diff --git a/configure.ac b/configure.ac index e305e44..51a2313 100644 --- a/configure.ac +++ b/configure.ac @@ -1,802 +1,802 @@ # configure.ac # Copyright (C) 1999 Robert Bihlmeyer # Copyright (C) 2001, 2002, 2003, 2004, 2007, 2015, 2016 g10 Code GmbH # # This file is part of PINENTRY. # # PINENTRY is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # PINENTRY is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, see . # SPDX-License-Identifier: GPL-2.0+ # (Process this file with autoconf to produce a configure script.) AC_PREREQ(2.69) min_automake_version="1.14" # To build a release you need to create a tag with the version number # (git tag -s pinentry-n.m.k) and run "./autogen.sh --force". Please # bump the version number immediately after the release, do another # commit, and a push so that the git magic is able to work. m4_define(mym4_version, [1.1.1]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a # flag indicating a development version (mym4_isgit). Note that the # m4 processing is done by autoconf and not during the configure run. m4_define([mym4_revision], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) m4_define([mym4_revision_dec], m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))])) m4_define([mym4_betastring], m4_esyscmd_s([git describe --match 'pinentry-[0-9].[0-9].*[0-9]' \ --long| awk -F- '$3!=0{print"-beta"$3}'])) m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) AC_INIT([pinentry],[mym4_full_version], [https://bugs.gnupg.org]) AC_CONFIG_AUX_DIR([build-aux]) AM_CONFIG_HEADER(config.h) AC_CONFIG_SRCDIR(pinentry/pinentry.h) AM_INIT_AUTOMAKE([serial-tests dist-bzip2 no-dist-gzip]) AC_GNU_SOURCE AM_MAINTAINER_MODE AC_CANONICAL_HOST AH_TOP([ #ifndef PINENTRY_CONFIG_H_INCLUDED #define PINENTRY_CONFIG_H_INCLUDED /* Enable gpg-error's strerror macro under W32CE. */ #define GPG_ERR_ENABLE_ERRNO_MACROS 1 ]) AH_BOTTOM([ #endif /*PINENTRY_CONFIG_H_INCLUDED*/ ]) dnl Checks for programs. AC_PROG_MAKE_SET AM_SANITY_CHECK missing_dir=`cd $ac_aux_dir && pwd` AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir) AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) AC_PROG_CC AC_PROG_CPP AC_PROG_INSTALL AC_PROG_RANLIB # We need to check for cplusplus here because we may not do the test # for Qt and autoconf does does not allow that. AC_PROG_CXX AC_PROG_LN_S PKG_PROG_PKG_CONFIG AC_CHECK_TOOL(WINDRES, windres, :) AC_CHECK_PROGS(GITLOG_TO_CHANGELOG, gitlog-to-changelog, [build-aux/gitlog-to-changelog]) have_dosish_system=no have_w32_system=no have_w32ce_system=no case "${host}" in *-mingw32*) AC_DEFINE(USE_ONLY_8DOT3,1, [Set this to limit filenames to the 8.3 format]) have_dosish_system=yes have_w32_system=yes case "${host}" in *-mingw32ce*) have_w32ce_system=yes ;; *) AC_DEFINE(HAVE_DRIVE_LETTERS,1, [Defined if the OS supports drive letters.]) ;; esac ;; i?86-emx-os2 | i?86-*-os2*emx ) # OS/2 with the EMX environment AC_DEFINE(HAVE_DRIVE_LETTERS) have_dosish_system=yes ;; i?86-*-msdosdjgpp*) # DOS with the DJGPP environment AC_DEFINE(HAVE_DRIVE_LETTERS) have_dosish_system=yes ;; esac if test "$have_dosish_system" = yes; then AC_DEFINE(HAVE_DOSISH_SYSTEM,1, [Defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2) with special properties like no file modes]) fi AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes) if test "$have_w32_system" = yes; then AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) if test "$have_w32ce_system" = yes; then AC_DEFINE(HAVE_W32CE_SYSTEM,1,[Defined if we run on WindowsCE]) fi fi AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) AM_CONDITIONAL(HAVE_W32CE_SYSTEM, test "$have_w32ce_system" = yes) dnl Checks for compiler features. if test "$GCC" = yes; then # Check whether gcc does not emit a diagnositc for unknown -Wno-* # options. This is the case for gcc >= 4.6 AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 6 ) #kickerror #endif]],[])],[_gcc_silent_wno=yes],[_gcc_silent_wno=no]) AC_MSG_RESULT($_gcc_silent_wno) if test "$USE_MAINTAINER_MODE" = "yes"; then CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes" CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security" if test x"$_gcc_silent_wno" = xyes ; then _gcc_warn=yes else AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) _gcc_cflags_save=$CFLAGS CFLAGS="-Wno-missing-field-initializers" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], [_gcc_warn=yes],[_gcc_warn=no]) AC_MSG_RESULT($_gcc_warn) CFLAGS=$_gcc_cflags_save; fi if test x"$_gcc_warn" = xyes ; then CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers" fi AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement]) _gcc_cflags_save=$CFLAGS CFLAGS="-Wdeclaration-after-statement" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_warn=yes,_gcc_warn=no) AC_MSG_RESULT($_gcc_warn) CFLAGS=$_gcc_cflags_save; if test x"$_gcc_warn" = xyes ; then CFLAGS="$CFLAGS -Wdeclaration-after-statement" fi else # Not in maintainer mode: Use standard warnings. CFLAGS="$CFLAGS -Wall" fi CPPFLAGS="$CPPFLAGS -Wall" if test x"$_gcc_silent_wno" = xyes ; then _gcc_warn=yes else AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign]) _gcc_cflags_save=$CFLAGS CFLAGS="-Wno-pointer-sign" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],[_gcc_warn=yes],[_gcc_warn=no]) AC_MSG_RESULT($_gcc_warn) CFLAGS=$_gcc_cflags_save; fi if test x"$_gcc_warn" = xyes ; then CFLAGS="$CFLAGS -Wno-pointer-sign" fi AC_MSG_CHECKING([if gcc supports -Wpointer-arith]) _gcc_cflags_save=$CFLAGS CFLAGS="-Wpointer-arith" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_warn=yes,_gcc_warn=no) AC_MSG_RESULT($_gcc_warn) CFLAGS=$_gcc_cflags_save; if test x"$_gcc_warn" = xyes ; then CFLAGS="$CFLAGS -Wpointer-arith" fi fi # Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS(string.h unistd.h langinfo.h termio.h locale.h utime.h wchar.h) dnl Checks for library functions. -AC_CHECK_FUNCS(seteuid stpcpy mmap) +AC_CHECK_FUNCS(seteuid stpcpy mmap stat) GNUPG_CHECK_MLOCK dnl Checks for standard types. AC_TYPE_UINT32_T # Common libraries and cflags. COMMON_CFLAGS= COMMON_LIBS= AC_SUBST(COMMON_CFLAGS) AC_SUBST(COMMON_LIBS) dnl Checks for libgpg-error # # libgpg-error is a library with error codes shared between GnuPG # related projects. # NEED_GPG_ERROR_VERSION=1.16 have_gpg_error=no AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION", have_gpg_error=yes,have_gpg_error=no) COMMON_CFLAGS="$GPG_ERROR_CFLAGS $COMMON_CFLAGS" COMMON_LIBS="$GPG_ERROR_LIBS $COMMON_LIBS" AC_DEFINE_UNQUOTED(GPG_ERR_ENABLE_GETTEXT_MACROS, 1, [Under Windows we use the gettext code from libgpg-error]) AC_DEFINE_UNQUOTED(GPG_ERR_ENABLE_ERRNO_MACROS, 1, [Under WindowsCE we use the strerror replacement from libgpg-error.]) dnl Checks for libassuan. # # libassuan is used for IPC # NEED_LIBASSUAN_API=2 NEED_LIBASSUAN_VERSION=2.1.0 have_libassuan=no AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION", have_libassuan=yes,have_libassuan=no) if test "$have_libassuan" = "yes"; then AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version", [version of the libassuan library]) fi COMMON_CFLAGS="$LIBASSUAN_CFLAGS $COMMON_CFLAGS" COMMON_LIBS="$LIBASSUAN_LIBS $COMMON_LIBS" dnl Checks for libsecmem. GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF) GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF) dnl Check for libcap AC_ARG_WITH([libcap], AC_HELP_STRING([--without-libcap], [Disable support for capabilities library])) if test "x$with_libcap" != "xno"; then AC_PATH_PROG(SETCAP, setcap, :, "$PATH:/sbin:/usr/sbin") AC_CHECK_LIB(cap, cap_set_proc, [ AC_DEFINE(USE_CAPABILITIES,1,[The capabilities support library is installed]) LIBCAP=-lcap ]) fi AC_SUBST(LIBCAP) dnl dnl Check for curses pinentry program. dnl