1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Move password repetition from gpg to gpg-agent.

This commit is contained in:
Werner Koch 2009-03-17 12:13:32 +00:00
parent a50a274d20
commit 6e7c855d98
8 changed files with 106 additions and 58 deletions

View File

@ -1,3 +1,13 @@
2009-03-17 Werner Koch <wk@g10code.com>
* command.c (cmd_get_passphrase): Break repeat loop on error.
2009-03-17 Daiki Ueno <ueno@unixuser.org>
* command.c (option_value): New function.
(cmd_get_passphrase): Accept new option --repeat, which makes
gpg-agent to ask passphrase several times.
2009-03-06 Werner Koch <wk@g10code.com> 2009-03-06 Werner Koch <wk@g10code.com>
* command.c (cmd_keyinfo): New command. * command.c (cmd_keyinfo): New command.

View File

@ -36,6 +36,7 @@
#include <assuan.h> #include <assuan.h>
#include "i18n.h"
#include "agent.h" #include "agent.h"
/* maximum allowed size of the inquired ciphertext */ /* maximum allowed size of the inquired ciphertext */
@ -181,6 +182,26 @@ has_option_name (const char *line, const char *name)
&& (!s[n] || spacep (s+n) || s[n] == '=')); && (!s[n] || spacep (s+n) || s[n] == '='));
} }
/* Return a pointer to the argument of the option with NAME. If such
an option is not given, it returns NULL. */
static char *
option_value (const char *line, const char *name)
{
char *s;
int n = strlen (name);
s = strstr (line, name);
if (s && (s == line || spacep (s-1))
&& s[n] && (spacep (s+n) || s[n] == '='))
{
s += n + 1;
s += strspn (s, " ");
if (*s && !spacep(s))
return s;
}
return NULL;
}
/* Skip over options. It is assumed that leading spaces have been /* Skip over options. It is assumed that leading spaces have been
removed (this is the case for lines passed to a handler from removed (this is the case for lines passed to a handler from
@ -990,7 +1011,7 @@ send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw)
} }
/* GET_PASSPHRASE [--data] [--check] [--no-ask] <cache_id> /* GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] <cache_id>
[<error_message> <prompt> <description>] [<error_message> <prompt> <description>]
This function is usually used to ask for a passphrase to be used This function is usually used to ask for a passphrase to be used
@ -1021,13 +1042,22 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
const char *pw; const char *pw;
char *response; char *response;
char *cacheid = NULL, *desc = NULL, *prompt = NULL, *errtext = NULL; char *cacheid = NULL, *desc = NULL, *prompt = NULL, *errtext = NULL;
const char *desc2 = _("Please re-enter this passphrase");
char *p; char *p;
void *cache_marker; void *cache_marker;
int opt_data, opt_check, opt_no_ask; int opt_data, opt_check, opt_no_ask, opt_repeat = 0;
opt_data = has_option (line, "--data"); opt_data = has_option (line, "--data");
opt_check = has_option (line, "--check"); opt_check = has_option (line, "--check");
opt_no_ask = has_option (line, "--no-ask"); opt_no_ask = has_option (line, "--no-ask");
if (has_option_name (line, "--repeat"))
{
p = option_value (line, "--repeat");
if (p)
opt_repeat = atoi (p);
else
opt_repeat = 1;
}
line = skip_options (line); line = skip_options (line);
cacheid = line; cacheid = line;
@ -1094,21 +1124,39 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
if (desc) if (desc)
plus_to_blank (desc); plus_to_blank (desc);
response = NULL; next_try:
do rc = agent_get_passphrase (ctrl, &response, desc, prompt, errtext);
if (!rc)
{
int i;
if (opt_check && check_passphrase_constraints (ctrl, response, 0))
{ {
xfree (response); xfree (response);
rc = agent_get_passphrase (ctrl, &response, desc, prompt, errtext); goto next_try;
} }
while (!rc for (i = 0; i < opt_repeat; i++)
&& opt_check {
&& check_passphrase_constraints (ctrl, response, 0)); char *response2;
rc = agent_get_passphrase (ctrl, &response2, desc2, prompt,
errtext);
if (rc)
break;
if (strcmp (response2, response))
{
xfree (response2);
xfree (response);
goto next_try;
}
xfree (response2);
}
if (!rc) if (!rc)
{ {
if (cacheid) if (cacheid)
agent_put_cache (cacheid, CACHE_MODE_USER, response, 0); agent_put_cache (cacheid, CACHE_MODE_USER, response, 0);
rc = send_back_passphrase (ctx, opt_data, response); rc = send_back_passphrase (ctx, opt_data, response);
}
xfree (response); xfree (response);
} }
} }

