diff options
| author | Werner Koch <[email protected]> | 2018-03-27 06:40:58 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-03-27 06:40:58 +0000 |
| commit | 02dce8c0cc57deb2095a9b06aeb8f4dea34eef7e (patch) | |
| tree | 87bd5eb853bc750761788900a67b602817ebcbfd /agent/findkey.c | |
| parent | gpg: Auto-fix a broken trustdb with just the version record. (diff) | |
| download | gnupg-02dce8c0cc57deb2095a9b06aeb8f4dea34eef7e.tar.gz gnupg-02dce8c0cc57deb2095a9b06aeb8f4dea34eef7e.zip | |
agent: Make the request origin a part of the cache items.
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.
* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto. Take RESTRICTED into account.
(agent_get_cache): Ditto.
--
If requests are coming from different sources they should not share the
same cache. This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.
GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'agent/findkey.c')
| -rw-r--r-- | agent/findkey.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/agent/findkey.c b/agent/findkey.c index e3e9a123f..78c3b1a47 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -511,7 +511,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, { char *pw; - pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); + pw = agent_get_cache (ctrl, cache_nonce, CACHE_MODE_NONCE); if (pw) { rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen); @@ -536,7 +536,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, char *pw; retry: - pw = agent_get_cache (hexgrip, cache_mode); + pw = agent_get_cache (ctrl, hexgrip, cache_mode); if (pw) { rc = agent_unprotect (ctrl, *keybuf, pw, NULL, &result, &resultlen); @@ -574,7 +574,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, We can often avoid the passphrase entry in the second step. We do this only in normal mode, so not to interfere with unrelated cache entries. */ - pw = agent_get_cache (NULL, cache_mode); + pw = agent_get_cache (ctrl, NULL, cache_mode); if (pw) { rc = agent_unprotect (ctrl, *keybuf, pw, NULL, @@ -670,7 +670,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, else { /* Passphrase is fine. */ - agent_put_cache (hexgrip, cache_mode, pi->pin, + agent_put_cache (ctrl, hexgrip, cache_mode, pi->pin, lookup_ttl? lookup_ttl (hexgrip) : 0); agent_store_cache_hit (hexgrip); if (r_passphrase && *pi->pin) |