AC_ARG_ENABLE(pinentry-curses, AC_HELP_STRING([--enable-pinentry-curses], [build curses pinentry]), pinentry_curses=$enableval, pinentry_curses=maybe) AC_ARG_ENABLE(fallback-curses, AC_HELP_STRING([--enable-fallback-curses], [include curses fallback]), fallback_curses=$enableval, fallback_curses=maybe) dnl dnl Checks for curses libraries. Deal correctly with $pinentry_curses = maybe dnl and $fallback_curses = maybe. dnl if test "$pinentry_curses" != "no" -o "$fallback_curses" != "no"; then IU_LIB_CURSES fi if test "$LIBCURSES"; then if test "$pinentry_curses" != "no"; then pinentry_curses=yes fi if test "$fallback_curses" != "no"; then fallback_curses=yes AC_DEFINE(FALLBACK_CURSES, 1, [The GUI pinentries should fall back to curses if X is not available.]) fi else if test "$pinentry_curses" = "yes" -o "$fallback_curses" = "yes"; then AC_MSG_ERROR([[ *** *** The curses library is required. The latest version of *** ncurses is always available from ftp://ftp.gnu.org/gnu/ncurses/. ***]]) fi pinentry_curses=no fallback_curses=no fi AM_CONDITIONAL(BUILD_LIBPINENTRY_CURSES, test "$pinentry_curses" = "yes" -o "$fallback_curses" = "yes") AM_CONDITIONAL(BUILD_PINENTRY_CURSES, test "$pinentry_curses" = "yes") AM_CONDITIONAL(FALLBACK_CURSES, test "$fallback_curses" = "yes") if test "$pinentry_curses" = "yes"; then AC_DEFINE(PINENTRY_CURSES, 1, [The Curses version of Pinentry is to be build]) fi dnl dnl Check for tty pinentry program. dnl AC_ARG_ENABLE(pinentry-tty, AC_HELP_STRING([--enable-pinentry-tty], [build tty pinentry]), pinentry_tty=$enableval, pinentry_tty=maybe) AM_CONDITIONAL(BUILD_PINENTRY_TTY, test "$pinentry_tty" = "yes") if test "$pinentry_tty" = "yes"; then AC_DEFINE(PINENTRY_TTY, 1, [The TTY version of Pinentry is to be build]) fi dnl dnl Additional checks pinentry Curses. dnl if test "$pinentry_curses" = "yes" \ -o "$fallback_curses" = "yes" ; then AM_ICONV if test "$am_cv_func_iconv" != "yes"; then AC_MSG_ERROR([[ *** *** The iconv function is required. You can specify its location *** using the --with-libiconv-prefix=PREFIX option to configure. ***]]) fi fi dnl dnl Check for emacs pinentry program. dnl AC_ARG_ENABLE(pinentry-emacs, AC_HELP_STRING([--enable-pinentry-emacs], [build emacs pinentry]), pinentry_emacs=$enableval, pinentry_emacs=no) AC_ARG_ENABLE(inside-emacs, AC_HELP_STRING([--enable-inside-emacs], [include emacs hack]), inside_emacs=$enableval, inside_emacs=maybe) if test "$pinentry_emacs" != "no" -o "$inside_emacs" != "no"; then AC_MSG_CHECKING([if Unix domain socket is supported]) AC_TRY_COMPILE([ #include #include ], [int s = socket (AF_UNIX, SOCK_STREAM, 0);], [_unixsock_works=yes], [_unixsock_works=no]) AC_MSG_RESULT($_unixsock_works) if test "$_unixsock_works" = "yes"; then if test "$pinentry_emacs" != "no"; then pinentry_emacs=yes fi if test "$inside_emacs" != "no"; then inside_emacs=yes AC_DEFINE(INSIDE_EMACS, 1, [The GUI pinentries should respect INSIDE_EMACS envvar.]) fi else if test "$pinentry_emacs" = "yes" -o "$inside_emacs" = "yes"; then AC_MSG_ERROR([[ *** *** Support for Unix domain sockets is required. ***]]) fi pinentry_emacs=no inside_emacs=no fi fi AM_CONDITIONAL(BUILD_LIBPINENTRY_EMACS, test "$pinentry_emacs" = "yes" -o "$inside_emacs" = "yes") AM_CONDITIONAL(BUILD_PINENTRY_EMACS, test "$pinentry_emacs" = "yes") AM_CONDITIONAL(INSIDE_EMACS, test "$inside_emacs" = "yes") if test "$pinentry_emacs" = "yes"; then AC_DEFINE(PINENTRY_EMACS, 1, [The Emacs version of Pinentry is to be build]) fi dnl dnl Check for EFL pinentry programs. dnl AC_ARG_ENABLE(pinentry-efl, AC_HELP_STRING([--enable-pinentry-efl], [build EFL pinentry]), pinentry_efl=$enableval, pinentry_efl=maybe) dnl check for pkg-config if test "$pinentry_efl" != "no"; then AC_PATH_PROG(PKG_CONFIG, pkg-config, no) if test x"${PKG_CONFIG}" = xno ; then pinentry_efl=no fi fi if test "$pinentry_efl" != "no"; then AC_MSG_CHECKING([for efl]) "${PKG_CONFIG}" --exists 'elementary >= 1.18' if test $? -ne 0 ; then AC_MSG_RESULT([no]) AC_MSG_WARN([efl >= 1.18 is required for efl pinentry]) pinentry_efl=no else AC_MSG_RESULT([yes]) EFL_CFLAGS=`"${PKG_CONFIG}" --cflags ecore-x elementary` EFL_LIBS=`"${PKG_CONFIG}" --libs ecore-x elementary` AC_SUBST(EFL_CFLAGS) AC_SUBST(EFL_LIBS) if test "$pinentry_efl" != "no" then pinentry_efl=yes fi fi fi AM_CONDITIONAL(BUILD_PINENTRY_EFL, test "$pinentry_efl" = "yes") dnl dnl Check for GTK+-2 / GNOME3 pinentry programs. dnl AC_ARG_ENABLE(pinentry-gtk2, AC_HELP_STRING([--enable-pinentry-gtk2], [build GTK+-2 pinentry]), pinentry_gtk_2=$enableval, pinentry_gtk_2=maybe) AC_ARG_ENABLE(pinentry-gnome3, AC_HELP_STRING([--enable-pinentry-gnome3], [build GNOME 3 pinentry]), pinentry_gnome_3=$enableval, pinentry_gnome_3=maybe) dnl check if the module gtk+-2.0 exists if test "$pinentry_gtk_2" != "no"; then PKG_CHECK_MODULES( GTK2, [gtk+-2.0 >= 2.4.0], [ test "$pinentry_gtk_2" != "no" && pinentry_gtk_2=yes test "$pinentry_gnome_3" != "no" && pinentry_gnome_3=yes ], [ AC_MSG_WARN([pkg-config could not find the module gtk+-2.0]) pinentry_gtk_2=no ] ) fi AM_CONDITIONAL(BUILD_PINENTRY_GTK_2, test "$pinentry_gtk_2" = "yes") if test "$pinentry_gnome_3" != "no"; then PKG_CHECK_MODULES( GNOME3, [gcr-3,gcr-base-3], [ pinentry_gnome_3=yes AC_DEFINE(GCR_API_SUBJECT_TO_CHANGE, 1, [Nod nod]) ], [ AC_MSG_WARN([pkg-config could not find the module gcr-3,gcr-base-3]) pinentry_gnome_3=no ] ) fi AM_CONDITIONAL(BUILD_PINENTRY_GNOME_3, test "$pinentry_gnome_3" = "yes") dnl dnl Check for libsecret. dnl AC_ARG_ENABLE(libsecret, AC_HELP_STRING([--enable-libsecret], [optionally cache passphrases using libsecret]), libsecret=$enableval, libsecret=maybe) dnl check if the module libsecret exists if test "$libsecret" != "no"; then PKG_CHECK_MODULES( LIBSECRET, [libsecret-1], [libsecret=yes], [ AC_MSG_WARN([pkg-config could not find the module libsecret-1]) libsecret=no ] ) fi AM_CONDITIONAL(BUILD_WITH_LIBSECRET, test "$libsecret" = "yes") if test "$libsecret" = "yes"; then AC_DEFINE(HAVE_LIBSECRET, 1, [The pinentries should optionally cache the passphrase using libsecret.]) COMMON_CFLAGS="$LIBSECRET_CFLAGS $COMMON_CFLAGS" COMMON_LIBS="$LIBSECRET_LIBS $COMMON_LIBS" fi dnl dnl Check for Qt pinentry program. dnl AC_ARG_ENABLE(pinentry-qt, AC_HELP_STRING([--enable-pinentry-qt], [build qt pinentry]), pinentry_qt=$enableval, pinentry_qt=maybe) dnl dnl Checks for qt libraries. Deal correctly with $pinentry_qt = maybe. dnl Tries to find Qt5, falls back on Qt4 dnl if test "$pinentry_qt" != "no"; then FIND_QT if test "$have_qt4_libs" != "yes" -a "$have_qt5_libs" != "yes"; then if test "$pinentry_qt" = "yes"; then AC_MSG_ERROR([[ *** *** Qt4 (QtCore, QtGui) or Qt5 (Qt5Core, Qt5Gui, Qt5Widgets) is required. ***]]) else pinentry_qt=no fi fi fi AC_SUBST(PINENTRY_QT_CFLAGS) AC_SUBST(PINENTRY_QT_LIBS) AC_SUBST(MOC) dnl If we have come so far, qt pinentry can be build. if test "$pinentry_qt" != "no"; then pinentry_qt=yes fi AM_CONDITIONAL(BUILD_PINENTRY_QT, test "$pinentry_qt" = "yes") if test "$pinentry_qt" = "yes"; then AC_DEFINE(PINENTRY_QT, 1, [The qt version of Pinentry is to be build]) if test "$have_qt4_libs" = "yes"; then pinentry_qt_lib_version="(Qt4)" else pinentry_qt_lib_version="(Qt5)" fi fi dnl dnl Check for TQt pinentry program. dnl AC_ARG_ENABLE(pinentry-tqt, AC_HELP_STRING([--enable-pinentry-tqt], [build tqt pinentry]), pinentry_tqt=$enableval, pinentry_tqt=no) if test "$pinentry_tqt" != "no"; then if test "$pinentry_qt" = "yes"; then AC_MSG_ERROR([[ *** *** Building both Qt and TQt pinentries is not supported. *** Use --disable-pinentry-qt if you want the TQt pinentry. ***]]) fi PKG_CHECK_MODULES(PINENTRY_TQT, tqt, have_tqt_libs=yes, [PKG_CHECK_MODULES(PINENTRY_TQT, tqt-mt, have_tqt_libs=yes, have_tqt_libs=no)]) if test "$have_tqt_libs" = "yes"; then