aboutsummaryrefslogtreecommitdiffstats
path: root/camel/camel-gpg-context.c
diff options
context:
space:
mode:
Diffstat (limited to 'camel/camel-gpg-context.c')
-rw-r--r--camel/camel-gpg-context.c169
1 files changed, 69 insertions, 100 deletions
diff --git a/camel/camel-gpg-context.c b/camel/camel-gpg-context.c
index 985f51ecf8..fe4637c5e5 100644
--- a/camel/camel-gpg-context.c
+++ b/camel/camel-gpg-context.c
@@ -43,6 +43,8 @@
#include "camel-stream-fs.h"
#include "camel-operation.h"
+#define d(x) x
+
static void camel_gpg_context_class_init (CamelGpgContextClass *klass);
static void camel_gpg_context_init (CamelGpgContext *obj);
static void camel_gpg_context_finalise (CamelObject *obj);
@@ -230,7 +232,9 @@ struct _GpgCtx {
unsigned int need_passwd:1;
unsigned int send_passwd:1;
- unsigned int padding:26;
+ unsigned int bad_passwds:2;
+
+ unsigned int padding:24;
};
static struct _GpgCtx *
@@ -265,6 +269,7 @@ gpg_ctx_new (CamelSession *session, const char *path)
gpg->statusptr = gpg->statusbuf;
gpg->statusleft = 128;
+ gpg->bad_passwds = 0;
gpg->need_passwd = FALSE;
gpg->send_passwd = FALSE;
gpg->passwd = NULL;
@@ -441,21 +446,26 @@ gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, char **sfd, int passwd_fd,
g_ptr_array_add (argv, "--verbose");
g_ptr_array_add (argv, "--no-secmem-warning");
g_ptr_array_add (argv, "--no-greeting");
- g_ptr_array_add (argv, "--batch");
- g_ptr_array_add (argv, "--yes");
+ g_ptr_array_add (argv, "--no-tty");
+ if (passwd_fd == -1) {
+ /* only use batch mode if we don't intend on using the
+ interactive --command-fd option */
+ g_ptr_array_add (argv, "--batch");
+ g_ptr_array_add (argv, "--yes");
+ }
*sfd = buf = g_strdup_printf ("--status-fd=%d", status_fd);
g_ptr_array_add (argv, buf);
if (passwd_fd != -1) {
- *pfd = buf = g_strdup_printf ("--passphrase-fd=%d", passwd_fd);
+ *pfd = buf = g_strdup_printf ("--command-fd=%d", passwd_fd);
g_ptr_array_add (argv, buf);
}
switch (gpg->mode) {
case GPG_CTX_MODE_SIGN:
g_ptr_array_add (argv, "--sign");
- g_ptr_array_add (argv, "-b");
+ g_ptr_array_add (argv, "--detach");
if (gpg->armor)
g_ptr_array_add (argv, "--armor");
hash_str = gpg_hash_str (gpg->hash);
@@ -473,7 +483,6 @@ gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, char **sfd, int passwd_fd,
case GPG_CTX_MODE_VERIFY:
if (!camel_session_is_online (gpg->session))
g_ptr_array_add (argv, "--no-auto-key-retrieve");
- g_ptr_array_add (argv, "--no-tty");
g_ptr_array_add (argv, "--verify");
if (gpg->sigfile)
g_ptr_array_add (argv, gpg->sigfile);
@@ -505,11 +514,6 @@ gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, char **sfd, int passwd_fd,
break;
}
- printf ("gpg command-line: ");
- for (i = 0; i < argv->len; i++)
- printf ("%s ", argv->pdata[i]);
- printf ("\n");
-
g_ptr_array_add (argv, NULL);
return argv;
@@ -651,11 +655,14 @@ gpg_ctx_parse_status (struct _GpgCtx *gpg, CamelException *ex)
*inptr++ = '\0';
status = gpg->statusbuf;
- printf ("status: %s\n", status);
- fflush (stdout);
+ d(printf ("status: %s\n", status));
- if (strncmp (status, "[GNUPG:] ", 9) != 0)
+ if (strncmp (status, "[GNUPG:] ", 9) != 0) {
+ camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
+ _("Unexpected GnuPG status message encountered:\n\n%s"),
+ status);
return -1;
+ }
status += 9;
@@ -681,7 +688,7 @@ gpg_ctx_parse_status (struct _GpgCtx *gpg, CamelException *ex)
g_hash_table_insert (gpg->userid_hint, hint, user);
} else if (!strncmp (status, "NEED_PASSPHRASE ", 16)) {
