Started to implement the audit log feature.

Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.

8 files changed, 145 insertions, 12 deletions

diff --git a/agent/ChangeLog b/agent/ChangeLog
index e4a7f6863..7a4716c3d 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,28 @@
+2007-11-19  Werner Koch  <wk@g10code.com>
+
+	* call-pinentry.c (agent_askpin): Set the tooltip for the quality
+	bar.
+
+2007-11-15  Werner Koch  <wk@g10code.com>
+
+	* agent.h (struct server_control_s): Add XAUTHORITY and
+	PINENTRY_USER_DATA.
+	* gpg-agent.c: New option --xauthority.
+	(main, agent_init_default_ctrl) 
+	(agent_deinit_default_ctrl): Implemented
+	* command.c (cmd_updatestartuptty): Ditto.
+	* command-ssh.c (start_command_handler_ssh): Ditto.
+	* call-pinentry.c (atfork_cb): Set the environment.
+	(start_pinentry): Pass CTRL as arg to atfork_cb.
+
+2007-11-14  Werner Koch  <wk@g10code.com>
+
+	* call-scd.c (start_scd) [W32]: Take care of fflush peculiarities.
+
+2007-11-07  Werner Koch  <wk@g10code.com>
+
+	* agent.h: Remove errors.h.
+
 2007-10-24  Werner Koch  <wk@g10code.com>
 
 	* genkey.c (check_passphrase_constraints): Changed the wording of
diff --git a/agent/agent.h b/agent/agent.h
index 9648ac40a..beb70111e 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -31,7 +31,6 @@
 
 #include <gcrypt.h>
 #include "../common/util.h"
-#include "../common/errors.h"
 #include "../common/membuf.h"
 #include "../common/sysutils.h" /* (gnupg_fd_t) */
 
@@ -62,6 +61,8 @@ struct
   char *startup_ttytype;
   char *startup_lc_ctype;
   char *startup_lc_messages;
+  char *startup_xauthority;   
+  char *startup_pinentry_user_data; 
 
 
   const char *pinentry_program; /* Filename of the program to start as
@@ -146,6 +147,8 @@ struct server_control_s
   char *ttytype;
   char *lc_ctype;
   char *lc_messages;
+  char *xauthority;   
+  char *pinentry_user_data; 
   struct {
     int algo;
     unsigned char value[MAX_DIGEST_LEN];
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 2afe9f12a..6be9bfbe9 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -1,5 +1,5 @@
 /* call-pinentry.c - fork of the pinentry to query stuff from the user
- * Copyright (C) 2001, 2002, 2004 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2004, 2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -33,6 +33,7 @@
 #include <assuan.h>
 
 #include "agent.h"
+#include "setenv.h"
 #include "i18n.h"
 
 #ifdef _POSIX_OPEN_MAX
@@ -164,8 +165,16 @@ unlock_pinentry (int rc)
 static void
 atfork_cb (void *opaque, int where)
 {
+  ctrl_t ctrl = opaque;
+
   if (!where)
-    gcry_control (GCRYCTL_TERM_SECMEM);
+    {
+      gcry_control (GCRYCTL_TERM_SECMEM);
+      if (ctrl->xauthority)
+        setenv ("XAUTHORITY", ctrl->xauthority, 1);
+      if (ctrl->pinentry_user_data)
+        setenv ("PINENTRY_USER_DATA", ctrl->pinentry_user_data, 1 );
+    }
 }
 
 
@@ -261,9 +270,10 @@ start_pinentry (ctrl_t ctrl)
     }
   no_close_list[i] = -1;
 
