agent: Add option --no-allow-external-cache.

* agent/agent.h (opt): Add field allow_external_cache. * agent/call-pinentry.c (start_pinentry): Act upon new var. * agent/gpg-agent.c (oNoAllowExternalCache): New. (opts): Add option --no-allow-external-cache. (parse_rereadable_options): Set this option. -- Pinentry 0.9.2 may be build with libsecret support and thus an extra checkbox is displayed to allow the user to get passwords out of an libsecret maintained cache. Security aware user may want to avoid this feature and may do this at runtime by enabling this option. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-05-11 18:08:44 +02:00 · 2015-05-11 18:08:44 +02:00 · d7293cb317
commit d7293cb317
parent 02d5e12054
5 changed files with 53 additions and 13 deletions
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@ -408,23 +408,26 @@ start_pinentry (ctrl_t ctrl)
    }


-  /* Indicate to the pinentry that it may read from an external cache.
+  if (opt.allow_external_cache)
+    {
+      /* Indicate to the pinentry that it may read from an external cache.

-     It is essential that the pinentry respect this.  If the cached
-     password is not up to date and retry == 1, then, using a version
-     of GPG Agent that doesn't support this, won't issue another pin
-     request and the user won't get a chance to correct the
-     password.  */
-  rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache",
-			NULL, NULL, NULL, NULL, NULL, NULL);
-  if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
-    return unlock_pinentry (rc);
+         It is essential that the pinentry respect this.  If the
+         cached password is not up to date and retry == 1, then, using
+         a version of GPG Agent that doesn't support this, won't issue
+         another pin request and the user won't get a chance to
+         correct the password.  */
+      rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache",
+                            NULL, NULL, NULL, NULL, NULL, NULL);
+      if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
+        return unlock_pinentry (rc);
+    }


  {
    /* Provide a few default strings for use by the pinentries.  This
       may help a pinentry to avoid implementing localization code.  */
-    static struct { const char *key, *value; int mode; } tbl[] = {
+    static struct { const char *key, *value; int what; } tbl[] = {
      /* TRANSLATORS: These are labels for buttons etc used in
         Pinentries.  An underscore indicates that the next letter
         should be used as an accelerator.  Double the underscore for
@ -435,7 +438,7 @@ start_pinentry (ctrl_t ctrl)
      { "yes",    N_("|pinentry-label|_Yes") },
      { "no",     N_("|pinentry-label|_No") },
      { "prompt", N_("|pinentry-label|PIN:") },
-      { "pwmngr", N_("|pinentry-label|_Save in password manager") },
+      { "pwmngr", N_("|pinentry-label|_Save in password manager"), 1 },
      { "cf-visi",N_("Do you really want to make your "
                     "passphrase visible on the screen?") },
      { "tt-visi",N_("|pinentry-tt|Make passphrase visible") },
@ -448,6 +451,8 @@ start_pinentry (ctrl_t ctrl)

    for (idx=0; tbl[idx].key; idx++)
      {
+        if (!opt.allow_external_cache && tbl[idx].what == 1)
+          continue;  /* No need for it.  */
        s = _(tbl[idx].value);
        if (*s == '|' && (s2=strchr (s+1,'|')))
          s = s2+1;