AC_CHECK_TOOL([TQT_MOC], tqmoc, "no") fi if test "$have_tqt_libs" = "yes" -a "$TQT_MOC" != "no"; then pinentry_tqt=yes else AC_MSG_WARN([TQt is not found]) pinentry_tqt=no fi fi AM_CONDITIONAL(BUILD_PINENTRY_TQT, test "$pinentry_tqt" = "yes") # # Check whether we should build the W32 pinentry. This is actually # the simplest check as we do this only for that platform. # pinentry_w32=no test $have_w32_system = yes && pinentry_w32=yes AM_CONDITIONAL(BUILD_PINENTRY_W32, test "$pinentry_w32" = "yes") dnl dnl Check for FLTK pinentry program. dnl AC_ARG_ENABLE(pinentry-fltk, AC_HELP_STRING([--enable-pinentry-fltk], [build FLTK 1.3 pinentry]), pinentry_fltk=$enableval, pinentry_fltk=maybe) dnl check for fltk-config if test "$pinentry_fltk" != "no"; then AC_PATH_PROG(FLTK_CONFIG, fltk-config, no) if test x"${FLTK_CONFIG}" = xno ; then AC_MSG_WARN([fltk-config is not found]) pinentry_fltk=no fi fi dnl check for FLTK libraries and set flags if test "$pinentry_fltk" != "no"; then AC_MSG_CHECKING([for FLTK 1.3]) FLTK_VERSION=`${FLTK_CONFIG} --api-version` if test ${FLTK_VERSION} != "1.3" ; then AC_MSG_RESULT([no]) AC_MSG_WARN([FLTK 1.3 not found (available $FLTK_VERSION)]) pinentry_fltk=no else AC_MSG_RESULT([yes]) FLTKCFLAGS=`${FLTK_CONFIG} --cflags` FLTKCXXFLAGS=`${FLTK_CONFIG} --cxxflags` FLTKLIBS=`${FLTK_CONFIG} --ldflags` AC_SUBST(FLTKCFLAGS) AC_SUBST(FLTKCXXFLAGS) AC_SUBST(FLTKLIBS) pinentry_fltk=yes fi fi AM_CONDITIONAL(BUILD_PINENTRY_FLTK, test "$pinentry_fltk" = "yes") # Figure out the default pinentry. We are very conservative here. # Please change the order only after verifying that the preferred # pinentry really is better (more feature-complete and more secure). if test "$pinentry_gtk_2" = "yes"; then PINENTRY_DEFAULT=pinentry-gtk-2 else if test "$pinentry_qt" = "yes"; then PINENTRY_DEFAULT=pinentry-qt else if test "$pinentry_gnome_3" = "yes"; then PINENTRY_DEFAULT=pinentry-gnome3 else if test "$pinentry_curses" = "yes"; then PINENTRY_DEFAULT=pinentry-curses else if test "$pinentry_tty" = "yes"; then PINENTRY_DEFAULT=pinentry-tty else if test "$pinentry_w32" = "yes"; then PINENTRY_DEFAULT=pinentry-w32 else if test "$pinentry_fltk" = "yes"; then PINENTRY_DEFAULT=pinentry-fltk else if test "$pinentry_tqt" = "yes"; then PINENTRY_DEFAULT=pinentry-tqt else if test "$pinentry_efl" = "yes"; then PINENTRY_DEFAULT=pinentry-efl else AC_MSG_ERROR([[No pinentry enabled.]]) fi fi fi fi fi fi fi fi fi AC_SUBST(PINENTRY_DEFAULT) # # Print errors here so that they are visible all # together and the user can acquire them all together. # die=no if test "$have_gpg_error" = "no"; then die=yes AC_MSG_NOTICE([[ *** *** You need libgpg-error to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgpg-error *** (at least version $NEED_GPG_ERROR_VERSION is required.) ***]]) fi if test "$have_libassuan" = "no"; then die=yes AC_MSG_NOTICE([[ *** *** You need libassuan to build this program. *** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libassuan/ *** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required). ***]]) fi if test "$die" = "yes"; then AC_MSG_ERROR([[ *** *** Required libraries not found. Please consult the above messages *** and install them before running configure again. ***]]) fi # # To avoid double inclusion of config.h which might happen at some # places, we add the usual double inclusion protection at the top of # config.h. # AH_TOP([ #ifndef GNUPG_CONFIG_H_INCLUDED #define GNUPG_CONFIG_H_INCLUDED ]) # # Stuff which goes at the bottom of config.h. # AH_BOTTOM([ #ifdef GPG_ERR_SOURCE_DEFAULT # error GPG_ERR_SOURCE_DEFAULT already defined #endif #define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_PINENTRY #endif /*GNUPG_CONFIG_H_INCLUDED*/ ]) AC_CONFIG_FILES([ m4/Makefile secmem/Makefile pinentry/Makefile curses/Makefile tty/Makefile efl/Makefile emacs/Makefile gtk+-2/Makefile gnome3/Makefile qt/Makefile tqt/Makefile w32/Makefile fltk/Makefile doc/Makefile Makefile ]) AC_OUTPUT AC_MSG_NOTICE([ Pinentry v${VERSION} has been configured as follows: Revision: mym4_revision (mym4_revision_dec) Platform: $host Curses Pinentry ..: $pinentry_curses TTY Pinentry .....: $pinentry_tty Emacs Pinentry ...: $pinentry_emacs EFL Pinentry .....: $pinentry_efl GTK+-2 Pinentry ..: $pinentry_gtk_2 GNOME 3 Pinentry .: $pinentry_gnome_3 Qt Pinentry ......: $pinentry_qt $pinentry_qt_lib_version TQt Pinentry .....: $pinentry_tqt W32 Pinentry .....: $pinentry_w32 FLTK Pinentry ....: $pinentry_fltk Fallback to Curses: $fallback_curses Emacs integration : $inside_emacs libsecret ........: $libsecret Default Pinentry .: $PINENTRY_DEFAULT ]) diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 30c333b..cd813d8 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1,1918 +1,1954 @@ /* pinentry.c - The PIN entry support library * Copyright (C) 2002, 2003, 2007, 2008, 2010, 2015, 2016 g10 Code GmbH * * This file is part of PINENTRY. * * PINENTRY is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * PINENTRY is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . * SPDX-License-Identifier: GPL-2.0+ */ #ifdef HAVE_CONFIG_H #include #endif #ifndef HAVE_W32CE_SYSTEM # include #endif #include #include +#include +#include #include #include #ifndef HAVE_W32_SYSTEM # include #endif #ifndef HAVE_W32CE_SYSTEM # include #endif #ifdef HAVE_LANGINFO_H #include #endif #include #ifdef HAVE_W32CE_SYSTEM # include #endif #undef WITH_UTF8_CONVERSION #if defined FALLBACK_CURSES || defined PINENTRY_CURSES || defined PINENTRY_GTK # include # define WITH_UTF8_CONVERSION 1 #endif #include #include "memory.h" #include "secmem-util.h" #include "argparse.h" #include "pinentry.h" #include "password-cache.h" #ifdef INSIDE_EMACS # include "pinentry-emacs.h" #endif #ifdef FALLBACK_CURSES # include "pinentry-curses.h" #endif #ifdef HAVE_W32CE_SYSTEM #define getpid() GetCurrentProcessId () #endif /* Keep the name of our program here. */ static char this_pgmname[50]; struct pinentry pinentry; static const char *flavor_flag; /* Because gtk_init removes the --display arg from the command lines * and our command line parser is called after gtk_init (so that it * does not see gtk specific options) we don't have a way to get hold * of the --display option. Our solution is to remember --disable in * the call to pinentry_have_display and set it then in our * parser. */ static char *remember_display; /* Flag to remember whether a warning has been printed. */ #ifdef WITH_UTF8_CONVERSION static int lc_ctype_unknown_warning; #endif static void pinentry_reset (int use_defaults) { /* GPG Agent sets these options once when it starts the pinentry. Don't reset them. */ int grab = pinentry.grab; char *ttyname = pinentry.ttyname; char *ttytype = pinentry.ttytype; char *ttyalert = pinentry.ttyalert; char *lc_ctype = pinentry.lc_ctype; char *lc_messages = pinentry.lc_messages; int allow_external_password_cache = pinentry.allow_external_password_cache; char *default_ok = pinentry.default_ok; char *default_cancel = pinentry.default_cancel; char *default_prompt = pinentry.default_prompt; char *default_pwmngr = pinentry.default_pwmngr; char *default_cf_visi = pinentry.default_cf_visi; char *default_tt_visi = pinentry.default_tt_visi; char *default_tt_hide = pinentry.default_tt_hide; char *touch_file = pinentry.touch_file; unsigned long owner_pid = pinentry.owner_pid; int owner_uid = pinentry.owner_uid; char *owner_host = pinentry.owner_host; /* These options are set from the command line. Don't reset them. */ int debug = pinentry.debug; char *display = pinentry.display; int parent_wid = pinentry.parent_wid; pinentry_color_t color_fg = pinentry.color_fg; int color_fg_bright = pinentry.color_fg_bright; pinentry_color_t color_bg = pinentry.color_bg; pinentry_color_t