summaryrefslogtreecommitdiffstats
path: root/agent/protect-tool.c
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2004-08-18 18:21:13 +0200
committerWerner Koch <wk@gnupg.org>2004-08-18 18:21:13 +0200
commit6c3677c2967b77f068a3cadc742013e90338c8ad (patch)
tree934b9b2e83f0770e951495fcff179cb8e00d6100 /agent/protect-tool.c
parent* certlist.c (gpgsm_cert_use_ocsp_p): New. (diff)
downloadgnupg2-6c3677c2967b77f068a3cadc742013e90338c8ad.tar.xz
gnupg2-6c3677c2967b77f068a3cadc742013e90338c8ad.zip
(get_passphrase): Make sure that the default
prompts passed to gpg-agent are utf-8 encoded. Add new prompt values. (import_p12_file, import_p12_file, export_p12_file): Changed calls to get_passphrase so that better prompts are displayed. (get_new_passphrase): New.
Diffstat (limited to '')
-rw-r--r--agent/protect-tool.c71
1 files changed, 67 insertions, 4 deletions
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index d4c2accfc..7cfb760b8 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -90,6 +90,7 @@ static char *opt_prompt;
static int opt_status_msg;
static char *get_passphrase (int promptno);
+static char *get_new_passphrase (int promptno);
static void release_passphrase (char *pw);
static int store_private_key (const unsigned char *grip,
const void *buffer, size_t length, int force);
@@ -663,7 +664,7 @@ import_p12_file (const char *fname)
if (!buf)
return;
- kparms = p12_parse (buf, buflen, (pw=get_passphrase (0)),
+ kparms = p12_parse (buf, buflen, (pw=get_passphrase (2)),
import_p12_cert_cb, NULL);
release_passphrase (pw);
xfree (buf);
@@ -739,7 +740,7 @@ import_p12_file (const char *fname)
gcry_sexp_release (s_key);
- rc = agent_protect (key, (pw=get_passphrase (0)), &result, &resultlen);
+ rc = agent_protect (key, (pw=get_new_passphrase (4)), &result, &resultlen);
release_passphrase (pw);
xfree (key);
if (rc)
@@ -963,7 +964,8 @@ export_p12_file (const char *fname)
kparms[7] = sk.u;
kparms[8] = NULL;
- key = p12_build (kparms, cert, certlen, (pw=get_passphrase (0)), &keylen);
+ key = p12_build (kparms, cert, certlen,
+ (pw=get_new_passphrase (3)), &keylen);
release_passphrase (pw);
xfree (cert);
for (i=0; i < 8; i++)
@@ -1137,6 +1139,11 @@ agent_exit (int rc)
set from the command line PROMPTNO select the prompt to display:
0 = default
1 = taken from the option --prompt
+ 2 = for unprotecting a pkcs#12 object
+ 3 = for protecting a new pkcs#12 object
+ 4 = for protecting an imported pkcs#12 in our system
+ 5 = reenter the passphrase
+ When adding 100 to the values, a "does not match - try again" errro message is shown.
*/
static char *
get_passphrase (int promptno)
@@ -1145,10 +1152,15 @@ get_passphrase (int promptno)
int err;
const char *desc;
char *orig_codeset = NULL;
+ int error_msgno;
+
if (opt_passphrase)
return xstrdup (opt_passphrase);
+ error_msgno = promptno / 100;
+ promptno %= 100;
+
#ifdef ENABLE_NLS
/* The Assuan agent protocol requires us to transmit utf-8 strings */
orig_codeset = bind_textdomain_codeset (PACKAGE_GT, NULL);
@@ -1169,11 +1181,24 @@ get_passphrase (int promptno)
if (promptno == 1 && opt_prompt)
desc = opt_prompt;
+ else if (promptno == 2)
+ desc = _("Please enter the passphrase to unprotect the "
+ "PKCS#12 object.");
+ else if (promptno == 3)
+ desc = _("Please enter the passphrase to protect the "
+ "new PKCS#12 object.");
+ else if (promptno == 4)
+ desc = _("Please enter the passphrase to protect the "
+ "imported object within the GnuPG system.");
+ else if (promptno == 5)
+ desc = _("Please re-enter this passphrase");
else
desc = _("Please enter the passphrase or the PIN\n"
"needed to complete this operation.");
- pw = simple_pwquery (NULL,NULL, _("Passphrase:"), desc, &err);
+ pw = simple_pwquery (NULL,
+ error_msgno == 1? _("does not match - try again"):NULL,
+ _("Passphrase:"), desc, &err);
#ifdef ENABLE_NLS
if (orig_codeset)
@@ -1195,6 +1220,44 @@ get_passphrase (int promptno)
return pw;
}
+
+/* Same as get_passphrase but requests it a second time and compares
+ it to the one entered the first time. */
+static char *
+get_new_passphrase (int promptno)
+{
+ char *pw;
+ int i, secondpromptno;
+
+ pw = get_passphrase (promptno);
+ if (!pw)
+ return NULL; /* Canceled. */
+ if (!*pw)
+ return pw; /* Empty passphrase - no need to as for repeating it. */
+
+ secondpromptno = 5;
+ for (i=0; i < 3; i++)
+ {
+ char *pw2 = get_passphrase (secondpromptno);
+ if (!pw2)
+ {
+ xfree (pw);
+ return NULL; /* Canceled. */
+ }
+ if (!strcmp (pw, pw2))
+ {
+ xfree (pw2);
+ return pw; /* Okay. */
+ }
+ secondpromptno = 105;
+ xfree (pw2);
+ }
+ xfree (pw);
+ return NULL; /* 3 times repeated wrong - cancel. */
+}
+
+
+
static void
release_passphrase (char *pw)
{