mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg: Add pinentry-mode feature.
* g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
This commit is contained in:
Werner Koch
parent
84de484bc3
commit
21feecd48f
10 changed files with 301 additions and 81 deletions
|
|
@ -43,7 +43,7 @@
|
|||
#include "i18n.h"
|
||||
#include "status.h"
|
||||
#include "call-agent.h"
|
||||
|
||||
#include "../common/shareddefs.h"
|
||||
|
||||
static char *fd_passwd = NULL;
|
||||
static char *next_pw = NULL;
|
||||
|
|
@ -104,9 +104,21 @@ encode_s2k_iterations (int iterations)
|
|||
int
|
||||
have_static_passphrase()
|
||||
{
|
||||
return !!fd_passwd && opt.batch;
|
||||
return (!!fd_passwd
|
||||
&& (opt.batch || opt.pinentry_mode == PINENTRY_MODE_LOOPBACK));
|
||||
}
|
||||
|
||||
/* Return a static passphrase. The returned value is only valid as
|
||||
long as no other passphrase related function is called. NULL may
|
||||
be returned if no passphrase has been set; better use
|
||||
have_static_passphrase first. */
|
||||
const char *
|
||||
get_static_passphrase (void)
|
||||
{
|
||||
return fd_passwd;
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Set the passphrase to be used for the next query and only for the next
|
||||
* one.
|
||||
|
|
@ -156,7 +168,7 @@ read_passphrase_from_fd( int fd )
|
|||
int i, len;
|
||||
char *pw;
|
||||
|
||||
if ( !opt.batch )
|
||||
if ( !opt.batch && opt.pinentry_mode != PINENTRY_MODE_LOOPBACK)
|
||||
{ /* Not used but we have to do a dummy read, so that it won't end
|
||||
up at the begin of the message if the quite usual trick to
|
||||
prepend the passphtrase to the message is used. */
|
||||
|
|
@ -187,7 +199,7 @@ read_passphrase_from_fd( int fd )
|
|||
break;
|
||||
}
|
||||
pw[i] = 0;
|
||||
if (!opt.batch)
|
||||
if (!opt.batch && opt.pinentry_mode != PINENTRY_MODE_LOOPBACK)
|
||||
tty_printf("\b\b\b \n" );
|
||||
|
||||
xfree ( fd_passwd );
|
||||
|
|
@ -458,30 +470,9 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
|||
|
||||
if ( keyid )
|
||||
{
|
||||
u32 used_kid[2];
|
||||
char *us;
|
||||
|
||||
if ( keyid[2] && keyid[3] )
|
||||
{
|
||||
used_kid[0] = keyid[2];
|
||||
used_kid[1] = keyid[3];
|
||||
}
|
||||
else
|
||||
{
|
||||
used_kid[0] = keyid[0];
|
||||
used_kid[1] = keyid[1];
|
||||
}
|
||||
|
||||
us = get_long_user_id_string ( keyid );
|
||||
write_status_text ( STATUS_USERID_HINT, us );
|
||||
xfree(us);
|
||||
|
||||
snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
|
||||
(ulong)keyid[0], (ulong)keyid[1],
|
||||
(ulong)used_kid[0], (ulong)used_kid[1],
|
||||
pubkey_algo );
|
||||
|
||||
write_status_text ( STATUS_NEED_PASSPHRASE, buf );
|
||||
emit_status_need_passphrase (keyid,
|
||||
keyid[2] && keyid[3]? keyid+2:NULL,
|
||||
pubkey_algo);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -614,6 +605,29 @@ passphrase_to_dek (u32 *keyid, int pubkey_algo,
|
|||
}
|
||||
|
||||
|
||||
/* Emit the USERID_HINT and the NEED_PASSPHRASE status messages.
|
||||
MAINKEYID may be NULL. */
|
||||
void
|
||||
emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo)
|
||||
{
|
||||
char buf[50];
|
||||
char *us;
|
||||
|
||||
us = get_long_user_id_string (keyid);
|
||||
write_status_text (STATUS_USERID_HINT, us);
|
||||
xfree (us);
|
||||
|
||||
snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
|
||||
(ulong)keyid[0],
|
||||
(ulong)keyid[1],
|
||||
(ulong)(mainkeyid? mainkeyid[0]:keyid[0]),
|
||||
(ulong)(mainkeyid? mainkeyid[1]:keyid[1]),
|
||||
pubkey_algo);
|
||||
|
||||
write_status_text (STATUS_NEED_PASSPHRASE, buf);
|
||||
}
|
||||
|
||||
|
||||
/* Return an allocated utf-8 string describing the key PK. If ESCAPED
|
||||
is true spaces and control characters are percent or plus escaped.
|
||||
MODE 0 is for the common prompt, MODE 1 for the import prompt. */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue