooks (&assuan_malloc_hooks);
}
/* Simple test to check whether DISPLAY is set or the option --display
was given. Used to decide whether the GUI or curses should be
initialized. */
int
pinentry_have_display (int argc, char **argv)
{
int found = 0;
for (; argc; argc--, argv++)
{
if (!strcmp (*argv, "--display"))
{
if (argv[1] && !remember_display)
{
remember_display = strdup (argv[1]);
if (!remember_display)
{
#ifndef HAVE_W32CE_SYSTEM
fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno));
#endif
exit (EXIT_FAILURE);
}
}
found = 1;
break;
}
else if (!strncmp (*argv, "--display=", 10))
{
if (!remember_display)
{
remember_display = strdup (*argv+10);
if (!remember_display)
{
#ifndef HAVE_W32CE_SYSTEM
fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno));
#endif
exit (EXIT_FAILURE);
}
}
found = 1;
break;
}
}
#ifndef HAVE_W32CE_SYSTEM
{
const char *s;
s = getenv ("DISPLAY");
if (s && *s)
found = 1;
}
#endif
return found;
}
/* Print usage information and and provide strings for help. */
static const char *
my_strusage( int level )
{
const char *p;
switch (level)
{
case 11: p = this_pgmname; break;
case 12: p = "pinentry"; break;
case 13: p = PACKAGE_VERSION; break;
case 14: p = "Copyright (C) 2016 g10 Code GmbH"; break;
case 19: p = "Please report bugs to <" PACKAGE_BUGREPORT ">.\n"; break;
case 1:
case 40:
{
static char *str;
if (!str)
{
size_t n = 50 + strlen (this_pgmname);
str = malloc (n);
if (str)
{
snprintf (str, n, "Usage: %s [options] (-h for help)",
this_pgmname);
str[n-1] = 0;
}
}
p = str;
}
break;
case 41:
p = "Ask securely for a secret and print it to stdout.";
break;
case 42:
p = "1"; /* Flag print 40 as part of 41. */
break;
default: p = NULL; break;
}
return p;
}
char *
parse_color (char *arg, pinentry_color_t *color_p, int *bright_p)
{
static struct
{
const char *name;
pinentry_color_t color;
} colors[] = { { "none", PINENTRY_COLOR_NONE },
{ "default", PINENTRY_COLOR_DEFAULT },
{ "black", PINENTRY_COLOR_BLACK },
{ "red", PINENTRY_COLOR_RED },
{ "green", PINENTRY_COLOR_GREEN },
{ "yellow", PINENTRY_COLOR_YELLOW },
{ "blue", PINENTRY_COLOR_BLUE },
{ "magenta", PINENTRY_COLOR_MAGENTA },
{ "cyan", PINENTRY_COLOR_CYAN },
{ "white", PINENTRY_COLOR_WHITE } };
int i;
char *new_arg;
pinentry_color_t color = PINENTRY_COLOR_DEFAULT;
if (!arg)
return NULL;
new_arg = strchr (arg, ',');
if (new_arg)
new_arg++;
if (bright_p)
{
const char *bname[] = { "bright-", "bright", "bold-", "bold" };
*bright_p = 0;
for (i = 0; i < sizeof (bname) / sizeof (bname[0]); i++)
if (!strncasecmp (arg, bname[i], strlen (bname[i])))
{
*bright_p = 1;
arg += strlen (bname[i]);
}
}
for (i = 0; i < sizeof (colors) / sizeof (colors[0]); i++)
if (!strncasecmp (arg, colors[i].name, strlen (colors[i].name)))
color = colors[i].color;
*color_p = color;
return new_arg;
}
/* Parse the command line options. May exit the program if only help
or version output is requested. */
void
pinentry_parse_opts (int argc, char *argv[])
{
static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n('d', "debug", "Turn on debugging output"),
ARGPARSE_s_s('D', "display", "|DISPLAY|Set the X display"),
ARGPARSE_s_s('T', "ttyname", "|FILE|Set the tty terminal node name"),
ARGPARSE_s_s('N', "ttytype", "|NAME|Set the tty terminal type"),
ARGPARSE_s_s('C', "lc-ctype", "|STRING|Set the tty LC_CTYPE value"),
ARGPARSE_s_s('M', "lc-messages", "|STRING|Set the tty LC_MESSAGES value"),
ARGPARSE_s_i('o', "timeout",
"|SECS|Timeout waiting for input after this many seconds"),
ARGPARSE_s_n('g', "no-global-grab",
"Grab keyboard only while window is focused"),
ARGPARSE_s_u('W', "parent-wid", "Parent window ID (for positioning)"),
ARGPARSE_s_s('c', "colors", "|STRING|Set custom colors for ncurses"),
ARGPARSE_s_s('a', "ttyalert", "|STRING|Set the alert mode (none, beep or flash)"),
ARGPARSE_end()
};
ARGPARSE_ARGS pargs = { &argc, &argv, 0 };
set_strusage (my_strusage);
pinentry_reset (1);
while (arg_parse (&pargs, opts))
{
switch (pargs.r_opt)
{
case 'd':
pinentry.debug = 1;
break;
case 'g':
pinentry.grab = 0;
break;
case 'D':
/* Note, this is currently not used because the GUI engine
has already been initialized when parsing these options. */
pinentry.display = strdup (pargs.r.ret_str);
if (!pinentry.display)
{
#ifndef HAVE_W32CE_SYSTEM
fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno));
#endif
exit (EXIT_FAILURE);
}
break;
case 'T':
pinentry.ttyname = strdup (pargs.r.ret_str);
if (!pinentry.ttyname)
{
#ifndef HAVE_W32CE_SYSTEM
fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno));
#endif
exit (EXIT_FAILURE);
}
break;
case 'N':
pinentry.ttytype_l = strdup (pargs.r.ret_str);
if (!pinentry.ttytype_l)
{
#ifndef HAVE_W32CE_SYSTEM
fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno));
#endif
exit (EXIT_FAILURE);
}
break;
case 'C':
pinentry.lc_ctype = strdup (pargs.r.ret_str);
if (!pinentry.lc_ctype)
{
#ifndef HAVE_W32CE_SYSTEM
fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno));
#endif
exit (EXIT_FAILURE);
}
break;
case 'M':
pinentry.lc_messages = strdup (pargs.r.ret_str);
