Two UI improvements

* Mon Oct 18 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-4 - Tell the user if asking for the same passphrase again Resolves: #641111 - Check certificate file before interacting with the user Resolves: #643897
2010-10-18 17:45:07 +02:00 · 2010-10-18 17:45:07 +02:00 · 4886de908b
parent f93fc197bb
commit 4886de908b
3 changed files with 152 additions and 1 deletions
--- a/volume_key-0.3.4-cert-errors.patch
+++ b/volume_key-0.3.4-cert-errors.patch
@ -0,0 +1,79 @@
+Subject: [PATCH] Report certificate errors sooner.
+
+2010-10-18  Miloslav Trmač  <mitr@redhat.com>
+
+	* src/volume_key.c (pos_interact): Split from pos_init ().
+	(do_save, do_reencrypt): Call pos_init () as early as possible.  Use
+	pos_interact () at the original location.
+diff --git a/src/volume_key.c b/src/volume_key.c
+index 855956f..83d9a02 100644
+--- a/src/volume_key.c
+++ b/src/volume_key.c
+@@ -601,7 +601,7 @@ struct packet_output_state
+   char *passphrase;
+ };
+ 
+-/* Init POS.
+/* Init POS, without user interaction.
+    Return 0 if OK, -1 on error. */
+ static int
+ pos_init (struct packet_output_state *pos, GError **error)
+@@ -635,6 +635,22 @@ pos_init (struct packet_output_state *pos, GError **error)
+     }
+   else
+     {
+      /* Will ask for passphrase in pos_interact */
+    }
+  return 0;
+}
+
+/* Interact with the user about POS.
+   Return 0 if OK, -1 on error. */
+static int
+pos_interact (struct packet_output_state *pos, GError **error)
+{
+  if (output_format_cleartext != 0 || output_certificate != NULL)
+    {
+      /* Nothing - pos_init () is enough. */
+    }
+  else
+    {
+       char *passphrase;
+       unsigned failed;
+ 
+@@ -805,6 +821,9 @@ do_save (int argc, char *argv[])
+     error_exit (_("Usage: %s --save VOLUME [PACKET]"), g_get_prgname ());
+ 
+   error = NULL;
+  if (pos_init (&pos, &error) != 0)
+    error_exit ("%s", error->message);
+
+   v = libvk_volume_open (argv[1], &error);
+   if (v == NULL)
+     error_exit (_("Error opening `%s': %s"), argv[1], error->message);
+@@ -824,7 +843,7 @@ do_save (int argc, char *argv[])
+   else if (libvk_volume_get_secret (v, LIBVK_SECRET_DEFAULT, ui, &error) != 0)
+     error_exit (_("Error opening `%s': %s"), argv[1], error->message);
+ 
+-  if (pos_init (&pos, &error) != 0
+  if (pos_interact (&pos, &error) != 0
+       || output_packet (&pos, v, ui, &error) != 0)
+     error_exit ("%s", error->message);
+   if (output_created_random_passphrase != NULL)
+@@ -1007,12 +1026,15 @@ do_reencrypt (int argc, char *argv[])
+     error_exit (_("Usage: %s --%s PACKET"), g_get_prgname (), "reencrypt");
+ 
+   error = NULL;
+  if (pos_init (&pos, &error) != 0)
+    error_exit ("%s", error->message);
+
+   ui = create_ui ();
+   pack = open_packet_file (argv[1], ui, &error);
+   if (pack == NULL)
+     error_exit ("%s", error->message);
+ 
+-  if (pos_init (&pos, &error) != 0
+  if (pos_interact (&pos, &error) != 0
+       || output_packet (&pos, pack, ui, &error) != 0)
+     error_exit ("%s", error->message);
+   pos_free (&pos);
--- a/volume_key-0.3.4-passphrase-ui.patch
+++ b/volume_key-0.3.4-passphrase-ui.patch
@ -0,0 +1,59 @@
+Subject: [PATCH 1/2] Tell the user when a non-NSS passphrase is incorrect.
+
+2010-10-18  Miloslav Trmač  <mitr@redhat.com>
+
+	* src/volume_key.c (passphrase_ui_cb): Tell the user when a non-NSS
+	passphrase is incorrect.
+diff --git a/src/volume_key.c b/src/volume_key.c
+index 7f9f391..c9c4bca 100644
+--- a/src/volume_key.c
