You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

173 lines
4.0 KiB

/* password-cache.c - Password cache support.
Copyright (C) 2015 g10 Code GmbH
This file is part of PINENTRY.
PINENTRY is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
PINENTRY is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, see <https://www.gnu.org/licenses/>.
SPDX-License-Identifier: GPL-2.0+
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#ifdef HAVE_LIBSECRET
# include <libsecret/secret.h>
#endif
#include "password-cache.h"
#include "memory.h"
#ifdef HAVE_LIBSECRET
static const SecretSchema *
gpg_schema (void)
{
static const SecretSchema the_schema = {
"org.gnupg.Passphrase", SECRET_SCHEMA_NONE,
{
{ "stored-by", SECRET_SCHEMA_ATTRIBUTE_STRING },
{ "keygrip", SECRET_SCHEMA_ATTRIBUTE_STRING },
{ "NULL", 0 },
}
};
return &the_schema;
}
static char *
keygrip_to_label (const char *keygrip)
{
char const prefix[] = "GnuPG: ";
char *label;
label = malloc (sizeof (prefix) + strlen (keygrip));
if (label)
{
memcpy (label, prefix, sizeof (prefix) - 1);
strcpy (&label[sizeof (prefix) - 1], keygrip);
}
return label;
}
#endif
void
password_cache_save (const char *keygrip, const char *password)
{
#ifdef HAVE_LIBSECRET
char *label;
GError *error = NULL;
if (! *keygrip)
return;
label = keygrip_to_label (keygrip);
if (! label)
return;
if (! secret_password_store_sync (gpg_schema (),
SECRET_COLLECTION_DEFAULT,
label, password, NULL, &error,
"stored-by", "GnuPG Pinentry",
"keygrip", keygrip, NULL))
{
fprintf (stderr, "Failed to cache password for key %s with secret service: %s\n",
keygrip, error->message);
g_error_free (error);
}
free (label);
#else
(void) keygrip;
(void) password;
return;
#endif
}
char *
password_cache_lookup (const char *keygrip, int *fatal_error)
{
#ifdef HAVE_LIBSECRET
GError *error = NULL;
char *password;
char *password2;
if (! *keygrip)
return NULL;
password = secret_password_lookup_nonpageable_sync
(gpg_schema (), NULL, &error,
"keygrip", keygrip, NULL);
if (error != NULL)
{
if (fatal_error)
*fatal_error = 1;
fprintf (stderr, "Failed to lookup password for key %s with secret service: %s\n",
keygrip, error->message);
g_error_free (error);
return NULL;
}
if (! password)
/* The password for this key is not cached. Just return NULL. */
return NULL;
/* The password needs to be returned in secmem allocated memory. */
password2 = secmem_malloc (strlen (password) + 1);
if (password2)
strcpy(password2, password);
else
fprintf (stderr, "secmem_malloc failed: can't copy password!\n");
secret_password_free (password);
return password2;
#else
(void) keygrip;
(void) fatal_error;
return NULL;
#endif
}
/* Try and remove the cached password for key grip. Returns -1 on
error, 0 if the key is not found and 1 if the password was
removed. */
int
password_cache_clear (const char *keygrip)
{
#ifdef HAVE_LIBSECRET
GError *error = NULL;
int removed = secret_password_clear_sync (gpg_schema (), NULL, &error,
"keygrip", keygrip, NULL);
if (error != NULL)
{
fprintf (stderr, "Failed to clear password for key %s with secret service: %s\n",
keygrip, error->message);
g_debug("%s", error->message);
g_error_free (error);
return -1;
}
if (removed)
return 1;
return 0;
#else
(void) keygrip;
return -1;
#endif
}