mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
agent: Allow GET_PASSPHRASE in restricted mode.
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode but ignore the cacheid. -- The use case is symmetric encryption via the extra-socket. To avoid that the gpg running on the server has access to the cache we set the cache id to NULL so that the cache is not used at all.
This commit is contained in:
parent
2372f6a403
commit
adf4db6e20
@ -1988,9 +1988,6 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
|
|||||||
struct pin_entry_info_s *pi2 = NULL;
|
struct pin_entry_info_s *pi2 = NULL;
|
||||||
int is_generated;
|
int is_generated;
|
||||||
|
|
||||||
if (ctrl->restricted)
|
|
||||||
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
|
||||||
|
|
||||||
opt_data = has_option (line, "--data");
|
opt_data = has_option (line, "--data");
|
||||||
opt_check = has_option (line, "--check");
|
opt_check = has_option (line, "--check");
|
||||||
opt_no_ask = has_option (line, "--no-ask");
|
opt_no_ask = has_option (line, "--no-ask");
|
||||||
@ -2039,7 +2036,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
|
|||||||
if (!desc)
|
if (!desc)
|
||||||
return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
|
return set_error (GPG_ERR_ASS_PARAMETER, "no description given");
|
||||||
|
|
||||||
if (!strcmp (cacheid, "X"))
|
/* The only limitation in restricted mode is that we don't consider
|
||||||
|
* the cache. */
|
||||||
|
if (ctrl->restricted || !strcmp (cacheid, "X"))
|
||||||
cacheid = NULL;
|
cacheid = NULL;
|
||||||
if (!strcmp (errtext, "X"))
|
if (!strcmp (errtext, "X"))
|
||||||
errtext = NULL;
|
errtext = NULL;
|
||||||
@ -2121,7 +2120,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
|
|||||||
entry_errtext = NULL;
|
entry_errtext = NULL;
|
||||||
is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
|
is_generated = !!(pi->status & PINENTRY_STATUS_PASSWORD_GENERATED);
|
||||||
|
|
||||||
/* We don't allow an empty passpharse in this mode. */
|
/* We don't allow an empty passphrase in this mode. */
|
||||||
if (!is_generated
|
if (!is_generated
|
||||||
&& check_passphrase_constraints (ctrl, pi->pin,
|
&& check_passphrase_constraints (ctrl, pi->pin,
|
||||||
pi->constraints_flags,
|
pi->constraints_flags,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user