GNUPG-1-9-BRANCH gnupg (10 files)
cvs user wk
cvs at cvs.gnupg.org
Tue May 24 14:17:20 CEST 2005
Date: Tuesday, May 24, 2005 @ 14:37:36
Author: wk
Path: /cvs/gnupg/gnupg
Tag: GNUPG-1-9-BRANCH
Modified: TODO agent/ChangeLog agent/agent.h agent/call-scd.c
agent/command-ssh.c agent/divert-scd.c agent/findkey.c
agent/genkey.c agent/query.c scd/app-openpgp.c
* call-scd.c (inq_needpin): Skip leading spaces in of PIN
description.
* divert-scd.c (getpin_cb): Enhanced to cope with description
flags.
* query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all
callers.
---------------------+
TODO | 8 ----
agent/ChangeLog | 9 ++++
agent/agent.h | 3 +
agent/call-scd.c | 2 +
agent/command-ssh.c | 2 -
agent/divert-scd.c | 100 ++++++++++++++++++++++++++++++++++++++++++++------
agent/findkey.c | 2 -
agent/genkey.c | 8 ++--
agent/query.c | 18 +++++----
scd/app-openpgp.c | 6 +--
10 files changed, 122 insertions(+), 36 deletions(-)
Index: gnupg/TODO
diff -u gnupg/TODO:1.165.2.42 gnupg/TODO:1.165.2.43
--- gnupg/TODO:1.165.2.42 Sat May 21 20:49:00 2005
+++ gnupg/TODO Tue May 24 14:37:36 2005
@@ -96,11 +96,3 @@
-* IMPORTANT:
- Check that the PIN cache is cleared after failed card operations.
- After receiving a HUP gpg-agent should set a flag to kill scdaemon
- as soon as possible, w/o that scdaemon will continue running as a
- zombie and gpg-agent won't be able to fire up a new one.
- Implement an scd/agent option to wait for a card.
-
-
Index: gnupg/agent/ChangeLog
diff -u gnupg/agent/ChangeLog:1.59.2.80 gnupg/agent/ChangeLog:1.59.2.81
--- gnupg/agent/ChangeLog:1.59.2.80 Sat May 21 20:49:00 2005
+++ gnupg/agent/ChangeLog Tue May 24 14:37:36 2005
@@ -1,3 +1,12 @@
+2005-05-24 Werner Koch <wk at g10code.com>
+
+ * call-scd.c (inq_needpin): Skip leading spaces in of PIN
+ description.
+ * divert-scd.c (getpin_cb): Enhanced to cope with description
+ flags.
+ * query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all
+ callers.
+
2005-05-21 Werner Koch <wk at g10code.com>
* call-scd.c (start_scd): Don't test for an alive scdaemon here.
Index: gnupg/agent/agent.h
diff -u gnupg/agent/agent.h:1.32.2.20 gnupg/agent/agent.h:1.32.2.21
--- gnupg/agent/agent.h:1.32.2.20 Sat May 21 20:49:00 2005
+++ gnupg/agent/agent.h Tue May 24 14:37:36 2005
@@ -179,7 +179,8 @@
/*-- query.c --*/
void initialize_module_query (void);
int agent_askpin (ctrl_t ctrl,
- const char *desc_text, const char *inital_errtext,
+ const char *desc_text, const char *prompt_text,
+ const char *inital_errtext,
struct pin_entry_info_s *pininfo);
int agent_get_passphrase (ctrl_t ctrl, char **retpass,
const char *desc, const char *prompt,
Index: gnupg/agent/call-scd.c
diff -u gnupg/agent/call-scd.c:1.13.2.16 gnupg/agent/call-scd.c:1.13.2.17
--- gnupg/agent/call-scd.c:1.13.2.16 Sat May 21 20:49:00 2005
+++ gnupg/agent/call-scd.c Tue May 24 14:37:36 2005
@@ -601,6 +601,8 @@
return ASSUAN_Inquire_Unknown;
}
line += 7;
+ while (*line == ' ')
+ line++;
pinlen = 90;
pin = gcry_malloc_secure (pinlen);
Index: gnupg/agent/command-ssh.c
diff -u gnupg/agent/command-ssh.c:1.1.4.20 gnupg/agent/command-ssh.c:1.1.4.21
--- gnupg/agent/command-ssh.c:1.1.4.20 Thu May 5 16:57:59 2005
+++ gnupg/agent/command-ssh.c Tue May 24 14:37:36 2005
@@ -2369,7 +2369,7 @@
}
pi->max_length = 100;
pi->max_tries = 1;
- err = agent_askpin (ctrl, description, NULL, pi);
+ err = agent_askpin (ctrl, description, NULL, NULL, pi);
if (err)
goto out;
Index: gnupg/agent/divert-scd.c
diff -u gnupg/agent/divert-scd.c:1.14.2.6 gnupg/agent/divert-scd.c:1.14.2.7
--- gnupg/agent/divert-scd.c:1.14.2.6 Wed May 18 12:48:06 2005
+++ gnupg/agent/divert-scd.c Tue May 24 14:37:36 2005
@@ -168,35 +168,113 @@
buf has been allocated by the caller and is of size MAXBUF which
includes the terminating null. The function should return an UTF-8
string with the passphrase, the buffer may optionally be padded
- with arbitrary characters */
+ with arbitrary characters.
