diff options
| author | Werner Koch <[email protected]> | 2015-05-11 16:08:44 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-05-11 16:14:28 +0000 |
| commit | d7293cb317acc40cc9e5189cef33fe9d8b47e62a (patch) | |
| tree | c4f78a96da5769cdbb52fc10fe237a9f6c64520c /agent/call-pinentry.c | |
| parent | agent: Add strings for use by future Pinentry versions. (diff) | |
| download | gnupg-d7293cb317acc40cc9e5189cef33fe9d8b47e62a.tar.gz gnupg-d7293cb317acc40cc9e5189cef33fe9d8b47e62a.zip | |
agent: Add option --no-allow-external-cache.
* agent/agent.h (opt): Add field allow_external_cache.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oNoAllowExternalCache): New.
(opts): Add option --no-allow-external-cache.
(parse_rereadable_options): Set this option.
--
Pinentry 0.9.2 may be build with libsecret support and thus an extra
checkbox is displayed to allow the user to get passwords out of an
libsecret maintained cache. Security aware user may want to avoid
this feature and may do this at runtime by enabling this option.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | agent/call-pinentry.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 64c64a957..5c3743aa4 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -408,23 +408,26 @@ start_pinentry (ctrl_t ctrl) } - /* Indicate to the pinentry that it may read from an external cache. - - It is essential that the pinentry respect this. If the cached - password is not up to date and retry == 1, then, using a version - of GPG Agent that doesn't support this, won't issue another pin - request and the user won't get a chance to correct the - password. */ - rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + if (opt.allow_external_cache) + { + /* Indicate to the pinentry that it may read from an external cache. + + It is essential that the pinentry respect this. If the + cached password is not up to date and retry == 1, then, using + a version of GPG Agent that doesn't support this, won't issue + another pin request and the user won't get a chance to + correct the password. */ + rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) + return unlock_pinentry (rc); + } { /* Provide a few default strings for use by the pinentries. This may help a pinentry to avoid implementing localization code. */ - static struct { const char *key, *value; int mode; } tbl[] = { + static struct { const char *key, *value; int what; } tbl[] = { /* TRANSLATORS: These are labels for buttons etc used in Pinentries. An underscore indicates that the next letter should be used as an accelerator. Double the underscore for @@ -435,7 +438,7 @@ start_pinentry (ctrl_t ctrl) { "yes", N_("|pinentry-label|_Yes") }, { "no", N_("|pinentry-label|_No") }, { "prompt", N_("|pinentry-label|PIN:") }, - { "pwmngr", N_("|pinentry-label|_Save in password manager") }, + { "pwmngr", N_("|pinentry-label|_Save in password manager"), 1 }, { "cf-visi",N_("Do you really want to make your " "passphrase visible on the screen?") }, { "tt-visi",N_("|pinentry-tt|Make passphrase visible") }, @@ -448,6 +451,8 @@ start_pinentry (ctrl_t ctrl) for (idx=0; tbl[idx].key; idx++) { + if (!opt.allow_external_cache && tbl[idx].what == 1) + continue; /* No need for it. */ s = _(tbl[idx].value); if (*s == '|' && (s2=strchr (s+1,'|'))) s = s2+1; |