color_so = pinentry.color_so; int color_so_bright = pinentry.color_so_bright; int timeout = pinentry.timeout; char *invisible_char = pinentry.invisible_char; /* Free any allocated memory. */ if (use_defaults) { free (pinentry.ttyname); free (pinentry.ttytype); free (pinentry.ttyalert); free (pinentry.lc_ctype); free (pinentry.lc_messages); free (pinentry.default_ok); free (pinentry.default_cancel); free (pinentry.default_prompt); free (pinentry.default_pwmngr); free (pinentry.default_cf_visi); free (pinentry.default_tt_visi); free (pinentry.default_tt_hide); free (pinentry.touch_file); free (pinentry.owner_host); free (pinentry.display); } free (pinentry.title); free (pinentry.description); free (pinentry.error); free (pinentry.prompt); free (pinentry.ok); free (pinentry.notok); free (pinentry.cancel); secmem_free (pinentry.pin); free (pinentry.repeat_passphrase); free (pinentry.repeat_error_string); free (pinentry.quality_bar); free (pinentry.quality_bar_tt); free (pinentry.keyinfo); free (pinentry.specific_err_info); /* Reset the pinentry structure. */ memset (&pinentry, 0, sizeof (pinentry)); /* Restore options without a default we want to preserve. */ pinentry.invisible_char = invisible_char; /* Restore other options or set defaults. */ if (use_defaults) { /* Pinentry timeout in seconds. */ pinentry.timeout = 60; /* Global grab. */ pinentry.grab = 1; pinentry.color_fg = PINENTRY_COLOR_DEFAULT; pinentry.color_fg_bright = 0; pinentry.color_bg = PINENTRY_COLOR_DEFAULT; pinentry.color_so = PINENTRY_COLOR_DEFAULT; pinentry.color_so_bright = 0; pinentry.owner_uid = -1; } else /* Restore the options. */ { pinentry.grab = grab; pinentry.ttyname = ttyname; pinentry.ttytype = ttytype; pinentry.ttyalert = ttyalert; pinentry.lc_ctype = lc_ctype; pinentry.lc_messages = lc_messages; pinentry.allow_external_password_cache = allow_external_password_cache; pinentry.default_ok = default_ok; pinentry.default_cancel = default_cancel; pinentry.default_prompt = default_prompt; pinentry.default_pwmngr = default_pwmngr; pinentry.default_cf_visi = default_cf_visi; pinentry.default_tt_visi = default_tt_visi; pinentry.default_tt_hide = default_tt_hide; pinentry.touch_file = touch_file; pinentry.owner_pid = owner_pid; pinentry.owner_uid = owner_uid; pinentry.owner_host = owner_host; pinentry.debug = debug; pinentry.display = display; pinentry.parent_wid = parent_wid; pinentry.color_fg = color_fg; pinentry.color_fg_bright = color_fg_bright; pinentry.color_bg = color_bg; pinentry.color_so = color_so; pinentry.color_so_bright = color_so_bright; pinentry.timeout = timeout; } } static gpg_error_t pinentry_assuan_reset_handler (assuan_context_t ctx, char *line) { (void)ctx; (void)line; pinentry_reset (0); return 0; } #ifdef WITH_UTF8_CONVERSION char * pinentry_utf8_to_local (const char *lc_ctype, const char *text) { iconv_t cd; const char *input = text; size_t input_len = strlen (text) + 1; char *output; size_t output_len; char *output_buf; size_t processed; char *old_ctype; char *target_encoding; /* If no locale setting could be determined, simply copy the string. */ if (!lc_ctype) { if (! lc_ctype_unknown_warning) { fprintf (stderr, "%s: no LC_CTYPE known - assuming UTF-8\n", this_pgmname); lc_ctype_unknown_warning = 1; } return strdup (text); } old_ctype = strdup (setlocale (LC_CTYPE, NULL)); if (!old_ctype) return NULL; setlocale (LC_CTYPE, lc_ctype); target_encoding = nl_langinfo (CODESET); if (!target_encoding) target_encoding = "?"; setlocale (LC_CTYPE, old_ctype); free (old_ctype); /* This is overkill, but simplifies the iconv invocation greatly. */ output_len = input_len * MB_LEN_MAX; output_buf = output = malloc (output_len); if (!output) return NULL; cd = iconv_open (target_encoding, "UTF-8"); if (cd == (iconv_t) -1) { fprintf (stderr, "%s: can't convert from UTF-8 to %s: %s\n", this_pgmname, target_encoding, strerror (errno)); free (output_buf); return NULL; } processed = iconv (cd, (ICONV_CONST char **)&input, &input_len, &output, &output_len); iconv_close (cd); if (processed == (size_t) -1 || input_len) { fprintf (stderr, "%s: error converting from UTF-8 to %s: %s\n", this_pgmname, target_encoding, strerror (errno)); free (output_buf); return NULL; } return output_buf; } #endif /*WITH_UTF8_CONVERSION*/ /* Convert TEXT which is encoded according to LC_CTYPE to UTF-8. With SECURE set to true, use secure memory for the returned buffer. Return NULL on error. */ #ifdef WITH_UTF8_CONVERSION char * pinentry_local_to_utf8 (char *lc_ctype, char *text, int secure) { char *old_ctype; char *source_encoding; iconv_t cd; const char *input = text; size_t input_len = strlen (text) + 1; char *output; size_t output_len; char *output_buf; size_t processed; /* If no locale setting could be determined, simply copy the string. */ if (!lc_ctype) { if (! lc_ctype_unknown_warning) { fprintf (stderr, "%s: no LC_CTYPE known - assuming UTF-8\n", this_pgmname); lc_ctype_unknown_warning = 1; } output_buf = secure? secmem_malloc (input_len) : malloc (input_len); if (output_buf) strcpy (output_buf, input); return output_buf; } old_ctype = strdup (setlocale (LC_CTYPE, NULL)); if (!old_ctype) return NULL; setlocale (LC_CTYPE, lc_ctype); source_encoding = nl_langinfo (CODESET); setlocale (LC_CTYPE, old_ctype); free (old_ctype); /* This is overkill, but simplifies the iconv invocation greatly. */ output_len = input_len * MB_LEN_MAX; output_buf = output = secure? secmem_malloc (output_len):malloc (output_len); if (!output) return NULL; cd = iconv_open ("UTF-8", source_encoding); if (cd == (iconv_t) -1) { fprintf (stderr, "%s: can't convert from %s to UTF-8: %s\n", this_pgmname, source_encoding? source_encoding : "?", strerror (errno)); if (secure) secmem_free (output_buf); else free (output_buf); return NULL; } processed = iconv (cd, (ICONV_CONST char **)&input, &input_len, &output, &output_len); iconv_close (cd); if (processed == (size_t) -1 || input_len) { fprintf (stderr, "%s: error converting from %s to UTF-8: %s\n", this_pgmname, source_encoding? source_encoding : "?", strerror (errno)); if (secure) secmem_free (output_buf); else free (output_buf); return NULL; } return output_buf; } #endif /*WITH_UTF8_CONVERSION*/ /* Copy TEXT or TEXTLEN to BUFFER and escape as required. Return a pointer to the end of the new buffer. Note that BUFFER must be large enough to keep the entire text; allocataing it 3 times of TEXTLEN is sufficient. */ static char * copy_and_escape (char *buffer, const void *text, size_t textlen) { int i; const unsigned char *s = (unsigned char *)text; char *p = buffer; for (i=0; i < textlen; i++) { if (s[i] < ' ' || s[i] == '+') { snprintf (p, 4, "%%%02X", s[i]); p += 3; } else if (s[i] == ' ') *p++ = '+'; else *p++ = s[i]; } return p; } /* Return a malloced copy of the commandline for PID. If this is not * possible NULL is returned. */ #ifndef HAVE_W32_SYSTEM static char * get_cmdline (unsigned long pid) { char buffer[200]; FILE *fp; size_t i, n; snprintf (buffer, sizeof buffer, "/proc/%lu/cmdline", pid); buffer[sizeof buffer - 1] = 0; fp = fopen (buffer, "rb"); if (!fp) return NULL; n = fread (buffer, 1, sizeof buffer - 1, fp); if (n < sizeof buffer -1 && ferror (fp)) { /* Some error occurred. */ fclose (fp); return NULL; } fclose (fp); if (n == 0) return NULL; /* Arguments are delimited by Nuls. We should do proper quoting but * that can be a bit complicated, thus we simply replace the Nuls by * spaces. */ for (i=0; i < n; i++) if (!buffer[i] && i < n-1) buffer[i] = ' '; buffer[i] = 0; /* Make sure the last byte is the string terminator. */ return strdup (buffer); } #endif /*!HAVE_W32_SYSTEM*/ /* Atomically ask the kernel for information about process PID. * Return a malloc'ed copy of the process name as long as the process * uid matches UID. If it cannot determine that the process has uid * UID, it returns NULL. * * This is not as informative as get_cmdline, but it verifies that the * process does belong to the user in question. */ #ifndef HAVE_W32_SYSTEM static char * get_pid_name_for_uid (unsigned long pid, int uid) { char buffer[400]; FILE *fp; size_t end, n; char *uidstr; snprintf (buffer, sizeof buffer, "/proc/%lu/status", pid); buffer[sizeof buffer - 1] = 0; fp = fopen (buffer, "rb"); if (!fp) return NULL; n = fread (buffer, 1, sizeof buffer - 1, fp); if (n < sizeof buffer -1 && ferror (fp)) { /* Some error occurred. */ fclose (fp); return NULL; } fclose (fp); if (n == 0) return NULL; /* Fixme: Is it specified that "Name" is always the first line? For * robustness I would prefer to have a real parser here. -wk */ if (strncmp (buffer, "Name:\t", 6)) return NULL; end = strcspn (buffer + 6, "\n") + 6; buffer[end] = 0; /* check that uid matches what we expect */ uidstr = strstr (buffer + end + 1, "\nUid:\t"); if (!uidstr) return NULL; if (atoi (uidstr + 6) != uid) return NULL; return strdup (buffer + 6); } #endif /*!HAVE_W32_SYSTEM*/ /* Return a malloced string with the title. The caller mus free the * string. If no title is available or the title string has an error * NULL is returned. */ char * pinentry_get_title (pinentry_t pe) { char *title; if (pe->title) title = strdup (pe->title); #ifndef HAVE_W32_SYSTEM else if (pe->owner_pid) { char buf[200]; struct utsname utsbuf; char *pidname = NULL; char *cmdline = NULL; if (pe->owner_host && !uname (&utsbuf) && utsbuf.nodename && !strcmp (utsbuf.nodename, pe->owner_host)) { pidname = get_pid_name_for_uid (pe->owner_pid, pe->owner_uid); if (pidname) cmdline = get_cmdline (pe->owner_pid); } if (pe->owner_host && (cmdline || pidname)) snprintf (buf, sizeof buf, "[%lu]@%s (%s)", pe->owner_pid, pe->owner_host, cmdline ? cmdline : pidname); else if (pe->owner_host) snprintf (buf, sizeof buf, "[%lu]@%s", pe->owner_pid, pe->owner_host); else snprintf (buf, sizeof buf, "[%lu] ", pe->owner_pid); buf[sizeof buf - 1] = 0; free (pidname); free (cmdline); title = strdup (buf); } #endif /*!HAVE_W32_SYSTEM*/ else title = strdup (this_pgmname); return title; } /* Run a quality inquiry for PASSPHRASE of LENGTH. (We need LENGTH because not all backends might be able to return a proper C-string.). Returns: A value between -100 and 100 to give an estimate of the passphrase's quality. Negative values are use if the caller won't even accept that passphrase. Note that we expect just one data line which should not be escaped in any represent a numeric signed decimal value. Extra data is currently ignored but should not be send at all. */ int pinentry_inq_quality (pinentry_t pin, const char *passphrase, size_t length) { assuan_context_t ctx = pin->ctx_assuan; const char prefix[] = "INQUIRE QUALITY "; char *command; char *line; size_t linelen; int gotvalue = 0; int value = 0; int rc; if (!ctx) return 0; /* Can't run the callback. */ if (length > 300) length = 300; /* Limit so that it definitely fits into an Assuan line. */ command = secmem_malloc (strlen (prefix) + 3*length + 1); if (!command) return 0; strcpy (command, prefix); copy_and_escape (command + strlen(command), passphrase, length); rc = assuan_write_line (ctx, command); secmem_free (command); if (rc) { fprintf (stderr, "ASSUAN WRITE LINE failed: rc=%d\n", rc); return 0; } for (;;) { do { rc = assuan_read_line (ctx, &line, &linelen); if (rc) { fprintf (stderr, "ASSUAN READ LINE failed: rc=%d\n", rc); return 0; } } while (*line == '#' || !linelen); if (line[0] == 'E' && line[1] == 'N' && line[2] == 'D' && (!line[3] || line[3] == ' ')) break; /* END command received*/ if (line[0] == 'C' && line[1] == 'A' && line[2] == 'N' && (!line[3] || line[3] == ' ')) break; /* CAN command received*/ if (line[0] == 'E' && line[1] == 'R' && line[2] == 'R' && (!line[3] || line[3] == ' ')) break; /* ERR command received*/ if (line[0] != 'D' || line[1] != ' ' || linelen < 3 || gotvalue) continue; gotvalue = 1; value = atoi (line+2); } if (value < -100) value = -100; else if (value > 100) value = 100; return value; } /* Try to make room for at least LEN bytes in the pinentry. Returns new buffer on success and 0 on failure or when the old buffer is sufficient. */ char * pinentry_setbufferlen (pinentry_t pin, int len) { char *newp; if (pin->pin_len) assert (pin->pin); else assert (!pin->pin); if (len < 2048) len = 2048; if (len <= pin->pin_len) return pin->pin; newp = secmem_realloc (pin->pin, len); if (newp) { pin->pin = newp; pin->pin_len = len; } else { secmem_free (pin->pin); pin->pin = 0; pin->pin_len = 0; } return newp; } static void pinentry_setbuffer_clear (pinentry_t pin) { if (! pin->pin) { assert (pin->pin_len == 0); return; } assert (pin->pin_len > 0); secmem_free (pin->pin); pin->pin = NULL; pin->pin_len = 0; } static void pinentry_setbuffer_init (pinentry_t pin) { pinentry_setbuffer_clear (pin); pinentry_setbufferlen (pin, 0); } /* passphrase better be alloced with secmem_alloc. */ void pinentry_setbuffer_use (pinentry_t pin, char *passphrase, int len) { if (! passphrase) { assert (len == 0); pinentry_setbuffer_clear (pin); return; } if (passphrase && len == 0) len = strlen (passphrase) + 1; if (pin->pin) secmem_free (pin->pin); pin->pin = passphrase; pin->pin_len = len; } static struct assuan_malloc_hooks assuan_malloc_hooks = { secmem_malloc, secmem_realloc, secmem_free }; /* Initialize the secure memory subsystem, drop privileges and return. Must be called early. */ void pinentry_init (const char *pgmname) { /* Store away our name. */ if (strlen (pgmname) > sizeof this_pgmname - 2) abort (); strcpy (this_pgmname, pgmname); gpgrt_check_version (NULL); /* Initialize secure memory. 1 is too small, so the default size will be used. */ secmem_init (1); secmem_set_flags (SECMEM_WARN); drop_privs (); if (atexit (secmem_term)) { /* FIXME: Could not register at-exit function, bail out. */ } assuan_set_malloc_hooks (&assuan_malloc_hooks); } /* Simple test to check whether DISPLAY is set or the option --display was given. Used to decide whether the GUI or curses should be initialized. */ int pinentry_have_display (int argc, char **argv) { int found = 0; for (; argc; argc--, argv++) { if (!strcmp (*argv, "--display")) { if (argv[1] && !remember_display) { remember_display = strdup (argv[1]); if (!remember_display) { #ifndef HAVE_W32CE_SYSTEM fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno)); #endif exit (EXIT_FAILURE); } } found = 1; break; } else if (!strncmp (*argv, "--display=", 10)) { if (!remember_display) { remember_display = strdup (*argv+10); if (!remember_display) { #ifndef HAVE_W32CE_SYSTEM fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno)); #endif exit (EXIT_FAILURE); } } found = 1; break; } } #ifndef HAVE_W32CE_SYSTEM { const char *s; s = getenv ("DISPLAY"); if (s && *s) found = 1; } #endif return found; } /* Print usage information and and provide strings for help. */ static const char * my_strusage( int level ) { const char *p; switch (level) { case 11: p = this_pgmname; break; case 12: p = "pinentry"; break; case 13: p = PACKAGE_VERSION; break; case 14: p = "Copyright (C) 2016 g10 Code GmbH"; break; case 19: p = "Please report bugs to <" PACKAGE_BUGREPORT ">.