diff options
| author | Werner Koch <[email protected]> | 2021-08-13 11:42:31 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-08-13 11:42:31 +0000 |
| commit | 7c45a69eb988e9c0329d75900af0c5b1e47291b7 (patch) | |
| tree | 96ced8bfada21a95699d862e4b44ad8025c43573 /agent/call-pinentry.c | |
| parent | indent: Add a git blame ignore file (diff) | |
| download | gnupg-7c45a69eb988e9c0329d75900af0c5b1e47291b7.tar.gz gnupg-7c45a69eb988e9c0329d75900af0c5b1e47291b7.zip | |
agent: New option --check-sym-passphrase-pattern.
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg. Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing. Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constrainst flag from the supplied pinentry
struct.
--
Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different. Thus a
the use of a different pattern file will be useful. Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.
GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'agent/call-pinentry.c')
| -rw-r--r-- | agent/call-pinentry.c | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index ed37363da..585ddefac 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -91,6 +91,7 @@ struct entry_parm_s size_t size; unsigned char *buffer; int status; + unsigned int constraints_flags; }; @@ -865,10 +866,17 @@ generate_pin (void) /* Handle inquiries. */ +struct inq_cb_parm_s +{ + assuan_context_t ctx; + unsigned int flags; /* CHECK_CONSTRAINTS_... */ +}; + + static gpg_error_t inq_cb (void *opaque, const char *line) { - assuan_context_t ctx = opaque; + struct inq_cb_parm_s *parm = opaque; gpg_error_t err; const char *s; char *pin; @@ -884,10 +892,10 @@ inq_cb (void *opaque, const char *line) else { percent = estimate_passphrase_quality (pin); - if (check_passphrase_constraints (NULL, pin, 0, NULL)) + if (check_passphrase_constraints (NULL, pin, parm->flags, NULL)) percent = -percent; snprintf (numbuf, sizeof numbuf, "%d", percent); - err = assuan_send_data (ctx, numbuf, strlen (numbuf)); + err = assuan_send_data (parm->ctx, numbuf, strlen (numbuf)); xfree (pin); } } @@ -909,14 +917,14 @@ inq_cb (void *opaque, const char *line) err = gpg_error_from_syserror (); else { - if (check_passphrase_constraints (NULL, pin, 0, &errtext)) + if (check_passphrase_constraints (NULL, pin, parm->flags, &errtext)) { if (errtext) { /* Unescape the percent-escaped errtext because assuan_send_data escapes it again. */ errtextlen = percent_unescape_inplace (errtext, 0); - err = assuan_send_data (ctx, errtext, errtextlen); + err = assuan_send_data (parm->ctx, errtext, errtextlen); } else { @@ -926,7 +934,7 @@ inq_cb (void *opaque, const char *line) } else { - err = assuan_send_data (ctx, NULL, 0); + err = assuan_send_data (parm->ctx, NULL, 0); } xfree (errtext); xfree (pin); @@ -945,11 +953,11 @@ inq_cb (void *opaque, const char *line) err = gpg_error (GPG_ERR_GENERAL); goto leave; } - if (!check_passphrase_constraints (NULL, pin, 0, NULL)) + if (!check_passphrase_constraints (NULL, pin, parm->flags, NULL)) { - assuan_begin_confidential (ctx); - err = assuan_send_data (ctx, pin, strlen (pin)); - assuan_end_confidential (ctx); + assuan_begin_confidential (parm->ctx); + err = assuan_send_data (parm->ctx, pin, strlen (pin)); + assuan_end_confidential (parm->ctx); xfree (pin); goto leave; } @@ -1333,14 +1341,18 @@ do_getpin (ctrl_t ctrl, struct entry_parm_s *parm) int saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); gnupg_fd_t sock_watched = ctrl->thread_startup.fd; npth_t thread; + struct inq_cb_parm_s inq_cb_parm; rc = watch_sock_start (&sock_watched, &thread); if (rc) return rc; + inq_cb_parm.ctx = entry_ctx; + inq_cb_parm.flags = parm->constraints_flags; + assuan_begin_confidential (entry_ctx); rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, parm, - inq_cb, entry_ctx, + inq_cb, &inq_cb_parm, pinentry_status_cb, &parm->status); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code @@ -1493,6 +1505,7 @@ agent_askpin (ctrl_t ctrl, parm.size = pininfo->max_length; *pininfo->pin = 0; /* Reset the PIN. */ parm.buffer = (unsigned char*)pininfo->pin; + parm.constraints_flags = pininfo->constraints_flags; if (errtext) { |