if (!pinentry.lc_messages)
{
#ifndef HAVE_W32CE_SYSTEM
fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno));
#endif
exit (EXIT_FAILURE);
}
break;
case 'W':
pinentry.parent_wid = pargs.r.ret_ulong;
break;
case 'c':
{
char *tmpstr = pargs.r.ret_str;
tmpstr = parse_color (tmpstr, &pinentry.color_fg,
&pinentry.color_fg_bright);
tmpstr = parse_color (tmpstr, &pinentry.color_bg, NULL);
tmpstr = parse_color (tmpstr, &pinentry.color_so,
&pinentry.color_so_bright);
}
break;
case 'o':
pinentry.timeout = pargs.r.ret_int;
break;
case 'a':
pinentry.ttyalert = strdup (pargs.r.ret_str);
if (!pinentry.ttyalert)
{
#ifndef HAVE_W32CE_SYSTEM
fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno));
#endif
exit (EXIT_FAILURE);
}
break;
default:
pargs.err = ARGPARSE_PRINT_WARNING;
break;
}
}
if (!pinentry.display && remember_display)
{
pinentry.display = remember_display;
remember_display = NULL;
}
}
/* Set the optional flag used with getinfo. */
void
pinentry_set_flavor_flag (const char *string)
{
flavor_flag = string;
}
static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
(void)ctx;
if (!strcmp (key, "no-grab") && !*value)
pinentry.grab = 0;
else if (!strcmp (key, "grab") && !*value)
pinentry.grab = 1;
else if (!strcmp (key, "debug-wait"))
{
#ifndef HAVE_W32_SYSTEM
fprintf (stderr, "%s: waiting for debugger - my pid is %u ...\n",
this_pgmname, (unsigned int) getpid());
sleep (*value?atoi (value):5);
fprintf (stderr, "%s: ... okay\n", this_pgmname);
#endif
}
else if (!strcmp (key, "display"))
{
if (pinentry.display)
free (pinentry.display);
pinentry.display = strdup (value);
if (!pinentry.display)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "ttyname"))
{
if (pinentry.ttyname)
free (pinentry.ttyname);
pinentry.ttyname = strdup (value);
if (!pinentry.ttyname)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "ttytype"))
{
if (pinentry.ttytype_l)
free (pinentry.ttytype_l);
pinentry.ttytype_l = strdup (value);
if (!pinentry.ttytype_l)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "ttyalert"))
{
if (pinentry.ttyalert)
free (pinentry.ttyalert);
pinentry.ttyalert = strdup (value);
if (!pinentry.ttyalert)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "lc-ctype"))
{
if (pinentry.lc_ctype)
free (pinentry.lc_ctype);
pinentry.lc_ctype = strdup (value);
if (!pinentry.lc_ctype)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "lc-messages"))
{
if (pinentry.lc_messages)
free (pinentry.lc_messages);
pinentry.lc_messages = strdup (value);
if (!pinentry.lc_messages)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "owner"))
{
long along;
char *endp;
free (pinentry.owner_host);
pinentry.owner_host = NULL;
pinentry.owner_uid = -1;
pinentry.owner_pid = 0;
errno = 0;
along = strtol (value, &endp, 10);
if (along && !errno)
{
pinentry.owner_pid = (unsigned long)along;
if (*endp)
{
errno = 0;
if (*endp == '/') { /* we have a uid */
endp++;
along = strtol (endp, &endp, 10);
if (along >= 0 && !errno)
pinentry.owner_uid = (int)along;
}
if (endp)
{
while (*endp == ' ')
endp++;
if (*endp)
{
pinentry.owner_host = strdup (endp);
for (endp=pinentry.owner_host;
*endp && *endp != ' '; endp++)
;
*endp = 0;
}
}
}
}
}
else if (!strcmp (key, "parent-wid"))
{
pinentry.parent_wid = atoi (value);
/* FIXME: Use strtol and add some error handling. */
}
else if (!strcmp (key, "touch-file"))
{
if (pinentry.touch_file)
free (pinentry.touch_file);
pinentry.touch_file = strdup (value);
if (!pinentry.touch_file)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "default-ok"))
{
pinentry.default_ok = strdup (value);
if (!pinentry.default_ok)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "default-cancel"))
{
pinentry.default_cancel = strdup (value);
if (!pinentry.default_cancel)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "default-prompt"))
{
pinentry.default_prompt = strdup (value);
if (!pinentry.default_prompt)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "default-pwmngr"))
{
pinentry.default_pwmngr = strdup (value);
if (!pinentry.default_pwmngr)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "default-cf-visi"))
{
pinentry.default_cf_visi = strdup (value);
if (!pinentry.default_cf_visi)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "default-tt-visi"))
{
pinentry.default_tt_visi = strdup (value);
if (!pinentry.default_tt_visi)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "default-tt-hide"))
{
pinentry.default_tt_hide = strdup (value);
if (!pinentry.default_tt_hide)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "default-capshint"))
{
pinentry.default_capshint = strdup (value);
if (!pinentry.default_capshint)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "allow-external-password-cache") && !*value)
{
pinentry.allow_external_password_cache = 1;
pinentry.tried_password_cache = 0;
}
else if (!strcmp (key, "allow-emacs-prompt") && !*value)
{
#ifdef INSIDE_EMACS
pinentry_enable_emacs_cmd_handler ();
#endif
}
else if (!strcmp (key, "invisible-char"))
{
if (pinentry.invisible_char)
