mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
agent: Add checkpin inquiry for pinentry
* agent/call-pinentry.c (inq_cb): Handle checkpin inquiry. (setup_enforced_constraints): New. (agent_get_passphrase): Call setup_enforced_constraints if new passphrase is requested. -- This implements the gpg-agent side for checking whether a new passphrase entered by the user in pinentry satisfies the passphrase constraints. Performing a checkpin inquiry is only allowed if the passphrase constraints are enforced. setup_enforced_constraints sends necessary options and translated strings to pinentry. GnuPG-bug-id: 5517, 5532
This commit is contained in:
Ingo Klöcker
parent
21f73e8bcf
commit
fb5b741568
@ -890,6 +890,47 @@ inq_cb (void *opaque, const char *line)
|
|||||||
xfree (pin);
|
xfree (pin);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if ((s = has_leading_keyword (line, "CHECKPIN")))
|
||||||
|
{
|
||||||
|
char *errtext = NULL;
|
||||||
|
size_t errtextlen;
|
||||||
|
|
||||||
|
if (!opt.enforce_passphrase_constraints)
|
||||||
|
{
|
||||||
|
log_error ("unexpected inquiry 'CHECKPIN' without enforced "
|
||||||
|
"passphrase constraints\n");
|
||||||
|
err = gpg_error (GPG_ERR_ASS_UNEXPECTED_CMD);
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
|
||||||
|
pin = unescape_passphrase_string (s);
|
||||||
|
if (!pin)
|
||||||
|
err = gpg_error_from_syserror ();
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (check_passphrase_constraints (NULL, pin, 0, &errtext))
|
||||||
|
{
|
||||||
|
if (errtext)
|
||||||
|
{
|
||||||
|
/* Unescape the percent-escaped errtext because
|
||||||
|
assuan_send_data escapes it again. */
|
||||||
|
errtextlen = percent_unescape_inplace (errtext, 0);
|
||||||
|
err = assuan_send_data (ctx, errtext, errtextlen);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
log_error ("passphrase check failed without error text\n");
|
||||||
|
err = gpg_error (GPG_ERR_GENERAL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
err = assuan_send_data (ctx, NULL, 0);
|
||||||
|
}
|
||||||
|
xfree (errtext);
|
||||||
|
xfree (pin);
|
||||||
|
}
|
||||||
|
}
|
||||||
else if ((s = has_leading_keyword (line, "GENPIN")))
|
else if ((s = has_leading_keyword (line, "GENPIN")))
|
||||||
{
|
{
|
||||||
int tries;
|
int tries;
|
||||||
@ -1043,6 +1084,65 @@ setup_formatted_passphrase (ctrl_t ctrl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Helper to setup pinentry for enforced passphrase constraints. */
|
||||||
|
static gpg_error_t
|
||||||
|
setup_enforced_constraints (ctrl_t ctrl)
|
||||||
|
{
|
||||||
|
static const struct { const char *key, *help_id, *value; } tbl[] = {
|
||||||
|
{ "hint-short", "pinentry.constraints.hint.short", NULL },
|
||||||
|
{ "hint-long", "pinentry.constraints.hint.long", NULL },
|
||||||
|
/* TRANSLATORS: This is a text shown by pinentry as title of a dialog
|
||||||
|
telling the user that the entered new passphrase does not satisfy
|
||||||
|
the passphrase constraints. Please keep it short. */
|
||||||
|
{ "error-title", NULL, N_("Passphrase Not Allowed") },
|
||||||
|
{ NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
gpg_error_t rc;
|
||||||
|
char line[ASSUAN_LINELENGTH];
|
||||||
|
int idx;
|
||||||
|
char *tmpstr;
|
||||||
|
const char *s;
|
||||||
|
char *escapedstr;
|
||||||
|
|
||||||
|
(void)ctrl;
|
||||||
|
|
||||||
|
if (opt.enforce_passphrase_constraints)
|
||||||
|
{
|
||||||
|
snprintf (line, DIM(line), "OPTION constraints-enforce");
|
||||||
|
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL,
|
||||||
|
NULL);
|
||||||
|
if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
for (idx=0; tbl[idx].key; idx++)
|
||||||
|
{
|
||||||
|
tmpstr = gnupg_get_help_string (tbl[idx].help_id, 0);
|
||||||
|
if (tmpstr)
|
||||||
|
s = tmpstr;
|
||||||
|
else if (tbl[idx].value)
|
||||||
|
s = L_(tbl[idx].value);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
log_error ("no help string found for %s\n", tbl[idx].help_id);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
escapedstr = try_percent_escape (s, "\t\r\n\f\v");
|
||||||
|
xfree (tmpstr);
|
||||||
|
snprintf (line, DIM(line), "OPTION constraints-%s=%s",
|
||||||
|
tbl[idx].key, escapedstr);
|
||||||
|
xfree (escapedstr);
|
||||||
|
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL,
|
||||||
|
NULL);
|
||||||
|
if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Helper for agent_askpin and agent_get_passphrase. */
|
/* Helper for agent_askpin and agent_get_passphrase. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
setup_qualitybar (ctrl_t ctrl)
|
setup_qualitybar (ctrl_t ctrl)
|
||||||
@ -1649,6 +1749,10 @@ agent_get_passphrase (ctrl_t ctrl,
|
|||||||
pininfo->with_repeat = 0; /* Pinentry does not support it. */
|
pininfo->with_repeat = 0; /* Pinentry does not support it. */
|
||||||
|
|
||||||
(void)setup_genpin (ctrl);
|
(void)setup_genpin (ctrl);
|
||||||
|
|
||||||
|
rc = setup_enforced_constraints (ctrl);
|
||||||
|
if (rc)
|
||||||
|
return unlock_pinentry (ctrl, rc);
|
||||||
}
|
}
|
||||||
pininfo->repeat_okay = 0;
|
pininfo->repeat_okay = 0;
|
||||||
pininfo->status = 0;
|
pininfo->status = 0;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user