[git] Pinentry - branch, master, updated. pinentry-0.9.1-11-g8b802cf
by Neal H. Walfield
cvs at cvs.gnupg.org
Fri May 1 20:38:58 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".
The branch, master has been updated
via 8b802cf928d199d9c09080f71a7dd1eb397f414a (commit)
via b9d529557b368548d6a55ae6c2df66ece7023e5f (commit)
via 189ab07e94dc2d4103c1edf00e15e0156df89297 (commit)
via c7099565524010b86891fc14b723fc722509d4bb (commit)
via 03e4207f11e228a4c079af991f82507539793bae (commit)
via 21d28d114259da9cb555ee612e053e6e68f37fd3 (commit)
via 93bd60a3ca91581a1cf8e754c4fb51e54c9e7ce9 (commit)
via b4bf75f24f1126a8ba8f8c1c025103c2dcee0710 (commit)
from 9d2d8b6bfaf2d5b07e7fb5be7188516e4158ed98 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8b802cf928d199d9c09080f71a7dd1eb397f414a
Author: Neal H. Walfield <neal at gnu.org>
Date: Fri May 1 20:38:22 2015 +0200
Improve documentation.
Improve documentation: clean up wording and add some minor
improvements to the content.
--
diff --git a/README b/README
index 47d0a04..d66d2d2 100644
--- a/README
+++ b/README
@@ -7,7 +7,7 @@ http://www.gnupg.org/aegypten/ for details.
There are programs for different toolkits available. For all GUIs it
is automatically detected which modules can be built, but it can also
-be requested explicitely.
+be requested explicitly.
GUI OPTION DEPENDENCIES
Curses --enable-pinentry-curses Curses library, for example ncurses
@@ -16,7 +16,7 @@ GTK+ V2.0 --enable-pinentry-gtk2 Gimp Toolkit Library, Version 2.0
Qt4 --enable-pinentry-qt4 Qt4
TTY --enable-pinentry-tty Simple TTY version, no dependencies
-The GTK+ and Qt pinentries can fall back to the curses mode. The
+The GTK+ and Qt pinentries can fall back to curses mode. The
option to enable this is --enable-fallback-curses, but this is also
detected automatically in the same way --enable-pinentry-curses is.
The fallback to curses also works if --disable-pinentry-curses is
diff --git a/doc/pinentry.texi b/doc/pinentry.texi
index a65298d..fb4017e 100644
--- a/doc/pinentry.texi
+++ b/doc/pinentry.texi
@@ -56,7 +56,7 @@ section entitled ``Copying''.
@ifnottex
@dircategory GNU Utilities
@direntry
-* pinentry: (pinentry). Ask securely for a passphrase or PIN.
+* pinentry: (pinentry). Securely ask for a passphrase or PIN.
@end direntry
This file documents the use and the internals of the @pinentry{}.
@@ -102,13 +102,15 @@ passphrases. It is usually invoked by @sc{gpg-agent}
(@pxref{Invoking GPG-AGENT, ,Invoking the gpg-agent, gnupg,
The `GNU Privacy Guard' Manual}, for details).
- at pinentry{} comes in 3 flavors to fit the look and feel of the used
-GUI toolkit: A @sc{GTK+} based one named @code{pinentry-gtk}, a
- at sc{Qt} based one named @code{pinentry-qt} and a non-graphical one based
-on curses and named @code{pinentry-curses}. Not all of them might be
-available on your installation. If curses is supported on your system,
-the GUI based flavors fall back to curses when the @code{DISPLAY}
-variable is not set.
+ at pinentry{} comes in several flavors to fit the look and feel of the
+used GUI toolkit: A @sc{GTK+} based one named @code{pinentry-gtk}; a
+ at sc{Qt} based one named @code{pinentry-qt}; and, two non-graphical
+ones @code{pinentry-curses}, which uses curses and
+ at code{pinentry-tty}, which doesn't require anything more than a simple
+terminal. Not all of them are necessarily available on your
+installation. If curses is supported on your system, the GUI-based
+flavors fall back to curses when the @code{DISPLAY} variable is not
+set.
@menu
@@ -143,7 +145,7 @@ commands according to the Assuan protocol via stdin/stdout.