free (pinentry.invisible_char);
pinentry.invisible_char = strdup (value);
if (!pinentry.invisible_char)
return gpg_error_from_syserror ();
}
- else if (!strcmp (key, "formatted-passphrase"))
+ else if (!strcmp (key, "formatted-passphrase") && !*value)
{
- int mode = atoi (value);
- if (mode >= 0 && mode <= 3)
- pinentry.formatted_passphrase = mode;
- }
- else if (!strcmp (key, "formatted-passphrase-label"))
- {
- if (pinentry.formatted_passphrase_label)
- free (pinentry.formatted_passphrase_label);
- pinentry.formatted_passphrase_label = strdup (value);
- if (!pinentry.formatted_passphrase_label)
- return gpg_error_from_syserror ();
- }
- else if (!strcmp (key, "formatted-passphrase-tt"))
- {
- if (pinentry.formatted_passphrase_tt)
- free (pinentry.formatted_passphrase_tt);
- pinentry.formatted_passphrase_tt = strdup (value);
- if (!pinentry.formatted_passphrase_tt)
- return gpg_error_from_syserror ();
+ pinentry.formatted_passphrase = 1;
}
else if (!strcmp (key, "formatted-passphrase-hint"))
{
if (pinentry.formatted_passphrase_hint)
free (pinentry.formatted_passphrase_hint);
pinentry.formatted_passphrase_hint = strdup (value);
if (!pinentry.formatted_passphrase_hint)
return gpg_error_from_syserror ();
}
else if (!strcmp (key, "constraints-enforce") && !*value)
pinentry.constraints_enforce = 1;
else if (!strcmp (key, "constraints-hint-short"))
{
if (pinentry.constraints_hint_short)
free (pinentry.constraints_hint_short);
pinentry.constraints_hint_short = strdup (value);
if (!pinentry.constraints_hint_short)
return gpg_error_from_syserror ();
do_unescape_inplace(pinentry.constraints_hint_short);
}
else if (!strcmp (key, "constraints-hint-long"))
{
if (pinentry.constraints_hint_long)
free (pinentry.constraints_hint_long);
pinentry.constraints_hint_long = strdup (value);
if (!pinentry.constraints_hint_long)
return gpg_error_from_syserror ();
do_unescape_inplace(pinentry.constraints_hint_long);
}
else if (!strcmp (key, "constraints-error-title"))
{
if (pinentry.constraints_error_title)
free (pinentry.constraints_error_title);
pinentry.constraints_error_title = strdup (value);
if (!pinentry.constraints_error_title)
return gpg_error_from_syserror ();
do_unescape_inplace(pinentry.constraints_error_title);
}
else
return gpg_error (GPG_ERR_UNKNOWN_OPTION);
return 0;
}
/* Note, that it is sufficient to allocate the target string D as
long as the source string S, i.e.: strlen(s)+1; */
static void
strcpy_escaped (char *d, const char *s)
{
while (*s)
{
if (*s == '%' && s[1] && s[2])
{
s++;
*d++ = xtoi_2 ( s);
s += 2;
}
else
*d++ = *s++;
}
*d = 0;
}
static void
write_status_error (assuan_context_t ctx, pinentry_t pe)
{
char buf[500];
const char *pgm;
pgm = strchr (this_pgmname, '-');
if (pgm && pgm[1])
pgm++;
else
pgm = this_pgmname;
snprintf (buf, sizeof buf, "%s.%s %d %s",
pgm,
pe->specific_err_loc? pe->specific_err_loc : "?",
pe->specific_err,
pe->specific_err_info? pe->specific_err_info : "");
buf[sizeof buf -1] = 0;
assuan_write_status (ctx, "ERROR", buf);
}
static gpg_error_t
cmd_setdesc (assuan_context_t ctx, char *line)
{
char *newd;
(void)ctx;
newd = malloc (strlen (line) + 1);
if (!newd)
return gpg_error_from_syserror ();
strcpy_escaped (newd, line);
if (pinentry.description)
free (pinentry.description);
pinentry.description = newd;
return 0;
}
static gpg_error_t
cmd_setprompt (assuan_context_t ctx, char *line)
{
char *newp;
(void)ctx;
newp = malloc (strlen (line) + 1);
if (!newp)
return gpg_error_from_syserror ();
strcpy_escaped (newp, line);
if (pinentry.prompt)
free (pinentry.prompt);
pinentry.prompt = newp;
return 0;
}
/* The data provided at LINE may be used by pinentry implementations
to identify a key for caching strategies of its own. The empty
string and --clear mean that the key does not have a stable
identifier. */
static gpg_error_t
cmd_setkeyinfo (assuan_context_t ctx, char *line)
{
(void)ctx;
if (pinentry.keyinfo)
free (pinentry.keyinfo);
if (*line && strcmp(line, "--clear") != 0)
pinentry.keyinfo = strdup (line);
else
pinentry.keyinfo = NULL;
return 0;
}
static gpg_error_t
cmd_setrepeat (assuan_context_t ctx, char *line)
{
char *p;
(void)ctx;
p = malloc (strlen (line) + 1);
if (!p)
return gpg_error_from_syserror ();
strcpy_escaped (p, line);
free (pinentry.repeat_passphrase);
pinentry.repeat_passphrase = p;
return 0;
}
static gpg_error_t
cmd_setrepeaterror (assuan_context_t ctx, char *line)
{
char *p;
(void)ctx;
p = malloc (strlen (line) + 1);
if (!p)
return gpg_error_from_syserror ();
strcpy_escaped (p, line);
free (pinentry.repeat_error_string);
pinentry.repeat_error_string = p;
return 0;
}
static gpg_error_t
cmd_seterror (assuan_context_t ctx, char *line)
{
char *newe;
(void)ctx;
newe = malloc (strlen (line) + 1);
if (!newe)
return gpg_error_from_syserror ();
strcpy_escaped (newe, line);
if (pinentry.error)
free (pinentry.error);
pinentry.error = newe;
return 0;
}
static gpg_error_t
cmd_setok (assuan_context_t ctx, char *line)
{
char *newo;
(void)ctx;
newo = malloc (strlen (line) + 1);
if (!newo)