\n"; break; case 1: case 40: { static char *str; if (!str) { size_t n = 50 + strlen (this_pgmname); str = malloc (n); if (str) { snprintf (str, n, "Usage: %s [options] (-h for help)", this_pgmname); str[n-1] = 0; } } p = str; } break; case 41: p = "Ask securely for a secret and print it to stdout."; break; case 42: p = "1"; /* Flag print 40 as part of 41. */ break; default: p = NULL; break; } return p; } char * parse_color (char *arg, pinentry_color_t *color_p, int *bright_p) { static struct { const char *name; pinentry_color_t color; } colors[] = { { "none", PINENTRY_COLOR_NONE }, { "default", PINENTRY_COLOR_DEFAULT }, { "black", PINENTRY_COLOR_BLACK }, { "red", PINENTRY_COLOR_RED }, { "green", PINENTRY_COLOR_GREEN }, { "yellow", PINENTRY_COLOR_YELLOW }, { "blue", PINENTRY_COLOR_BLUE }, { "magenta", PINENTRY_COLOR_MAGENTA }, { "cyan", PINENTRY_COLOR_CYAN }, { "white", PINENTRY_COLOR_WHITE } }; int i; char *new_arg; pinentry_color_t color = PINENTRY_COLOR_DEFAULT; if (!arg) return NULL; new_arg = strchr (arg, ','); if (new_arg) new_arg++; if (bright_p) { const char *bname[] = { "bright-", "bright", "bold-", "bold" }; *bright_p = 0; for (i = 0; i < sizeof (bname) / sizeof (bname[0]); i++) if (!strncasecmp (arg, bname[i], strlen (bname[i]))) { *bright_p = 1; arg += strlen (bname[i]); } } for (i = 0; i < sizeof (colors) / sizeof (colors[0]); i++) if (!strncasecmp (arg, colors[i].name, strlen (colors[i].name))) color = colors[i].color; *color_p = color; return new_arg; } /* Parse the command line options. May exit the program if only help or version output is requested. */ void pinentry_parse_opts (int argc, char *argv[]) { static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n('d', "debug", "Turn on debugging output"), ARGPARSE_s_s('D', "display", "|DISPLAY|Set the X display"), ARGPARSE_s_s('T', "ttyname", "|FILE|Set the tty terminal node name"), ARGPARSE_s_s('N', "ttytype", "|NAME|Set the tty terminal type"), ARGPARSE_s_s('C', "lc-ctype", "|STRING|Set the tty LC_CTYPE value"), ARGPARSE_s_s('M', "lc-messages", "|STRING|Set the tty LC_MESSAGES value"), ARGPARSE_s_i('o', "timeout", "|SECS|Timeout waiting for input after this many seconds"), ARGPARSE_s_n('g', "no-global-grab", "Grab keyboard only while window is focused"), ARGPARSE_s_u('W', "parent-wid", "Parent window ID (for positioning)"), ARGPARSE_s_s('c', "colors", "|STRING|Set custom colors for ncurses"), ARGPARSE_s_s('a', "ttyalert", "|STRING|Set the alert mode (none, beep or flash)"), ARGPARSE_end() }; ARGPARSE_ARGS pargs = { &argc, &argv, 0 }; set_strusage (my_strusage); pinentry_reset (1); while (arg_parse (&pargs, opts)) { switch (pargs.r_opt) { case 'd': pinentry.debug = 1; break; case 'g': pinentry.grab = 0; break; case 'D': /* Note, this is currently not used because the GUI engine has already been initialized when parsing these options. */ pinentry.display = strdup (pargs.r.ret_str); if (!pinentry.display) { #ifndef HAVE_W32CE_SYSTEM fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno)); #endif exit (EXIT_FAILURE); } break; case 'T': pinentry.ttyname = strdup (pargs.r.ret_str); if (!pinentry.ttyname) { #ifndef HAVE_W32CE_SYSTEM fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno)); #endif exit (EXIT_FAILURE); } break; case 'N': pinentry.ttytype = strdup (pargs.r.ret_str); if (!pinentry.ttytype) { #ifndef HAVE_W32CE_SYSTEM fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno)); #endif exit (EXIT_FAILURE); } break; case 'C': pinentry.lc_ctype = strdup (pargs.r.ret_str); if (!pinentry.lc_ctype) { #ifndef HAVE_W32CE_SYSTEM fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno)); #endif exit (EXIT_FAILURE); } break; case 'M': pinentry.lc_messages = strdup (pargs.r.ret_str); if (!pinentry.lc_messages) { #ifndef HAVE_W32CE_SYSTEM fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno)); #endif exit (EXIT_FAILURE); } break; case 'W': pinentry.parent_wid = pargs.r.ret_ulong; break; case 'c': { char *tmpstr = pargs.r.ret_str; tmpstr = parse_color (tmpstr, &pinentry.color_fg, &pinentry.color_fg_bright); tmpstr = parse_color (tmpstr, &pinentry.color_bg, NULL); tmpstr = parse_color (tmpstr, &pinentry.color_so, &pinentry.color_so_bright); } break; case 'o': pinentry.timeout = pargs.r.ret_int; break; case 'a': pinentry.ttyalert = strdup (pargs.r.ret_str); if (!pinentry.ttyalert) { #ifndef HAVE_W32CE_SYSTEM fprintf (stderr, "%s: %s\n", this_pgmname, strerror (errno)); #endif exit (EXIT_FAILURE); } break; default: pargs.err = ARGPARSE_PRINT_WARNING; break; } } if (!pinentry.display && remember_display) { pinentry.display = remember_display; remember_display = NULL; } } /* Set the optional flag used with getinfo. */ void pinentry_set_flavor_flag (const char *string) { flavor_flag = string; } static gpg_error_t option_handler (assuan_context_t ctx, const char *key, const char *value) { (void)ctx; if (!strcmp (key, "no-grab") && !*value) pinentry.grab = 0; else if (!strcmp (key, "grab") && !*value) pinentry.grab = 1; else if (!strcmp (key, "debug-wait")) { #ifndef HAVE_W32_SYSTEM fprintf (stderr, "%s: waiting for debugger - my pid is %u ...\n", this_pgmname, (unsigned int) getpid()); sleep (*value?atoi (value):5); fprintf (stderr, "%s: ... okay\n", this_pgmname); #endif } else if (!strcmp (key, "display")) { if (pinentry.display) free (pinentry.display); pinentry.display = strdup (value); if (!pinentry.display) return gpg_error_from_syserror (); } else if (!strcmp (key, "ttyname")) { if (pinentry.ttyname) free (pinentry.ttyname); pinentry.ttyname = strdup (value); if (!pinentry.ttyname) return gpg_error_from_syserror (); } else if (!strcmp (key, "ttytype")) { if (pinentry.ttytype) free (pinentry.ttytype); pinentry.ttytype = strdup (value); if (!pinentry.ttytype) return gpg_error_from_syserror (); } else if (!strcmp (key, "ttyalert")) { if (pinentry.ttyalert) free (pinentry.ttyalert); pinentry.ttyalert = strdup (value); if (!pinentry.ttyalert) return gpg_error_from_syserror (); } else if (!strcmp (key, "lc-ctype")) { if (pinentry.lc_ctype) free (pinentry.lc_ctype); pinentry.lc_ctype = strdup (value); if (!pinentry.lc_ctype) return gpg_error_from_syserror (); } else if (!strcmp (key, "lc-messages")) { if (pinentry.lc_messages) free (pinentry.lc_messages); pinentry.lc_messages = strdup (value); if (!pinentry.lc_messages) return gpg_error_from_syserror (); } else if (!strcmp (key, "owner")) { long along; char *endp; free (pinentry.owner_host); pinentry.owner_host = NULL; pinentry.owner_uid = -1; pinentry.owner_pid = 0; errno = 0; along = strtol (value, &endp, 10); if (along && !errno) { pinentry.owner_pid = (unsigned long)along; if (*endp) { errno = 0; if (*endp == '/') { /* we have a uid */ endp++; along = strtol (endp, &endp, 10); if (along >= 0 && !errno) pinentry.owner_uid = (int)along; } if (endp) { while (*endp == ' ') endp++; if (*endp) { pinentry.owner_host = strdup (endp); for (endp=pinentry.owner_host; *endp && *endp != ' '; endp++) ; *endp = 0; } } } } } else if (!strcmp (key, "parent-wid")) { pinentry.parent_wid = atoi (value); /* FIXME: Use strtol and add some error handling. */ } else if (!strcmp (key, "touch-file")) { if (pinentry.touch_file) free (pinentry.touch_file); pinentry.touch_file = strdup (value); if (!pinentry.touch_file) return gpg_error_from_syserror (); } else if (!strcmp (key, "default-ok")) { pinentry.default_ok = strdup (value); if (!pinentry.default_ok) return gpg_error_from_syserror (); } else if (!strcmp (key, "default-cancel")) { pinentry.default_cancel = strdup (value); if (!pinentry.default_cancel) return gpg_error_from_syserror (); } else if (!strcmp (key, "default-prompt")) { pinentry.default_prompt = strdup (value); if (!pinentry.default_prompt) return gpg_error_from_syserror (); } else if (!strcmp (key, "default-pwmngr")) { pinentry.default_pwmngr = strdup (value); if (!pinentry.default_pwmngr) return gpg_error_from_syserror (); } else if (!strcmp (key, "default-cf-visi")) { pinentry.default_cf_visi = strdup (value); if (!pinentry.default_cf_visi) return gpg_error_from_syserror (); } else if (!strcmp (key, "default-tt-visi")) { pinentry.default_tt_visi = strdup (value); if (!pinentry.default_tt_visi) return gpg_error_from_syserror (); } else if (!strcmp (key, "default-tt-hide")) { pinentry.default_tt_hide = strdup (value); if (!pinentry.default_tt_hide) return gpg_error_from_syserror (); } else if (!strcmp (key, "allow-external-password-cache") && !