@c man begin OPTIONS
-Here is a list of options supported by all 3 flavors of pinentry
+Here is a list of options supported by all flavors of pinentry:
@table @gnupgtabopt
@item --version
@@ -186,8 +188,8 @@ Note, that this is not fully supported by all flavors of @pinentry{}.
@opindex timeout
Give up waiting for input from the user after the specified number of
seconds and return an error. The error returned is the same as if the
-Cancel button was selected. To disable the timeout and wait indefinately
-then set to 0, the default.
+Cancel button was selected. To disable the timeout and wait
+indefinitely, set this to 0, which is the default.
@item --display @var{string}
@itemx --ttyname @var{string}
@@ -201,9 +203,9 @@ then set to 0, the default.
@opindex lc-messa
These options are used to pass localization information to
@pinentry{}. They are required because @pinentry{} is usually called
-by some background process which does not have any information on the
-locale and terminal to use. Assuan protocol options are an
-alternative way to pass these information.
+by some background process which does not have any information about
+the locale and terminal to use. It is also possible to pass these
+options using Assuan protocol options.
@end table
@c
@@ -212,28 +214,28 @@ alternative way to pass these information.
@node Protocol
@chapter pinentry's Assuan Protocol
-The PIN-Entry should never service more than one connection at once.
+The @pinentry{} should never service more than one connection at once.
It is reasonable to exec the PIN-Entry prior to a request.
-The PIN-Entry does not need to stay in memory because the
+The @pinentry{} does not need to stay in memory because the
@sc{gpg-agent} has the ability to cache passphrases. The usual way to
-run the PIN-Entry is by setting up a pipe (and not a socket) and then
-fork/exec the PIN-Entry. The communication is then done by means of
+run the @pinentry{} is by setting up a pipe (not a socket) and then
+fork/exec the @pinentry{}. The communication is then done by means of
the protocol described here until the client is satisfied with the
result.
-Although it is called a PIN-Entry, it does allow to enter reasonably
-long strings (at least 2048 characters are supported by every
-pinentry). The client using the PIN-Entry has to check for
+Although it is called a @pinentry{}, it allow entering reasonably long
+strings (strings that are up to 2048 characters long are supported by
+every pinentry). The client using the PIN-Entry has to check for
correctness.
Note that all strings are expected to be encoded as UTF-8; @pinentry{}
takes care of converting it to the locally used codeset. To include
linefeeds or other special characters, you may percent-escape them
-(i.e. a line feed is encoded as @code{%0A}, the percent sign itself
-is encoded as @code{%25}).
+(e.g., a line feed is encoded as @code{%0A}, the percent sign itself
+is encoded as @code{%25}, etc.).
-Here is the list of supported commands:
+The following is a list of supported commands:
@table @gnupgtabopt
@@ -243,13 +245,13 @@ Here is the list of supported commands:
S: OK
@end example
- at item Set the descriptive text to be displayed
+ at item Set the descriptive text to display
@example
C: SETDESC Enter PIN for Richard Nixon <nobody@@trickydicky.gov>
S: OK
@end example
- at item Set the prompt to be shown
+ at item Set the prompt to show
When asking for a PIN, set the text just before the widget for
passphrase entry.
@example
@@ -257,11 +259,11 @@ passphrase entry.
S: OK
@end example
-You should use an underscore in the text only if you known that a modern
-version of pinentry is used. Modern versions underline the next
-character after the underscore and use the first such underlined
-character as a keyboard accelerator. Use a double underscore to escape
-an underscore.
+You should use an underscore in the text only if you know that a
+modern version of pinentry is used. Modern versions underline the
+next character after the underscore and use the first such underlined
+character as a keyboard accelerator. Use a double underscore to
+escape an underscore.
@item Set the window title
This command may be used to change the default window title. When
@@ -292,10 +294,11 @@ To set the text for the button signaling cancellation or disagreement
@end example
-In case tree buttons are required, use the follwing command to set the
-text (UTF-8) for the non-affirmative response button. The affirmative button
-text is still set using SETOK and the CANCEL button text with SETCANCEL.
-See SETPROMPT on how to use an keyboard accelerator.
+In case three buttons are required, use the following command to set
+the text (UTF-8) for the non-affirmative response button. The
+affirmative button text is still set using SETOK and the CANCEL button
+text with SETCANCEL. See SETPROMPT on how to use an keyboard
+accelerator.
@example
C: SETNOTOK Do not do this
S: OK
@@ -305,7 +308,7 @@ See SETPROMPT on how to use an keyboard accelerator.
