[git] GnuPG - branch, master, updated. gnupg-2.1.3-41-gd7293cb
by Werner Koch
cvs at cvs.gnupg.org
Mon May 11 18:16:03 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via d7293cb317acc40cc9e5189cef33fe9d8b47e62a (commit)
from 02d5e1205489aa5027a87a64552eaf15984dc22d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d7293cb317acc40cc9e5189cef33fe9d8b47e62a
Author: Werner Koch <wk at gnupg.org>
Date: Mon May 11 18:08:44 2015 +0200
agent: Add option --no-allow-external-cache.
* agent/agent.h (opt): Add field allow_external_cache.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oNoAllowExternalCache): New.
(opts): Add option --no-allow-external-cache.
(parse_rereadable_options): Set this option.
--
Pinentry 0.9.2 may be build with libsecret support and thus an extra
checkbox is displayed to allow the user to get passwords out of an
libsecret maintained cache. Security aware user may want to avoid
this feature and may do this at runtime by enabling this option.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/agent.h b/agent/agent.h
index 4d28eff..45f71eb 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -128,6 +128,11 @@ struct
pinentry-mode=loopback is allowed. */
int allow_loopback_pinentry;
+ /* Allow the use of an external password cache. If this option is
+ enabled (which is the default) we send an option to Pinentry
+ to allow it to enable such a cache. */
+ int allow_external_cache;
+
int keep_tty; /* Don't switch the TTY (for pinentry) on request */
int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 64c64a9..5c3743a 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -408,23 +408,26 @@ start_pinentry (ctrl_t ctrl)
}
- /* Indicate to the pinentry that it may read from an external cache.
-
- It is essential that the pinentry respect this. If the cached
- password is not up to date and retry == 1, then, using a version
- of GPG Agent that doesn't support this, won't issue another pin
- request and the user won't get a chance to correct the
- password. */
- rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache",
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
- return unlock_pinentry (rc);
+ if (opt.allow_external_cache)
+ {
+ /* Indicate to the pinentry that it may read from an external cache.
+
+ It is essential that the pinentry respect this. If the
+ cached password is not up to date and retry == 1, then, using
+ a version of GPG Agent that doesn't support this, won't issue
+ another pin request and the user won't get a chance to
+ correct the password. */
+ rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
+ return unlock_pinentry (rc);
+ }
{
/* Provide a few default strings for use by the pinentries. This
may help a pinentry to avoid implementing localization code. */
- static struct { const char *key, *value; int mode; } tbl[] = {
+ static struct { const char *key, *value; int what; } tbl[] = {
/* TRANSLATORS: These are labels for buttons etc used in
Pinentries. An underscore indicates that the next letter
should be used as an accelerator. Double the underscore for
@@ -435,7 +438,7 @@ start_pinentry (ctrl_t ctrl)
{ "yes", N_("|pinentry-label|_Yes") },
{ "no", N_("|pinentry-label|_No") },
{ "prompt", N_("|pinentry-label|PIN:") },
- { "pwmngr", N_("|pinentry-label|_Save in password manager") },
+ { "pwmngr", N_("|pinentry-label|_Save in password manager"), 1 },
{ "cf-visi",N_("Do you really want to make your "
"passphrase visible on the screen?") },
{ "tt-visi",N_("|pinentry-tt|Make passphrase visible") },
@@ -448,6 +451,8 @@ start_pinentry (ctrl_t ctrl)
for (idx=0; tbl[idx].key; idx++)
{
+ if (!opt.allow_external_cache && tbl[idx].what == 1)
+ continue; /* No need for it. */
s = _(tbl[idx].value);
if (*s == '|' && (s2=strchr (s+1,'|')))
s = s2+1;
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index c846ab4..659aa2c 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -119,6 +119,7 @@ enum cmd_and_opt_values
oNoAllowMarkTrusted,
oAllowPresetPassphrase,
oAllowLoopbackPinentry,
+ oNoAllowExternalCache,
oKeepTTY,
oKeepDISPLAY,
oSSHSupport,
@@ -168,6 +169,10 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon",
/* */ N_("do not use the SCdaemon") ),
ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
+
+ ARGPARSE_s_s (oExtraSocket, "extra-socket",
+ /* */ N_("|NAME|accept some commands via NAME")),
+
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
ARGPARSE_s_n (oBatch, "batch", "@"),
@@ -200,6 +205,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing",
/* */ N_("do not use the PIN cache when signing")),
+ ARGPARSE_s_n (oNoAllowExternalCache, "no-allow-external-cache",
+ /* */ N_("disallow the use of an external password cache")),
ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted",
/* */ N_("disallow clients to mark keys as \"trusted\"")),
ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"),
@@ -207,6 +214,7 @@ static ARGPARSE_OPTS opts[] = {
/* */ N_("allow presetting passphrase")),
ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry",
N_("allow caller to override the pinentry")),
+
ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")),
ARGPARSE_s_n (oPuttySupport, "enable-putty-support",
#ifdef HAVE_W32_SYSTEM
@@ -215,7 +223,6 @@ static ARGPARSE_OPTS opts[] = {
/* */ "@"
#endif
),
- ARGPARSE_s_s (oExtraSocket, "extra-socket", "@"),
/* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
@@ -557,6 +564,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.enable_passhrase_history = 0;
opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 1;
+ opt.allow_external_cache = 1;
opt.disable_scdaemon = 0;
disable_check_own_socket = 0;
return 1;
@@ -623,6 +631,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break;
+ case oNoAllowExternalCache: opt.allow_external_cache = 0;
+ break;
+
default:
return 0; /* not handled */
}
@@ -1056,6 +1067,8 @@ main (int argc, char **argv )
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("ignore-cache-for-signing:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+ es_printf ("no-allow-external-cache:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("no-allow-mark-trusted:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("disable-scdaemon:%lu:\n",
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 469c762..dea462e 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -377,6 +377,19 @@ Allow clients to use the loopback pinentry features; see the option
@option{pinentry-mode} for details.
@end ifset
+ at ifset gpgtwoone
+ at item --no-allow-external-cache
+ at opindex no-allow-external-cache
+Tell Pinentry not to enable features which use an external cache for
+passphrases.
+
+Some desktop environments prefer to unlock all
+credentials with one master password and may have installed a Pinentry
+which employs an additional external cache to implement such a policy.
+By using this option the Pinentry is advised not to make use of such a
+cache and instead always ask the user for the requested passphrase.
+ at end ifset
+
@item --ignore-cache-for-signing
@opindex ignore-cache-for-signing
This option will let @command{gpg-agent} bypass the passphrase cache for all
@@ -762,6 +775,7 @@ again. Only certain options are honored: @code{quiet},
@code{debug-pinentry},
@code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl},
@code{max-cache-ttl}, @code{ignore-cache-for-signing},
+ at code{no-allow-external-cache},
@code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
@code{disable-check-own-socket}. @code{scdaemon-program} is also
supported but due to the current implementation, which calls the
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index d0d938f..cf2d188 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -538,6 +538,9 @@ static gc_option_t gc_options_gpg_agent[] =
{ "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 5 +++++
agent/call-pinentry.c | 31 ++++++++++++++++++-------------
agent/gpg-agent.c | 15 ++++++++++++++-
doc/gpg-agent.texi | 14 ++++++++++++++
tools/gpgconf-comp.c | 3 +++
5 files changed, 54 insertions(+), 14 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list