*value) { pinentry.allow_external_password_cache = 1; pinentry.tried_password_cache = 0; } else if (!strcmp (key, "allow-emacs-prompt") && !*value) { #ifdef INSIDE_EMACS pinentry_enable_emacs_cmd_handler (); #endif } else if (!strcmp (key, "invisible-char")) { if (pinentry.invisible_char) free (pinentry.invisible_char); pinentry.invisible_char = strdup (value); if (!pinentry.invisible_char) return gpg_error_from_syserror (); } else return gpg_error (GPG_ERR_UNKNOWN_OPTION); return 0; } /* Note, that it is sufficient to allocate the target string D as long as the source string S, i.e.: strlen(s)+1; */ static void strcpy_escaped (char *d, const char *s) { while (*s) { if (*s == '%' && s[1] && s[2]) { s++; *d++ = xtoi_2 ( s); s += 2; } else *d++ = *s++; } *d = 0; } static void write_status_error (assuan_context_t ctx, pinentry_t pe) { char buf[500]; const char *pgm; pgm = strchr (this_pgmname, '-'); if (pgm && pgm[1]) pgm++; else pgm = this_pgmname; snprintf (buf, sizeof buf, "%s.%s %d %s", pgm, pe->specific_err_loc? pe->specific_err_loc : "?", pe->specific_err, pe->specific_err_info? pe->specific_err_info : ""); buf[sizeof buf -1] = 0; assuan_write_status (ctx, "ERROR", buf); } static gpg_error_t cmd_setdesc (assuan_context_t ctx, char *line) { char *newd; (void)ctx; newd = malloc (strlen (line) + 1); if (!newd) return gpg_error_from_syserror (); strcpy_escaped (newd, line); if (pinentry.description) free (pinentry.description); pinentry.description = newd; return 0; } static gpg_error_t cmd_setprompt (assuan_context_t ctx, char *line) { char *newp; (void)ctx; newp = malloc (strlen (line) + 1); if (!newp) return gpg_error_from_syserror (); strcpy_escaped (newp, line); if (pinentry.prompt) free (pinentry.prompt); pinentry.prompt = newp; return 0; } /* The data provided at LINE may be used by pinentry implementations to identify a key for caching strategies of its own. The empty string and --clear mean that the key does not have a stable identifier. */ static gpg_error_t cmd_setkeyinfo (assuan_context_t ctx, char *line) { (void)ctx; if (pinentry.keyinfo) free (pinentry.keyinfo); if (*line && strcmp(line, "--clear") != 0) pinentry.keyinfo = strdup (line); else pinentry.keyinfo = NULL; return 0; } static gpg_error_t cmd_setrepeat (assuan_context_t ctx, char *line) { char *p; (void)ctx; p = malloc (strlen (line) + 1); if (!p) return gpg_error_from_syserror (); strcpy_escaped (p, line); free (pinentry.repeat_passphrase); pinentry.repeat_passphrase = p; return 0; } static gpg_error_t cmd_setrepeaterror (assuan_context_t ctx, char *line) { char *p; (void)ctx; p = malloc (strlen (line) + 1); if (!p) return gpg_error_from_syserror (); strcpy_escaped (p, line); free (pinentry.repeat_error_string); pinentry.repeat_error_string = p; return 0; } static gpg_error_t cmd_seterror (assuan_context_t ctx, char *line) { char *newe; (void)ctx; newe = malloc (strlen (line) + 1); if (!newe) return gpg_error_from_syserror (); strcpy_escaped (newe, line); if (pinentry.error) free (pinentry.error); pinentry.error = newe; return 0; } static gpg_error_t cmd_setok (assuan_context_t ctx, char *line) { char *newo; (void)ctx; newo = malloc (strlen (line) + 1); if (!newo) return gpg_error_from_syserror (); strcpy_escaped (newo, line); if (pinentry.ok) free (pinentry.ok); pinentry.ok = newo; return 0; } static gpg_error_t cmd_setnotok (assuan_context_t ctx, char *line) { char *newo; (void)ctx; newo = malloc (strlen (line) + 1); if (!newo) return gpg_error_from_syserror (); strcpy_escaped (newo, line); if (pinentry.notok) free (pinentry.notok); pinentry.notok = newo; return 0; } static gpg_error_t cmd_setcancel (assuan_context_t ctx, char *line) { char *newc; (void)ctx; newc = malloc (strlen (line) + 1); if (!newc) return gpg_error_from_syserror (); strcpy_escaped (newc, line); if (pinentry.cancel) free (pinentry.cancel); pinentry.cancel = newc; return 0; } static gpg_error_t cmd_settimeout (assuan_context_t ctx, char *line) { (void)ctx; if (line && *line) pinentry.timeout = atoi (line); return 0; } static gpg_error_t cmd_settitle (assuan_context_t ctx, char *line) { char *newt; (void)ctx; newt = malloc (strlen (line) + 1); if (!newt) return gpg_error_from_syserror (); strcpy_escaped (newt, line); if (pinentry.title) free (pinentry.title); pinentry.title = newt; return 0; } static gpg_error_t cmd_setqualitybar (assuan_context_t ctx, char *line) { char *newval; (void)ctx; if (!*line) line = "Quality:"; newval = malloc (strlen (line) + 1); if (!newval) return gpg_error_from_syserror (); strcpy_escaped (newval, line); if (pinentry.quality_bar) free (pinentry.quality_bar); pinentry.quality_bar = newval; return 0; } /* Set the tooltip to be used for a quality bar. */ static gpg_error_t cmd_setqualitybar_tt (assuan_context_t ctx, char *line) { char *newval; (void)ctx; if (*line) { newval = malloc (strlen (line) + 1); if (!newval) return gpg_error_from_syserror (); strcpy_escaped (newval, line); } else newval = NULL; if (pinentry.quality_bar_tt) free (pinentry.quality_bar_tt); pinentry.quality_bar_tt = newval; return 0; } static gpg_error_t cmd_getpin (assuan_context_t ctx, char *line) { int result; int set_prompt = 0; int just_read_password_from_cache = 0; (void)line; pinentry_setbuffer_init (&pinentry); if (!pinentry.pin) return gpg_error (GPG_ERR_ENOMEM); /* Try reading from the password cache. */ if (/* If repeat passphrase is set, then we don't want to read from the cache. */ ! pinentry.repeat_passphrase /* Are we allowed to read from the cache? */ && pinentry.allow_external_password_cache && pinentry.keyinfo /* Only read from the cache if we haven't already tried it. */ && ! pinentry.tried_password_cache /* If the last read resulted in an error, then don't read from the cache. */ && ! pinentry.error) { char *password; int give_up_on_password_store = 0; pinentry.tried_password_cache = 1; password = password_cache_lookup (pinentry.keyinfo, &give_up_on_password_store); if (give_up_on_password_store) pinentry.allow_external_password_cache = 0; if (password) /* There is a cached password. Try it. */ { int len = strlen(password) + 1; if (len > pinentry.pin_len) len = pinentry.pin_len; memcpy (pinentry.pin, password, len); pinentry.pin[len] = '\0'; secmem_free (password); pinentry.pin_from_cache = 1; assuan_write_status (ctx, "PASSWORD_FROM_CACHE", ""); /* Result is the length of the password not including the NUL terminator. */ result = len - 1; just_read_password_from_cache = 1; goto out; } } /* The password was not cached (or we are not allowed to / cannot use the cache). Prompt the user. */ pinentry.pin_from_cache = 0; if (!pinentry.prompt) { pinentry.prompt = pinentry.default_prompt?pinentry.default_prompt:"PIN:"; set_prompt = 1; } pinentry.locale_err = 0; pinentry.specific_err = 0; pinentry.specific_err_loc = NULL; free (pinentry.specific_err_info); pinentry.specific_err_info = NULL; pinentry.close_button = 0; pinentry.repeat_okay = 0; pinentry.one_button = 0; pinentry.ctx_assuan = ctx; result = (*pinentry_cmd_handler) (&pinentry); pinentry.ctx_assuan = NULL; if (pinentry.error) { free (pinentry.error); pinentry.error = NULL; } if (pinentry.repeat_passphrase) { free (pinentry.repeat_passphrase); pinentry.repeat_passphrase = NULL; } if (set_prompt) pinentry.prompt = NULL; pinentry.quality_bar = 0; /* Reset it after the command. */ if (pinentry.close_button) assuan_write_status (ctx, "BUTTON_INFO", "close"); if (result < 0) { pinentry_setbuffer_clear (&pinentry); if (pinentry.specific_err) { write_status_error (ctx, &pinentry); return