- char *prompt, *userid;
+ char *prompt, *userid, *passwd;
const char *name;
status += 16;
@@ -700,25 +707,35 @@ gpg_ctx_parse_status (struct _GpgCtx *gpg, CamelException *ex)
prompt = g_strdup_printf (_("You need a passphrase to unlock the key for\n"
"user: \"%s\""), name);
- gpg->passwd = camel_session_get_password (gpg->session, prompt, TRUE, NULL, userid, ex);
+ passwd = camel_session_get_password (gpg->session, prompt, TRUE, NULL, userid, ex);
g_free (prompt);
g_free (userid);
- if (gpg->passwd == NULL) {
+ if (passwd == NULL) {
if (!camel_exception_is_set (ex))
camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL, _("Cancelled."));
return -1;
}
+ gpg->passwd = g_strdup_printf ("%s\n", passwd);
+ memset (passwd, 0, strlen (passwd));
+ g_free (passwd);
+
gpg->send_passwd = TRUE;
} else if (!strncmp (status, "GOOD_PASSPHRASE ", 16)) {
- g_free (gpg->passwd);
- gpg->passwd = NULL;
+ gpg->bad_passwds = 0;
} else if (!strncmp (status, "BAD_PASSPHRASE ", 15)) {
- g_free (gpg->passwd);
- gpg->passwd = NULL;
+ gpg->bad_passwds++;
+ if (gpg->bad_passwds == 3) {
+ camel_exception_set (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE,
+ _("Failed to unlock secret key: 3 bad passphrases given."));
+ return -1;
+ }
} else if (!strncmp (status, "UNEXPECTED ", 11)) {
/* this is an error */
+ camel_exception_setv (ex, CAMEL_EXCEPTION_SYSTEM,
+ _("Unexpected response from GnuPG: %s"),
+ status + 11);
return -1;
} else {
/* check to see if we are complete */
@@ -746,7 +763,7 @@ gpg_ctx_parse_status (struct _GpgCtx *gpg, CamelException *ex)
}
if (gpg->complete)
- printf ("okay, that's all folks...\n");
+ d(printf ("okay, that's all folks...\n"));
}
recycle:
@@ -828,7 +845,7 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, CamelException *ex)
if (errno == EINTR)
goto retry;
- printf ("select() failed: %s\n", g_strerror (errno));
+ d(printf ("select() failed: %s\n", g_strerror (errno)));
return -1;
}
@@ -844,8 +861,7 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, CamelException *ex)
char buffer[4096];
ssize_t nread;
- printf ("reading from gpg's status-fd...\n");
- fflush (stdout);
+ d(printf ("reading from gpg's status-fd...\n"));
nread = read (gpg->status_fd, buffer, sizeof (buffer));
if (nread == -1)
@@ -864,7 +880,7 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, CamelException *ex)
char buffer[4096];
ssize_t nread;
- printf ("reading gpg's stdout...\n");
+ d(printf ("reading gpg's stdout...\n"));
nread = read (gpg->stdout, buffer, sizeof (buffer));
if (nread == -1)
@@ -883,7 +899,7 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, CamelException *ex)
char buffer[4096];
ssize_t nread;
- printf ("reading gpg's stderr...\n");
+ d(printf ("reading gpg's stderr...\n"));
nread = read (gpg->stderr, buffer, sizeof (buffer));
if (nread == -1)
@@ -892,75 +908,39 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, CamelException *ex)
g_byte_array_append (gpg->diagnostics, buffer, nread);
}
- if (wrsetp && gpg->passwd_fd != -1 && FD_ISSET (gpg->passwd_fd, &wrset) && gpg->need_passwd) {
- if (gpg->send_passwd) {
- ssize_t w, nwritten = 0;
- size_t n;
-
- printf ("sending gpg our passphrase...\n");
-
- if (!gpg->passwd) {
- const char *name, *userid;
- char *prompt;
-
- userid = gpg->userid;
- if (userid) {
- name = g_hash_table_lookup (gpg->userid_hint, gpg->userid);
- if (name == NULL)
- name = gpg->userid;
-
- prompt = g_strdup_printf (_("You need a passphrase to unlock the key for\n"
