+ * Mechanism for getting text strings such as usernames and passwords
+ * from the front-end.
+ * The fields are mostly modelled after SSH's keyboard-interactive auth.
+ * FIXME We should probably mandate a character set/encoding (probably UTF-8).
+ *
+ * Since many of the pieces of text involved may be chosen by the server,
+ * the caller must take care to ensure that the server can't spoof locally-
+ * generated prompts such as key passphrase prompts. Some ground rules:
+ * - If the front-end needs to truncate a string, it should lop off the
+ * end.
+ * - The front-end should filter out any dangerous characters and
+ * generally not trust the strings. (But \n is required to behave
+ * vaguely sensibly, at least in `instruction', and ideally in
+ * `prompt[]' too.)
+ */
+typedef struct {
+ char *prompt;
+ int echo;
+ char *result; /* allocated/freed by caller */
+ size_t result_len;
+} prompt_t;
+typedef struct {
+ /*
+ * Indicates whether the information entered is to be used locally
+ * (for instance a key passphrase prompt), or is destined for the wire.
+ * This is a hint only; the front-end is at liberty not to use this
+ * information (so the caller should ensure that the supplied text is
+ * sufficient).
+ */
+ int to_server;
+ char *name; /* Short description, perhaps for dialog box title */
+ int name_reqd; /* Display of `name' required or optional? */
+ char *instruction; /* Long description, maybe with embedded newlines */
+ int instr_reqd; /* Display of `instruction' required or optional? */
+ size_t n_prompts; /* May be zero (in which case display the foregoing,
+ * if any, and return success) */
+ prompt_t **prompts;
+ void *frontend;
+ void *data; /* slot for housekeeping data, managed by
+ * get_userpass_input(); initially NULL */
+} prompts_t;
+prompts_t *new_prompts(void *frontend);
+void add_prompt(prompts_t *p, char *promptstr, int echo, size_t len);
+/* Burn the evidence. (Assumes _all_ strings want free()ing.) */
+void free_prompts(prompts_t *p);
+
+/*
+ * Exports from the front end.