return gpg_error_from_syserror ();
strcpy_escaped (newo, line);
if (pinentry.ok)
free (pinentry.ok);
pinentry.ok = newo;
return 0;
}
static gpg_error_t
cmd_setnotok (assuan_context_t ctx, char *line)
{
char *newo;
(void)ctx;
newo = malloc (strlen (line) + 1);
if (!newo)
return gpg_error_from_syserror ();
strcpy_escaped (newo, line);
if (pinentry.notok)
free (pinentry.notok);
pinentry.notok = newo;
return 0;
}
static gpg_error_t
cmd_setcancel (assuan_context_t ctx, char *line)
{
char *newc;
(void)ctx;
newc = malloc (strlen (line) + 1);
if (!newc)
return gpg_error_from_syserror ();
strcpy_escaped (newc, line);
if (pinentry.cancel)
free (pinentry.cancel);
pinentry.cancel = newc;
return 0;
}
static gpg_error_t
cmd_settimeout (assuan_context_t ctx, char *line)
{
(void)ctx;
if (line && *line)
pinentry.timeout = atoi (line);
return 0;
}
static gpg_error_t
cmd_settitle (assuan_context_t ctx, char *line)
{
char *newt;
(void)ctx;
newt = malloc (strlen (line) + 1);
if (!newt)
return gpg_error_from_syserror ();
strcpy_escaped (newt, line);
if (pinentry.title)
free (pinentry.title);
pinentry.title = newt;
return 0;
}
static gpg_error_t
cmd_setqualitybar (assuan_context_t ctx, char *line)
{
char *newval;
(void)ctx;
if (!*line)
line = "Quality:";
newval = malloc (strlen (line) + 1);
if (!newval)
return gpg_error_from_syserror ();
strcpy_escaped (newval, line);
if (pinentry.quality_bar)
free (pinentry.quality_bar);
pinentry.quality_bar = newval;
return 0;
}
/* Set the tooltip to be used for a quality bar. */
static gpg_error_t
cmd_setqualitybar_tt (assuan_context_t ctx, char *line)
{
char *newval;
(void)ctx;
if (*line)
{
newval = malloc (strlen (line) + 1);
if (!newval)
return gpg_error_from_syserror ();
strcpy_escaped (newval, line);
}
else
newval = NULL;
if (pinentry.quality_bar_tt)
free (pinentry.quality_bar_tt);
pinentry.quality_bar_tt = newval;
return 0;
}
/* Set the tooltip to be used for a generate action. */
static gpg_error_t
cmd_setgenpin_tt (assuan_context_t ctx, char *line)
{
char *newval;
(void)ctx;
if (*line)
{
newval = malloc (strlen (line) + 1);
if (!newval)
return gpg_error_from_syserror ();
strcpy_escaped (newval, line);
}
else
newval = NULL;
if (pinentry.genpin_tt)
free (pinentry.genpin_tt);
pinentry.genpin_tt = newval;
return 0;
}
/* Set the label to be used for a generate action. */
static gpg_error_t
cmd_setgenpin_label (assuan_context_t ctx, char *line)
{
char *newval;
(void)ctx;
if (*line)
{
newval = malloc (strlen (line) + 1);
if (!newval)
return gpg_error_from_syserror ();
strcpy_escaped (newval, line);
}
else
newval = NULL;
if (pinentry.genpin_label)
free (pinentry.genpin_label);
pinentry.genpin_label = newval;
return 0;
}
static gpg_error_t
cmd_getpin (assuan_context_t ctx, char *line)
{
int result;
int set_prompt = 0;
int just_read_password_from_cache = 0;
(void)line;
pinentry_setbuffer_init (&pinentry);
if (!pinentry.pin)
return gpg_error (GPG_ERR_ENOMEM);
/* Try reading from the password cache. */
if (/* If repeat passphrase is set, then we don't want to read from
the cache. */
! pinentry.repeat_passphrase
/* Are we allowed to read from the cache? */
&& pinentry.allow_external_password_cache
&& pinentry.keyinfo
/* Only read from the cache if we haven't already tried it. */
&& ! pinentry.tried_password_cache
/* If the last read resulted in an error, then don't read from
the cache. */
&& ! pinentry.error)
{
char *password;
int give_up_on_password_store = 0;
pinentry.tried_password_cache = 1;
password = password_cache_lookup (pinentry.keyinfo, &give_up_on_password_store);
if (give_up_on_password_store)
pinentry.allow_external_password_cache = 0;
if (password)
/* There is a cached password. Try it. */
{
int len = strlen(password) + 1;
if (len > pinentry.pin_len)
len = pinentry.pin_len;
memcpy (pinentry.pin, password, len);
pinentry.pin[len] = '\0';
secmem_free (password);
pinentry.pin_from_cache = 1;
assuan_write_status (ctx, "PASSWORD_FROM_CACHE", "");
/* Result is the length of the password not including the
NUL terminator. */
result = len - 1;
just_read_password_from_cache = 1;
goto out;
}
}
/* The password was not cached (or we are not allowed to / cannot
use the cache). Prompt the user. */
pinentry.pin_from_cache = 0;
if (!pinentry.prompt)
{
pinentry.prompt = pinentry.default_prompt?pinentry.default_prompt:"PIN:";
set_prompt = 1;
}
pinentry.locale_err = 0;
pinentry.specific_err = 0;
pinentry.specific_err_loc = NULL;
free (pinentry.specific_err_info);
pinentry.specific_err_info = NULL;
pinentry.close_button = 0;
pinentry.repeat_okay = 0;
pinentry.one_button = 0;
pinentry.ctx_assuan = ctx;
result = (*pinentry_cmd_handler) (&pinentry);
pinentry.ctx_assuan = NULL;
if (pinentry.error)
{
free (pinentry.error);
pinentry.error = NULL;
}
if (pinentry.repeat_passphrase)
{
free (pinentry.repeat_passphrase);
pinentry.repeat_passphrase = NULL;
}
if (set_prompt)
pinentry.prompt = NULL;
pinentry.quality_bar = 0; /* Reset it after the command. */
if (pinentry.close_button)
assuan_write_status (ctx, "BUTTON_INFO", "close");
if (result < 0)
