.\" $MirOS: contrib/hosted/tg/code/kwalletcli/kwalletaskpass.1,v 1.14 2020/11/19 21:30:54 tg Exp $ .\"- .\" Copyright © 2009, 2010, 2011, 2016, 2018, 2020 .\" mirabilos .\" .\" Provided that these terms and disclaimer and all copyright notices .\" are retained or reproduced in an accompanying document, permission .\" is granted to deal in this work without restriction, including un‐ .\" limited rights to use, publicly perform, distribute, sell, modify, .\" merge, give away, or sublicence. .\" .\" This work is provided “AS IS” and WITHOUT WARRANTY of any kind, to .\" the utmost extent permitted by applicable law, neither express nor .\" implied; without malicious intent or gross negligence. In no event .\" may a licensor, author or contributor be held liable for indirect, .\" direct, other damage, loss, or other issues arising in any way out .\" of dealing in the work, even if advised of the possibility of such .\" damage or existence of a defect, except proven that it results out .\" of said person’s immediate fault when using the work as intended. .\"- .\" Try to make GNU groff and AT&T nroff more compatible .\" * ` generates ‘ in gnroff, so use \` .\" * ' generates ’ in gnroff, \' generates ´, so use \*(aq .\" * - generates ‐ in gnroff, \- generates −, so .tr it to - .\" thus use - for hyphens and \- for minus signs and option dashes .\" * ~ is size-reduced and placed atop in groff, so use \*(TI .\" * ^ is size-reduced and placed atop in groff, so use \*(ha .\" * \(en does not work in nroff, so use \*(en for a solo en dash .\" * and \*(EM for a correctly spaced em dash .\" * <>| are problematic, so redefine and use \*(Lt\*(Gt\*(Ba .\" Also make sure to use \& *before* a punctuation char that is to not .\" be interpreted as punctuation, and especially with two-letter words .\" but also (after) a period that does not end a sentence (“e.g.\&”). .\" The section after the "doc" macropackage has been loaded contains .\" additional code to convene between the UCB mdoc macropackage (and .\" its variant as BSD mdoc in groff) and the GNU mdoc macropackage. .\" .ie \n(.g \{\ . if \*[.T]ascii .tr \-\N'45' . if \*[.T]latin1 .tr \-\N'45' . if \*[.T]utf8 .tr \-\N'45' . ds <= \[<=] . ds >= \[>=] . ds Rq \[rq] . ds Lq \[lq] . ds sL \(aq . ds sR \(aq . if \*[.T]utf8 .ds sL ` . if \*[.T]ps .ds sL ` . if \*[.T]utf8 .ds sR ' . if \*[.T]ps .ds sR ' . ds aq \(aq . ds TI \(ti . ds ha \(ha . ds en \(en .\} .el \{\ . ds aq ' . ds TI ~ . ds ha ^ . ds en \(em .\} .ie n \{\ . ds EM \ \(em\ \& .\} .el \{\ . ds EM \f(TR\^\(em\^\fP .\} .\" .\" Implement .Dd with the Mdocdate RCS keyword .\" .rn Dd xD .de Dd .ie \\$1$Mdocdate: \{\ . xD \\$2 \\$3, \\$4 .\} .el .xD \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 .. .\" .\" .Dd must come before definition of .Mx, because when called .\" with -mandoc, it might implement .Mx itself, but we want to .\" use our own definition. And .Dd must come *first*, always. .\" .Dd $Mdocdate: November 19 2020 $ .\" .\" Check which macro package we use, and do other -mdoc setup. .\" .ie \n(.g \{\ . if \*[.T]utf8 .tr \[la]\*(Lt . if \*[.T]utf8 .tr \[ra]\*(Gt . ie d volume-ds-1 .ds tT gnu . el .ie d doc-volume-ds-1 .ds tT gnp . el .ds tT bsd .\} .el .ds tT ucb .\" .\" Implement .Mx (MirBSD) .\" .ie "\*(tT"gnu" \{\ . eo . de Mx . nr curr-font \n[.f] . nr curr-size \n[.ps] . ds str-Mx \f[\n[curr-font]]\s[\n[curr-size]u] . ds str-Mx1 \*[Tn-font-size]\%MirBSD\*[str-Mx] . if !\n[arg-limit] \ . if \n[.