+
+ INFO gets displayed as part of a generic string. However if the
+ first character of INFO is a vertical bar all up to the next
+ verical bar are considered flags and only everything after the
+ second vertical bar gets displayed as the full prompt.
+
+ Flags:
+
+ 'N' = New PIN, this requests a second prompt to repeat the the
+ PIN. If the PIN is not correctly repeated it starts from
+ all over.
+ 'A' = The PIN is an Admin PIN, SO-PIN, PUK or alike.
+
+ Example:
+
+ "|AN|Please enter the new security officer's PIN"
+
+ The text "Please ..." will get displayed and the flags 'A' and 'N'
+ are considered.
+ */
static int
getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
{
struct pin_entry_info_s *pi;
int rc;
- char *desc;
- CTRL ctrl = opaque;
+ ctrl_t ctrl = opaque;
+ const char *ends, *s;
+ int any_flags = 0;
+ int newpin = 0;
+ const char *again_text = NULL;
+ const char *prompt = "PIN";
if (maxbuf < 2)
return gpg_error (GPG_ERR_INV_VALUE);
+ /* Parse the flags. */
+ if (info && *info =='|' && (ends=strchr (info+1, '|')))
+ {
+ for (s=info+1; s < ends; s++)
+ {
+ if (*s == 'A')
+ prompt = _("Admin PIN");
+ else if (*s == 'N')
+ newpin = 1;
+ }
+ info = ends+1;
+ any_flags = 1;
+ }
+ else if (info && *info == '|')
+ log_debug ("pin_cb called without proper PIN info hack\n");
+
/* FIXME: keep PI and TRIES in OPAQUE. Frankly this is a whole
mess because we should call the card's verify function from the
pinentry check pin CB. */
- pi = gcry_calloc_secure (1, sizeof (*pi) + 100);
+ again:
+ pi = gcry_calloc_secure (1, sizeof (*pi) + maxbuf + 10);
+ if (!pi)
+ return gpg_error_from_errno (errno);
pi->max_length = maxbuf-1;
pi->min_digits = 0; /* we want a real passphrase */
pi->max_digits = 8;
pi->max_tries = 3;
- if ( asprintf (&desc, _("Please enter the PIN%s%s%s to unlock the card"),
- info? " (`":"",
- info? info:"",
- info? "')":"") < 0)
- desc = NULL;
- rc = agent_askpin (ctrl, desc?desc:info, NULL, pi);
- free (desc);
+ if (any_flags)
+ {
+ rc = agent_askpin (ctrl, info, prompt, again_text, pi);
+ again_text = NULL;
+ if (!rc && newpin)
+ {
+ struct pin_entry_info_s *pi2;
+ pi2 = gcry_calloc_secure (1, sizeof (*pi) + maxbuf + 10);
+ if (!pi2)
+ {
+ rc = gpg_error_from_errno (errno);
+ xfree (pi);
+ return rc;
+ }
+ pi2->max_length = maxbuf-1;
+ pi2->min_digits = 0;
+ pi2->max_digits = 8;
+ pi2->max_tries = 1;
+ rc = agent_askpin (ctrl, _("Repeat this PIN"), prompt, NULL, pi2);
+ if (!rc && strcmp (pi->pin, pi2->pin))
+ {
+ again_text = N_("PIN not correctly repeated; try again");
+ xfree (pi2);
+ xfree (pi);
+ goto again;
+ }
+ xfree (pi2);
+ }
+ }
+ else
+ {
+ char *desc;
+ if ( asprintf (&desc,
+ _("Please enter the PIN%s%s%s to unlock the card"),
+ info? " (`":"",
+ info? info:"",
+ info? "')":"") < 0)
+ desc = NULL;
+ rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi);
+ free (desc);
+ }
+
if (!rc)
{
strncpy (buf, pi->pin, maxbuf-1);
Index: gnupg/agent/findkey.c
diff -u gnupg/agent/findkey.c:1.17.2.10 gnupg/agent/findkey.c:1.17.2.11
--- gnupg/agent/findkey.c:1.17.2.10 Fri Feb 25 17:14:55 2005
+++ gnupg/agent/findkey.c Tue May 24 14:37:36 2005
@@ -276,7 +276,7 @@
arg.unprotected_key = NULL;
pi->check_cb_arg = &arg;
- rc = agent_askpin (ctrl, desc_text, NULL, pi);
+ rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi);