{
pinentry_setbuffer_clear (&pinentry);
if (pinentry.specific_err)
{
write_status_error (ctx, &pinentry);
if (gpg_err_code (pinentry.specific_err) == GPG_ERR_FULLY_CANCELED)
assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
return pinentry.specific_err;
}
return (pinentry.locale_err
? gpg_error (GPG_ERR_LOCALE_PROBLEM)
: gpg_error (GPG_ERR_CANCELED));
}
out:
if (result)
{
if (pinentry.repeat_okay)
assuan_write_status (ctx, "PIN_REPEATED", "");
result = assuan_send_data (ctx, pinentry.pin, strlen(pinentry.pin));
if (!result)
result = assuan_send_data (ctx, NULL, 0);
if (/* GPG Agent says it's okay. */
pinentry.allow_external_password_cache && pinentry.keyinfo
/* We didn't just read it from the cache. */
&& ! just_read_password_from_cache
/* And the user said it's okay. */
&& pinentry.may_cache_password)
/* Cache the password. */
password_cache_save (pinentry.keyinfo, pinentry.pin);
}
pinentry_setbuffer_clear (&pinentry);
return result;
}
/* Note that the option --one-button is a hack to allow the use of old
pinentries while the caller is ignoring the result. Given that
options have never been used or flagged as an error the new option
is an easy way to enable the messsage mode while not requiring to
update pinentry or to have the caller test for the message
command. New applications which are free to require an updated
pinentry should use MESSAGE instead. */
static gpg_error_t
cmd_confirm (assuan_context_t ctx, char *line)
{
int result;
pinentry.one_button = !!strstr (line, "--one-button");
pinentry.quality_bar = 0;
pinentry.close_button = 0;
pinentry.locale_err = 0;
pinentry.specific_err = 0;
pinentry.specific_err_loc = NULL;
free (pinentry.specific_err_info);
pinentry.specific_err_info = NULL;
pinentry.canceled = 0;
pinentry_setbuffer_clear (&pinentry);
result = (*pinentry_cmd_handler) (&pinentry);
if (pinentry.error)
{
free (pinentry.error);
pinentry.error = NULL;
}
if (pinentry.close_button)
assuan_write_status (ctx, "BUTTON_INFO", "close");
if (result > 0)
return 0; /* OK */
if (pinentry.specific_err)
{
write_status_error (ctx, &pinentry);
if (gpg_err_code (pinentry.specific_err) == GPG_ERR_FULLY_CANCELED)
assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
return pinentry.specific_err;
}
if (pinentry.locale_err)
return gpg_error (GPG_ERR_LOCALE_PROBLEM);
if (pinentry.one_button)
return 0; /* OK */
if (pinentry.canceled)
return gpg_error (GPG_ERR_CANCELED);
return gpg_error (GPG_ERR_NOT_CONFIRMED);
}
static gpg_error_t
cmd_message (assuan_context_t ctx, char *line)
{
(void)line;
return cmd_confirm (ctx, "--one-button");
}
/* Return a staically allocated string with information on the mode,
* uid, and gid of DEVICE. On error "?" is returned if DEVICE is
* NULL, "-" is returned. */
static const char *
device_stat_string (const char *device)
{
#ifdef HAVE_STAT
static char buf[40];
struct stat st;
if (!device || !*device)
return "-";
if (stat (device, &st))
return "?"; /* Error */
snprintf (buf, sizeof buf, "%lo/%lu/%lu",
(unsigned long)st.st_mode,
(unsigned long)st.st_uid,
(unsigned long)st.st_gid);
return buf;
#else
return "-";
#endif
}
/* GETINFO <what>
Multipurpose function to return a variety of information.
Supported values for WHAT are:
version - Return the version of the program.
pid - Return the process id of the server.
flavor - Return information about the used pinentry flavor
ttyinfo - Return DISPLAY, ttyinfo and an emacs pinentry status
*/
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
int rc;
const char *s;
char buffer[150];
if (!strcmp (line, "version"))
{
s = VERSION;
rc = assuan_send_data (ctx, s, strlen (s));
}
else if (!strcmp (line, "pid"))
{
snprintf (buffer, sizeof buffer, "%lu", (unsigned long)getpid ());
buffer[sizeof buffer -1] = 0;
rc = assuan_send_data (ctx, buffer, strlen (buffer));
}
else if (!strcmp (line, "flavor"))
{
if (!strncmp (this_pgmname, "pinentry-", 9) && this_pgmname[9])
s = this_pgmname + 9;
else
s = this_pgmname;
snprintf (buffer, sizeof buffer, "%s%s%s",
s,
flavor_flag? ":":"",
flavor_flag? flavor_flag : "");
buffer[sizeof buffer -1] = 0;
rc = assuan_send_data (ctx, buffer, strlen (buffer));
/* if (!rc) */
/* rc = assuan_write_status (ctx, "FEATURES", "tabbing foo bar"); */
}
else if (!strcmp (line, "ttyinfo"))
{
char emacs_status[10];
#ifdef INSIDE_EMACS
snprintf (emacs_status, sizeof emacs_status,
"%d", pinentry_emacs_status ());
#else
strcpy (emacs_status, "-");
#endif
snprintf (buffer, sizeof buffer, "%s %s %s %s %lu/%lu %s",
pinentry.ttyname? pinentry.ttyname : "-",
pinentry.ttytype_l? pinentry.ttytype_l : "-",
pinentry.display? pinentry.display : "-",
device_stat_string (pinentry.ttyname),
#ifdef HAVE_DOSISH_SYSTEM
0l, 0l,
#else
(unsigned long)geteuid (), (unsigned long)getegid (),
#endif
emacs_status
);
buffer[sizeof buffer -1] = 0;
rc = assuan_send_data (ctx, buffer, strlen (buffer));
}
else
rc = gpg_error (GPG_ERR_ASS_PARAMETER);
return rc;
}
/* CLEARPASSPHRASE <cacheid>
Clear the cache passphrase associated with the key identified by
cacheid.
