pinentry.git
6 weeks agoqt: Try again to fix Windows Window Management master
Andre Heinecke [Mon, 5 Mar 2018 11:16:44 +0000 (12:16 +0100)]
qt: Try again to fix Windows Window Management

* qt/pinentrydialog.cpp (raiseWindow): Activate Window and
disable windows hacks.
(PinEntryDialog::PinEntryDialog): Delay setFocus after the
event loop returns.

--
This fixes getting the input focus on Windows without the
Buggy AttachThreadInput hacks.

7 weeks agoqt: Renable Windows Foreground Window hacks
Andre Heinecke [Thu, 1 Mar 2018 15:12:28 +0000 (16:12 +0100)]
qt: Renable Windows Foreground Window hacks

* qt/main.cpp, qt/pinentryconfirm.cpp: Use raiseWindow again.
* qt/pinentrydialog.cpp: Renable Foreground Window hacks.

--
Enabled this again because the focus did
not change to the pinentry window without the attach
thread input stuff. The setup_foreground_window helps though,
so that stays. Either Qt Windows foreign Window Management
is a mess and does not really work or I don't understand it.

7 weeks agoqt: Clean up foreground window code
Andre Heinecke [Wed, 28 Feb 2018 11:05:02 +0000 (12:05 +0100)]
qt: Clean up foreground window code

* qt/main.cpp (ForeignWidget): Remove. This did nothing
with Qt 5.
(setup_foreground_window): New helper to set parent and
window flags.
(qt_cmd_handler): Use setup_foreground_window.
* qt/pinentrydialog.cpp: Disable Windows API hacks.

--
This should hopefully work a bit cleaner then the old code.
Setting us as transient to the Desktop is the same what
Gtk 2 does.

2 months agotqt: use UTF-8 instead of ISO-8859-1
Daniel Kahn Gillmor [Tue, 6 Feb 2018 01:43:32 +0000 (20:43 -0500)]
tqt: use UTF-8 instead of ISO-8859-1

4 months agoPost release updates
Werner Koch [Sun, 3 Dec 2017 17:56:30 +0000 (18:56 +0100)]
Post release updates

--

4 months agoRelease 1.1.0 pinentry-1.1.0
Werner Koch [Sun, 3 Dec 2017 16:51:29 +0000 (17:51 +0100)]
Release 1.1.0

4 months agotqt: Add SPDX lines and clarify license in AUTHOR.
Werner Koch [Sun, 3 Dec 2017 16:41:55 +0000 (17:41 +0100)]
tqt: Add SPDX lines and clarify license in AUTHOR.

--

4 months agotqt: Add a TQt-based pinentry.
Damien Goutte-Gattat [Tue, 21 Nov 2017 22:46:12 +0000 (22:46 +0000)]
tqt: Add a TQt-based pinentry.

* NEWS: Update.
* Makefile.am: Add new tqt subdirectory.
* configure.ac: Add --enable-pinentry-tqt option.
* tqt/Makefile.am: New file.
* tqt/main.cpp: New file.
* tqt/pinentrydialog.cpp: New file.
* tqt/pinentrydialog.h: New file.
* tqt/secqinternal.cpp: New file.
* tqt/secqinternal_p.h: New file.
* tqt/secqlineedit.cpp: New file.
* tqt/secqlineedit.h: New file.
* tqt/secqstring.cpp: New file.
* tqt/secqstring.h: New file.
--

This is a port of the old Qt3 code to TQt3, part of the
Trinity Desktop (TDE) project.

Co-authored-by: "deloptes" <deloptes@gmail.com>
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
4 months agow32: Allow building for Windows again.
Werner Koch [Tue, 21 Nov 2017 15:42:47 +0000 (16:42 +0100)]
w32: Allow building for Windows again.

* pinentry/pinentry.c [W32]: Do not include utsname.h
(WITH_UTF8_CONVERSION): New macro.
(lc_ctype_unknown_warning): Move that var to the top and define only
if needed.
(pinentry_utf8_to_local, pinentry_local_to_utf8): Simplyfy by using
the new macro.
(get_cmdline) [W32]: Do not build.
(get_pid_name_for_uid) [W32]: Do not build.
(pinentry_get_title) [W32]: Do not use the new utsname code.
(option_handler) <debug-wait>: Ignore for any Windows version.
--

Also remove a couple of warnings.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoAdd SPDX-License-Identifier to most files
Werner Koch [Mon, 20 Nov 2017 09:45:50 +0000 (10:45 +0100)]
Add SPDX-License-Identifier to most files

5 months agoAdd copyright info for AUTHORS
Werner Koch [Mon, 20 Nov 2017 09:45:17 +0000 (10:45 +0100)]
Add copyright info for AUTHORS

5 months agofltk: Fix compilation and distcheck errors.
Damien Goutte-Gattat [Sun, 29 Oct 2017 11:11:55 +0000 (11:11 +0000)]
fltk: Fix compilation and distcheck errors.

* fltk/Makefile.am (AM_CXXFLAGS): Add -std=c++11 flag.
(pinentry_fltk_SOURCES): Add header files.
(EXTRA_DIST): Add icon files.
* .gitignore: Ignore autoconf-generated files in fltk/.
--

The FLTK pinentry requires C++11 due to the use of std::unique_ptr.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
6 months agocore: Expect (and verify) a uid on "owner" option.
Daniel Kahn Gillmor [Sun, 5 Feb 2017 05:44:12 +0000 (00:44 -0500)]
core: Expect (and verify) a uid on "owner" option.

* pinentry/pinentry.h (struct pinentry): Add field 'owner_uid'.
* pinentry/pinentry.c (pinentry_reset): Handle this new field.
(get_pid_name_for_uid): New. Atomic check for the base process name
contingent on process ownership.
(pinentry_get_title): Only scan for full commandline if the process
actually belongs to the claimed uid.
(option_handler): Option "owner" now expects "pid/uid hostname".

--

This requires an update to gpg's use of the "owner" option to emit the
uid (which will follow shortly).  It is not as atomic as it should be.
In particular, there's a race condition between reading from
/proc/PID/status and reading from /proc/PID/cmdline, but it's a much
smaller race than there was previously.

