diff options
| author | Werner Koch <[email protected]> | 2004-09-29 13:50:31 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2004-09-29 13:50:31 +0000 |
| commit | 530a0a91c4f5dc935278f64be26090f51acc9586 (patch) | |
| tree | 144e3ce60590e21529cfe33af20c25f6eb1581bf /sm/import.c | |
| parent | Changed license of the manual stuff to GPL. (diff) | |
| download | gnupg-530a0a91c4f5dc935278f64be26090f51acc9586.tar.gz gnupg-530a0a91c4f5dc935278f64be26090f51acc9586.zip | |
* minip12.c (parse_bag_encrypted_data): Print error if a bad
passphrase has been given.
* gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the
expected pinentry filename.
* import.c (parse_p12): Write an error status line for bad
passphrases. Add new arg CTRL and changed caller.
* export.c (export_p12): Likewise.
Diffstat (limited to 'sm/import.c')
| -rw-r--r-- | sm/import.c | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/sm/import.c b/sm/import.c index 836ac0877..938bc17d0 100644 --- a/sm/import.c +++ b/sm/import.c @@ -55,7 +55,7 @@ struct stats_s { }; -static gpg_error_t parse_p12 (ksba_reader_t reader, FILE **retfp, +static gpg_error_t parse_p12 (ctrl_t ctrl, ksba_reader_t reader, FILE **retfp, struct stats_s *stats); @@ -341,7 +341,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd) Base64Context b64p12rdr; ksba_reader_t p12rdr; - rc = parse_p12 (reader, &certfp, stats); + rc = parse_p12 (ctrl, reader, &certfp, stats); if (!rc) { any = 1; @@ -572,13 +572,14 @@ popen_protect_tool (const char *pgmname, /* Assume that the reader is at a pkcs#12 message and try to import - certificates from that stupid format. We will alos store secret + certificates from that stupid format. We will also store secret keys. All of the pkcs#12 parsing and key storing is handled by the gpg-protect-tool, we merely have to take care of receiving the certificates. On success RETFP returns a temporary file with certificates. */ static gpg_error_t -parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats) +parse_p12 (ctrl_t ctrl, ksba_reader_t reader, + FILE **retfp, struct stats_s *stats) { const char *pgmname; gpg_error_t err = 0, child_err = 0; @@ -588,6 +589,7 @@ parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats) char buffer[1024]; size_t nread; pid_t pid = -1; + int bad_pass = 0; if (!opt.protect_tool_program || !*opt.protect_tool_program) pgmname = GNUPG_DEFAULT_PROTECT_TOOL; @@ -681,8 +683,13 @@ parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats) else if ( !strcmp (p, "bad-passphrase")) ; } - else - log_info ("%s", buffer); + else + { + log_info ("%s", buffer); + if (!strncmp (buffer, "gpg-protect-tool: " + "possibly bad passphrase given",46)) + bad_pass++; + } } pos = 0; cont_line = (c != '\n'); @@ -698,6 +705,7 @@ parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats) log_info ("%s\n", buffer); } + /* If we found no error in the output of the cild, setup a suitable error code, which will later be reset if the exit status of the child is 0. */ @@ -738,5 +746,17 @@ parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats) } else *retfp = certfp; + + if (bad_pass) + { + /* We only write a plain error code and not direct + BAD_PASSPHRASE because the pkcs12 parser might issue this + message multiple times, BAd_PASSPHRASE in general requires a + keyID and parts of the import might actually succeed so that + IMPORT_PROBLEM is also not appropriate. */ + gpgsm_status_with_err_code (ctrl, STATUS_ERROR, + "import.parsep12", GPG_ERR_BAD_PASSPHRASE); + } + return err; } |