*/
static gpg_error_t
cmd_clear_passphrase (assuan_context_t ctx, char *line)
{
(void)ctx;
if (! line)
return gpg_error (GPG_ERR_ASS_INV_VALUE);
/* Remove leading and trailing white space. */
while (*line == ' ')
line ++;
while (line[strlen (line) - 1] == ' ')
line[strlen (line) - 1] = 0;
switch (password_cache_clear (line))
{
case 1: return 0;
case 0: return gpg_error (GPG_ERR_ASS_INV_VALUE);
default: return gpg_error (GPG_ERR_ASS_GENERAL);
}
}
/* Tell the assuan library about our commands. */
static gpg_error_t
register_commands (assuan_context_t ctx)
{
static struct
{
const char *name;
gpg_error_t (*handler) (assuan_context_t, char *line);
} table[] =
{
{ "SETDESC", cmd_setdesc },
{ "SETPROMPT", cmd_setprompt },
{ "SETKEYINFO", cmd_setkeyinfo },
{ "SETREPEAT", cmd_setrepeat },
{ "SETREPEATERROR", cmd_setrepeaterror },
{ "SETERROR", cmd_seterror },
{ "SETOK", cmd_setok },
{ "SETNOTOK", cmd_setnotok },
{ "SETCANCEL", cmd_setcancel },
{ "GETPIN", cmd_getpin },
{ "CONFIRM", cmd_confirm },
{ "MESSAGE", cmd_message },
{ "SETQUALITYBAR", cmd_setqualitybar },
{ "SETQUALITYBAR_TT", cmd_setqualitybar_tt },
{ "SETGENPIN", cmd_setgenpin_label },
{ "SETGENPIN_TT", cmd_setgenpin_tt },
{ "GETINFO", cmd_getinfo },
{ "SETTITLE", cmd_settitle },
{ "SETTIMEOUT", cmd_settimeout },
{ "CLEARPASSPHRASE", cmd_clear_passphrase },
{ NULL }
};
int i, j;
gpg_error_t rc;
for (i = j = 0; table[i].name; i++)
{
rc = assuan_register_command (ctx, table[i].name, table[i].handler, NULL);
if (rc)
return rc;
}
return 0;
}
int
pinentry_loop2 (int infd, int outfd)
{
gpg_error_t rc;
assuan_fd_t filedes[2];
assuan_context_t ctx;
/* Extra check to make sure we have dropped privs. */
#ifndef HAVE_DOSISH_SYSTEM
if (getuid() != geteuid())
abort ();
#endif
rc = assuan_new (&ctx);
if (rc)
{
fprintf (stderr, "server context creation failed: %s\n",
gpg_strerror (rc));
return -1;
}
/* For now we use a simple pipe based server so that we can work
from scripts. We will later add options to run as a daemon and
wait for requests on a Unix domain socket. */
filedes[0] = assuan_fdopen (infd);
filedes[1] = assuan_fdopen (outfd);
rc = assuan_init_pipe_server (ctx, filedes);
if (rc)
{
fprintf (stderr, "%s: failed to initialize the server: %s\n",
this_pgmname, gpg_strerror (rc));
return -1;
}
rc = register_commands (ctx);
if (rc)
{
fprintf (stderr, "%s: failed to the register commands with Assuan: %s\n",
this_pgmname, gpg_strerror (rc));
return -1;
}
assuan_register_option_handler (ctx, option_handler);
#if 0
assuan_set_log_stream (ctx, stderr);
#endif
assuan_register_reset_notify (ctx, pinentry_assuan_reset_handler);
for (;;)
{
rc = assuan_accept (ctx);
if (rc == -1)
break;
else if (rc)
{
fprintf (stderr, "%s: Assuan accept problem: %s\n",
this_pgmname, gpg_strerror (rc));
break;
}
rc = assuan_process (ctx);
if (rc)
{
fprintf (stderr, "%s: Assuan processing failed: %s\n",
this_pgmname, gpg_strerror (rc));
continue;
}
}
assuan_release (ctx);
return 0;
}
/* Start the pinentry event loop. The program will start to process
Assuan commands until it is finished or an error occurs. If an
error occurs, -1 is returned. Otherwise, 0 is returned. */
int
pinentry_loop (void)
{
return pinentry_loop2 (STDIN_FILENO, STDOUT_FILENO);
}
diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h
index 9ba0014..d55a234 100644
--- a/pinentry/pinentry.h
+++ b/pinentry/pinentry.h
@@ -1,390 +1,372 @@
/* pinentry.h - The interface for the PIN entry support library.
* Copyright (C) 2002, 2003, 2010, 2015, 2021 g10 Code GmbH
*
* This file is part of PINENTRY.
*
* PINENTRY is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* PINENTRY is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
* SPDX-License-Identifier: GPL-2.0+
*/
#ifndef PINENTRY_H
#define PINENTRY_H
#ifdef __cplusplus
extern "C" {
#if 0
}
#endif
#endif
typedef enum {
PINENTRY_COLOR_NONE, PINENTRY_COLOR_DEFAULT,
PINENTRY_COLOR_BLACK, PINENTRY_COLOR_RED,
PINENTRY_COLOR_GREEN, PINENTRY_COLOR_YELLOW,
PINENTRY_COLOR_BLUE, PINENTRY_COLOR_MAGENTA,
PINENTRY_COLOR_CYAN, PINENTRY_COLOR_WHITE
} pinentry_color_t;
struct pinentry
{
/* The window title, or NULL. (Assuan: "SETTITLE TITLE".) */
char *title;
/* The description to display, or NULL. (Assuan: "SETDESC
DESC".) */
char *description;
/* The error message to display, or NULL. (Assuan: "SETERROR
MESSAGE".) */
char *error;
/* The prompt to display, or NULL. (Assuan: "SETPROMPT
prompt".) */
char *prompt;
/* The OK button text to display, or NULL. (Assuan: "SETOK
OK".) */
char *ok;
/* The Not-OK button text to display, or NULL. This is the text for
the alternative option shown by the third button. (Assuan:
"SETNOTOK NOTOK".) */
char *notok;
/* The Cancel button text to display, or NULL. (Assuan: "SETCANCEL
CANCEL".) */
char *cancel;
/* The buffer to store the secret into. */
char *pin;
/* The length of the buffer. */
int pin_len;
/* Whether the pin was read from an external cache (1) or entered by
the user (0). */
int pin_from_cache;
/* The name of the X display to use if X is available and supported.