Werner suggested using a / between pid/uid instead of whitespace.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agocore: Only scan for the command line if probably on the same host.
Daniel Kahn Gillmor [Sun, 5 Feb 2017 05:20:47 +0000 (00:20 -0500)]
core: Only scan for the command line if probably on the same host.

* pinentry/pinentry.c (pinentry_get_title): Check the current hostname
and make sure it matches.  If it does not, do not bother looking for
the command line.

--

If we don't do this, and the agent is forwarded from somewhere else,
pinentry will be looking up arbitrary process command lines.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agocore: Clean up command line extraction.
Daniel Kahn Gillmor [Sun, 5 Feb 2017 04:11:51 +0000 (23:11 -0500)]
core: Clean up command line extraction.

* pinentry/pinentry.c (get_cmdline): Avoid trailing space, and return
NULL when no bytes were read from /proc.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agotty: correct comments
Daniel Kahn Gillmor [Mon, 20 Apr 2015 07:21:06 +0000 (04:21 -0300)]
tty: correct comments

* tty/Makefile.am, tty/pinentry-tty.c: comments were copy/pasted from
  pinentry-curses; correcting them.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
7 months agogtk: Really always set the window as transient.
Damien Goutte-Gattat [Wed, 23 Aug 2017 19:46:22 +0000 (21:46 +0200)]
gtk: Really always set the window as transient.

* gtk+-2/pinentry-gtk-2.c (make_transient): Set the window as
transient even if we do not grab the keyboard.
--

In the previous commit attempting to fix issue 3253, the window
was set as transient only in grabbing mode. The window should
actually always be set as transient, independently of whether
we grab the keyboard or not. This is especially important now
that --no-grab is the default behavior of GnuPG Agent.

GnuPG-bug-id: 3253
Fixes-commit: f69dadc6ccea7672869436291ab5c1f58d545466
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
7 months agocore: Supress compiler warnings.
Marcus Brinkmann [Wed, 23 Aug 2017 13:46:17 +0000 (15:46 +0200)]
core: Supress compiler warnings.

* pinentry/password-cache.c (password_cache_save, password_cache_lookup,
password_cache_clear) [!HAVE_LIBSECRET]: Suppress unused parameter
warnings.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
8 months agogtk: Disable tooltips in keyboard-grabbing mode.
Damien Goutte-Gattat [Thu, 3 Aug 2017 20:56:49 +0000 (22:56 +0200)]
gtk: Disable tooltips in keyboard-grabbing mode.

* gtk+-2:/pinentry-gtk-2.c (show_hide_button): Do not show the
tooltip if we attempt to grab the keyboard.
(create_window): Likewise.
--

For unclear reasons, those tooltips may interfere with grabbing
under some tiling window managers.

GnuPG-bug-id: 3297
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
9 months agodoc: Make Emacs frontend description more accurate
Daiki Ueno [Wed, 12 Jul 2017 19:28:58 +0000 (21:28 +0200)]
doc: Make Emacs frontend description more accurate

* doc/pinentry.texi (Front ends): Remove false assertions on
insecurity of Emacs, and mention allow-emacs-pinentry option of
gpg-agent.

Proofread-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2034

9 months agocore: Disable "save passphrase" checkbox without secret service.
Marcus Brinkmann [Wed, 12 Jul 2017 16:46:36 +0000 (18:46 +0200)]
core: Disable "save passphrase" checkbox without secret service.

* pinentry/password-cache.c (password_cache_lookup): New argument
FATAL_ERROR.  Set it on fatal error.
* pinentry/password-cache.h (password_cache_lookup): New argument
FATAL_ERROR in declaration.
* pinentry/pinentry.c (cmd_getpin): On fatal error, disallow
external password store.
* NEWS: Update.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2023

9 months agoUse pkg-config consistently.
Alon Bar-Lev [Tue, 11 Jul 2017 18:54:42 +0000 (20:54 +0200)]
Use pkg-config consistently.

* configure.ac: Invoke PKG_PROG_PKG_CONFIG. Consistently use
PKG_CHECK_MODULES for GTK+2.0, Gnome 3 and libsecret.
* gnome3/Makefile.am (AM_CPPFLAGS, LDADD): Adjust Gnome 3 flags.
* gtk+-2/Makefile.am (AM_CPPFLAGS, LDADD): Adjust Gtk+2.0 flags.

Proofread-by: Marcus Brinkmann <mb@g10code.com>
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
GnuPG-bug-id: 2049

9 months agocurses: Add option to beep or flash terminal on dialog.
Marcus Brinkmann [Tue, 11 Jul 2017 17:06:22 +0000 (19:06 +0200)]
curses: Add option to beep or flash terminal on dialog.

* pinentry/pinentry-curses.c (dialog_run): Beep or flash terminal.
* pinentry/pinentry.c (pinentry_reset): Reset ttyalert option.
(pinentry_parse_opts): Parse option ttyalert.
(option_handler): Handle option ttyalert.
* pinentry/pinentry.h (struct pinentry): New option ttyalert.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2013

9 months agogtk: Always set the window as transient.
Damien Goutte-Gattat [Wed, 5 Jul 2017 09:22:46 +0000 (11:22 +0200)]
gtk: Always set the window as transient.

* gtk+-2/pinentry-gtk-2.c (create_window): Setup the make_transient
callback whether we ask for a passphrase or not.
--

Making the window transient seems necessary for (at least some)
tiling window managers to make sure the dialog is floating.

GnuPG-bug-id: 3253
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
9 months agocore: Add example on how to print a FEATURES line.
Werner Koch [Wed, 22 Feb 2017 17:43:50 +0000 (18:43 +0100)]
core: Add example on how to print a FEATURES line.

--

11 months agoqt: Improve width of pinentryconfirm
Andre Heinecke [Wed, 3 May 2017 09:49:09 +0000 (11:49 +0200)]
qt: Improve width of pinentryconfirm

* qt/pinentryconfirm.cpp (PinentryConfirm::showEvent): Add spacer
item for text width.

--
This fixes a pinentry-qt4 bug where part of the text might have
been hidden. And improves the layout for pinentry-qt5 where
the fingerprint will no longer be wordwrapped. Needs to be
done in the show event because only there we have the icon available.

11 months agoqt: Fix build with Qt4
Andre Heinecke [Wed, 3 May 2017 09:48:16 +0000 (11:48 +0200)]
qt: Fix build with Qt4

* qt/main.cpp (main): Don't use Q_NULLPTR.