@item Set the Error text
This is used by the client to display an error message. In contrast
-to the other commands this error message is automatically reset with
+to the other commands, the error message is automatically reset with
a GETPIN or CONFIRM, and is only displayed when asking for a PIN.
@example
C: SETERROR Invalid PIN entered - please try again
@@ -325,9 +328,9 @@ displayed in red.
@end example
If a custom label for the quality bar is required, just add that label
-as an argument as percent escaped string. You will need this feature to
-translate the label because pinentry has no internal gettext except for
-stock strings from the toolkit library.
+as an argument as a percent-escaped string. You will need this
+feature to translate the label because @pinentry{} has no internal
+gettext except for stock strings from the toolkit library.
If you want to show a tooltip for the quality bar, you may use
@example
@@ -367,7 +370,7 @@ To show a message, you can use this command:
C: MESSAGE
S: OK
@end example
-alternativly you may add an option to confirm:
+alternatively you may add an option to confirm:
@example
C: CONFIRM --one-button
S: OK
@@ -396,8 +399,8 @@ appropriate for this tty and @code{lc-ctype} to the locale which
defines the character set to use for this terminal.
@item Set the default strings
-To avoid having transaltions in Pinentry proper, the caller may set
-certain translated strings which are used by Pinentry as default
+To avoid having translations in Pinentry proper, the caller may set
+certain translated strings which are used by @pinentry{} as default
strings.
@example
commit b9d529557b368548d6a55ae6c2df66ece7023e5f
Author: Neal H. Walfield <neal at gnu.org>
Date: Fri May 1 20:37:00 2015 +0200
Improve comment.
* tty/pinentry-tty.c (tty_cmd_handler): Add comment.
--
diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
index bfd5e26..548c51d 100644
--- a/tty/pinentry-tty.c
+++ b/tty/pinentry-tty.c
@@ -218,6 +218,11 @@ tty_cmd_handler(pinentry_t pinentry)
fprintf (ttyfo, "%s\n",
pinentry->description? pinentry->description:"");
fflush (ttyfo);
+
+ /* If pinentry->one_button is set, then
+ pinentry->description contains an informative message,
+ which the user needs to dismiss. Since we are showing
+ this in a terminal, there is no window to dismiss. */
if (! pinentry->one_button)
rc = confirm (pinentry, ttyfi, ttyfo);
}
commit 189ab07e94dc2d4103c1edf00e15e0156df89297
Author: Neal H. Walfield <neal at gnu.org>
Date: Fri May 1 20:35:59 2015 +0200
When reading the pin, correctly handle backspace.
* tty/pinentry-tty.c (read_password): Handle backspace.
--
diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
index a6ca7ff..bfd5e26 100644
--- a/tty/pinentry-tty.c
+++ b/tty/pinentry-tty.c
@@ -82,6 +82,7 @@ static int
read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo)
{
int count;
+ int done;
char *prompt = NULL;
if (cbreak (fileno (ttyfi)) == -1)
@@ -106,16 +107,29 @@ read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo)
memset (pinentry->pin, 0, pinentry->pin_len);
- count = 0;
- while (count+1 < pinentry->pin_len)
+ done = count = 0;
+ while (!done && count < pinentry->pin_len - 1)
{
char c = fgetc (ttyfi);
- if (c == '\n')
- break;
- fflush (ttyfo);
- pinentry->pin[count++] = c;
+ switch (c)
+ {
+ case '\n':
+ done = 1;
+ break;
+
+ case 0x7f:
+ /* Backspace. */
+ if (count > 0)
+ count --;
+ break;
+
+ default:
+ pinentry->pin[count ++] = c;
+ break;
+ }
}
+ pinentry->pin[count] = '\0';
fputc('\n', stdout);
tcsetattr (fileno(ttyfi), TCSANOW, &o_term);
commit c7099565524010b86891fc14b723fc722509d4bb
Author: Neal H. Walfield <neal at gnu.org>
Date: Fri May 1 20:33:55 2015 +0200
Improve prompt for pin.
* tty/pinentry-tty.c (read_password): Improve prompt for pin.
