diff options
Diffstat (limited to 'agent')
| -rw-r--r-- | agent/agent.h | 1 | ||||
| -rw-r--r-- | agent/cache.c | 29 | ||||
| -rw-r--r-- | agent/findkey.c | 42 |
3 files changed, 71 insertions, 1 deletions
diff --git a/agent/agent.h b/agent/agent.h index 4ed8c7fe6..a420baed9 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -364,6 +364,7 @@ void agent_flush_cache (void); int agent_put_cache (const char *key, cache_mode_t cache_mode, const char *data, int ttl); char *agent_get_cache (const char *key, cache_mode_t cache_mode); +void agent_store_cache_hit (const char *key); /*-- pksign.c --*/ diff --git a/agent/cache.c b/agent/cache.c index d4deaeb8c..49402e434 100644 --- a/agent/cache.c +++ b/agent/cache.c @@ -65,6 +65,9 @@ struct cache_item_s { /* The cache himself. */ static ITEM thecache; +/* NULL or the last cache key stored by agent_store_cache_hit. */ +static char *last_stored_cache_key; + /* This function must be called once to initialize this module. It has to be done before a second thread is spawned. */ @@ -388,12 +391,24 @@ agent_get_cache (const char *key, cache_mode_t cache_mode) ITEM r; char *value = NULL; int res; + int last_stored = 0; if (cache_mode == CACHE_MODE_IGNORE) return NULL; + if (!key) + { + key = last_stored_cache_key; + if (!key) + return NULL; + last_stored = 1; + } + + if (DBG_CACHE) - log_debug ("agent_get_cache '%s' (mode %d) ...\n", key, cache_mode); + log_debug ("agent_get_cache '%s' (mode %d)%s ...\n", + key, cache_mode, + last_stored? " (stored cache key)":""); housekeeping (); for (r=thecache; r; r = r->next) @@ -404,6 +419,7 @@ agent_get_cache (const char *key, cache_mode_t cache_mode) || r->cache_mode == cache_mode) && !strcmp (r->key, key)) { + /* Note: To avoid races KEY may not be accessed anymore below. */ r->accessed = gnupg_get_time (); if (DBG_CACHE) log_debug ("... hit\n"); @@ -442,3 +458,14 @@ agent_get_cache (const char *key, cache_mode_t cache_mode) return NULL; } + + +/* Store the key for the last successful cache hit. That value is + used by agent_get_cache if the requested KEY is given as NULL. + NULL may be used to remove that key. */ +void +agent_store_cache_hit (const char *key) +{ + xfree (last_stored_cache_key); + last_stored_cache_key = key? xtrystrdup (key) : NULL; +} diff --git a/agent/findkey.c b/agent/findkey.c index 5ff263ef4..fbe303116 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -372,6 +372,8 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen); if (!rc) { + if (cache_mode == CACHE_MODE_NORMAL) + agent_store_cache_hit (hexgrip); if (r_passphrase) *r_passphrase = pw; else @@ -383,6 +385,45 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, xfree (pw); rc = 0; } + else if (cache_mode == CACHE_MODE_NORMAL) + { + /* The standard use of GPG keys is to have a signing and an + encryption subkey. Commonly both use the same + passphrase. We try to help the user to enter the + passphrase only once by silently trying the last + correctly entered passphrase. Checking one additional + passphrase should be acceptable; despite the S2K + introduced delays. The assumed workflow is: + + 1. Read encrypted message in a MUA and thus enter a + passphrase for the encryption subkey. + + 2. Reply to that mail with an encrypted and signed + mail, thus entering the passphrase for the signing + subkey. + + We can often avoid the passphrase entry in the second + step. We do this only in normal mode, so not to + interfere with unrelated cache entries. */ + pw = agent_get_cache (NULL, cache_mode); + if (pw) + { + rc = agent_unprotect (ctrl, *keybuf, pw, NULL, + &result, &resultlen); + if (!rc) + { + if (r_passphrase) + *r_passphrase = pw; + else + xfree (pw); + xfree (*keybuf); + *keybuf = result; + return 0; + } + xfree (pw); + rc = 0; + } + } /* If the pinentry is currently in use, we wait up to 60 seconds for it to close and check the cache again. This solves a common @@ -460,6 +501,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, { agent_put_cache (hexgrip, cache_mode, pi->pin, lookup_ttl? lookup_ttl (hexgrip) : 0); + agent_store_cache_hit (hexgrip); if (r_passphrase && *pi->pin) *r_passphrase = xtrystrdup (pi->pin); } |