View File

@ -1,3 +1,19 @@
2009-03-17 Daiki Ueno <ueno@unixuser.org>
* passphrase.c (passphrase_get): Add extra arg REPEAT and adjust
callers; remove special treatment for MODE==2.
(passphrase_to_dek): Move --passphrase-repeat handling to
gpg-agent.
* call-agent.c (agent_get_passphrase): Add extra arg REPEAT.
* call-agent.h: Ditto.
2009-03-16 Werner Koch <wk@g10code.com>
* gpg.c (my_strusage): Revert last change. Systems w/o a gpg1 may,
and actually do, install gpg2 as gpg.
* gpgv.c (my_strusage): Ditto.
2009-03-14 David Shaw <dshaw@jabberwocky.com> 2009-03-14 David Shaw <dshaw@jabberwocky.com>
* gpg.c (my_strusage): gpg2 and gpgv2 (not gpg and gpgv). * gpg.c (my_strusage): gpg2 and gpgv2 (not gpg and gpgv).

View File

@ -874,11 +874,12 @@ agent_get_passphrase (const char *cache_id,
const char *err_msg, const char *err_msg,
const char *prompt, const char *prompt,
const char *desc_msg, const char *desc_msg,
int repeat,
char **r_passphrase) char **r_passphrase)
{ {
int rc; int rc;
char *line, *p; char *line, *p;
char cmd[] = "GET_PASSPHRASE --data -- "; char cmd[] = "GET_PASSPHRASE --data --repeat=%d -- ";
membuf_t data; membuf_t data;
*r_passphrase = NULL; *r_passphrase = NULL;
@ -889,7 +890,7 @@ agent_get_passphrase (const char *cache_id,
/* We allocate 3 times the needed space for the texts so that /* We allocate 3 times the needed space for the texts so that
there is enough space for escaping. */ there is enough space for escaping. */
line = xtrymalloc ( strlen (cmd) + 1 line = xtrymalloc ( strlen (cmd) + sizeof(repeat) + 1
+ (cache_id? 3*strlen (cache_id): 1) + 1 + (cache_id? 3*strlen (cache_id): 1) + 1
+ (err_msg? 3*strlen (err_msg): 1) + 1 + (err_msg? 3*strlen (err_msg): 1) + 1
+ (prompt? 3*strlen (prompt): 1) + 1 + (prompt? 3*strlen (prompt): 1) + 1
@ -898,7 +899,7 @@ agent_get_passphrase (const char *cache_id,
if (!line) if (!line)
return gpg_error_from_syserror (); return gpg_error_from_syserror ();
p = stpcpy (line, cmd); p = line + sprintf (line, cmd, repeat);
if (cache_id && *cache_id) if (cache_id && *cache_id)
p = my_percent_plus_escape (p, cache_id); p = my_percent_plus_escape (p, cache_id);
else else

View File

@ -115,6 +115,7 @@ gpg_error_t agent_get_passphrase (const char *cache_id,
const char *err_msg, const char *err_msg,
const char *prompt, const char *prompt,
const char *desc_msg, const char *desc_msg,
int repeat,
char **r_passphrase); char **r_passphrase);
/* Send the CLEAR_PASSPHRASE command to the agent. */ /* Send the CLEAR_PASSPHRASE command to the agent. */

View File

@ -800,7 +800,7 @@ my_strusage( int level )
const char *p; const char *p;
switch( level ) { switch( level ) {
case 11: p = "gpg2 (GnuPG)"; case 11: p = "gpg (GnuPG)";
break; break;
case 13: p = VERSION; break; case 13: p = VERSION; break;
case 17: p = PRINTABLE_OS_NAME; break; case 17: p = PRINTABLE_OS_NAME; break;
@ -828,10 +828,10 @@ my_strusage( int level )
case 1: case 1:
case 40: p = case 40: p =
_("Usage: gpg2 [options] [files] (-h for help)"); _("Usage: gpg [options] [files] (-h for help)");
break; break;
case 41: p = case 41: p =
_("Syntax: gpg2 [options] [files]\n" _("Syntax: gpg [options] [files]\n"
"sign, check, encrypt or decrypt\n" "sign, check, encrypt or decrypt\n"
"default operation depends on the input data\n"); "default operation depends on the input data\n");
break; break;