--
diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
index 1e14710..a6ca7ff 100644
--- a/tty/pinentry-tty.c
+++ b/tty/pinentry-tty.c
@@ -1,6 +1,7 @@
/* pinentry-curses.c - A secure curses dialog for PIN entry, library version
Copyright (C) 2014 Serge Voilokov
Copyright (C) 2015 Daniel Kahn Gillmor <dkg at fifthhorseman.net>
+ * Copyright (C) 2015 g10 Code GmbH
This file is part of PINENTRY.
@@ -81,6 +82,7 @@ static int
read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo)
{
int count;
+ char *prompt = NULL;
if (cbreak (fileno (ttyfi)) == -1)
{
@@ -90,9 +92,16 @@ read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo)
return -1;
}
- fprintf (ttyfo, "%s\n%s:\n",
+ prompt = pinentry->prompt;
+ if (! prompt)
+ prompt = "PIN";
+
+ fprintf (ttyfo, "%s\n%s%s ",
pinentry->description? pinentry->description:"",
- pinentry->prompt? pinentry->prompt:"PIN? ");
+ prompt,
+ /* Make sure the prompt ends in a : or a question mark. */
+ (prompt[strlen(prompt) - 1] == ':'
+ || prompt[strlen(prompt) - 1] == '?') ? "" : ":");
fflush (ttyfo);
memset (pinentry->pin, 0, pinentry->pin_len);
@@ -107,6 +116,7 @@ read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo)
fflush (ttyfo);
pinentry->pin[count++] = c;
}
+ fputc('\n', stdout);
tcsetattr (fileno(ttyfi), TCSANOW, &o_term);
return strlen (pinentry->pin);
commit 03e4207f11e228a4c079af991f82507539793bae
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Apr 28 13:01:16 2015 -0400
fix small memory leak in pinentry-curses
* pinentry/pinentry-curses.c: free internally allocated local string.
diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c
index 4b7080e..043f8a9 100644
--- a/pinentry/pinentry-curses.c
+++ b/pinentry/pinentry-curses.c
@@ -199,6 +199,8 @@ utf8_to_local (char *lc_ctype, char *string)
memset (&ps, 0, sizeof(mbstate_t));
mbsrtowcs (wcs, &p, len, &ps);
+ free (local);
+
leave:
if (old_ctype)
{
commit 21d28d114259da9cb555ee612e053e6e68f37fd3
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Apr 28 13:01:15 2015 -0400
pinentry-tty: make confirm actions work
* tty/pinentry-tty.c: treat the situation where no PIN is requested
and one_button is not set as a confirmation prompt.
--
When user confirmation is requested on a dumb terminal, we use the
value of the "OK" button followed with [y/N]? as the confirmation
prompt. User typing is echoed as normal, since a confirmation prompt
is not a password entry.
diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
index 358681b..1e14710 100644
--- a/tty/pinentry-tty.c
+++ b/tty/pinentry-tty.c
@@ -60,6 +60,24 @@ cbreak (int fd)
}
static int
+confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo)
+{
+ char buf[32], *ret;
+ pinentry->canceled = 1;
+ fprintf (ttyfo, "%s [y/N]? ", pinentry->ok ? pinentry->ok : "OK");
+ fflush (ttyfo);
+ buf[0] = '\0';
+ ret = fgets (buf, sizeof(buf), ttyfi);
+ if (ret && (buf[0] == 'y' || buf[0] == 'Y'))
+ {
+ pinentry->canceled = 0;
+ return 1;
+ }
+ return 0;
+}
+
+
+static int
read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo)
{
int count;
@@ -176,6 +194,8 @@ tty_cmd_handler(pinentry_t pinentry)
fprintf (ttyfo, "%s\n",
pinentry->description? pinentry->description:"");
fflush (ttyfo);
+ if (! pinentry->one_button)
+ rc = confirm (pinentry, ttyfi, ttyfo);
}
do_touch_file (pinentry);
}
commit 93bd60a3ca91581a1cf8e754c4fb51e54c9e7ce9
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Apr 28 13:01:14 2015 -0400
pinentry-tty: fix segfault on MESSAGE or CONFIRM
* tty/pinentry-tty.c: avoid prompting for a PIN when one was not asked
for.