13 months agofltk: Remove commented-out code.
Justus Winter [Wed, 8 Mar 2017 15:49:44 +0000 (16:49 +0100)]
fltk: Remove commented-out code.

* fltk/main.cxx: Remove commented-out code.

Signed-off-by: Justus Winter <justus@gnupg.org>
13 months agofltk: Fix warning.
Justus Winter [Wed, 8 Mar 2017 15:49:21 +0000 (16:49 +0100)]
fltk: Fix warning.

* fltk/main.cxx (fltk_cmd_handler): Use a 'std::unique_ptr' instead of
a deprecated 'std::auto_ptr'.

Signed-off-by: Justus Winter <justus@gnupg.org>
13 months agofltk: Add a FLTK-based pinentry.
Anatoly madRat L. Berenblit [Tue, 7 Feb 2017 16:18:41 +0000 (17:18 +0100)]
fltk: Add a FLTK-based pinentry.

* NEWS: Update.
* Makefile.am: Add new subdirectory.
* configure.ac: Add configuration for FLTK.
* fltk/Makefile.am: New file.
* fltk/encrypt.xpm: Likewise.
* fltk/icon.xpm: Likewise.
* fltk/main.cxx: Likewise.
* fltk/passwindow.cxx: Likewise.
* fltk/passwindow.h: Likewise.
* fltk/pinwindow.cxx: Likewise.
* fltk/pinwindow.h: Likewise.
* fltk/qualitypasswindow.cxx: Likewise.
* fltk/qualitypasswindow.h: Likewise.

Signed-off-by: Justus Winter <justus@gnupg.org>
14 months agoqt: Fix pinentry-curses fallback for qt5
Andre Heinecke [Mon, 13 Feb 2017 16:34:24 +0000 (17:34 +0100)]
qt: Fix pinentry-curses fallback for qt5

* qt/main.cpp (main): Initialize QApplication later.

--
This fixes the curses fallback because with Qt5 the creation of
the auto_ptr for the application already initialized the XCB subsystem
and caused the abort of the application.

Also removes the usage of the deprecated auto_ptr.

14 months agocore: Show the command line in the titlebar.
Werner Koch [Fri, 3 Feb 2017 20:41:05 +0000 (21:41 +0100)]
core: Show the command line in the titlebar.

* pinentry/pinentry.c (get_cmdline): New.
(pinentry_get_title): Add the cmdline to the title.
--

This works only on Linux assuming that /proc/PID/cmdline is available.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agoUse a shared function to construct the title.
Werner Koch [Fri, 3 Feb 2017 20:00:52 +0000 (21:00 +0100)]
Use a shared function to construct the title.

* pinentry/pinentry.c (pinentry_get_title): New.
* qt/main.cpp (qt_cmd_handler): Use that function for the title.
* tty/pinentry-tty.c (confirm, password): Ditto.
* gnome3/pinentry-gnome3.c (create_prompt): Ditto.
* gtk+-2/pinentry-gtk-2.c (create_window): Ditto.
* pinentry/pinentry-emacs.c (set_labels): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agogtk: Unless SETTITLE is used show the pid in the titlebar.
Werner Koch [Fri, 3 Feb 2017 16:16:43 +0000 (17:16 +0100)]
gtk: Unless SETTITLE is used show the pid in the titlebar.

* gtk+-2/pinentry-gtk-2.c (create_window): Display the pid as title.
--

This information could also be used to lookup the command line of the
process and show that in the titlebar.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agocore: New Assuan option "owner".
Werner Koch [Fri, 3 Feb 2017 16:15:24 +0000 (17:15 +0100)]
core: New Assuan option "owner".

* pinentry/pinentry.h (struct pinentry): Add fields 'owner_pid' and
'owner_host'.
* pinentry/pinentry.c (pinentry_reset): Take care of these fields.
(option_handler): New option "owner".

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agocurses: Do not return OK on error.
Werner Koch [Fri, 3 Feb 2017 10:53:25 +0000 (11:53 +0100)]
curses: Do not return OK on error.

* pinentry/pinentry.c (cmd_confirm): Take care not to return OK if the
RESULT is negative.
* pinentry/pinentry-curses.c (dialog_create): Amend error reporting by
setting specific_err_loc.
(dialog_run): Use new var confirm_mode for clearness.  In confirm mode
return Cancel instead of error.  This is how the gtk Pinentry does it.
--

A common error case is that a tty is not available and thus the fopen
fails.  In this case it is plainly wrong to return OK, we would better
return CANCEL.  Even better the specicic_err thing is now used to
return a proper error code.  For example:

  $ pinentry-curses --ttyname=/dev/no/such/tty
  OK Pleased to meet you
  getinfo ttyinfo
  D /dev/no/such/tty - -
  OK
  confirm
  S ERROR curses.open_tty_for_read 83918929
  ERR 83918929 No such file or directory <Pinentry>

The curses pinentry is also used as fallback from gtk.  Thus in this
case we now also get a error message back:

  $ pinentry-gtk-2 --display=/dev/null --ttyname=/dev/no/such/tty
  OK Pleased to meet you
  getinfo flavor
  D gtk2:curses
  OK
  getinfo ttyinfo
  D /dev/no/such/tty - /dev/null
  OK
  confirm
  S ERROR gtk2.open_tty_for_read 83918929
  ERR 83918929 No such file or directory <Pinentry>

Returning an error instead of OK also fixes this bug: A background
task is asking to insert a certain smartcard and asks via pinentry for
it.  Now w/o a valid tty the old code return OK and gpg-agent started
new pinentries (which don't show up) over and over until the correct
card was inserted.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agocore: New command getinfo/ttyinfo
Werner Koch [Fri, 3 Feb 2017 10:39:13 +0000 (11:39 +0100)]
core: New command getinfo/ttyinfo

* pinentry/pinentry.c (remember_display): New var.
(pinentry_have_display): Peek at --display.
(pinentry_parse_opts): Set pinentry.display.
(cmd_getinfo): Add sub-command "ttyinfo".