$] \{\ . ds macro-name Mx . parse-args \$@ . \} . if (\n[arg-limit] > \n[arg-ptr]) \{\ . nr arg-ptr +1 . ie (\n[type\n[arg-ptr]] == 2) \ . as str-Mx1 \~\*[arg\n[arg-ptr]] . el \ . nr arg-ptr -1 . \} . ds arg\n[arg-ptr] "\*[str-Mx1] . nr type\n[arg-ptr] 2 . ds space\n[arg-ptr] "\*[space] . nr num-args (\n[arg-limit] - \n[arg-ptr]) . nr arg-limit \n[arg-ptr] . if \n[num-args] \ . parse-space-vector . print-recursive .. . ec . ds sP \s0 . ds tN \*[Tn-font-size] .\} .el .ie "\*(tT"gnp" \{\ . eo . de Mx . nr doc-curr-font \n[.f] . nr doc-curr-size \n[.ps] . ds doc-str-Mx \f[\n[doc-curr-font]]\s[\n[doc-curr-size]u] . ds doc-str-Mx1 \*[doc-Tn-font-size]\%MirBSD\*[doc-str-Mx] . if !\n[doc-arg-limit] \ . if \n[.$] \{\ . ds doc-macro-name Mx . doc-parse-args \$@ . \} . if (\n[doc-arg-limit] > \n[doc-arg-ptr]) \{\ . nr doc-arg-ptr +1 . ie (\n[doc-type\n[doc-arg-ptr]] == 2) \ . as doc-str-Mx1 \~\*[doc-arg\n[doc-arg-ptr]] . el \ . nr doc-arg-ptr -1 . \} . ds doc-arg\n[doc-arg-ptr] "\*[doc-str-Mx1] . nr doc-type\n[doc-arg-ptr] 2 . ds doc-space\n[doc-arg-ptr] "\*[doc-space] . nr doc-num-args (\n[doc-arg-limit] - \n[doc-arg-ptr]) . nr doc-arg-limit \n[doc-arg-ptr] . if \n[doc-num-args] \ . doc-parse-space-vector . doc-print-recursive .. . ec . ds sP \s0 . ds tN \*[doc-Tn-font-size] .\} .el \{\ . de Mx . nr cF \\n(.f . nr cZ \\n(.s . ds aa \&\f\\n(cF\s\\n(cZ . if \\n(aC==0 \{\ . ie \\n(.$==0 \&MirBSD\\*(aa . el .aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9 . \} . if \\n(aC>\\n(aP \{\ . nr aP \\n(aP+1 . ie \\n(C\\n(aP==2 \{\ . as b1 \&MirBSD\ #\&\\*(A\\n(aP\\*(aa . ie \\n(aC>\\n(aP \{\ . nr aP \\n(aP+1 . nR . \} . el .aZ . \} . el \{\ . as b1 \&MirBSD\\*(aa . nR . \} . \} .. .\} .\"- .Dt KWALLETASKPASS 1 .Os .Sh NAME .Nm kwalletaskpass .Nd kwallet-based pass-phrase dialog for use with OpenSSH .Sh SYNOPSIS .Nm .Op Ar options .Ar label .Sh DESCRIPTION .Nm is a kwallet- and pinentry-based pass-phrase dialog for use with OpenSSH. It is intended to be called from the .Xr ssh\-add 1 program and not invoked directly. .Pp If a passphrase is requested, .Nm works by first looking up the passphrase in the KWallet by means of .Xr kwalletcli 1 ; using it if found, then calling .Xr kwalletcli_getpin 1 to interactively retrieve an answer from the user via .Nm pinentry otherwise. If the user specifies a passphrase, .Xr kwalletcli_getpin 1 is run again to ask if the passphrase should be stored in the KWallet. Negative answers will be stored in the KWallet to avoid being asked each time. .Nm uses the KWallet folders .Ic kwalletaskpass and .Ic kwalletaskpass\-blacklist with matching entry names. .Pp If anything other than a key passphrase is requested, it is merely relayed to .Xr kwalletcli_getpin 1 . Some requests are known to require a boolean answer and are relayed using the boolean query flag; all others are relayed using a PIN query. .Xr ssh 1 accepts either the literal word .Dq yes .Pq case-insensitively matched or an empty answer (both only when using the OK button) as confirmation. .Pp There are currently no options. .Sh RETURN VALUES .Nm exits 0 on success, 1 if the user cancelled the dialogue, or \*(Gt1 if an error occurred. .Sh ENVIRONMENT .Bl -tag -width PINENTRY .It Ev DISPLAY The X11 display to use for child processes. If this is unset or empty, .Nm kwalletcli will not be called. .It Ev PINENTRY The .Nm pinentry program to use. The default is inherited from .Xr kwalletcli_getpin 1 . .El .Sh SEE ALSO .Xr kwalletcli 1 , .Xr kwalletcli_getpin 1 , .Xr ssh\-add 1 , .Xr ssh\-askpass 1 .Sh AUTHORS .Nm was written by .An mirabilos Aq m@mirbsd.org mostly for tarent solutions GmbH. The idea came from an .Pa askpass.C file found somewhere on the 'net, with no author information. Since it was licenced less freely, this is a rewrite from scratch; modular and with more functionality, too.