[git] GnuPG - branch, master, updated. gnupg-2.1.5-34-g2778c6f
by Neal H. Walfield
cvs at cvs.gnupg.org
Mon Jun 29 15:54:54 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 2778c6f8f40d73272075ce04c07097f65c94054e (commit)
via 0416aed4abf6cea94458d2e38eb4a5e6bfea2d8b (commit)
via 60cf69ff9d61a2cd37fc4468f232fd41aa70a651 (commit)
via 68c217f457a772984d0afbdd341f18de7c867505 (commit)
from 9bca96dbc5c32bdd00196462fde8c9ab94aeb28d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2778c6f8f40d73272075ce04c07097f65c94054e
Author: Neal H. Walfield <neal at gnu.org>
Date: Thu Jun 18 00:10:47 2015 -0300
Show passphrase constraints errors as password prompt errors
* agent/agent.h (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent. Update callers.
* agent/genkey.c (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent. If FAILED_CONSTRAINT
is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if
SILENT was set.
(agent_ask_new_passphrase): Change initial_errtext's type from a const
char * to a char *. Pass it to check_passphrase_constraints. If it
contains malloc's memory, free it.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
Based on a patch provided by Watson Yuuma Sato <yuuma.sato at gmail.com>
in issue 2018.
diff --git a/agent/agent.h b/agent/agent.h
index fabe99b..407a2bd 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -1,5 +1,6 @@
/* agent.h - Global definitions for the agent
* Copyright (C) 2001, 2002, 2003, 2005, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2015 g10 Code GmbH.
*
* This file is part of GnuPG.
*
@@ -412,7 +413,8 @@ int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
membuf_t *outbuf, int *r_padding);
/*-- genkey.c --*/
-int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent);
+int check_passphrase_constraints (ctrl_t ctrl, const char *pw,
+ char **failed_constraint);
gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
char **r_passphrase);
int agent_genkey (ctrl_t ctrl, const char *cache_nonce,
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index ba40f4d..6f4c95b 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -675,7 +675,7 @@ inq_quality (void *opaque, const char *line)
else
{
percent = estimate_passphrase_quality (pin);
- if (check_passphrase_constraints (NULL, pin, 1))
+ if (check_passphrase_constraints (NULL, pin, NULL))
percent = -percent;
snprintf (numbuf, sizeof numbuf, "%d", percent);
rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
diff --git a/agent/command.c b/agent/command.c
index a4932ef..a69abc5 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1,6 +1,7 @@
/* command.c - gpg-agent command handler
* Copyright (C) 2001-2011 Free Software Foundation, Inc.
* Copyright (C) 2001-2013 Werner Koch
+ * Copyright (C) 2015 g10 Code GmbH.
*
* This file is part of GnuPG.
*
@@ -1438,7 +1439,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
char *p;
int opt_data, opt_check, opt_no_ask, opt_qualbar;
int opt_repeat = 0;
- char *repeat_errtext = NULL;
+ char *entry_errtext = NULL;
if (ctrl->restricted)
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
@@ -1522,15 +1523,16 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
next_try:
rc = agent_get_passphrase (ctrl, &response, desc, prompt,
- repeat_errtext? repeat_errtext:errtext,
+ entry_errtext? entry_errtext:errtext,
opt_qualbar, cacheid, CACHE_MODE_USER);
- xfree (repeat_errtext);
- repeat_errtext = NULL;
+ xfree (entry_errtext);
+ entry_errtext = NULL;
if (!rc)
{
int i;
- if (opt_check && check_passphrase_constraints (ctrl, response, 0))
+ if (opt_check
+ && check_passphrase_constraints (ctrl, response, &entry_errtext))
{
xfree (response);
goto next_try;
@@ -1548,9 +1550,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
{
xfree (response2);
xfree (response);
- repeat_errtext = try_percent_escape
+ entry_errtext = try_percent_escape
(_("does not match - try again"), NULL);
- if (!repeat_errtext)
+ if (!entry_errtext)
{
rc = gpg_error_from_syserror ();
break;
diff --git a/agent/genkey.c b/agent/genkey.c
index 30fc44d..85b8aba 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -1,5 +1,6 @@
/* genkey.c - Generate a keypair
* Copyright (C) 2002, 2003, 2004, 2007, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2015 g10 Code GmbH.
*
* This file is part of GnuPG.
