[git] GnuPG - branch, master, updated. gnupg-2.1.3-31-gd0d4984
by Kristian Fiskerstrand
cvs at cvs.gnupg.org
Thu May 7 15:05:17 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via d0d4984cfec54dee727b9e9d33d09e33c6f2e182 (commit)
via ac77e6254b7e98e69267a2476cd593e36408e975 (commit)
via 56b5c9f94f2e55d096be585ed061ccf1c9ec0de6 (commit)
via 74944330ba7229ed0cbe23cc0f573962a444bd07 (commit)
via d3b5cad2346bd5747789dc62d7804fa5c15f4f3b (commit)
from 874ef16e70ab750db7b153f17a7e859a0db6a2f1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d0d4984cfec54dee727b9e9d33d09e33c6f2e182
Author: Kristian Fiskerstrand <kf at sumptuouscapital.com>
Date: Sun Apr 12 01:11:07 2015 +0200
dirmngr: Fix segfault in ldap engine
(ks-engine-ldap.c) Fix segfault caused by missing check whether uri is
initialized
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index aefd12a..4288119 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -306,7 +306,9 @@ ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri)
"Supported methods: search, get, put\n";
gpg_error_t err;
- if (strcmp (uri->scheme, "ldap") == 0
+ if(!uri)
+ err = ks_print_help (ctrl, " ldap");
+ else if (strcmp (uri->scheme, "ldap") == 0
|| strcmp (uri->scheme, "ldaps") == 0
|| strcmp (uri->scheme, "ldapi") == 0)
err = ks_print_help (ctrl, data);
commit ac77e6254b7e98e69267a2476cd593e36408e975
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed May 6 15:27:23 2015 +0200
agent: Improve some comments.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 8c6fd08..77b1739 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -47,8 +47,8 @@
/* Because access to the pinentry must be serialized (it is and shall
- be a global mutual dialog) we should better timeout further
- requests after some time. 2 minutes seem to be a reasonable
+ be a global mutually exclusive dialog) we better timeout pending
+ requests after some time. 1 minute seem to be a reasonable
time. */
#define LOCK_TIMEOUT (1*60)
@@ -279,8 +279,8 @@ start_pinentry (ctrl_t ctrl)
log_error ("error flushing pending output: %s\n", strerror (errno));
/* At least Windows XP fails here with EBADF. According to docs
and Wine an fflush(NULL) is the same as _flushall. However
- the Wime implementaion does not flush stdin,stdout and stderr
- - see above. Lets try to ignore the error. */
+ the Wine implementaion does not flush stdin,stdout and stderr
+ - see above. Let's try to ignore the error. */
#ifndef HAVE_W32_SYSTEM
return unlock_pinentry (tmperr);
#endif
@@ -490,7 +490,7 @@ start_pinentry (ctrl_t ctrl)
}
-/* Returns True is the pinentry is currently active. If WAITSECONDS is
+/* Returns True if the pinentry is currently active. If WAITSECONDS is
greater than zero the function will wait for this many seconds
before returning. */
int
@@ -564,7 +564,7 @@ all_digitsp( const char *s)
/* Return a new malloced string by unescaping the string S. Escaping
is percent escaping and '+'/space mapping. A binary Nul will
silently be replaced by a 0xFF. Function returns NULL to indicate
- an out of memory status. PArsing stops at the end of the string or
+ an out of memory status. Parsing stops at the end of the string or
a white space character. */
static char *
unescape_passphrase_string (const unsigned char *s)
@@ -747,7 +747,7 @@ pinentry_status_cb (void *opaque, const char *line)
/* Call the Entry and ask for the PIN. We do check for a valid PIN
number here and repeat it as long as we have invalid formed
- numbers. KEYINFO and CACHEMODE are used to tell pinentry something
+ numbers. KEYINFO and CACHE_MODE are used to tell pinentry something
about the key. */
int
agent_askpin (ctrl_t ctrl,
commit 56b5c9f94f2e55d096be585ed061ccf1c9ec0de6
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed May 6 15:20:32 2015 +0200
agent: Improve support for externally cached passwords.
* agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New
constant.
(pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was
provided.
(agent_askpin): Pass "OPTION allow-external-password-cache" to the
pinentry. Always pass SETKEYINFO to the pinentry. If there is no
stable identifier, then use "--clear". If the password is incorrect
and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS,
then decrement PININFO->FAILED_TRIES.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 9253866..8c6fd08 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -713,7 +713,8 @@ setup_qualitybar (void)
enum
{
PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0,
- PINENTRY_STATUS_PIN_REPEATED = 1 << 8
+ PINENTRY_STATUS_PIN_REPEATED = 1 << 8,
+ PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9
};
/* Check the button_info line for a close action. Also check for the
@@ -733,6 +734,10 @@ pinentry_status_cb (void *opaque, const char *line)
{
*flag |= PINENTRY_STATUS_PIN_REPEATED;
}
+ else if (has_leading_keyword (line, "PASSWORD_FROM_CACHE"))
+ {
+ *flag |= PINENTRY_STATUS_PASSWORD_FROM_CACHE;
+ }
return 0;
}
@@ -809,23 +814,36 @@ agent_askpin (ctrl_t ctrl,
if (rc)
return rc;
- /* If we have a KYEINFO string and are normal, user, or ssh cache
+ /* Indicate to the pinentry that it may read from an external cache.
