* minip12.c (parse_bag_encrypted_data): Print error if a bad

passphrase has been given. * gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the expected pinentry filename. * import.c (parse_p12): Write an error status line for bad passphrases. Add new arg CTRL and changed caller. * export.c (export_p12): Likewise.
author: Werner Koch <wk@gnupg.org> 2004-09-29 15:50:31 +0200
committer: Werner Koch <wk@gnupg.org> 2004-09-29 15:50:31 +0200
commit: 530a0a91c4f5dc935278f64be26090f51acc9586 (patch)
tree: 144e3ce60590e21529cfe33af20c25f6eb1581bf /sm
parent: Changed license of the manual stuff to GPL. (diff)
download: gnupg2-530a0a91c4f5dc935278f64be26090f51acc9586.tar.xz
gnupg2-530a0a91c4f5dc935278f64be26090f51acc9586.zip
3 files changed, 61 insertions, 10 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog
index d68759151..2391deb18 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,9 @@
+2004-09-29  Werner Koch  <wk@g10code.com>
+
+	* import.c (parse_p12): Write an error status line for bad
+	passphrases. Add new arg CTRL and changed caller.
+	* export.c (export_p12): Likewise.
+
 2004-09-14  Werner Koch  <wk@g10code.com>
 
 	* certchain.c (gpgsm_validate_chain): Give expired certificates a
diff --git a/sm/export.c b/sm/export.c
index 3f7457502..15ad87b04 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -65,7 +65,8 @@ typedef struct duptable_s *duptable_t;
 
 
 static void print_short_info (ksba_cert_t cert, FILE *fp);
-static gpg_error_t export_p12 (const unsigned char *certimg, size_t certimglen,
+static gpg_error_t export_p12 (ctrl_t ctrl,
+                               const unsigned char *certimg, size_t certimglen,
                                const char *prompt, const char *keygrip,
                                FILE **retfp);
 
@@ -423,7 +424,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp)
 
 
   prompt = gpgsm_format_keydesc (cert);
-  rc = export_p12 (image, imagelen, prompt, keygrip, &datafp);
+  rc = export_p12 (ctrl, image, imagelen, prompt, keygrip, &datafp);
   xfree (prompt);
   if (rc)
     goto leave;
@@ -587,6 +588,7 @@ popen_protect_tool (const char *pgmname,
               "--homedir", opt.homedir,
               "--p12-export",
               "--prompt", prompt?prompt:"", 
+              "--enable-status-msg",
               "--",
               keygrip,
               NULL);
@@ -610,7 +612,7 @@ popen_protect_tool (const char *pgmname,
 
 
 static gpg_error_t
-export_p12 (const unsigned char *certimg, size_t certimglen,
+export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
             const char *prompt, const char *keygrip,
             FILE **retfp)
 {
@@ -621,6 +623,7 @@ export_p12 (const unsigned char *certimg, size_t certimglen,
   FILE *infp = NULL, *outfp = NULL, *fp = NULL;
   char buffer[1024];
   pid_t pid = -1;
+  int bad_pass = 0;
 
   if (!opt.protect_tool_program || !*opt.protect_tool_program)
     pgmname = GNUPG_DEFAULT_PROTECT_TOOL;
@@ -675,7 +678,21 @@ export_p12 (const unsigned char *certimg, size_t certimglen,
           if (cont_line)
             log_printf ("%s", buffer);
           else
-            log_info ("%s", buffer);
+            {
+              if (!strncmp (buffer, "gpg-protect-tool: [PROTECT-TOOL:] ",34))
+                {
+                  char *p, *pend;
+
+                  p = buffer + 34;
+                  pend = strchr (p, ' ');
+                  if (pend)
+                    *pend = 0;
+                  if ( !strcmp (p, "bad-passphrase"))
+                    bad_pass++;
+                }
+              else 
+                log_info ("%s", buffer);
+            }
           pos = 0;
           cont_line = (c != '\n');
         }
@@ -731,6 +748,14 @@ export_p12 (const unsigned char *certimg, size_t certimglen,
     }
   else
     *retfp = outfp;
+  if (bad_pass)
+    {
+      /* During export this is the passphrase used to unprotect the
+         key and not the pkcs#12 thing as in export.  Therefore we can
+         issue the regular passphrase status.  FIXME: replace the all
+         zero keyid by a regular one. */
+      gpgsm_status (ctrl, STATUS_BAD_PASSPHRASE, "0000000000000000");
+    }
   return err;
 }
 
diff --git a/sm/import.c b/sm/import.c
index 836ac0877..938bc17d0 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -55,7 +55,7 @@ struct stats_s {
  };
 