(Assuan: "OPTION display DISPLAY".) */
char *display;
/* The name of the terminal node to open if X not available or
supported. (Assuan: "OPTION ttyname TTYNAME".) */
char *ttyname;
/* The type of the terminal. (Assuan: "OPTION ttytype TTYTYPE".) */
char *ttytype_l;
/* Set the alert mode (none, beep or flash). */
char *ttyalert;
/* The LC_CTYPE value for the terminal. (Assuan: "OPTION lc-ctype
LC_CTYPE".) */
char *lc_ctype;
/* The LC_MESSAGES value for the terminal. (Assuan: "OPTION
lc-messages LC_MESSAGES".) */
char *lc_messages;
/* True if debug mode is requested. */
int debug;
/* The number of seconds before giving up while waiting for user input. */
int timeout;
/* True if caller should grab the keyboard. (Assuan: "OPTION grab"
or "OPTION no-grab".) */
int grab;
/* The PID of the owner or 0 if not known. The owner is the process
* which actually triggered the the pinentry. For example gpg. */
unsigned long owner_pid;
/* The numeric uid (user ID) of the owner process or -1 if not
* known. */
int owner_uid;
/* The malloced hostname of the owner or NULL. */
char *owner_host;
/* The window ID of the parent window over which the pinentry window
should be displayed. (Assuan: "OPTION parent-wid WID".) */
int parent_wid;
/* The name of an optional file which will be touched after a curses
entry has been displayed. (Assuan: "OPTION touch-file
FILENAME".) */
char *touch_file;
/* The frontend should set this to -1 if the user canceled the
request, and to the length of the PIN stored in pin
otherwise. */
int result;
/* The frontend should set this if the NOTOK button was pressed. */
int canceled;
/* The frontend should set this to true if an error with the local
conversion occurred. */
int locale_err;
/* The frontend should set this to a gpg-error so that commands are
able to return specific error codes. This is an ugly hack due to
the fact that pinentry_cmd_handler_t returns the length of the
passphrase or a negative error code. */
int specific_err;
/* The frontend may store a string with the error location here. */
const char *specific_err_loc;
/* The frontend may store a malloced string here to emit an ERROR
* status code with this extra info along with SPECIFIC_ERR. */
char *specific_err_info;
/* The frontend should set this to true if the window close button
has been used. This flag is used in addition to a regular return
value. */
int close_button;
/* The caller should set this to true if only one button is
required. This is useful for notification dialogs where only a
dismiss button is required. */
int one_button;
/* If true a second prompt for the passphrase is shown and the user
is expected to enter the same passphrase again. Pinentry checks
that both match. (Assuan: "SETREPEAT".) */
char *repeat_passphrase;
/* The string to show if a repeated passphrase does not match.
(Assuan: "SETREPEATERROR ERROR".) */
char *repeat_error_string;
/* Set to true if the passphrase has been entered a second time and
matches the first passphrase. */
int repeat_okay;
/* If this is not NULL, a passphrase quality indicator is shown.
There will also be an inquiry back to the caller to get an
indication of the quality for the passphrase entered so far. The
string is used as a label for the quality bar. (Assuan:
"SETQUALITYBAR LABEL".) */
char *quality_bar;
/* The tooltip to be shown for the qualitybar. Malloced or NULL.
(Assuan: "SETQUALITYBAR_TT TOOLTIP".) */
char *quality_bar_tt;
/* If this is not NULL, a generate action should be shown.
There will be an inquiry back to the caller to get such a
PIN. generate action. Malloced or NULL.
(Assuan: "SETGENPIN LABEL" .) */
char *genpin_label;
/* The tooltip to be shown for the generate action. Malloced or NULL.
(Assuan: "SETGENPIN_TT TOOLTIP".) */
char *genpin_tt;
- /* Specifies whether the option to enable passphrase formatting should be
- shown, whether it should be on or off by default, and whether the user
- is allowed to change it.
- Possible values are:
- 0 - Option is not shown (and off).
- 1 - Option is shown, off by default, and user can change it.
- 2 - Option is shown, on, and user cannot change it.
- 3 - Option is shown, on by default, and user can change it.
- Defaults to 0.
- (Assuan: "OPTION formatted-passphrase=MODE") */
+ /* Specifies whether passphrase formatting should be enabled.
+ (Assuan: "OPTION formatted-passphrase") */
int formatted_passphrase;
- /* The label to be shown for the formatted passphrase option. Malloced or
- NULL.
- (Assuan: "OPTION formatted-passphrase-label=Use password formatting".) */
- char *formatted_passphrase_label;
-
- /* The tooltip to be shown for the formatted passphrase option. Malloced or
- NULL.
- (Assuan: "OPTION formatted-passphrase-tt=TOOLTIP".) */
- char *formatted_passphrase_tt;
-
/* A hint to be shown near the passphrase input field if passphrase
formatting is enabled. Malloced or NULL.
(Assuan: "OPTION formatted-passphrase-hint=HINT".) */
char *formatted_passphrase_hint;
/* For the curses pinentry, the color of error messages. */
pinentry_color_t color_fg;
int color_fg_bright;
pinentry_color_t color_bg;
pinentry_color_t color_so;
int color_so_bright;
/* Malloced and i18ned default strings or NULL. These strings may
include an underscore character to indicate an accelerator key.
