* agent/call-pinentry.c (generate_pin): Use STRING random which is
sufficient for a passphrase.
(inq_cb): s/rc/err/. Do not print two errors in case generate_pin
fails. Lowercase strings as per GNU standards.
(setup_genpin): Fix translation test.
(setup_qualitybar): Ditto.
--
Our policy is to use VERY_STRONG for a long term public key but not
for symmetric keys.
The GNU standards to demand that strings start with a lowercase
because that seems to be needed if it follows a prefix of for example
"gpg:". I don't actually like this becuase we need different strings
in interactive and standard mode but the majory of strings in GnuPGare
written this way. If a translation is necessary it can be done with
an en_GB or so locale.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (agent_get_passphrase): Setup genpin.
(do_getpin): Update with new name for inquire callback.
(inq_quality): Rename to inq_cb and add genpin support.
(inq_cb): Renamed form inq_quality.
(generate_pin): New helper to generate a pin.
(agent_askpin): Fix some typos.
(setup_genpin): Provide new strings for pinentry.
--
This implements the gpg-agent side for generating a pin
especially for symmetric encryption using libgcrypt randomness
and checking it against the gpg-agent constraints.
* agent/call-pinentry.c (start_pinentry): Don't use pid_t.
--
When pid_t is 64-bit integer and unsigned long is 32-bit,
it never matches, because left hand side does not fill
upper 32-bit.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
* agent/genkey.c (check_passphrase_constraints): New arg no_empty.
* agent/command.c (reenter_passphrase_cmp_cb): New.
(cmd_get_passphrase): Add option --newsymkey.
--
This new option allows to present a passphrase with the usual repeat
box as it is used by gpg-agent's internal key generation.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (atfork_cb): Factor code out to ...
(atfork_core): new.
--
We convey certain envvars directly via the environment to Pinentry and
thus they don't show up in the Assuan logging. Because we better
don't call a logging function in an atfork handle, this patch splits
the code up and uses the same code to display what was done in at fork
after the connection has been established.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (watch_sock_start): Factor out
from do_getpin.
(watch_sock_end): Likewise.
(do_getpin): Use those functions.
(agent_get_confirmation): Likewise.
(popup_message_thread): Likewise.
--
Pinentry's dialog for confirmation should be also closed cleanly, as
well as the dialog for pin-input.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-pinentry.c (start_pinentry): When TERM is none,
don't send OPTION ttytype to pinentry.
--
GnuPG-bug-id: 4137
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-pinentry.c (watch_sock): New.
(do_getpin): Spawn the watching thread.
--
While we don't have npth_cancel (and it's difficult to implement it
correctly), this is a kind of best compromise allowing a thread's
polling when pinentry is active.
GnuPG-bug-id: 2011
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/agent.h (PINENTRY_STATUS_*): Expose to public.
(struct pin_entry_info_s): Add status.
* agent/call-pinentry.c (agent_askpin): Clearing the ->status
before the loop, let the assuan_transact set ->status. When
failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
soon.
* agent/findkey.c (unprotect): Clear the pinentry cache,
when it causes an error.
--
GnuPG-bug-id: 4348
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-pinentry.c (agent_popup_message_stop): Just kill it.
--
By checking if it's alive or not, we can lower a risk of sending
SIGINT to a wrong process on unusual condition when PID is re-used to
a different process.
That's true, however, since it's alive usually, simply sending SIGINT
is enough here.
Note that here is a race condition for detecting if process is active
or not; A process can die just after being detected alive.
Moreover, when the process of pinentry accidentally died already, it
should have caused return of assuan_transact and the thread of
popup_message_thread likely already set popup_finished=1.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.
--
Actually, initialize_module_call_pinentry is only called once from
main. So, this bug had no harm and having the static variable
INITIALIZED is not needed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.
--
We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.
It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object). But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.
So, simply have a thread private object for recursive pinentry access.
GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/agent.h (server_control_s): Add field 'client_uid'.
* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
option "owner" sent to pinentry.
* agent/command-ssh.c (peer_info_s): New static struct.
(get_client_pid): Rename to...
(get_client_info): Here, and extract uid in addition to pid.
(start_command_handler_ssh): Use get_client_info() instead of
get_client_pid().
* agent/command.c (start_command_handler): Try assuan_get_peercred,
and only fall back to assuan_get_pid when assuan_get_peercred fails.
--
This also requires an update to pinentry to handle the new uid field.
Distributing the uid as well as the pid makes it harder for a
different user on the same machine to take advantage of any race
conditions between when a requesting process might ask for something
that needs pinentry, and when pinentry gets around to inspecting the
state of that process.
We put the uid before the nodename because the uid is guaranteed to be
a integer (represented in decimal), which makes it much simpler to
parse past than the potentially arbitrarily structured nodename.
Use a / instead of whitespace to delimit pid/uid at Werner's request.
If we were willing to depend on the nodename being
whitespace-delimited (as the current, unreleased pinentry code does),
then we could add the uid after the nodename. But since no released
pinentry depends on this option anyway, i think we should make the
more conservative, easily-parseable choice and put the user ID first.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
* agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
--
Note that in genkey() max_length is set to MAX_PASSPHRASE_LEN + 1
because in agent_askpin() decrements that value before conveying it to
the loopback.
GnuPG-bug-id: 3254
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
* agent/w32main.c: Ditto.
--
For openpty function, we need to include util.h on some OS.
We also have util.h in common/, so this change is needed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/app-openpgp.c (get_prompt_info): Change texts.
* agent/call-pinentry.c (struct entry_features): New.
(getinfo_features_cb): New.
(start_pinentry): Set new fucntion as status callback.
(build_cmd_setdesc): New. Replace all snprintf for SETDESC by this
one.
--
Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
that we do not change the code when adding new fields to
PINENTRY_LAUNCHED.
--
This patch changes the --verbose output of gpg to show
for example
gpg: pinentry launched (5228 gtk2 1.0.1-beta10 \
/dev/pts/4 xterm localhost:10.0)
the used tty, its type, and the value of DISPLAY in addiion to the
pid, flavor, and version.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (start_pinentry): Get flavor and version and
pass it to agent_inq_pinentry_launched.
* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (start_pinentry): Also send the user data
using an Assuan 'OPTION' command.
* tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
passphrase file.
(spacep): Include newline characters.
(rstrip): New function.
(main): Handle Windows line endings. Handle the userdata option, and
restart with the new options.
Signed-off-by: Justus Winter <justus@g10code.com>
* po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
* common/i18n.c (i18n_localegettext): New stub.
* common/i18n.h: Expand the LunderscoreIMPL macro.
* agent/agent.h (L_): New.
(LunderscoreIMPL): New.
* agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
caller.
* agent/findkey.c (try_unprotect_cb): Add local var ctrl.
* agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
by xtrystrdup to avoid gcc warning. Unfortinately this changes the
string.
(agent_ask_new_passphrase): Cleanup the use of initial_errtext.
--
Static strings in gpg-agent need to be translated according to the
locale set by the caller. This is required so that a gpg-agent can be
started in one locale and a gpg can be run in another. If we don't do
this the static strings (prompt, buttons) are not or in the wrong
locale translated while dynamic strings (e.g. key description) uses
the locale of gpg.
This is only the first part of the change the actual local switching
still needs to be implemented.
Debian-bug-id: 788983
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent. Update callers.
* agent/genkey.c (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent. If FAILED_CONSTRAINT
is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if
SILENT was set.
(agent_ask_new_passphrase): Change initial_errtext's type from a const
char * to a char *. Pass it to check_passphrase_constraints. If it
contains malloc's memory, free it.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Based on a patch provided by Watson Yuuma Sato <yuuma.sato@gmail.com>
in issue 2018.