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agogtk2: Fix a problem with fvwm
Werner Koch [Wed, 11 Jan 2017 17:40:17 +0000 (18:40 +0100)]
gtk2: Fix a problem with fvwm

* gtk+-2/pinentry-gtk-2.c (grab_pointer): Take care of
GDK_GRAB_ALREADY_GRABBED.
--

Debian-bug-id: 850708
Co-authored-by: Vincent Lefevre <vincent@vinc17.net>
Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agognome3: Use the program name as default title.
Justus Winter [Mon, 16 Jan 2017 15:29:10 +0000 (16:29 +0100)]
gnome3: Use the program name as default title.

* gnome3/pinentry-gnome3.c (create_prompt): If no title is requested,
use the program name as the default title.  This mimics what the GTK+2
variant does (although the GTK+2 pinentry seems to use
basename(argv[0])).

GnuPG-bug-id: 2920
Signed-off-by: Justus Winter <justus@g10code.com>
15 months agognome3: Fix CONFIRM condition.
NIIBE Yutaka [Fri, 13 Jan 2017 05:22:33 +0000 (14:22 +0900)]
gnome3: Fix CONFIRM condition.

* gnome3/pinentry-gnome3.c (gnome3_cmd_handler): No buffer for PIN means
it's not passphrase input but confirmation dialog.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
16 months agoQt: Make sure extended grep is used with '|'.
Raphael Kubo da Costa [Sun, 18 Dec 2016 10:41:33 +0000 (11:41 +0100)]
Qt: Make sure extended grep is used with '|'.

* m4/qt.m4: Use grep -E when using the alternation character.
--

POSIX specifies '|' is only supposed to work as an alternation special
character when grep is used in extended mode. The code worked fine
with GNU grep because it accepts extended regular expressions by
default, but other POSIX-compliant implementations might fail and take
it literally.

Signed-off-by: Raphael Kubo da Costa <rakuco@FreeBSD.org>
16 months agoFix spelling errors.
Daniel Kahn Gillmor [Tue, 6 Dec 2016 17:04:25 +0000 (12:04 -0500)]
Fix spelling errors.

--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16 months agoFix linkage problem in tty and emacs pinentries.
Werner Koch [Thu, 1 Dec 2016 08:10:08 +0000 (09:10 +0100)]
Fix linkage problem in tty and emacs pinentries.

* emacs/pinentry-emacs.c (curses_cmd_handler): Remove var.
* tty/pinentry-tty.c (curses_cmd_handler): Remove var.
* pinentry/pinentry.c (flavor_flag): New local var.
(pinentry_set_flavor_flag): New function.
(cmd_getinfo): Use FLAVOR_FLAG for the "flavor" sub-command.
* gnome3/pinentry-gnome3.c (main): Call pinentry_set_flavor_flag.
* gtk+-2/pinentry-gtk-2.c (main): Ditto.
* pinentry/pinentry-emacs.c (initial_emacs_cmd_handler): Ditto.
* qt/main.cpp (main): Ditto.
--

Fixes-commit: e4e3a9cc88704dcffac660d0b92fd1ed8abecc11
Fixes-commit: d126036671e7dd631babc118cb4113f723f15748
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoCreate SWDB entry during make distcheck
Werner Koch [Tue, 22 Nov 2016 08:16:05 +0000 (09:16 +0100)]
Create SWDB entry during make distcheck

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Build emacs flavor.
(distcheck-hook): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoPost release updates
Werner Koch [Tue, 22 Nov 2016 08:11:50 +0000 (09:11 +0100)]
Post release updates

--

16 months agoRelease 1.0.0 pinentry-1.0.0
Werner Koch [Tue, 22 Nov 2016 07:51:41 +0000 (08:51 +0100)]
Release 1.0.0

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoemacs: Add curses handler stub.
Werner Koch [Tue, 22 Nov 2016 07:59:41 +0000 (08:59 +0100)]
emacs: Add curses handler stub.

* emacs/pinentry-emacs.c (curses_cmd_handler): New stub.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoUpdate config.{sub,guess} .
Werner Koch [Tue, 22 Nov 2016 07:44:16 +0000 (08:44 +0100)]
Update config.{sub,guess} .

--

17 months agognome3: Tighten up error messages when GNOME screensaver is absent.
Daniel Kahn Gillmor [Tue, 8 Nov 2016 20:37:25 +0000 (14:37 -0600)]
gnome3: Tighten up error messages when GNOME screensaver is absent.

* gnome3/pinentry-gnome3.c (pe_gnome_screen_locked): clean up error
messages when GNOME screensaver is absent or misbehaving.

--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agoAdd fail-safe string termination for snprintf.
Werner Koch [Mon, 7 Nov 2016 07:37:11 +0000 (08:37 +0100)]
Add fail-safe string termination for snprintf.

* gtk+-2/pinentry-gtk-2.c (changed_text_handler): Make sure an
 snprintf buffer is always ternminated.
* pinentry/pinentry.c (my_strusage): Ditto.
(write_status_error): Ditto.
(cmd_getinfo): Ditto.
* w32/main.c (w32_strerror): Ditto.
--

This is to fix the surprising implementation of snprintf on Windows.
Note that we don't need this in GnuPG because there we use our own
snprintf.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agognome3: Avoid risk of uinitialized memory access.
Daniel Kahn Gillmor [Sat, 5 Nov 2016 21:53:47 +0000 (17:53 -0400)]
gnome3: Avoid risk of uinitialized memory access.

* gnome3/pinentry-gnome3.c (_propagate_g_error_to_pinentry): Ensure
that pinentry->specific_err_info is null-terminated.

--

It's possible that "%d: %s" ends up producing more than 20 additional
characters.  A 64-bit signed int at its minimum is
"-9223372036854775808", which is 20 characters.  On any platform where
gint is 128-bit (i don't know whether they exist), it could be
significantly more.

snprintf doesn't write the final NUL byte if the string exceeds the
buffer, so anyone reading specific_err_info as a NUL-terminated string
in such a case would go on to read uninitialized memory after the
buffer.  So we should force there to always be a NUL char after the
written buffer.  It would be simpler to use asprintf, but i suspect
that's not portable enough for use in pinentry.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Neal H. Walfield <neal@g10code.com>
17 months agotty: Declare dummy curses_cmd_handler.
Daniel Kahn Gillmor [Sun, 6 Nov 2016 03:26:35 +0000 (23:26 -0400)]
tty: Declare dummy curses_cmd_handler.