A double underscore represents a plain one. */
/* (Assuan: "OPTION default-ok OK"). */
char *default_ok;
/* (Assuan: "OPTION default-cancel CANCEL"). */
char *default_cancel;
/* (Assuan: "OPTION default-prompt PROMPT"). */
char *default_prompt;
/* (Assuan: "OPTION default-pwmngr
SAVE_PASSWORD_WITH_PASSWORD_MANAGER?"). */
char *default_pwmngr;
/* (Assuan: "OPTION default-cf-visi
Do you really want to make your passphrase visible?"). */
char *default_cf_visi;
/* (Assuan: "OPTION default-tt-visi
Make passphrase visible?"). */
char *default_tt_visi;
/* (Assuan: "OPTION default-tt-hide
Hide passphrase"). */
char *default_tt_hide;
/* (Assuan: "OPTION default-capshint
Caps Lock is on"). */
char *default_capshint;
/* Whether we are allowed to read the password from an external
cache. (Assuan: "OPTION allow-external-password-cache") */
int allow_external_password_cache;
/* We only try the cache once. */
int tried_password_cache;
/* A stable identifier for the key. (Assuan: "SETKEYINFO
KEYINFO".) */
char *keyinfo;
/* Whether we may cache the password (according to the user). */
int may_cache_password;
/* NOTE: If you add any additional fields to this structure, be sure
to update the initializer in pinentry/pinentry.c!!! */
/* For the quality indicator and genpin we need to do an inquiry.
Thus we need to save the assuan ctx. */
void *ctx_assuan;
/* An UTF-8 string with an invisible character used to override the
default in some pinentries. Only the first character is
used. */
char *invisible_char;
/* Whether the passphrase constraints are enforced by gpg-agent.
(Assuan: "OPTION constraints-enforce") */
int constraints_enforce;
/* A short translated hint for the user with the constraints for new
passphrases to be displayed near the passphrase input field.
Malloced or NULL.
(Assuan: "OPTION constraints-hint-short=At least 8 characters".) */
char *constraints_hint_short;
/* A longer translated hint for the user with the constraints for new
passphrases to be displayed for example as tooltip. Malloced or NULL.
(Assuan: "OPTION constraints-hint-long=The passphrase must ...".) */
char *constraints_hint_long;
/* A short translated title for an error dialog informing the user about
unsatisfied passphrase constraints. Malloced or NULL.
(Assuan: "OPTION constraints-error-title=Passphrase Not Allowed".) */
char *constraints_error_title;
};
typedef struct pinentry *pinentry_t;
/* The pinentry command handler type processes the pinentry request
PIN. If PIN->pin is zero, request a confirmation, otherwise a PIN
entry. On confirmation, the function should return TRUE if
confirmed, and FALSE otherwise. On PIN entry, the function should
return -1 if an error occurred or the user cancelled the operation
and 1 otherwise. */
typedef int (*pinentry_cmd_handler_t) (pinentry_t pin);
/* Start the pinentry event loop. The program will start to process
Assuan commands until it is finished or an error occurs. If an
error occurs, -1 is returned and errno indicates the type of an
error. Otherwise, 0 is returned. */
int pinentry_loop (void);
/* The same as above but allows to specify the i/o descriptors.
* infd and outfd will be duplicated in this function so the caller
* still has to close them if necessary.
*/
int pinentry_loop2 (int infd, int outfd);
/* Convert the UTF-8 encoded string TEXT to the encoding given in
LC_CTYPE. Return NULL on error. */
char *pinentry_utf8_to_local (const char *lc_ctype, const char *text);
/* Convert TEXT which is encoded according to LC_CTYPE to UTF-8. With
SECURE set to true, use secure memory for the returned buffer.
Return NULL on error. */
char *pinentry_local_to_utf8 (char *lc_ctype, char *text, int secure);
char *pinentry_get_title (pinentry_t pe);
/* Run a quality inquiry for PASSPHRASE of LENGTH. */
int pinentry_inq_quality (pinentry_t pin,
const char *passphrase, size_t length);
/* Run a checkpin inquiry for PASSPHRASE of LENGTH. Returns NULL, if the
passphrase satisfies the constraints. Otherwise, returns a malloced error
string. */
char *pinentry_inq_checkpin (pinentry_t pin,
const char *passphrase, size_t length);
/* Run a genpin iquriry. Returns a malloced string or NULL */
char *pinentry_inq_genpin (pinentry_t pin);
/* Try to make room for at least LEN bytes for the pin in the pinentry
PIN. Returns new buffer on success and 0 on failure. */
char *pinentry_setbufferlen (pinentry_t pin, int len);
/* Use the buffer at BUFFER for PIN->PIN. BUFFER must be NULL or
allocated using secmem_alloc. LEN is the size of the buffer. If
it is unknown, but BUFFER is a NUL terminated string, you pass 0 to
just use strlen(buffer)+1. */
void pinentry_setbuffer_use (pinentry_t pin, char *buffer, int len);
/* Initialize the secure memory subsystem, drop privileges and
return. Must be called early. */
void pinentry_init (const char *pgmname);
/* Return true if either DISPLAY is set or ARGV contains the string
"--display". */
int pinentry_have_display (int argc, char **argv);
/* Parse the command line options. May exit the program if only help
or version output is requested. */
void pinentry_parse_opts (int argc, char *argv[]);
/* Set the optional flag used with getinfo. */
void pinentry_set_flavor_flag (const char *string);
/* The caller must define this variable to process assuan commands. */
extern pinentry_cmd_handler_t pinentry_cmd_handler;
#ifdef HAVE_W32_SYSTEM
/* Windows declares sleep as obsolete, but provides a definition for
_sleep but non for the still existing sleep. */
#define sleep(a) _sleep ((a))
#endif /*HAVE_W32_SYSTEM*/
#if 0
{
#endif
#ifdef __cplusplus
}
#endif
#endif /* PINENTRY_H */

File Metadata

Mime Type
text/x-diff
Expires
Fri, Feb 6, 8:35 AM (1 d, 17 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
dc/62/cd1a1fcbc0c5d63f4e9aff871f13

Event Timeline