if (!rc)
{
assert (arg.unprotected_key);
Index: gnupg/agent/genkey.c
diff -u gnupg/agent/genkey.c:1.10.2.3 gnupg/agent/genkey.c:1.10.2.4
--- gnupg/agent/genkey.c:1.10.2.3 Mon Dec 20 09:32:56 2004
+++ gnupg/agent/genkey.c Tue May 24 14:37:36 2005
@@ -120,11 +120,11 @@
pi2->check_cb_arg = pi->pin;
next_try:
- rc = agent_askpin (ctrl, text1, initial_errtext, pi);
+ rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi);
initial_errtext = NULL;
if (!rc)
{
- rc = agent_askpin (ctrl, text2, NULL, pi2);
+ rc = agent_askpin (ctrl, text2, NULL, NULL, pi2);
if (rc == -1)
{ /* The re-entered one did not match and the user did not
hit cancel. */
@@ -228,10 +228,10 @@
pi2->check_cb_arg = pi->pin;
next_try:
- rc = agent_askpin (ctrl, text1, initial_errtext, pi);
+ rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi);
if (!rc)
{
- rc = agent_askpin (ctrl, text2, NULL, pi2);
+ rc = agent_askpin (ctrl, text2, NULL, NULL, pi2);
if (rc == -1)
{ /* The re-entered one did not match and the user did not
hit cancel. */
Index: gnupg/agent/query.c
diff -u gnupg/agent/query.c:1.23.2.8 gnupg/agent/query.c:1.23.2.9
--- gnupg/agent/query.c:1.23.2.8 Wed Feb 23 22:06:32 2005
+++ gnupg/agent/query.c Tue May 24 14:37:36 2005
@@ -288,8 +288,9 @@
number here and repeat it as long as we have invalid formed
numbers. */
int
-agent_askpin (CTRL ctrl,
- const char *desc_text, const char *initial_errtext,
+agent_askpin (ctrl_t ctrl,
+ const char *desc_text, const char *prompt_text,
+ const char *initial_errtext,
struct pin_entry_info_s *pininfo)
{
int rc;
@@ -310,7 +311,10 @@
desc_text = _("Please enter your passphrase, so that the secret key "
"can be unlocked for this session");
- is_pin = desc_text && strstr (desc_text, "PIN");
+ if (prompt_text)
+ is_pin = !!strstr (prompt_text, "PIN");
+ else
+ is_pin = desc_text && strstr (desc_text, "PIN");
rc = start_pinentry (ctrl);
if (rc)
@@ -322,10 +326,10 @@
if (rc)
return unlock_pinentry (map_assuan_err (rc));
- rc = assuan_transact (entry_ctx,
- is_pin? "SETPROMPT PIN:"
- : "SETPROMPT Passphrase:",
- NULL, NULL, NULL, NULL, NULL, NULL);
+ snprintf (line, DIM(line)-1, "SETPROMPT %s",
+ prompt_text? prompt_text : is_pin? "PIN:" : "Passphrase:");
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (map_assuan_err (rc));
Index: gnupg/scd/app-openpgp.c
diff -u gnupg/scd/app-openpgp.c:1.9.2.35 gnupg/scd/app-openpgp.c:1.9.2.36
--- gnupg/scd/app-openpgp.c:1.9.2.35 Mon May 23 22:18:12 2005
+++ gnupg/scd/app-openpgp.c Tue May 24 14:37:36 2005
@@ -17,7 +17,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
- * $Id: app-openpgp.c,v 1.9.2.35 2005/05/23 20:18:12 wk Exp $
+ * $Id: app-openpgp.c,v 1.9.2.36 2005/05/24 12:37:36 wk Exp $
*/
#include <config.h>
@@ -1528,7 +1528,7 @@
/* Check whether a key already exists. KEYIDX is the index of the key
- (0..2). If FORCE is TRUE a diagnositivc will be printed but no
+ (0..2). If FORCE is TRUE a diagnositic will be printed but no
error returned if the key already exists. */
static gpg_error_t
does_key_exist (app_t app, int keyidx, int force)
@@ -2134,7 +2134,7 @@
{
char *prompt;
-#define PROMPTSTRING _("PIN [sigs done: %lu]")
+#define PROMPTSTRING _("||Please enter the PIN%%0A[sigs done: %lu]")
prompt = malloc (strlen (PROMPTSTRING) + 50);
if (!prompt)
More information about the Gnupg-commits
mailing list