*
@@ -174,10 +175,12 @@ take_this_one_anyway (ctrl_t ctrl, const char *desc)
/* Check whether the passphrase PW is suitable. Returns 0 if the
passphrase is suitable and true if it is not and the user should be
- asked to provide a different one. If SILENT is set, no message are
- displayed. */
+ asked to provide a different one. If FAILED_CONSTRAINT is set, a
+ message describing the problem is returned in
+ *FAILED_CONSTRAINT. */
int
-check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
+check_passphrase_constraints (ctrl_t ctrl, const char *pw,
+ char **failed_constraint)
{
gpg_error_t err = 0;
unsigned int minlen = opt.min_passphrase_len;
@@ -200,11 +203,16 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
"Please confirm that you do not want to "
"have any protection on your key."));
- if (silent)
- return gpg_error (GPG_ERR_INV_PASSPHRASE);
+ err = 1;
+ if (failed_constraint)
+ {
+ if (opt.enforce_passphrase_constraints)
+ *failed_constraint = xstrdup (desc);
+ else
+ err = take_this_one_anyway2 (ctrl, desc,
+ _("Yes, protection is not needed"));
+ }
- err = take_this_one_anyway2 (ctrl, desc,
- _("Yes, protection is not needed"));
goto leave;
}
@@ -212,7 +220,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
in in silent mode which returns immediately. */
if (utf8_charcount (pw) < minlen )
{
- if (silent)
+ if (!failed_constraint)
{
err = gpg_error (GPG_ERR_INV_PASSPHRASE);
goto leave;
@@ -231,7 +239,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
if (nonalpha_count (pw) < minnonalpha )
{
- if (silent)
+ if (!failed_constraint)
{
err = gpg_error (GPG_ERR_INV_PASSPHRASE);
goto leave;
@@ -257,7 +265,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
if (*pw && opt.check_passphrase_pattern &&
check_passphrase_pattern (ctrl, pw))
{
- if (silent)
+ if (!failed_constraint)
{
err = gpg_error (GPG_ERR_INV_PASSPHRASE);
goto leave;
@@ -273,7 +281,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
}
}
- if (msg1 || msg2 || msg3)
+ if (failed_constraint && (msg1 || msg2 || msg3))
{
char *msg;
size_t n;
@@ -295,9 +303,14 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
if (n > 3 && !strcmp (msg + n - 3, "%0A"))
msg[n-3] = 0;
- /* Show error messages. */
- err = take_this_one_anyway (ctrl, msg);
- xfree (msg);
+ err = 1;
+ if (opt.enforce_passphrase_constraints)
+ *failed_constraint = msg;
+ else
+ {
+ err = take_this_one_anyway (ctrl, msg);
+ xfree (msg);
+ }
}
leave:
@@ -333,7 +346,8 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
gpg_error_t err;
const char *text1 = prompt;
const char *text2 = _("Please re-enter this passphrase");
- const char *initial_errtext = NULL;
+ char *initial_errtext = NULL;
+ int initial_errtext_do_free = 0;
struct pin_entry_info_s *pi, *pi2;
*r_passphrase = NULL;
@@ -371,11 +385,17 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
next_try:
err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0);
+ if (initial_errtext_do_free)
+ {
+ xfree (initial_errtext);
+ initial_errtext_do_free = 0;
+ }
initial_errtext = NULL;
if (!err)
{
- if (check_passphrase_constraints (ctrl, pi->pin, 0))
+ if (check_passphrase_constraints (ctrl, pi->pin, &initial_errtext))
{
+ initial_errtext_do_free = 1;
pi->failed_tries = 0;
pi2->failed_tries = 0;
goto next_try;
commit 0416aed4abf6cea94458d2e38eb4a5e6bfea2d8b
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Jun 16 16:16:57 2015 +0200
Improve documentation for default-cache-ttl and default-cache-ttl-ssh.
* doc/gpg-agent.texi (Agent Options): Improve documentation for
default-cache-ttl and default-cache-ttl-ssh.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 8e0f1ff..4c47072 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -328,13 +328,17 @@ control this behaviour but this command line option takes precedence.
@item --default-cache-ttl @var{n}
@opindex default-cache-ttl
-Set the time a cache entry is valid to @var{n} seconds. The default is
-600 seconds.
+Set the time a cache entry is valid to @var{n} seconds. The default
+is 600 seconds. Each time a cache entry is accessed, the entry's
+timer is reset. To set an entry's maximum lifetime, use
+ at command{max-cache-ttl}.
@item --default-cache-ttl-ssh @var{n}
@opindex default-cache-ttl
Set the time a cache entry used for SSH keys is valid to @var{n}
-seconds. The default is 1800 seconds.
+seconds. The default is 1800 seconds. Each time a cache entry is
+accessed, the entry's timer is reset. To set an entry's maximum
+lifetime, use @command{max-cache-ttl-ssh}.
@item --max-cache-ttl @var{n}
@opindex max-cache-ttl
commit 60cf69ff9d61a2cd37fc4468f232fd41aa70a651
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Jun 16 16:13:51 2015 +0200
Don't raise max-cache-ttl to default-cache-ttl.
* agent/gpg-agent.c (finalize_rereadable_options): Don't raise
max-cache-ttl to default-cache-ttl. Likewise for max-cache-ttl-ssh
and default-cache-ttl-ssh.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
This closes issue #2009.
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index b4fab4e..4c2f678 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -677,12 +677,6 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
static void
finalize_rereadable_options (void)
{
- /* It would be too surprising if the max-cache-ttl is lower than the
- default-cache-ttl - thus we silently correct that. */
- if (opt.def_cache_ttl > opt.max_cache_ttl)
- opt.max_cache_ttl = opt.def_cache_ttl;
- if (opt.def_cache_ttl_ssh > opt.max_cache_ttl_ssh)
- opt.max_cache_ttl_ssh = opt.def_cache_ttl_ssh;
}
commit 68c217f457a772984d0afbdd341f18de7c867505
Author: Neal H. Walfield <neal at g10code.com>
Date: Mon Jun 29 15:50:48 2015 +0200
Improve the description of old packets with an indeterminate length.
* g10/parse-packet.c (parse): Make the description more accurate when
listing packets: old format packets don't support partial lengths,
only indeterminate lengths (RFC 4880, Section 4.2).
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 3cac6f8..5116404 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -610,7 +610,7 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
if (list_mode)
es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
(unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
- partial? " partial":"",
+ partial? (new_ctb ? " partial" : " indeterminate") :"",
new_ctb? " new-ctb":"");
pkt->pkttype = pkttype;
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 4 +++-
agent/call-pinentry.c | 2 +-
agent/command.c | 16 +++++++++-------
agent/genkey.c | 52 +++++++++++++++++++++++++++++++++++----------------
agent/gpg-agent.c | 6 ------
doc/gpg-agent.texi | 10 +++++++---
g10/parse-packet.c | 2 +-
7 files changed, 57 insertions(+), 35 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list