* tty/pinentry-tty.c: Declare a dummy handler for the
curses_cmd_handler for fallback.

--

This is needed for building pinentry-tty, which links to a copy of the
pinentry object which doesn't have curses (it makes no sense to
fallback from tty to curses).  But the new cmd_info in
pinentry/pinentry.c needs some sort of value to test against when
reporting the flavor.

You can replicate this linker error from git with:

     ./autogen.sh
     ./configure --enable-maintainer-mode \
       --enable-{fallback-curses,pinentry-tty} \
       --disable-{inside-emacs,libsecret} && make

Which produces:

    gcc  -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wno-sign-compare -Wno-missing-field-initializers -Wdeclaration-after-statement -Wno-pointer-sign -Wpointer-arith   -o pinentry-tty pinentry-tty.o ../pinentry/libpinentry.a ../secmem/libsecmem.a -lassuan -L/usr/lib/x86_64-linux-gnu -lgpg-error -L/usr/lib/x86_64-linux-gnu -lgpg-error  -lcap
    ../pinentry/libpinentry.a(pinentry.o): In function `cmd_getinfo':
    «BUILDDIR»/pinentry/pinentry.c:1457: undefined reference to `curses_cmd_handler'
    collect2: error: ld returned 1 exit status
    Makefile:410: recipe for target 'pinentry-tty' failed
    make[2]: *** [pinentry-tty] Error 1
    make[2]: Leaving directory '«BUILDDIR»/tty'

One could argue that developers who --enable-tty then must also
--disable-fallback-curses, but that would just mean that it's
impossible to't build one of the graphical pinentries at the same time
(with curses fallback) as you are actually building pinentry-tty.
Arguably, though, the ./configure script should figure out the right
thing to do in this case and the build each variant sensibly.

This patch is a hack to ensure that pinentry-tty continues to link
properly even when other pinentries are being built concurrently with
a curses fallback.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agognome3: Fall back to curses if screensaver is locked.
Daniel Kahn Gillmor [Sun, 6 Nov 2016 07:17:04 +0000 (02:17 -0500)]
gnome3: Fall back to curses if screensaver is locked.

* gnome3/pinentry-gnome3.c (pe_gnome_screen_locked): New Function.
Returns true only if we can talk to a GNOME screensaver over D-Bus and
it assures us that it is locked.
(main): If GNOME screensaver is locked, fall back to curses.

--

We assume that if pinentry is triggered while the screensaver is
locked, then it is likely being done by some sort of remote connection
(e.g. ssh), and isn't being done directly from the graphical console.
In that case, prompting at the graphical console won't be able to get
the attention of the user, so we should fall back to curses if
possible.

GnuPG-bug-id: 2818

17 months agognome3: Test if Gcr System Prompter is available at startup.
Daniel Kahn Gillmor [Thu, 3 Nov 2016 16:31:40 +0000 (12:31 -0400)]
gnome3: Test if Gcr System Prompter is available at startup.

* gnome3/pinentry-gnome3.c (gcr_system_prompt_available): New. Tests
whether it is possible to create a GcrSystemPrompt.
(main): Use gcr_system_prompt_available() to decide whether to fall
back to curses or not.

--
Debian-bug-id: 842015
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agobuild: Avoid unnecessary dependency on gtk+-2 for GNOME3 development.
Daniel Kahn Gillmor [Sat, 5 Nov 2016 04:44:53 +0000 (00:44 -0400)]
build: Avoid unnecessary dependency on gtk+-2 for GNOME3 development.

* configure.ac: There is no reason to reject building the GNOME3
pinentry if GTK+-2 development libraries are not present.  GNOME3 does
not require GTK+-2.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agoall: Prefer https:// over http:// in source where possible.
Daniel Kahn Gillmor [Sat, 5 Nov 2016 04:25:12 +0000 (00:25 -0400)]
all: Prefer https:// over  in source where possible.

--
This change cleans up as many internal web references as possible, to
make them use https.  In some cases, the canonical references had
slightly different URLs in addition to the change in schema.

Sadly, git.savannah.gnu.org is still http-only.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agognome3: Avoid using gnome and gcr symbol namespace.
Werner Koch [Sat, 5 Nov 2016 10:42:24 +0000 (11:42 +0100)]
gnome3: Avoid using gnome and gcr symbol namespace.

* gnome3/pinentry-gnome3.c (struct _gnome3_run): Rename to
pe_gnome3_run_s.
(_gcr_prompt_password_done): Rename to pe_gcr_prompt_password_done.
(_gcr_prompt_confirm_done): Rename to pe_gcr_prompt_confirm_done.
(_gcr_timeout_done): Rename to pe_gcr_timeout_done.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agognome3: Honor timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:52 +0000 (18:57 -0400)]
gnome3: Honor timeout.

* gnome3/pinentry-gnome3.c (create_prompt): Use timeout to determine
how long to wait for Gcr to provide a system prompt before giving up.
(_gcr_timeout_done): New.  Record that a timeout has elapsed.
(gnome3_cmd_handler): Set up a timeout before launching the prompt,
and tear it down afterward.
(_gcr_prompt_password_done): Report timeout differently from normal
cancellation.
(_gcr_prompt_confirm_done): Report timeout differently from normal
cancellation.

--

Without this change, pinentry-gnome3 does not respect the timeout
parameter at all, and can hang indefinitely in the event that the
system prompter is locked or the user is ignoring the session.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agognome3: Convert password/confirmation to asynchronous model.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:51 +0000 (18:57 -0400)]
gnome3: Convert password/confirmation to asynchronous model.

* gnome3/pinentry-gnome3.c (gnome3_cmd_handler): Convert main part of
password or confirmation fetching into asynchronous code by moving
completion into...
(_gcr_prompt_password_done): ... here and...
(_gcr_prompt_confirm_done): ... here.

--

The async programming interface to gcr is necessary if we want to be
able to enforce a timeout, which will happen in the next patch in this
series.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Did not apply cleanluy due to me comment reformatting in a former
patch. Fixed.  -wk

17 months agoqt: Report timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:50 +0000 (18:57 -0400)]
qt: Report timeout.