 
-static gpg_error_t parse_p12 (ksba_reader_t reader, FILE **retfp,
+static gpg_error_t parse_p12 (ctrl_t ctrl, ksba_reader_t reader, FILE **retfp,
                               struct stats_s *stats);
 
 
@@ -341,7 +341,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
           Base64Context b64p12rdr;
           ksba_reader_t p12rdr;
           
-          rc = parse_p12 (reader, &certfp, stats);
+          rc = parse_p12 (ctrl, reader, &certfp, stats);
           if (!rc)
             {
               any = 1;
@@ -572,13 +572,14 @@ popen_protect_tool (const char *pgmname,
 
 
 /* Assume that the reader is at a pkcs#12 message and try to import
-   certificates from that stupid format. We will alos store secret
+   certificates from that stupid format.  We will also store secret
    keys.  All of the pkcs#12 parsing and key storing is handled by the
    gpg-protect-tool, we merely have to take care of receiving the
    certificates. On success RETFP returns a temporary file with
    certificates. */
 static gpg_error_t
-parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats)
+parse_p12 (ctrl_t ctrl, ksba_reader_t reader,
+           FILE **retfp, struct stats_s *stats)
 {
   const char *pgmname;
   gpg_error_t err = 0, child_err = 0;
@@ -588,6 +589,7 @@ parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats)
   char buffer[1024];
   size_t nread;
   pid_t pid = -1;
+  int bad_pass = 0;
 
   if (!opt.protect_tool_program || !*opt.protect_tool_program)
     pgmname = GNUPG_DEFAULT_PROTECT_TOOL;
@@ -681,8 +683,13 @@ parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats)
                   else if ( !strcmp (p, "bad-passphrase"))
                     ;
                 }
-              else
-                log_info ("%s", buffer);
+              else 
+                {
+                  log_info ("%s", buffer);
+                  if (!strncmp (buffer, "gpg-protect-tool: "
+                                "possibly bad passphrase given",46))
+                    bad_pass++;
+                }
             }
           pos = 0;
           cont_line = (c != '\n');
@@ -698,6 +705,7 @@ parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats)
         log_info ("%s\n", buffer);
     }
 
+
   /* If we found no error in the output of the cild, setup a suitable
      error code, which will later be reset if the exit status of the
      child is 0. */
@@ -738,5 +746,17 @@ parse_p12 (ksba_reader_t reader, FILE **retfp, struct stats_s *stats)
     }
   else
     *retfp = certfp;
+
+  if (bad_pass)
+    {
+      /* We only write a plain error code and not direct
+         BAD_PASSPHRASE because the pkcs12 parser might issue this
+         message multiple times, BAd_PASSPHRASE in general requires a
+         keyID and parts of the import might actually succeed so that
+         IMPORT_PROBLEM is also not appropriate. */
+      gpgsm_status_with_err_code (ctrl, STATUS_ERROR,
+                                  "import.parsep12", GPG_ERR_BAD_PASSPHRASE);
+    }
+  
   return err;
 }
author	Werner Koch <wk@gnupg.org>	2004-09-29 15:50:31 +0200
committer	Werner Koch <wk@gnupg.org>	2004-09-29 15:50:31 +0200
commit	530a0a91c4f5dc935278f64be26090f51acc9586 (patch)
tree	144e3ce60590e21529cfe33af20c25f6eb1581bf /sm
parent	Changed license of the manual stuff to GPL. (diff)
download	gnupg2-530a0a91c4f5dc935278f64be26090f51acc9586.tar.xz gnupg2-530a0a91c4f5dc935278f64be26090f51acc9586.zip