mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
agent: Use the sysconfdir for a pattern file.
* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
This commit is contained in:
parent
db5dc7a91a
commit
5ed8e598fa
@ -25,6 +25,7 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
#include "agent.h"
|
#include "agent.h"
|
||||||
#include "../common/i18n.h"
|
#include "../common/i18n.h"
|
||||||
@ -103,6 +104,7 @@ do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags)
|
|||||||
pid_t pid;
|
pid_t pid;
|
||||||
int result, i;
|
int result, i;
|
||||||
const char *pattern;
|
const char *pattern;
|
||||||
|
char *patternfname;
|
||||||
|
|
||||||
(void)ctrl;
|
(void)ctrl;
|
||||||
|
|
||||||
@ -113,11 +115,34 @@ do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags)
|
|||||||
if (!pattern)
|
if (!pattern)
|
||||||
return 1; /* Oops - Assume password should not be used */
|
return 1; /* Oops - Assume password should not be used */
|
||||||
|
|
||||||
|
if (strchr (pattern, '/') || strchr (pattern, '\\')
|
||||||
|
|| (*pattern == '~' && pattern[1] == '/'))
|
||||||
|
patternfname = make_absfilename_try (pattern, NULL);
|
||||||
|
else
|
||||||
|
patternfname = make_filename_try (gnupg_sysconfdir (), pattern, NULL);
|
||||||
|
if (!patternfname)
|
||||||
|
{
|
||||||
|
log_error ("error making filename from '%s': %s\n",
|
||||||
|
pattern, gpg_strerror (gpg_error_from_syserror ()));
|
||||||
|
return 1; /* Do not pass the check. */
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Make debugging a broken config easier by printing a useful error
|
||||||
|
* message. */
|
||||||
|
if (gnupg_access (patternfname, F_OK))
|
||||||
|
{
|
||||||
|
log_error ("error accessing '%s': %s\n",
|
||||||
|
patternfname, gpg_strerror (gpg_error_from_syserror ()));
|
||||||
|
xfree (patternfname);
|
||||||
|
return 1; /* Do not pass the check. */
|
||||||
|
}
|
||||||
|
|
||||||
infp = gnupg_tmpfile ();
|
infp = gnupg_tmpfile ();
|
||||||
if (!infp)
|
if (!infp)
|
||||||
{
|
{
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
log_error (_("error creating temporary file: %s\n"), gpg_strerror (err));
|
log_error (_("error creating temporary file: %s\n"), gpg_strerror (err));
|
||||||
|
xfree (patternfname);
|
||||||
return 1; /* Error - assume password should not be used. */
|
return 1; /* Error - assume password should not be used. */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -127,6 +152,7 @@ do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags)
|
|||||||
log_error (_("error writing to temporary file: %s\n"),
|
log_error (_("error writing to temporary file: %s\n"),
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
fclose (infp);
|
fclose (infp);
|
||||||
|
xfree (patternfname);
|
||||||
return 1; /* Error - assume password should not be used. */
|
return 1; /* Error - assume password should not be used. */
|
||||||
}
|
}
|
||||||
fseek (infp, 0, SEEK_SET);
|
fseek (infp, 0, SEEK_SET);
|
||||||
@ -135,7 +161,7 @@ do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags)
|
|||||||
i = 0;
|
i = 0;
|
||||||
argv[i++] = "--null";
|
argv[i++] = "--null";
|
||||||
argv[i++] = "--",
|
argv[i++] = "--",
|
||||||
argv[i++] = pattern,
|
argv[i++] = patternfname,
|
||||||
argv[i] = NULL;
|
argv[i] = NULL;
|
||||||
assert (i < sizeof argv);
|
assert (i < sizeof argv);
|
||||||
|
|
||||||
@ -154,6 +180,8 @@ do_check_passphrase_pattern (ctrl_t ctrl, const char *pw, unsigned int flags)
|
|||||||
putc ('\xff', infp);
|
putc ('\xff', infp);
|
||||||
fflush (infp);
|
fflush (infp);
|
||||||
fclose (infp);
|
fclose (infp);
|
||||||
|
|
||||||
|
xfree (patternfname);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -453,10 +453,12 @@ to 1.
|
|||||||
@opindex check-sym-passphrase-pattern
|
@opindex check-sym-passphrase-pattern
|
||||||
Check the passphrase against the pattern given in @var{file}. When
|
Check the passphrase against the pattern given in @var{file}. When
|
||||||
entering a new passphrase matching one of these pattern a warning will
|
entering a new passphrase matching one of these pattern a warning will
|
||||||
be displayed. @var{file} should be an absolute filename. The default
|
be displayed. If @var{file} does not contain any slashes and does not
|
||||||
is not to use any pattern file. The second version of this option is
|
start with "~/" it is searched in the system configuration directory
|
||||||
only used when creating a new symmetric key to allow the use of
|
(@file{@value{SYSCONFDIR}}). The default is not to use any
|
||||||
different patterns for such passphrases.
|
pattern file. The second version of this option is only used when
|
||||||
|
creating a new symmetric key to allow the use of different patterns
|
||||||
|
for such passphrases.
|
||||||
|
|
||||||
Security note: It is known that checking a passphrase against a list of
|
Security note: It is known that checking a passphrase against a list of
|
||||||
pattern or even against a complete dictionary is not very effective to
|
pattern or even against a complete dictionary is not very effective to
|
||||||
|
Loading…
x
Reference in New Issue
Block a user