github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/pinentry/pinentry.go (about) 1 // Copyright 2015 Keybase, Inc. All rights reserved. Use of 2 // this source code is governed by the included BSD license. 3 4 package pinentry 5 6 import ( 7 "bufio" 8 "fmt" 9 "io" 10 "os" 11 "os/exec" 12 "strings" 13 14 "github.com/keybase/client/go/logger" 15 keybase1 "github.com/keybase/client/go/protocol/keybase1" 16 ) 17 18 // 19 // some borrowed from here: 20 // 21 // https://github.com/bradfitz/camlistore/blob/master/pkg/misc/pinentry/pinentry.go 22 // 23 // Under the Apache 2.0 license 24 // 25 26 type Pinentry struct { 27 initRes *error 28 path string 29 term string 30 tty string 31 prog string 32 log logger.Logger 33 } 34 35 func New(envprog string, log logger.Logger, tty string) *Pinentry { 36 return &Pinentry{ 37 prog: envprog, 38 log: log, 39 tty: tty, 40 } 41 } 42 43 func (pe *Pinentry) Init() (error, error) { 44 if pe.initRes != nil { 45 return *pe.initRes, nil 46 } 47 err, fatalerr := pe.FindProgram() 48 if err == nil { 49 pe.GetTerminalName() 50 } 51 pe.term = os.Getenv("TERM") 52 pe.initRes = &err 53 return err, fatalerr 54 } 55 56 func (pe *Pinentry) SetInitError(e error) { 57 pe.initRes = &e 58 } 59 60 func (pe *Pinentry) FindProgram() (error, error) { 61 prog := pe.prog 62 var err, fatalerr error 63 if len(prog) > 0 { 64 if err = canExec(prog); err == nil { 65 pe.path = prog 66 } else { 67 err = fmt.Errorf("Can't execute given pinentry program '%s': %s", 68 prog, err) 69 fatalerr = err 70 } 71 } else if prog, err = FindPinentry(pe.log); err == nil { 72 pe.path = prog 73 } 74 return err, fatalerr 75 } 76 77 func (pe *Pinentry) Get(arg keybase1.SecretEntryArg) (res *keybase1.SecretEntryRes, err error) { 78 79 pe.log.Debug("+ Pinentry::Get()") 80 81 // Do a lazy initialization 82 if err, _ = pe.Init(); err != nil { 83 return 84 } 85 86 inst := pinentryInstance{parent: pe} 87 defer inst.Close() 88 89 if err = inst.Init(); err != nil { 90 // We probably shouldn't try to use this thing again if we failed 91 // to set it up. 92 pe.SetInitError(err) 93 return 94 } 95 res, err = inst.Run(arg) 96 pe.log.Debug("- Pinentry::Get() -> %v", err) 97 return 98 } 99 100 func (pi *pinentryInstance) Close() { 101 pi.stdin.Close() 102 _ = pi.cmd.Wait() 103 } 104 105 type pinentryInstance struct { 106 parent *Pinentry 107 cmd *exec.Cmd 108 stdout io.ReadCloser 109 stdin io.WriteCloser 110 br *bufio.Reader 111 } 112 113 func (pi *pinentryInstance) Set(cmd, val string, errp *error) { 114 if val == "" { 115 return 116 } 117 fmt.Fprintf(pi.stdin, "%s %s\n", cmd, val) 118 line, _, err := pi.br.ReadLine() 119 if err != nil { 120 *errp = err 121 return 122 } 123 if string(line) != "OK" { 124 *errp = fmt.Errorf("Response to " + cmd + " was " + string(line)) 125 } 126 } 127 128 func (pi *pinentryInstance) Init() (err error) { 129 parent := pi.parent 130 131 parent.log.Debug("+ pinentryInstance::Init()") 132 133 pi.cmd = exec.Command(parent.path) 134 pi.stdin, _ = pi.cmd.StdinPipe() 135 pi.stdout, _ = pi.cmd.StdoutPipe() 136 137 if err = pi.cmd.Start(); err != nil { 138 parent.log.Warning("unexpected error running pinentry (%s): %s", parent.path, err) 139 return 140 } 141 142 pi.br = bufio.NewReader(pi.stdout) 143 lineb, _, err := pi.br.ReadLine() 144 145 if err != nil { 146 err = fmt.Errorf("Failed to get getpin greeting: %s", err) 147 return 148 } 149 150 line := string(lineb) 151 if !strings.HasPrefix(line, "OK") { 152 err = fmt.Errorf("getpin greeting didn't say 'OK', said: %q", line) 153 return 154 } 155 156 if len(parent.tty) > 0 { 157 parent.log.Debug("setting ttyname to %s", parent.tty) 158 pi.Set("OPTION", "ttyname="+parent.tty, &err) 159 if err != nil { 160 parent.log.Debug("error setting ttyname: %s", err) 161 } 162 } 163 if len(parent.term) > 0 { 164 parent.log.Debug("setting ttytype to %s", parent.term) 165 pi.Set("OPTION", "ttytype="+parent.term, &err) 166 if err != nil { 167 parent.log.Debug("error setting ttytype: %s", err) 168 } 169 } 170 171 parent.log.Debug("- pinentryInstance::Init() -> %v", err) 172 return 173 } 174 175 func descEncode(s string) string { 176 s = strings.ReplaceAll(s, "%", "%%") 177 s = strings.ReplaceAll(s, "\n", "%0A") 178 return s 179 } 180 181 func resDecode(s string) string { 182 s = strings.ReplaceAll(s, "%25", "%") 183 return s 184 } 185 186 func (pi *pinentryInstance) Run(arg keybase1.SecretEntryArg) (res *keybase1.SecretEntryRes, err error) { 187 188 pi.Set("SETPROMPT", arg.Prompt, &err) 189 pi.Set("SETDESC", descEncode(arg.Desc), &err) 190 pi.Set("SETOK", arg.Ok, &err) 191 pi.Set("SETCANCEL", arg.Cancel, &err) 192 pi.Set("SETERROR", arg.Err, &err) 193 194 if err != nil { 195 return 196 } 197 198 fmt.Fprintf(pi.stdin, "GETPIN\n") 199 var lineb []byte 200 lineb, _, err = pi.br.ReadLine() 201 if err != nil { 202 err = fmt.Errorf("Failed to read line after GETPIN: %v", err) 203 return 204 } 205 line := string(lineb) 206 switch { 207 case strings.HasPrefix(line, "D "): 208 res = &keybase1.SecretEntryRes{Text: resDecode(line[2:])} 209 case strings.HasPrefix(line, "ERR 83886179 canceled") || strings.HasPrefix(line, "ERR 83886179 Operation cancelled"): 210 res = &keybase1.SecretEntryRes{Canceled: true} 211 case line == "OK": 212 res = &keybase1.SecretEntryRes{} 213 default: 214 return nil, fmt.Errorf( 215 "failed to run pinentry: GETPIN response didn't start with D; got %q (see %s for troubleshooting help)", 216 line, 217 "https://github.com/keybase/client/blob/master/go/doc/troubleshooting.md#pinentry-doesnt-work", 218 ) 219 } 220 221 return 222 }