Expunge revision histories in files.

[u/mdw/catacomb] / passphrase.c

/* -*-c-*-
 *
 * $Id: passphrase.c,v 1.6 2004/04/08 01:36:15 mdw Exp $
 *
 * Reading of passphrases (Unix-specific)
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <unistd.h>

#include <mLib/dstr.h>

#include "passphrase.h"
#include "pixie.h"

/*----- Static variables --------------------------------------------------*/

static int fd = -1;
static unsigned flags = 0;

#define f_fail 1u

/*----- Main code ---------------------------------------------------------*/

/* --- @pconn@ --- *
 *
 * Arguments:   ---
 *
 * Returns:     Zero if OK, nonzero if it failed
 *
 * Use:         Attempts to connect to the passphrase pixie.
 */

static int pconn(void)
{
  if (fd != -1)
    return (0);
  if (flags & f_fail)
    return (-1);
  if ((fd = pixie_open(0)) < 0) {
    flags |= f_fail;
    return (-1);
  }
  return (0);
}

/* --- @passphrase_read@ --- *
 *
 * Arguments:   @const char *tag@ = pointer to passphrase tag string
 *              @unsigned mode@ = reading mode
 *              @char *buf@ = pointer to destination buffer
 *              @size_t sz@ = size of destination buffer
 *
 * Returns:     Zero if successful, nonzero on failure.
 *
 * Use:         Reads a passphrase from the user, using some system-specific
 *              secure mechanism.  The mechanism may keep a cache of
 *              passphrases, so the user may not necessarily be prompted.
 */

int passphrase_read(const char *tag, unsigned mode, char *buf, size_t sz)
{
  dstr d = DSTR_INIT;
  int rc = 1;

  /* --- Try talking to the pixie --- */

  if (!pconn()) {
    rc = pixie_read(fd, tag, mode, buf, sz);
    if (rc < 0) {
      close(fd);
      fd = -1;
      return (-1);
    }
    if (rc == 0)
      return (0);
  }

  /* --- Read from the terminal --- */

  dstr_putf(&d, "%s %s: ",
            mode == PMODE_READ ? "Passphrase" : "New passphrase",
            tag);
  if (pixie_getpass(d.buf, buf, sz))
    goto fail;
  if (mode == PMODE_VERIFY) {
    char b[1024];
    DRESET(&d);
    dstr_putf(&d, "Verify passphrase %s: ", tag);
    if (pixie_getpass(d.buf, b, sizeof(b)) || strcmp(b, buf) != 0) {
      memset(b, 0, sizeof(b));
      goto fail;
    }
  }
  dstr_destroy(&d);

  /* --- If the pixie is interested, tell it the new passphrase --- */

  if (fd >= 0)
    pixie_set(fd, tag, buf);
  return (0);

  /* --- Tidy up after a failure --- */

fail:
  dstr_destroy(&d);
  memset(buf, 0, sz);
  return (-1);      
}

/* --- @passphrase_cancel@ --- *
 *
 * Arguments:   @const char *tag@ = pointer to passphrase tag string
 *
 * Returns:     ---
 *
 * Use:         Attempts to make the passphrase cache forget about a
 *              particular passphrase.  This may be useful if the passphrase
 *              turns out to be wrong, or if the user is attempting to change
 *              the passphrase.
 */

void passphrase_cancel(const char *tag)
{
  if (!pconn())
    pixie_cancel(fd, tag);
}

/*----- That's all, folks -------------------------------------------------*/