* qt/pinentryconfirm.h (PinentryConfirm): Add _timed_out, timedOut().
* qt/pinentrydialog.h (PinentryDialog): Add _timed_out, timedOut().
* qt/pinentryconfirm.cpp (slotTimeout): Record elapsed timeout.
(PinentryConfirm): Initialize _timed_out to false.
(timedOut): New. Returns value of _timed_out.
* qt/pinentryDialog.cpp (slotTimeout): Record elapsed timeout.
(PinentryDialog): Initialize _timed_out to false.
(timedOut): New. Returns value of _timed_out.
* qt/main.cpp (qt_cmd_handler): Report if canceled due to timeout.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agocurses: Report timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:49 +0000 (18:57 -0400)]
curses: Report timeout.

* pinentry/pinentry-curses.c (dialog_run): Report if canceled due to
timeout.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agogtk2: Report timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:48 +0000 (18:57 -0400)]
gtk2: Report timeout.

* gtk+-2/pinentry-gtk-2.c (create_window): Send pointer to pinentry
into timeout_cb.
(timeout_cb): Report if canceled due to timeout.
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Fixed a shadowed variable in timeout_cb.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agotty: Report timeout.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:47 +0000 (18:57 -0400)]
tty: Report timeout.

* tty/pinentry-tty.c (confirm): Report if canceled due to timeout.
(password): Report if canceled due to timeout.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agognome3: Propagate GError messages to pinentry.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:46 +0000 (18:57 -0400)]
gnome3: Propagate GError messages to pinentry.

* gnome3/pinentry-gnome3.c (_propagate_g_error_to_pinentry): New. Send
GError messages back out to pinentry error reporting.
(create_prompt): Use _propagate_g_error_to_pinentry on error.
(gnome3_cmd_handler): Use _propagate_g_error_to_pinentry on error.
--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Modified to take care of malloc failure.  Also fixed alignment of some
old comments.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agognome3: Set parent window.
Daniel Kahn Gillmor [Fri, 4 Nov 2016 22:57:45 +0000 (18:57 -0400)]
gnome3: Set parent window.

* gnome3/pinentry-gnome3.c (create_prompt): Tell Gcr about the caller
window, if we know it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agocore: Add command getinfo/flavor.
Werner Koch [Sat, 5 Nov 2016 09:55:46 +0000 (10:55 +0100)]
core: Add command getinfo/flavor.

* pinentry/pinentry.c: Inlcude pinentry-curses.h.
(cmd_getinfo): Add sub-command "flavor"

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agoConvert to UTF-8.
Daniel Kahn Gillmor [Thu, 3 Nov 2016 16:59:18 +0000 (12:59 -0400)]
Convert to UTF-8.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
17 months agoFix spelling errors.
Daniel Kahn Gillmor [Thu, 3 Nov 2016 16:59:17 +0000 (12:59 -0400)]
Fix spelling errors.

--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Note that this also updates
     \texinfoversion to 2016-11-03.12

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agocore: Don't report error on setting option 'allow-emacs-pinentry'.
Daiki Ueno [Mon, 10 Oct 2016 08:33:36 +0000 (10:33 +0200)]
core: Don't report error on setting option 'allow-emacs-pinentry'.

Previously "OPTION allow-emacs-pinentry" returned an error if the Emacs
pinentry is not compiled in.  Since it is merely an option, it would
make more sense to just return OK.

Suggested-by: Werner Koch <wk@gnupg.org>
Signed-off-by: Daiki Ueno <ueno@gnu.org>
18 months agognome3: Drop unnecessary use of gtk
Werner Koch [Tue, 4 Oct 2016 08:35:52 +0000 (10:35 +0200)]
gnome3: Drop unnecessary use of gtk

* configure.ac: pinentry-gnome3 only needs gcr-base, not gcr.
* gnome3/pinentry-gnome3.c (main): Instead of testing whether GTK can
be loaded, check for DBUS_SESSION_BUS_ADDRESS.
(create_prompt): Use fprintf (stderr, ...) instead of g_warning (...),
to align with the rest of pinentry.c.
--

pinentry-gnome3 really just uses gcr and libsecret -- there is no
direct use of gtk at all.  By linking only to the minimal gcr-base-3
and avoiding gcr-3 itself, we remove many unnecessary library
dependencies from pinentry-gnome3.

Specifically, "ldd $(which pinentry-gnome3) | wc -l" goes from 69 to
23 on debian testing.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Added missing LF.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agocore: Add a way to print ERROR status lines.
Werner Koch [Tue, 4 Oct 2016 07:36:39 +0000 (09:36 +0200)]
core: Add a way to print ERROR status lines.

* pinentry/pinentry.h (struct pinentry): New fields SPECIFIC_ERR_LOC
and SPECIFIC_ERR_INFO.
* pinentry/pinentry.c (pinentry_reset): Free the new field.
(write_status_error): New.
(cmd_getpin): Use new fields.
(cmd_confirm): Ditto.
* gnome3/pinentry-gnome3.c (create_prompt): Set error for failed
GCR_PROMPT.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agotty: Provide default text for "notok".
Ineiev [Fri, 8 Apr 2016 12:33:05 +0000 (15:33 +0300)]
tty: Provide default text for "notok".

* tty/pinentry-tty.c (confirm): Provide default text for "notok".

--

gniibe changed the commit message.

18 months agotty: Fix underscore processing in accelerators.
Ineiev [Fri, 8 Apr 2016 12:26:33 +0000 (15:26 +0300)]
tty: Fix underscore processing in accelerators.

* tty/pinentry-tty.c (button): Fix underscore processing in
accelerators.

18 months agotty: Refactor usage of tolower.
Ineiev [Fri, 8 Apr 2016 12:17:59 +0000 (15:17 +0300)]
tty: Refactor usage of tolower.

* tty/pinentry-tty.c (button): Apply tolower to the result.
* tty/pinentry-tty.c (confirm): Compare lowercased character instead of
converting them every time.

--

gniibe changed the original patch to keep output to TTY.

19 months agocurses: Return better error codes for bad ttynames
Werner Koch [Thu, 1 Sep 2016 08:03:22 +0000 (10:03 +0200)]
curses: Return better error codes for bad ttynames

* pinentry/pinentry-curses.c (dialog_create): Return better error
codes.
--

With this change the error message is now

  $ MYTTY=$(tty)
  $ echo getpin | env -i pinentry-curses -d  --ttyname "$MYTTY"
  OK Pleased to meet you
  pinentry-curses: no LC_CTYPE known - assuming UTF-8
  ERR 83886383 Required environment variable not set <Pinentry>

Note that with the current released libgcrypt an unknown error code
will be printed.

