[u/mdw/catacomb] / passphrase.c

/* -*-c-*-
 *
 * $Id: passphrase.c,v 1.5 2002/01/13 13:41:37 mdw Exp $
 *
 * Reading of passphrases (Unix-specific)
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: passphrase.c,v $
 * Revision 1.5  2002/01/13 13:41:37  mdw
 * Fix stupidity in passphrase verification.
 *
 * Revision 1.4  2001/04/19 18:26:01  mdw
 * Re-request broken passphrases.
 *
 * Revision 1.3  2000/12/06 20:33:27  mdw
 * Make flags be macros rather than enumerations, to ensure that they're
 * unsigned.
 *
 * Revision 1.2  2000/06/17 11:49:37  mdw
 * New pixie protocol allowing application to request passphrases and send
 * them to the pixie.
 *
 * Revision 1.1  1999/12/22 15:58:20  mdw
 * Portable interface to reading passphrases.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <unistd.h>

#include <mLib/dstr.h>

#include "passphrase.h"
#include "pixie.h"

/*----- Static variables --------------------------------------------------*/

static int fd = -1;
static unsigned flags = 0;

#define f_fail 1u

/*----- Main code ---------------------------------------------------------*/

/* --- @pconn@ --- *
 *
 * Arguments:	---
 *
 * Returns:	Zero if OK, nonzero if it failed
 *
 * Use:		Attempts to connect to the passphrase pixie.
 */

static int pconn(void)
{
  if (fd != -1)
    return (0);
  if (flags & f_fail)
    return (-1);
  if ((fd = pixie_open(0)) < 0) {
    flags |= f_fail;
    return (-1);
  }
  return (0);
}

/* --- @passphrase_read@ --- *
 *
 * Arguments:	@const char *tag@ = pointer to passphrase tag string
 *		@unsigned mode@ = reading mode
 *		@char *buf@ = pointer to destination buffer
 *		@size_t sz@ = size of destination buffer
 *
 * Returns:	Zero if successful, nonzero on failure.
 *
 * Use:		Reads a passphrase from the user, using some system-specific
 *		secure mechanism.  The mechanism may keep a cache of
 *		passphrases, so the user may not necessarily be prompted.
 */

int passphrase_read(const char *tag, unsigned mode, char *buf, size_t sz)
{
  dstr d = DSTR_INIT;
  int rc = 1;

  /* --- Try talking to the pixie --- */

  if (!pconn()) {
    rc = pixie_read(fd, tag, mode, buf, sz);
    if (rc < 0) {
      close(fd);
      fd = -1;
      return (-1);
    }
    if (rc == 0)
      return (0);
  }

  /* --- Read from the terminal --- */

  dstr_putf(&d, "%s %s: ",
	    mode == PMODE_READ ? "Passphrase" : "New passphrase",
	    tag);
  if (pixie_getpass(d.buf, buf, sz))
    goto fail;
  if (mode == PMODE_VERIFY) {
    char b[1024];
    DRESET(&d);
    dstr_putf(&d, "Verify passphrase %s: ", tag);
    if (pixie_getpass(d.buf, b, sizeof(b)) || strcmp(b, buf) != 0) {
      memset(b, 0, sizeof(b));
      goto fail;
    }
  }
  dstr_destroy(&d);

  /* --- If the pixie is interested, tell it the new passphrase --- */

  if (fd >= 0)
    pixie_set(fd, tag, buf);
  return (0);

  /* --- Tidy up after a failure --- */

fail:
  dstr_destroy(&d);
  memset(buf, 0, sz);
  return (-1);      
}

/* --- @passphrase_cancel@ --- *
 *
 * Arguments:	@const char *tag@ = pointer to passphrase tag string
 *
 * Returns:	---
 *
 * Use:		Attempts to make the passphrase cache forget about a
 *		particular passphrase.  This may be useful if the passphrase
 *		turns out to be wrong, or if the user is attempting to change
 *		the passphrase.
 */