- "user: \"%s\""), name);
- } else {
- name = "GnuPG";
- userid = "passphrase";
-
- prompt = g_strdup (_("You need a passphrase to unlock your GnuPG key"));
- }
-
- gpg->passwd = camel_session_get_password (gpg->session, prompt, TRUE, NULL,
- userid, ex);
- g_free (prompt);
-
- if (gpg->passwd == NULL) {
- camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL, _("Cancelled"));
- return -1;
- }
- }
-
- /* send the passphrase to gpg */
- n = strlen (gpg->passwd);
+ if (wrsetp && gpg->passwd_fd != -1 && FD_ISSET (gpg->passwd_fd, &wrset) && gpg->need_passwd && gpg->send_passwd) {
+ ssize_t w, nwritten = 0;
+ size_t n;
+
+ d(printf ("sending gpg our passphrase...\n"));
+
+ /* send the passphrase to gpg */
+ n = strlen (gpg->passwd);
+ do {
do {
- do {
- w = write (gpg->passwd_fd, gpg->passwd + nwritten, n - nwritten);
- } while (w == -1 && (errno == EINTR || errno == EAGAIN));
-
- if (w > 0)
- nwritten += w;
- } while (nwritten < n && w != -1);
-
- if (w == -1)
- goto exception;
-
- g_free (gpg->passwd);
- gpg->passwd = NULL;
- gpg->send_passwd = FALSE;
+ w = write (gpg->passwd_fd, gpg->passwd + nwritten, n - nwritten);
+ } while (w == -1 && (errno == EINTR || errno == EAGAIN));
- close (gpg->passwd_fd);
- gpg->passwd_fd = -1;
- } else {
- printf ("gpg seems to be expecting a passphrase from us...\n");
- printf ("yet we have not received a NEED_PASSPHRASE status message yet?\n");
- fflush (stdout);
- }
+ if (w > 0)
+ nwritten += w;
+ } while (nwritten < n && w != -1);
+
+ /* zero and free our passwd buffer */
+ memset (gpg->passwd, 0, n);
+ g_free (gpg->passwd);
+ gpg->passwd = NULL;
+
+ if (w == -1)
+ goto exception;
+
+ gpg->send_passwd = FALSE;
}
if (wrsetp && gpg->stdin != -1 && FD_ISSET (gpg->stdin, &wrset)) {
char buffer[4096];
ssize_t nread;
- printf ("writing to gpg's stdin...");
- fflush (stdout);
+ d(printf ("writing to gpg's stdin..."));
/* write our stream to gpg's stdin */
nread = camel_stream_read (gpg->istream, buffer, sizeof (buffer));
@@ -969,7 +949,6 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, CamelException *ex)
do {
do {
- printf (".");
w = write (gpg->stdin, buffer + nwritten, nread - nwritten);
} while (w == -1 && (errno == EINTR || errno == EAGAIN));
@@ -977,19 +956,14 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, CamelException *ex)
nwritten += w;
} while (nwritten < nread && w != -1);
- if (w == -1) {
- printf ("write failed: %s\n", g_strerror (errno));
+ if (w == -1)
goto exception;
- }
}
if (camel_stream_eos (gpg->istream)) {
- printf ("closing stdin...");
close (gpg->stdin);
gpg->stdin = -1;
}
-
- printf ("done.\n");
}
return 0;
@@ -1223,7 +1197,6 @@ gpg_verify (CamelCipherContext *context, CamelCipherHash hash,
if (gpg_ctx_op_start (gpg) == -1) {
camel_exception_set (ex, CAMEL_EXCEPTION_SYSTEM,
_("Failed to execute gpg."));
- printf ("gpg_ctx_op_start() failed\n");
gpg_ctx_free (gpg);
goto exception;
}
@@ -1232,16 +1205,12 @@ gpg_verify (CamelCipherContext *context, CamelCipherHash hash,
if (camel_operation_cancel_check (NULL)) {
camel_exception_set (ex, CAMEL_EXCEPTION_USER_CANCEL,
_("Cancelled."));
- printf ("user cancelled gpg operation\n");
gpg_ctx_op_cancel (gpg);
goto exception;
}
if (gpg_ctx_op_step (gpg, ex) == -1) {
- diagnostics = gpg_ctx_get_diagnostics (gpg);
- printf ("gpg_ctx_op_step() failed: \n%s\n\n", diagnostics);
gpg_ctx_op_cancel (gpg);
- g_free (diagnostics);
goto exception;
}
}