pinentry.specific_err; } return (pinentry.locale_err ? gpg_error (GPG_ERR_LOCALE_PROBLEM) : gpg_error (GPG_ERR_CANCELED)); } out: if (result) { if (pinentry.repeat_okay) assuan_write_status (ctx, "PIN_REPEATED", ""); result = assuan_send_data (ctx, pinentry.pin, strlen(pinentry.pin)); if (!result) result = assuan_send_data (ctx, NULL, 0); if (/* GPG Agent says it's okay. */ pinentry.allow_external_password_cache && pinentry.keyinfo /* We didn't just read it from the cache. */ && ! just_read_password_from_cache /* And the user said it's okay. */ && pinentry.may_cache_password) /* Cache the password. */ password_cache_save (pinentry.keyinfo, pinentry.pin); } pinentry_setbuffer_clear (&pinentry); return result; } /* Note that the option --one-button is a hack to allow the use of old pinentries while the caller is ignoring the result. Given that options have never been used or flagged as an error the new option is an easy way to enable the messsage mode while not requiring to update pinentry or to have the caller test for the message command. New applications which are free to require an updated pinentry should use MESSAGE instead. */ static gpg_error_t cmd_confirm (assuan_context_t ctx, char *line) { int result; pinentry.one_button = !!strstr (line, "--one-button"); pinentry.quality_bar = 0; pinentry.close_button = 0; pinentry.locale_err = 0; pinentry.specific_err = 0; pinentry.specific_err_loc = NULL; free (pinentry.specific_err_info); pinentry.specific_err_info = NULL; pinentry.canceled = 0; pinentry_setbuffer_clear (&pinentry); result = (*pinentry_cmd_handler) (&pinentry); if (pinentry.error) { free (pinentry.error); pinentry.error = NULL; } if (pinentry.close_button) assuan_write_status (ctx, "BUTTON_INFO", "close"); if (result > 0) return 0; /* OK */ if (pinentry.specific_err) { write_status_error (ctx, &pinentry); return pinentry.specific_err; } if (pinentry.locale_err) return gpg_error (GPG_ERR_LOCALE_PROBLEM); if (pinentry.one_button) return 0; /* OK */ if (pinentry.canceled) return gpg_error (GPG_ERR_CANCELED); return gpg_error (GPG_ERR_NOT_CONFIRMED); } static gpg_error_t cmd_message (assuan_context_t ctx, char *line) { (void)line; return cmd_confirm (ctx, "--one-button"); } + +/* Return a staically allocated string with information on the mode, + * uid, and gid of DEVICE. On error "?" is returned if DEVICE is + * NULL, "-" is returned. */ +static const char * +device_stat_string (const char *device) +{ +#ifdef HAVE_STAT + static char buf[40]; + struct stat st; + + if (!device || !*device) + return "-"; + + if (stat (device, &st)) + return "?"; /* Error */ + snprintf (buf, sizeof buf, "%lo/%lu/%lu", + (unsigned long)st.st_mode, + (unsigned long)st.st_uid, + (unsigned long)st.st_gid); + return buf; +#else + return "-"; +#endif +} + + /* GETINFO Multipurpose function to return a variety of information. Supported values for WHAT are: version - Return the version of the program. pid - Return the process id of the server. flavor - Return information about the used pinentry flavor ttyinfo - Return DISPLAY and ttyinfo. */ static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { int rc; const char *s; - char buffer[100]; + char buffer[150]; if (!strcmp (line, "version")) { s = VERSION; rc = assuan_send_data (ctx, s, strlen (s)); } else if (!strcmp (line, "pid")) { snprintf (buffer, sizeof buffer, "%lu", (unsigned long)getpid ()); buffer[sizeof buffer -1] = 0; rc = assuan_send_data (ctx, buffer, strlen (buffer)); } else if (!strcmp (line, "flavor")) { if (!strncmp (this_pgmname, "pinentry-", 9) && this_pgmname[9]) s = this_pgmname + 9; else s = this_pgmname; snprintf (buffer, sizeof buffer, "%s%s%s", s, flavor_flag? ":":"", flavor_flag? flavor_flag : ""); buffer[sizeof buffer -1] = 0; rc = assuan_send_data (ctx, buffer, strlen (buffer)); /* if (!rc) */ /* rc = assuan_write_status (ctx, "FEATURES", "tabbing foo bar"); */ } else if (!strcmp (line, "ttyinfo")) { - snprintf (buffer, sizeof buffer, "%s %s %s", + snprintf (buffer, sizeof buffer, "%s %s %s %s %lu/%lu", pinentry.ttyname? pinentry.ttyname : "-", pinentry.ttytype? pinentry.ttytype : "-", - pinentry.display? pinentry.display : "-" ); + pinentry.display? pinentry.display : "-", + device_stat_string (pinentry.ttyname), +#ifdef HAVE_DOSISH_SYSTEM + 0l, 0l +#else + (unsigned long)geteuid (), (unsigned long)getegid () +#endif + ); buffer[sizeof buffer -1] = 0; rc = assuan_send_data (ctx, buffer, strlen (buffer)); } else rc = gpg_error (GPG_ERR_ASS_PARAMETER); return rc; } /* CLEARPASSPHRASE Clear the cache passphrase associated with the key identified by cacheid. */ static gpg_error_t cmd_clear_passphrase (assuan_context_t ctx, char *line) { (void)ctx; if (! line) return gpg_error (GPG_ERR_ASS_INV_VALUE); /* Remove leading and trailing white space. */ while (*line == ' ') line ++; while (line[strlen (line) - 1] == ' ') line[strlen (line) - 1] = 0; switch (password_cache_clear (line)) { case 1: return 0; case 0: return gpg_error (GPG_ERR_ASS_INV_VALUE); default: return gpg_error (GPG_ERR_ASS_GENERAL); } } /* Tell the assuan library about our commands. */ static gpg_error_t register_commands (assuan_context_t ctx) { static struct { const char *name; gpg_error_t (*handler) (assuan_context_t, char *line); } table[] = { { "SETDESC", cmd_setdesc }, { "SETPROMPT", cmd_setprompt }, { "SETKEYINFO", cmd_setkeyinfo }, { "SETREPEAT", cmd_setrepeat }, { "SETREPEATERROR", cmd_setrepeaterror }, { "SETERROR", cmd_seterror }, { "SETOK", cmd_setok }, { "SETNOTOK", cmd_setnotok }, { "SETCANCEL", cmd_setcancel }, { "GETPIN", cmd_getpin }, { "CONFIRM", cmd_confirm }, { "MESSAGE", cmd_message }, { "SETQUALITYBAR", cmd_setqualitybar }, { "SETQUALITYBAR_TT", cmd_setqualitybar_tt }, { "GETINFO", cmd_getinfo }, { "SETTITLE", cmd_settitle }, { "SETTIMEOUT", cmd_settimeout }, { "CLEARPASSPHRASE", cmd_clear_passphrase }, { NULL } }; int i, j; gpg_error_t rc; for (i = j = 0; table[i].name; i++) { rc = assuan_register_command (ctx, table[i].name, table[i].handler, NULL); if (rc) return rc; } return 0; } int pinentry_loop2 (int infd, int outfd) { gpg_error_t rc; assuan_fd_t filedes[2]; assuan_context_t ctx; /* Extra check to make sure we have dropped privs. */ #ifndef HAVE_DOSISH_SYSTEM if (getuid() != geteuid()) abort (); #endif rc = assuan_new (&ctx); if (rc) { fprintf (stderr, "server context creation failed: %s\n", gpg_strerror (rc)); return -1; } /* For now we use a simple pipe based server so that we can work from scripts. We will later add options to run as a daemon and wait for requests on a Unix domain socket. */ filedes[0] = assuan_fdopen (infd); filedes[1] = assuan_fdopen (outfd); rc = assuan_init_pipe_server (ctx, filedes); if (rc) { fprintf (stderr, "%s: failed to initialize the server: %s\n", this_pgmname, gpg_strerror (rc)); return -1; } rc = register_commands (ctx); if (rc) { fprintf (stderr, "%s: failed to the register commands with Assuan: %s\n", this_pgmname, gpg_strerror (rc)); return -1; } assuan_register_option_handler (ctx, option_handler); #if 0 assuan_set_log_stream (ctx, stderr); #endif assuan_register_reset_notify (ctx, pinentry_assuan_reset_handler); for (;;) { rc = assuan_accept (ctx); if (rc == -1) break; else if (rc) { fprintf (stderr, "%s: Assuan accept problem: %s\n", this_pgmname, gpg_strerror (rc)); break; } rc = assuan_process (ctx); if (rc) { fprintf (stderr, "%s: Assuan processing failed: %s\n", this_pgmname, gpg_strerror (rc)); continue; } } assuan_release (ctx); return 0; } /* Start the pinentry event loop. The program will start to process Assuan commands until it is finished or an error occurs. If an error occurs, -1 is returned. Otherwise, 0 is returned. */ int pinentry_loop (void) { return pinentry_loop2 (STDIN_FILENO, STDOUT_FILENO); }