View File

@ -107,16 +107,16 @@ my_strusage( int level )
switch (level) switch (level)
{ {
case 11: p = "gpgv2 (GnuPG)"; case 11: p = "gpgv (GnuPG)";
break; break;
case 13: p = VERSION; break; case 13: p = VERSION; break;
case 17: p = PRINTABLE_OS_NAME; break; case 17: p = PRINTABLE_OS_NAME; break;
case 19: p = _("Please report bugs to <gnupg-bugs@gnu.org>.\n"); case 19: p = _("Please report bugs to <gnupg-bugs@gnu.org>.\n");
break; break;
case 1: case 1:
case 40: p = _("Usage: gpgv2 [options] [files] (-h for help)"); case 40: p = _("Usage: gpgv [options] [files] (-h for help)");
break; break;
case 41: p = _("Syntax: gpgv2 [options] [files]\n" case 41: p = _("Syntax: gpgv [options] [files]\n"
"Check signatures against known trusted keys\n"); "Check signatures against known trusted keys\n");
break; break;

View File

@ -237,7 +237,6 @@ read_passphrase_from_fd( int fd )
* Ask the GPG Agent for the passphrase. * Ask the GPG Agent for the passphrase.
* Mode 0: Allow cached passphrase * Mode 0: Allow cached passphrase
* 1: No cached passphrase FIXME: Not really implemented * 1: No cached passphrase FIXME: Not really implemented
* 2: Ditto, but change the text to "repeat entry"
* *
* Note that TRYAGAIN_TEXT must not be translated. If CANCELED is not * Note that TRYAGAIN_TEXT must not be translated. If CANCELED is not
* NULL, the function does set it to 1 if the user canceled the * NULL, the function does set it to 1 if the user canceled the
@ -246,7 +245,7 @@ read_passphrase_from_fd( int fd )
* computed, this will be used as the cacheid. * computed, this will be used as the cacheid.
*/ */
static char * static char *
passphrase_get ( u32 *keyid, int mode, const char *cacheid, passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
const char *tryagain_text, const char *tryagain_text,
const char *custom_description, const char *custom_description,
const char *custom_prompt, int *canceled) const char *custom_prompt, int *canceled)
@ -331,8 +330,6 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid,
} }
} }
else if (mode == 2 )
atext = xstrdup ( _("Repeat passphrase\n") );
else else
atext = xstrdup ( _("Enter passphrase\n") ); atext = xstrdup ( _("Enter passphrase\n") );
@ -349,7 +346,8 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid,
my_prompt = custom_prompt ? native_to_utf8 (custom_prompt): NULL; my_prompt = custom_prompt ? native_to_utf8 (custom_prompt): NULL;
rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext, &pw); rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
repeat, &pw);
xfree (my_prompt); xfree (my_prompt);
xfree (atext); atext = NULL; xfree (atext); atext = NULL;
@ -470,7 +468,7 @@ ask_passphrase (const char *description,
strcpy (pw, fd_passwd); strcpy (pw, fd_passwd);
} }
else else
pw = passphrase_get (NULL, 0, cacheid, pw = passphrase_get (NULL, 0, cacheid, 0,
tryagain_text, description, prompt, tryagain_text, description, prompt,
canceled ); canceled );
@ -611,7 +609,8 @@ passphrase_to_dek (u32 *keyid, int pubkey_algo,
else else
{ {
/* Divert to the gpg-agent. */ /* Divert to the gpg-agent. */
pw = passphrase_get ( keyid, mode == 2? 1: 0, NULL, pw = passphrase_get ( keyid, mode == 2, NULL,
mode == 2? opt.passwd_repeat: 0,
tryagain_text, NULL, NULL, canceled ); tryagain_text, NULL, NULL, canceled );
if (*canceled) if (*canceled)
{ {
@ -619,33 +618,6 @@ passphrase_to_dek (u32 *keyid, int pubkey_algo,
write_status( STATUS_MISSING_PASSPHRASE ); write_status( STATUS_MISSING_PASSPHRASE );
return NULL; return NULL;
} }
if (!pw)
pw = xstrdup ("");
if ( *pw && mode == 2 )
{
int i;
for(i=0;i<opt.passwd_repeat;i++)
{
char *pw2 = passphrase_get ( keyid, 2, NULL, NULL, NULL,
NULL, canceled );
if (*canceled)
{
xfree (pw);
xfree (pw2);
write_status( STATUS_MISSING_PASSPHRASE );
return NULL;
}
if (!pw2)
pw2 = xstrdup ("");
if ( strcmp(pw, pw2) )
{
xfree(pw2);
xfree(pw);
return NULL;
}
xfree(pw2);
}
}
} }
if ( !pw || !*pw ) if ( !pw || !*pw )