GnuPG-bug-id: 2452
Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agoQt: Add SetWindowPos based foreground hack for Win
Andre Heinecke [Thu, 18 Aug 2016 12:55:27 +0000 (14:55 +0200)]
Qt: Add SetWindowPos based foreground hack for Win

* qt/pinentrydialog.cpp(raiseWindow): Add another fallback for
our foreground window hacks.

--
Even if SetForegroundWindow or SetForegroundWindowEx do not report
failures we are not always brought to front. So additionally
afterwards we also set our Window Position to be absolutely
in foreground and afterards remove that (so that a user
may still but us in the background).

This fixes the weird behavior that repeated pinentries for
symmetric encryption open in background.

20 months agoQt: Disable automatic wrap for desc and errors
Andre Heinecke [Fri, 12 Aug 2016 11:07:54 +0000 (13:07 +0200)]
Qt: Disable automatic wrap for desc and errors

* qt/pinentrydialog.cpp (PinEntryDialog): Disable WordWrap.

--
The agent already sends line breaks which should be respected.
This fixes the problem that pinentry-qt would break ssh fingerprints
because it treated the colon as a breakable character.

GnuPG's translators and GnuPG itself should take care how descriptions
and errors should be formatted.

20 months agoUpdate NEWS
Andre Heinecke [Wed, 1 Jun 2016 13:15:41 +0000 (15:15 +0200)]
Update NEWS

--

20 months agoQt: Append -std=c++11 if building against Qt 5.7
Kristian Fiskerstrand [Thu, 11 Aug 2016 12:44:37 +0000 (14:44 +0200)]
Qt: Append -std=c++11 if building against Qt 5.7

 * m4/qt.m4: Append -std=c++11 to CFLAGS if building against Qt 5.7

--
Qt 5.7 enables C++11 for Qt modules, and any app relying on it require to be
compiled with at least this standard.

This patch adds detection for Qt 5.7 and make sure -std=c++11 is passed if
building against Qt 5.7 or higher.

20 months agoFix ncurses build.
Ben Kibbey [Tue, 2 Aug 2016 01:25:32 +0000 (21:25 -0400)]
Fix ncurses build.

* pinentry/Makefile.am: Add NCURSES_CFLAGS.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
20 months agogtk2: Also grab the pointer.
Justus Winter [Tue, 2 Aug 2016 10:34:07 +0000 (12:34 +0200)]
gtk2: Also grab the pointer.

* gtk+-2/pinentry-gtk-2.c (grab_pointer): New function.
(ungrab_keyboard): Rename to 'ungrab_inputs' and also release the
pointer grab.
(create_window): Also grab the pointer.

GnuPG-bug-id: 2430
Signed-off-by: Justus Winter <justus@g10code.com>
20 months agogtk2: Be more persistent trying to grab the keyboard.
Justus Winter [Mon, 1 Aug 2016 15:49:50 +0000 (17:49 +0200)]
gtk2: Be more persistent trying to grab the keyboard.

We seem to get the 'visibility-notify' event before X is willing to
let us grab the keyboard, insisting that the target window is not
viewable (sic).

* gtk+-2/pinentry-gtk-2.c (grab_keyboard): Retry grabbing the
keyboard.

GnuPG-bug-id: 2375
Signed-off-by: Justus Winter <justus@g10code.com>
20 months agogtk2: Print keyboard grabbing errors.
Justus Winter [Mon, 1 Aug 2016 15:18:32 +0000 (17:18 +0200)]
gtk2: Print keyboard grabbing errors.

* gtk+-2/pinentry-gtk-2.c (grab_strerror): New function.
(grab_keyboard): Use the new function to print the error.

Signed-off-by: Justus Winter <justus@g10code.com>
20 months agogtk2: Avoid possible format string troubles.
Justus Winter [Mon, 1 Aug 2016 13:01:21 +0000 (15:01 +0200)]
gtk2: Avoid possible format string troubles.

* gtk+-2/pinentry-gtk-2.c (confirm_unhiding): Do not use message as
format string.

Signed-off-by: Justus Winter <justus@g10code.com>
23 months agoQt: Only use one line action for visibility
Andre Heinecke [Mon, 25 Apr 2016 10:08:03 +0000 (12:08 +0200)]
Qt: Only use one line action for visibility

* qt/pinentrydialog.cpp (PinEntryDialog::toggleVisibility): Toggle
both lines in repeat mode.
(PinEntryDialog::PinEntryDialog): Remove repeat line action.

--
It does not appear sensible to show / hide only one edit in
repeat mode this should make the usage of the visibility action
a bit more intutive.

23 months agoQt: Move qualitybar below repeat
Andre Heinecke [Mon, 25 Apr 2016 10:05:35 +0000 (12:05 +0200)]
Qt: Move qualitybar below repeat

* qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog): Move
quality bar below repeat.

--
Havin the repeat directly below the entry field looks better and
adds more connection between the entries.

23 months agoQt: Do not take icon from theme
Andre Heinecke [Mon, 25 Apr 2016 09:11:51 +0000 (11:11 +0200)]
Qt: Do not take icon from theme

* qt/main.cpp (main): Revert changes to take icon from theme.

--
Feedback was that pinentry should be recognisable and use it's
own Icon.

2 years agoQt: Change qualitybar position back to below
Andre Heinecke [Fri, 15 Apr 2016 08:32:06 +0000 (10:32 +0200)]
Qt: Change qualitybar position back to below

* qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog): Change
position back to below the entry. Fix label alignment.

--
While I find it more pleasing to have it at the top
the string for the tooltip mentions that the quality bar is
related to "above" entry.

2 years agogtk2: Add a button to show/hide the passphrase.
Andre Heinecke [Fri, 15 Apr 2016 07:51:24 +0000 (09:51 +0200)]
gtk2: Add a button to show/hide the passphrase.

* gtk+-2/pinentry-gtk-2.c (HIG_TINY): New.
 (confirm_unhiding): New.
 (show_hide_button_toggled): New.
 (create_show_hide_button): New.
 (create_window): Add a show/hide button.