+
+ It is essential that the pinentry respect this. If the cached
+ password is not up to date and retry == 1, then, using a version
+ of GPG Agent that doesn't support this, won't issue another pin
+ request and the user won't get a chance to correct the
+ password. */
+ rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
+ return unlock_pinentry (rc);
+
+ /* If we have a KEYINFO string and are normal, user, or ssh cache
mode, we tell that the Pinentry so it may use it for own caching
purposes. Most pinentries won't have this implemented and thus
we do not error out in this case. */
if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
|| cache_mode == CACHE_MODE_USER
|| cache_mode == CACHE_MODE_SSH))
- {
- snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
- cache_mode == CACHE_MODE_USER? 'u' :
- cache_mode == CACHE_MODE_SSH? 's' : 'n',
- keyinfo);
- rc = assuan_transact (entry_ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
- return unlock_pinentry (rc);
- }
+ snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
+ cache_mode == CACHE_MODE_USER? 'u' :
+ cache_mode == CACHE_MODE_SSH? 's' : 'n',
+ keyinfo);
+ else
+ snprintf (line, DIM(line)-1, "SETKEYINFO --clear");
+
+ rc = assuan_transact (entry_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
+ return unlock_pinentry (rc);
snprintf (line, DIM(line)-1, "SETDESC %s", desc_text);
line[DIM(line)-1] = 0;
@@ -965,6 +983,11 @@ agent_askpin (ctrl_t ctrl,
pininfo->repeat_okay = 1;
return unlock_pinentry (0); /* okay, got a PIN or passphrase */
}
+
+ if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
+ /* The password was read from the cache. Don't count this
+ against the retry count. */
+ pininfo->failed_tries --;
}
return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
commit 74944330ba7229ed0cbe23cc0f573962a444bd07
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed May 6 14:50:38 2015 +0200
agent: Or in the value; don't overwrite the variable.
* agent/call-pinentry.c (pinentry_status_cb): Or in
PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index d24a759..9253866 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -727,7 +727,7 @@ pinentry_status_cb (void *opaque, const char *line)
if ((args = has_leading_keyword (line, "BUTTON_INFO")))
{
if (!strcmp (args, "close"))
- *flag = PINENTRY_STATUS_CLOSE_BUTTON;
+ *flag |= PINENTRY_STATUS_CLOSE_BUTTON;
}
else if (has_leading_keyword (line, "PIN_REPEATED"))
{
commit d3b5cad2346bd5747789dc62d7804fa5c15f4f3b
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed May 6 14:35:22 2015 +0200
agent: Avoid magic numbers. Use more accurate names.
* agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant.
(PINENTRY_STATUS_PIN_REPEATED): Likewise.
(close_button_status_cb): Rename from this...
(pinentry_status_cb): ... to this. Use the constants.
(agent_askpin): Rename local variable from close_button to
pinentry_status. Use symbolic constants rather than magic numbers.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index d3a0547..d24a759 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -710,11 +710,16 @@ setup_qualitybar (void)
return 0;
}
+enum
+ {
+ PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0,
+ PINENTRY_STATUS_PIN_REPEATED = 1 << 8
+ };
/* Check the button_info line for a close action. Also check for the
PIN_REPEATED flag. */
static gpg_error_t
-close_button_status_cb (void *opaque, const char *line)
+pinentry_status_cb (void *opaque, const char *line)
{
unsigned int *flag = opaque;
const char *args;
@@ -722,11 +727,11 @@ close_button_status_cb (void *opaque, const char *line)
if ((args = has_leading_keyword (line, "BUTTON_INFO")))
{
if (!strcmp (args, "close"))
- *flag = 1;
+ *flag = PINENTRY_STATUS_CLOSE_BUTTON;
}
else if (has_leading_keyword (line, "PIN_REPEATED"))
{
- *flag |= 256;
+ *flag |= PINENTRY_STATUS_PIN_REPEATED;
}
return 0;
@@ -752,7 +757,7 @@ agent_askpin (ctrl_t ctrl,
const char *errtext = NULL;
int is_pin = 0;
int saveflag;
- unsigned int close_button;
+ unsigned int pinentry_status;
if (opt.batch)
return 0; /* fixme: we should return BAD PIN */
@@ -901,10 +906,10 @@ agent_askpin (ctrl_t ctrl,
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
- close_button = 0;
+ pinentry_status = 0;
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx,
- close_button_status_cb, &close_button);
+ pinentry_status_cb, &pinentry_status);
assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
@@ -916,7 +921,8 @@ agent_askpin (ctrl_t ctrl,
/* Change error code in case the window close button was clicked
to cancel the operation. */
- if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED)
+ if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON)
+ && gpg_err_code (rc) == GPG_ERR_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA)
@@ -954,7 +960,8 @@ agent_askpin (ctrl_t ctrl,
if (!errtext)
{
- if (pininfo->with_repeat && (close_button & 256))
+ if (pininfo->with_repeat
+ && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED))
pininfo->repeat_okay = 1;
return unlock_pinentry (0); /* okay, got a PIN or passphrase */
}
@@ -978,7 +985,7 @@ agent_get_passphrase (ctrl_t ctrl,
char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm;
int saveflag;
- unsigned int close_button;
+ unsigned int pinentry_status;
*retpass = NULL;
if (opt.batch)
@@ -1055,10 +1062,10 @@ agent_get_passphrase (ctrl_t ctrl,
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
- close_button = 0;
+ pinentry_status = 0;
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx,
- close_button_status_cb, &close_button);
+ pinentry_status_cb, &pinentry_status);
assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
@@ -1067,7 +1074,8 @@ agent_get_passphrase (ctrl_t ctrl,
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
/* Change error code in case the window close button was clicked
to cancel the operation. */
- if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED)
+ if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON)
+ && gpg_err_code (rc) == GPG_ERR_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
if (rc)
-----------------------------------------------------------------------
Summary of changes:
agent/call-pinentry.c | 91 ++++++++++++++++++++++++++++++++----------------
dirmngr/ks-engine-ldap.c | 4 ++-
2 files changed, 64 insertions(+), 31 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list