--
Before this, pinentry-tty would segfault when asked for MESSAGE or
CONFIRM:
0 dkg at alice:~$ pinentry-tty
OK Your orders please
SETDESC testing testing
OK
MESSAGE
testing testing
PIN? :
Segmentation fault
139 dkg at alice:~$
diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
index 5351529..358681b 100644
--- a/tty/pinentry-tty.c
+++ b/tty/pinentry-tty.c
@@ -169,7 +169,14 @@ tty_cmd_handler(pinentry_t pinentry)
if (rc == 0)
{
- rc = read_password (pinentry, ttyfi, ttyfo);
+ if (pinentry->pin)
+ rc = read_password (pinentry, ttyfi, ttyfo);
+ else
+ {
+ fprintf (ttyfo, "%s\n",
+ pinentry->description? pinentry->description:"");
+ fflush (ttyfo);
+ }
do_touch_file (pinentry);
}
commit b4bf75f24f1126a8ba8f8c1c025103c2dcee0710
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Tue Apr 28 13:01:13 2015 -0400
pinentry-tty: handle designated tty outside of read_password
* tty/pinentry-tty.c: reorganize, wrapping read_password in tty
open/close.
--
This patch sets the stage to simplify the subsequent fixes.
diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c
index 8f680fd..5351529 100644
--- a/tty/pinentry-tty.c
+++ b/tty/pinentry-tty.c
@@ -1,5 +1,6 @@
/* pinentry-curses.c - A secure curses dialog for PIN entry, library version
Copyright (C) 2014 Serge Voilokov
+ Copyright (C) 2015 Daniel Kahn Gillmor <dkg at fifthhorseman.net>
This file is part of PINENTRY.
@@ -59,36 +60,13 @@ cbreak (int fd)
}
static int
-read_password (pinentry_t pinentry, const char *tty_name, const char *tty_type)
+read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo)
{
- FILE *ttyfi = stdin;
- FILE *ttyfo = stdout;
int count;
- if (tty_name)
- {
- ttyfi = fopen (tty_name, "r");
- if (!ttyfi)
- return -1;
-
- ttyfo = fopen (tty_name, "w");
- if (!ttyfo)
- {
- int err = errno;
- fclose (ttyfi);
- errno = err;
- return -1;
- }
- }
-
if (cbreak (fileno (ttyfi)) == -1)
{
int err = errno;
- if (tty_name)
- {
- fclose (ttyfi);
- fclose (ttyfo);
- }
fprintf (stderr, "cbreak failure, exiting\n");
errno = err;
return -1;
@@ -113,11 +91,6 @@ read_password (pinentry_t pinentry, const char *tty_name, const char *tty_type)
}
tcsetattr (fileno(ttyfi), TCSANOW, &o_term);
- if (tty_name)
- {
- fclose (ttyfi);
- fclose (ttyfo);
- }
return strlen (pinentry->pin);
}
@@ -158,7 +131,9 @@ catchsig(int sig)
int
tty_cmd_handler(pinentry_t pinentry)
{
- int rc;
+ int rc = 0;
+ FILE *ttyfi = stdin;
+ FILE *ttyfo = stdout;
#ifndef HAVE_DOSISH_SYSTEM
timed_out = 0;
@@ -174,8 +149,36 @@ tty_cmd_handler(pinentry_t pinentry)
}
#endif
- rc = read_password (pinentry, pinentry->ttyname, pinentry->ttytype);
- do_touch_file (pinentry);
+ if (pinentry->ttyname)
+ {
+ ttyfi = fopen (pinentry->ttyname, "r");
+ if (!ttyfi)
+ rc = -1;
+ else
+ {
+ ttyfo = fopen (pinentry->ttyname, "w");
+ if (!ttyfo)
+ {
+ int err = errno;
+ fclose (ttyfi);
+ errno = err;
+ rc = -1;
+ }
+ }
+ }
+
+ if (rc == 0)
+ {
+ rc = read_password (pinentry, ttyfi, ttyfo);
+ do_touch_file (pinentry);
+ }
+
+ if (pinentry->ttyname)
+ {
+ fclose (ttyfi);
+ fclose (ttyfo);
+ }
+
return rc;
}
-----------------------------------------------------------------------
Summary of changes:
README | 4 +-
doc/pinentry.texi | 87 ++++++++++++++--------------
pinentry/pinentry-curses.c | 2 +
tty/pinentry-tty.c | 137 ++++++++++++++++++++++++++++++++-------------
4 files changed, 147 insertions(+), 83 deletions(-)
hooks/post-receive
--
The standard pinentry collection
http://git.gnupg.org
More information about the Gnupg-commits
mailing list