--
This is an alternative implementation to the checkbox
reverted with rev. 71b51e0.
The patch is based on a patch by Werner Koch <wk@gnupg.org>
modifications done by aheinecke are:
- Use of strings provided by the gpg-agent
- Switching the visibility state of the edit.
- Using a monospace font for the label to avoid size
  changes when toggling the button.
- Use of a default button label for cancel in the confirm dialog
  as the agent only sends a string that is useful for show.

2 years agoRevert "GTK: Add visibility toggle button"
Andre Heinecke [Thu, 14 Apr 2016 14:34:36 +0000 (16:34 +0200)]
Revert "GTK: Add visibility toggle button"

This reverts commit 71b51e02cf20174ba7144765e985f7e889eaa429.

2 years agoGTK: Add visibility toggle button
Andre Heinecke [Thu, 14 Apr 2016 13:56:09 +0000 (15:56 +0200)]
GTK: Add visibility toggle button

* gtk+-2/pinentry-gtk-2.c (create_window): Create checkbox.
 (show_passphrase_toggled): New. Do the toggling.

--
GnuPG-Bug-ID: 2139

2 years agoQt: Restrict list of icon themes to try
Andre Heinecke [Thu, 14 Apr 2016 13:21:13 +0000 (15:21 +0200)]
Qt: Restrict list of icon themes to try

* qt/main.cpp (main): Only search in select icon themes.

--
Gnome Icon theme does not use a lock for document-encrypt icon
and this looks strange. Mainly the goal is not to show the Oxygen
Icon built into pinentry on a breeze Desktop.

2 years agoQt: Add actions to make passphrase visible
Andre Heinecke [Thu, 14 Apr 2016 13:01:47 +0000 (15:01 +0200)]
Qt: Add actions to make passphrase visible

* qt/main.cpp (qt_cmd_handler): Support visibility tooltips.
* qt/pinentrydialog.cpp (PinEntryDialog::PinEntryDialog):
 Add a checkbox or line actions.
 (PinEntryDialog::checkRepeat): Renabed to textChanged.
 (PinEntryDialog::toggleVisibility): New. Toggle echo mode.
* qt/pinentrydialog.h: Update accordingly.

--
The Action comes in two flavors to avoid having to include new
icons in pinentry (and thus have a text-only fallback) and also
because Qt4 does not support direct line edit actions and I don't
want to raise the requirement to Qt 5.2 yet.

GnuPG-Bug-ID: 2139

2 years agoAdd support for visibility string options
Andre Heinecke [Thu, 14 Apr 2016 12:58:46 +0000 (14:58 +0200)]
Add support for visibility string options

* doc/pinentry.texi: Note new values.
* pinentry/pinentry.c (pinentry): Add default_cf_visi,
 default_tt_visi and default_tt_hide.
 (option_handler): Parse new values.
* pinentry/pinentry.h (pinentry_t): Add new values.

2 years agoQt: Implement repeat and improve grabbing
Andre Heinecke [Thu, 14 Apr 2016 10:00:51 +0000 (12:00 +0200)]
Qt: Implement repeat and improve grabbing

The keyboard is now only grabbed if an edit has input focus.

* qt/main.cpp (qt_cmd_handler): Parse repeat values. Set repeat_okay.
* qt/pinentrydialog.cpp (PinentryDialog::PinentryDialog): Update
 layout. Add repeat label and edit. Connect focusChanged.
 (PinEntryDialog::hideEvent): Remove grabbing hack.
 (PinEntryDialog::focusChanged): New. Properly handle grabbing.
 (PinEntryDialog::checkRepeat): New. Enable Ok if repeat matches.
 (PinEntryDialog::repeatedPin): New. Getter for repeated pin.
 (PinEntryDialog::setRepeatErrorText): Setter for error.
* qt/pinentrydialog.h: Update accordingly.

--
Adding repeat mode made it neccessary to fix the grabbing
which globally grabbed the keyboard for the line edit
as long as the window was shown.

Now we only grab when a line edit has focus. This has the
advantage that you can still work with other windows while
pinentry is open but not focused.

The new grabbing should improve security a bit as it reduces
the need for a global no-grab setting. I've verified with xev
that keyboard grabbing still works when one of the lineedits
in pinentry has focus.

2 years agoQt: Respect icon themes and only fallback to own
Andre Heinecke [Thu, 14 Apr 2016 07:53:37 +0000 (09:53 +0200)]
Qt: Respect icon themes and only fallback to own

* m4/qt.m4: Raise version requirement.
* qt/main.cpp (main): Use QIcon::fromTheme to get the icon.

2 years agoQt: Unify coding style and encoding
Andre Heinecke [Thu, 14 Apr 2016 07:32:21 +0000 (09:32 +0200)]
Qt: Unify coding style and encoding

* qt/main.cpp, qt/pinentryconfirm.cpp, qt/pinentryconfirm.h,
  qt/pinentrydialog.cpp, qt/pinentrydialog.h: Use KDE coding style.
  Encode as UTF-8.

--
Code reformatted using kde-dev-scripts/astyle-kdelibs.
Use git blame -w to show authorship as it was before this commit.

2 years agoQt: Fix Windows foreground window hacks for Qt5
Andre Heinecke [Fri, 4 Mar 2016 14:44:26 +0000 (15:44 +0100)]
Qt: Fix Windows foreground window hacks for Qt5

* qt/pinentrydialog.cpp: Use Q_OS_WIN instead of Q_WS_WIN
 (SetForegroundWindowEx): Handle new Wid type with casts.

--
Q_WS_WIN is no longer defined by Qt5

2 years agopinentry: Use stderr to print failures in password-cache.c
Stef Walter [Sun, 14 Feb 2016 17:06:52 +0000 (18:06 +0100)]
pinentry: Use stderr to print failures in password-cache.c

Otherwise this interferes with the assuan protocol expected
on stdout.

GnuPG-bug-id: 2243

2 years agoQt: Fix use after free in quality calculation
Andre Heinecke [Tue, 5 Jan 2016 11:44:32 +0000 (12:44 +0100)]
Qt: Fix use after free in quality calculation

* qt/pinentrydialog.cpp (PinEntryDialog::updateQuality): Keep UTF8
 byte array alive after conversion.

--
Same problem pattern as in Bug 2133 / commit f143d216