+++ b/src/volume_key.c
+@@ -545,6 +545,8 @@ passphrase_ui_cb (void *data, const char *prompt, unsigned failed_attempts)
+ 	return NULL;
+       return read_batch_string ();
+     }
+  if (failed_attempts != 0)
+    fprintf (stderr, _("Error, try again.\n"));
+   s = g_strdup_printf (_("%s: "), prompt);
+   res = get_password (s);
+   g_free (s);
+-- 
+
+2010-10-18  Miloslav Trmač  <mitr@redhat.com>
+
+	* lib/volume_luks.c (luks_apply_secret)
+	* src/volume_key.c (pos_interact): Only tell the user about an incorrect
+	passphrase once.
+diff --git a/lib/volume_luks.c b/lib/volume_luks.c
+index 4561a43..4650464 100644
+--- a/lib/volume_luks.c
+++ b/lib/volume_luks.c
+@@ -481,7 +481,9 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+ 				      failed, error);
+       if (passphrase == NULL)
+ 	goto err_prompts;
+-      passphrase2 = ui_get_passphrase (ui, prompt2, failed, error);
+      /* The repeated passphrase is always considered a first attempt -
+	 otherwise src/volume_key.c would prepend "Error, try again". */
+      passphrase2 = ui_get_passphrase (ui, prompt2, 0, error);
+       if (passphrase2 == NULL)
+ 	goto err_passphrase;
+       passphrase_ok = strcmp (passphrase, passphrase2) == 0;
+diff --git a/src/volume_key.c b/src/volume_key.c
+index c9c4bca..855956f 100644
+--- a/src/volume_key.c
+++ b/src/volume_key.c
+@@ -652,9 +652,10 @@ pos_init (struct packet_output_state *pos, GError **error)
+ 					     "New packet passphrase"), failed);
+ 	  if (passphrase == NULL)
+ 	    goto no_passphrase;
+	  /* The repeated passphrase is always considered a first attempt -
+	     otherwise passphrase_ui_cb would prepend "Error, try again". */
+ 	  passphrase2 = passphrase_ui_cb (NULL,
+-					  _("Repeat new packet passphrase"),
+-					  failed);
+					  _("Repeat new packet passphrase"), 0);
+ 	  if (passphrase2 == NULL)
+ 	    {
+ 	      memset (passphrase, 0, strlen (passphrase));
+-- 
--- a/volume_key.spec
+++ b/volume_key.spec
@ -3,7 +3,7 @@
 Summary: An utility for manipulating storage encryption keys and passphrases
 Name: volume_key
 Version: 0.3.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2
 Group: Applications/System
 URL: https://fedorahosted.org/volume_key/
@ -16,6 +16,11 @@ Patch0: volume_key-0.3.4-volume-doc.patch
 Patch1: volume_key-0.3.4-ssl-errors.patch
 # Upstream commit 82f476f614ff8492231e730b6ceffaa7242481cc
 Patch2: volume_key-0.3.4-getpass.patch
+# Upstream commits b66602b8ef4e6ef8325c0b97fce821e183a2ae84,
+# 1dcafdcd6f3097487b92f86e9db3e5412c266ee5
+Patch3: volume_key-0.3.4-passphrase-ui.patch
+# Upstream commit 40e5330c076f9f4e149c2091900602d3de41b119
+Patch4: volume_key-0.3.4-cert-errors.patch
 BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg
 BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel

@ -82,6 +87,8 @@ for other formats is possible, some formats are planned for future releases.
 %patch0 -p1 -b .volume-doc
 %patch1 -p1 -b .ssl-errors
 %patch2 -p1 -b .getpass
+%patch3 -p1 -b .passphrase-ui
+%patch4 -p1 -b .cert-errors

 %build
 %configure
@ -122,6 +129,12 @@ rm -rf $RPM_BUILD_ROOT
 %{python_sitearch}/volume_key.py*

 %changelog
+* Mon Oct 18 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-4
+- Tell the user if asking for the same passphrase again
+  Resolves: #641111
+- Check certificate file before interacting with the user
+  Resolves: #643897
+
 * Fri Oct  8 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-3
 - Make it possible to interrupt password prompts
  Resolves: #641111