[git] GnuPG - branch, neal/next, updated. gnupg-2.1.3-27-geac873b

by Neal H. Walfield cvs at cvs.gnupg.org
Wed May 6 15:27:43 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, neal/next has been updated
       via  eac873b88bfb52055a3f684792d6691b2112caa7 (commit)
       via  8f07d6af9c01e6f34514f07258bcb61cc74f1806 (commit)
      from  e9f7a8d9dfa37c4980fec16527a3ee3db75e8c5c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit eac873b88bfb52055a3f684792d6691b2112caa7
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed May 6 15:27:23 2015 +0200

    agent: Improve some comments.
    
    --
    
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 8c6fd08..77b1739 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -47,8 +47,8 @@
 
 
 /* Because access to the pinentry must be serialized (it is and shall
-   be a global mutual dialog) we should better timeout further
-   requests after some time.  2 minutes seem to be a reasonable
+   be a global mutually exclusive dialog) we better timeout pending
+   requests after some time.  1 minute seem to be a reasonable
    time. */
 #define LOCK_TIMEOUT  (1*60)
 
@@ -279,8 +279,8 @@ start_pinentry (ctrl_t ctrl)
       log_error ("error flushing pending output: %s\n", strerror (errno));
       /* At least Windows XP fails here with EBADF.  According to docs
          and Wine an fflush(NULL) is the same as _flushall.  However
-         the Wime implementaion does not flush stdin,stdout and stderr
-         - see above.  Lets try to ignore the error. */
+         the Wine implementaion does not flush stdin,stdout and stderr
+         - see above.  Let's try to ignore the error. */
 #ifndef HAVE_W32_SYSTEM
       return unlock_pinentry (tmperr);
 #endif
@@ -490,7 +490,7 @@ start_pinentry (ctrl_t ctrl)
 }
 
 
-/* Returns True is the pinentry is currently active. If WAITSECONDS is
+/* Returns True if the pinentry is currently active. If WAITSECONDS is
    greater than zero the function will wait for this many seconds
    before returning.  */
 int
@@ -564,7 +564,7 @@ all_digitsp( const char *s)
 /* Return a new malloced string by unescaping the string S.  Escaping
    is percent escaping and '+'/space mapping.  A binary Nul will
    silently be replaced by a 0xFF.  Function returns NULL to indicate
-   an out of memory status.  PArsing stops at the end of the string or
+   an out of memory status.  Parsing stops at the end of the string or
    a white space character. */
 static char *
 unescape_passphrase_string (const unsigned char *s)
@@ -747,7 +747,7 @@ pinentry_status_cb (void *opaque, const char *line)
 

 /* Call the Entry and ask for the PIN.  We do check for a valid PIN
    number here and repeat it as long as we have invalid formed
-   numbers.  KEYINFO and CACHEMODE are used to tell pinentry something
+   numbers.  KEYINFO and CACHE_MODE are used to tell pinentry something
    about the key. */
 int
 agent_askpin (ctrl_t ctrl,

commit 8f07d6af9c01e6f34514f07258bcb61cc74f1806
Author: Neal H. Walfield <neal at g10code.com>
Date:   Wed May 6 15:20:32 2015 +0200

    agent: Improve support for externally cached passwords.
    
    * agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New
    constant.
    (pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was
    provided.
    (agent_askpin): Pass "OPTION allow-external-password-cache" to the
    pinentry.  Always pass SETKEYINFO to the pinentry.  If there is no
    stable identifier, then use "--clear".  If the password is incorrect
    and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS,
    then decrement PININFO->FAILED_TRIES.
    
    --
    
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 9253866..8c6fd08 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -713,7 +713,8 @@ setup_qualitybar (void)
 enum
   {
     PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0,
-    PINENTRY_STATUS_PIN_REPEATED = 1 << 8
+    PINENTRY_STATUS_PIN_REPEATED = 1 << 8,
+    PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9
   };
 
 /* Check the button_info line for a close action.  Also check for the
@@ -733,6 +734,10 @@ pinentry_status_cb (void *opaque, const char *line)
     {
       *flag |= PINENTRY_STATUS_PIN_REPEATED;
     }
+  else if (has_leading_keyword (line, "PASSWORD_FROM_CACHE"))
+    {
+      *flag |= PINENTRY_STATUS_PASSWORD_FROM_CACHE;
+    }
 
   return 0;
 }
@@ -809,23 +814,36 @@ agent_askpin (ctrl_t ctrl,
   if (rc)
     return rc;
 
-  /* If we have a KYEINFO string and are normal, user, or ssh cache
+  /* Indicate to the pinentry that it may read from an external cache.
+
+     It is essential that the pinentry respect this.  If the cached
+     password is not up to date and retry == 1, then, using a version
+     of GPG Agent that doesn't support this, won't issue another pin
+     request and the user won't get a chance to correct the
+     password.  */
+  rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache",
+			NULL, NULL, NULL, NULL, NULL, NULL);
+  if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
+    return unlock_pinentry (rc);
+
+  /* If we have a KEYINFO string and are normal, user, or ssh cache
      mode, we tell that the Pinentry so it may use it for own caching
      purposes.  Most pinentries won't have this implemented and thus
      we do not error out in this case.  */
   if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
                   || cache_mode == CACHE_MODE_USER
                   || cache_mode == CACHE_MODE_SSH))
-    {
-      snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
-                cache_mode == CACHE_MODE_USER? 'u' :
-                cache_mode == CACHE_MODE_SSH? 's' : 'n',
-                keyinfo);
-      rc = assuan_transact (entry_ctx, line,
-                            NULL, NULL, NULL, NULL, NULL, NULL);
-      if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
-        return unlock_pinentry (rc);
-    }
+    snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
+	      cache_mode == CACHE_MODE_USER? 'u' :
+	      cache_mode == CACHE_MODE_SSH? 's' : 'n',
+	      keyinfo);
+  else
+    snprintf (line, DIM(line)-1, "SETKEYINFO --clear");
+
+  rc = assuan_transact (entry_ctx, line,
+			NULL, NULL, NULL, NULL, NULL, NULL);
+  if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
+    return unlock_pinentry (rc);
 
   snprintf (line, DIM(line)-1, "SETDESC %s", desc_text);
   line[DIM(line)-1] = 0;
@@ -965,6 +983,11 @@ agent_askpin (ctrl_t ctrl,
             pininfo->repeat_okay = 1;
           return unlock_pinentry (0); /* okay, got a PIN or passphrase */
         }
+
+      if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
+	/* The password was read from the cache.  Don't count this
+	   against the retry count.  */
+	pininfo->failed_tries --;
     }
 
   return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN

-----------------------------------------------------------------------

Summary of changes:
 agent/call-pinentry.c | 61 +++++++++++++++++++++++++++++++++++----------------
 1 file changed, 42 insertions(+), 19 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list