-  /* Connect to the pinentry and perform initial handshaking */
+  /* Connect to the pinentry and perform initial handshaking.  Note
+     that atfork is used to change the environment for pinentry. */
   rc = assuan_pipe_connect_ext (&ctx, opt.pinentry_program, argv,
-                                no_close_list, atfork_cb, NULL, 0);
+                                no_close_list, atfork_cb, ctrl, 0);
   if (rc)
     {
       log_error ("can't connect to the PIN entry module: %s\n",
@@ -568,9 +578,47 @@ agent_askpin (ctrl_t ctrl,
      to the pinentry.  */
   if (pininfo->with_qualitybar && opt.min_passphrase_len )
     {
-      rc = assuan_transact (entry_ctx, "SETQUALITYBAR",
+      char *tmpstr;
+      const char *tooltip;
+
+      /* TRANSLATORS: This string is displayed by pinentry as the
+         label for the quality bar.  */
+      tmpstr = try_percent_escape (_("Quality:"), "\t\r\n\f\v");
+      snprintf (line, DIM(line)-1, "SETQUALITYBAR %s", tmpstr? tmpstr:"");
+      line[DIM(line)-1] = 0;
+      xfree (tmpstr);
+      rc = assuan_transact (entry_ctx, line,
                             NULL, NULL, NULL, NULL, NULL, NULL);
-      if (rc)
+      if (rc == 103 /*(Old assuan error code)*/
+          || gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
+        ; /* Ignore Unknown Command from old pinentry versions.  */
+      else if (rc)
+        return unlock_pinentry (rc);
+
+      /* TRANSLATORS: This string is a tooltip, shown by pinentry when
+         hovering over the quality bar.  Please use an appropriate
+         string to describe what this is about.  The length of the
+         tooltip is limited to about 900 characters.  If you do not
+         translate this entry, a default english text (see source)
+         will be used. */
+      tooltip =  _("pinentry.qualitybar.tooltip");
+      if (!strcmp ("pinentry.qualitybar.tooltip", tooltip))
+        tooltip = ("The quality of the text entered above.\n"
+                   "Please ask your administrator for "
+                   "details about the criteria.");
+      /* Fixme: As soon as we have the extended error reporting
+         facility (audit log), we can use a user specified helptext if
+         that has been configured. */
+      tmpstr = try_percent_escape (tooltip, "\t\r\n\f\v");
+      snprintf (line, DIM(line)-1, "SETQUALITYBAR_TT %s", tmpstr? tmpstr:"");
+      line[DIM(line)-1] = 0;
+      xfree (tmpstr);
+      rc = assuan_transact (entry_ctx, line,
+                            NULL, NULL, NULL, NULL, NULL, NULL);
+      if (rc == 103 /*(Old assuan error code)*/
+          || gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
+        ; /* Ignore Unknown Command from old pinentry versions.  */
+      else if (rc)
         return unlock_pinentry (rc);
     }
 
diff --git a/agent/call-scd.c b/agent/call-scd.c
index f0dd3ad27..42f3f8e12 100644
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@@ -294,9 +294,17 @@ start_scd (ctrl_t ctrl)
       
   if (fflush (NULL))
     {
-      err = gpg_error (gpg_err_code_from_errno (errno));
+#ifndef HAVE_W32_SYSTEM
+      err = gpg_error_from_syserror ();
+#endif
       log_error ("error flushing pending output: %s\n", strerror (errno));
+      /* At least Windows XP fails here with EBADF.  According to docs
+         and Wine an fflush(NULL) is the same as _flushall.  However
+         the Wime implementaion does not flush stdin,stdout and stderr
+         - see above.  Lets try to ignore the error. */
+#ifndef HAVE_W32_SYSTEM
       goto leave;
+#endif
     }
 
   if (!opt.scdaemon_program || !*opt.scdaemon_program)
@@ -319,9 +327,11 @@ start_scd (ctrl_t ctrl)
     }
   no_close_list[i] = -1;
 
-  /* Connect to the pinentry and perform initial handshaking */
+  /* Connect to the pinentry and perform initial handshaking.  Use
+     detached flag (128) so that under W32 SCDAEMON does not show up a
+     new window.  */
   rc = assuan_pipe_connect_ext (&ctx, opt.scdaemon_program, argv,
-                                no_close_list, atfork_cb, NULL, 0);
+                                no_close_list, atfork_cb, NULL, 128);
   if (rc)
     {
       log_error ("can't connect to the SCdaemon: %s\n",
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 48bf83238..9e2a57d6f 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2871,6 +2871,10 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
     ctrl->lc_ctype = strdup (opt.startup_lc_ctype);
   if (!ctrl->lc_messages && opt.startup_lc_messages)
     ctrl->lc_messages = strdup (opt.startup_lc_messages);
+  if (!ctrl->xauthority && opt.startup_xauthority)
+    ctrl->xauthority = strdup (opt.startup_xauthority);
+  if (!ctrl->pinentry_user_data && opt.startup_pinentry_user_data)
+    ctrl->pinentry_user_data = strdup (opt.startup_pinentry_user_data);
 
 
   /* Create stream from socket.  */
diff --git a/agent/command.c b/agent/command.c
index 9be814880..c0c21bf79 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1294,6 +1294,7 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line)
   xfree (opt.startup_ttytype); opt.startup_ttytype = NULL;
   xfree (opt.startup_lc_ctype); opt.startup_lc_ctype = NULL;
   xfree (opt.startup_lc_messages); opt.startup_lc_messages = NULL;
+  xfree (opt.startup_xauthority); opt.startup_xauthority = NULL;
 
   if (ctrl->display)
     opt.startup_display = xtrystrdup (ctrl->display);
@@ -1305,6 +1306,10 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line)
     opt.startup_lc_ctype = xtrystrdup (ctrl->lc_ctype);
   if (ctrl->lc_messages)
     opt.startup_lc_messages = xtrystrdup (ctrl->lc_messages);
+  if (ctrl->xauthority)
+    opt.startup_xauthority = xtrystrdup (ctrl->xauthority);
+  if (ctrl->pinentry_user_data)
+    opt.startup_pinentry_user_data = xtrystrdup (ctrl->pinentry_user_data);
 
   return 0;
 }
@@ -1442,6 +1447,22 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
       if (!ctrl->lc_messages)
         return out_of_core ();
     }
+  else if (!strcmp (key, "xauthority"))
+    {
+      if (ctrl->xauthority)
+        free (ctrl->xauthority);
+      ctrl->xauthority = strdup (value);
+      if (!ctrl->xauthority)
+        return out_of_core ();
+    }
+  else if (!strcmp (key, "pinentry-user-data"))
+    {
+      if (ctrl->pinentry_user_data)
+        free (ctrl->pinentry_user_data);
+      ctrl->pinentry_user_data = strdup (value);
+      if (!ctrl->pinentry_user_data)
+        return out_of_core ();
+    }
   else if (!strcmp (key, "use-cache-for-signing"))
     ctrl->server_local->use_cache_for_signing = *value? atoi (value) : 0;
   else
diff --git a/agent/genkey.c b/agent/genkey.c
index 8df555d51..efebbfa7e 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -232,7 +232,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
       check_passphrase_pattern (ctrl, pw))
     {
       const char *desc =
-        /* */     _("Warning: You have entered an insecure passphrase.%0A"
+        /* */     _("Warning: You have entered an insecure passphrase.%%0A"
                     "A passphrase may not be a known term or match%%0A"
                     "certain pattern.");
 
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index ba98b38aa..e4d8f3e13 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -81,6 +81,7 @@ enum cmd_and_opt_values
   oTTYtype,
   oLCctype,
   oLCmessages,
+  oXauthority,
   oScdaemonProgram,
   oDefCacheTTL,
   oDefCacheTTLSSH,
@@ -145,7 +146,8 @@ static ARGPARSE_OPTS opts[] = {
   { oTTYtype,    "ttytype",     2, "@" },
   { oLCctype,    "lc-ctype",    2, "@" },
   { oLCmessages, "lc-messages", 2, "@" },
-  { oKeepTTY, "keep-tty", 0,  N_("ignore requests to change the TTY")},
+  { oXauthority, "xauthority",  2, "@" },
+  { oKeepTTY,    "keep-tty",    0,  N_("ignore requests to change the TTY")},
   { oKeepDISPLAY, "keep-display",
                           0, N_("ignore requests to change the X display")},
 
@@ -217,6 +219,7 @@ static char *default_ttyname;
 static char *default_ttytype;
 static char *default_lc_ctype;
 static char *default_lc_messages;
+static char *default_xauthority;
 
 /* Name of a config file, which will be reread on a HUP if it is not NULL. */
 static char *config_filename;
@@ -559,6 +562,12 @@ main (int argc, char **argv )
   opt.startup_lc_messages = getenv ("LC_MESSAGES");
   if (opt.startup_lc_messages)
     opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
+  opt.startup_xauthority = getenv ("XAUTHORITY");
+  if (opt.startup_xauthority)
+    opt.startup_xauthority = xstrdup (opt.startup_xauthority);
+  opt.startup_pinentry_user_data = getenv ("PINENTRY_USER_DATA");
+  if (opt.startup_pinentry_user_data)
+    opt.startup_pinentry_user_data = xstrdup (opt.startup_pinentry_user_data);
 
   /* Check whether we have a config file on the commandline */
   orig_argc = argc;
@@ -662,6 +671,7 @@ main (int argc, char **argv )
         case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
         case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
         case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
+        case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
           break;
 
         case oUseStandardSocket: standard_socket = 1; break;
@@ -1139,6 +1149,14 @@ agent_init_default_ctrl (ctrl_t ctrl)
   if (ctrl->lc_messages)
     free (ctrl->lc_messages);
   ctrl->lc_messages = default_lc_messages? strdup (default_lc_messages) : NULL;
+
+  if (ctrl->xauthority)
+    free (ctrl->xauthority);
+  ctrl->xauthority = default_xauthority? strdup (default_xauthority) : NULL;
+
+  if (ctrl->pinentry_user_data)
+    free (ctrl->pinentry_user_data);
+  ctrl->pinentry_user_data = NULL;
 }
 
 
@@ -1155,6 +1173,10 @@ agent_deinit_default_ctrl (ctrl_t ctrl)
     free (ctrl->lc_ctype);
   if (ctrl->lc_messages)
     free (ctrl->lc_messages);
+  if (ctrl->xauthority)
+    free (ctrl->xauthority);
+  if (ctrl->pinentry_user_data)
+    free (ctrl->pinentry_user_data);
 }
 
 /* Reread parts of the configuration.  Note, that this function is