void passphrase_cancel(const char *tag)
{
  if (!pconn())
    pixie_cancel(fd, tag);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
9c5b124e	1	/* --c--
9c5b124e	2	*
14d553d6	3	* $Id: passphrase.c,v 1.5 2002/01/13 13:41:37 mdw Exp $
9c5b124e	4	*
	5	* Reading of passphrases (Unix-specific)
	6	*
	7	* (c) 1999 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: passphrase.c,v $
14d553d6	33	* Revision 1.5 2002/01/13 13:41:37 mdw
	34	* Fix stupidity in passphrase verification.
	35	*
250a0324	36	* Revision 1.4 2001/04/19 18:26:01 mdw
	37	* Re-request broken passphrases.
	38	*
16efd15b	39	* Revision 1.3 2000/12/06 20:33:27 mdw
	40	* Make flags be macros rather than enumerations, to ensure that they're
	41	* unsigned.
	42	*
95959d10	43	* Revision 1.2 2000/06/17 11:49:37 mdw
	44	* New pixie protocol allowing application to request passphrases and send
	45	* them to the pixie.
	46	*
9c5b124e	47	* Revision 1.1 1999/12/22 15:58:20 mdw
	48	* Portable interface to reading passphrases.
	49	*
	50	*/
	51
	52	/----- Header files ------------------------------------------------------/
	53
	54	#include <errno.h>
	55	#include <stdio.h>
	56	#include <stdlib.h>
	57	#include <string.h>
	58
	59	#include <unistd.h>
	60
	61	#include <mLib/dstr.h>
	62
	63	#include "passphrase.h"
	64	#include "pixie.h"
	65
	66	/----- Static variables --------------------------------------------------/
	67
	68	static int fd = -1;
	69	static unsigned flags = 0;
	70
16efd15b	71	#define f_fail 1u
9c5b124e	72
	73	/----- Main code ---------------------------------------------------------/
	74
	75	/* --- @pconn@ --- *
	76	*
	77	* Arguments: ---
	78	*
	79	* Returns: Zero if OK, nonzero if it failed
	80	*
	81	* Use: Attempts to connect to the passphrase pixie.
	82	*/
	83
	84	static int pconn(void)
	85	{
	86	if (fd != -1)
	87	return (0);
	88	if (flags & f_fail)
	89	return (-1);
	90	if ((fd = pixie_open(0)) < 0) {
	91	flags \|= f_fail;
	92	return (-1);
	93	}
	94	return (0);
	95	}
	96
	97	/* --- @passphrase_read@ --- *
	98	*
	99	* Arguments: @const char *tag@ = pointer to passphrase tag string
	100	* @unsigned mode@ = reading mode
	101	* @char *buf@ = pointer to destination buffer
	102	* @size_t sz@ = size of destination buffer
	103	*
	104	* Returns: Zero if successful, nonzero on failure.
	105	*
	106	* Use: Reads a passphrase from the user, using some system-specific
	107	* secure mechanism. The mechanism may keep a cache of
	108	* passphrases, so the user may not necessarily be prompted.
	109	*/
	110
	111	int passphrase_read(const char tag, unsigned mode, char buf, size_t sz)
	112	{
	113	dstr d = DSTR_INIT;
95959d10	114	int rc = 1;
9c5b124e	115
	116	/* --- Try talking to the pixie --- */
	117
	118	if (!pconn()) {
95959d10	119	rc = pixie_read(fd, tag, mode, buf, sz);
95959d10	120	if (rc < 0) {
9c5b124e	121	close(fd);
	122	fd = -1;
	123	return (-1);
	124	}
95959d10	125	if (rc == 0)
95959d10	126	return (0);
9c5b124e	127	}
	128
	129	/* --- Read from the terminal --- */
	130
95959d10	131	dstr_putf(&d, "%s %s: ",
	132	mode == PMODE_READ ? "Passphrase" : "New passphrase",
	133	tag);
9c5b124e	134	if (pixie_getpass(d.buf, buf, sz))
	135	goto fail;
	136	if (mode == PMODE_VERIFY) {
	137	char b[1024];
	138	DRESET(&d);
	139	dstr_putf(&d, "Verify passphrase %s: ", tag);
14d553d6	140	if (pixie_getpass(d.buf, b, sizeof(b)) \|\| strcmp(b, buf) != 0) {
9c5b124e	141	memset(b, 0, sizeof(b));
14d553d6	142	goto fail;
9c5b124e	143	}
	144	}
	145	dstr_destroy(&d);
95959d10	146
	147	/* --- If the pixie is interested, tell it the new passphrase --- */
	148
	149	if (fd >= 0)
	150	pixie_set(fd, tag, buf);
9c5b124e	151	return (0);
	152
	153	/* --- Tidy up after a failure --- */
	154
	155	fail:
	156	dstr_destroy(&d);
	157	memset(buf, 0, sz);
	158	return (-1);
	159	}
	160
	161	/* --- @passphrase_cancel@ --- *
	162	*
	163	* Arguments: @const char *tag@ = pointer to passphrase tag string
	164	*
	165	* Returns: ---
	166	*
	167	* Use: Attempts to make the passphrase cache forget about a
	168	* particular passphrase. This may be useful if the passphrase
	169	* turns out to be wrong, or if the user is attempting to change
	170	* the passphrase.
	171	*/
	172
	173	void passphrase_cancel(const char *tag)
	174	{
	175	if (!pconn())
	176	pixie_cancel(fd, tag);
	177	}
	178
	179	/----- That's all, folks -------------------------------------------------/