Page MenuHome GnuPG
Files F34252342

No OneTemporary
Actions

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
diff --git a/agent/ChangeLog b/agent/ChangeLog
index 54e2256ec..a1093389b 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,2691 +1,2694 @@
2010-08-11 Werner Koch <wk@g10code.com>
+ * call-pinentry.c (agent_get_passphrase, agent_askpin): Fix
+ setting of confidential flag.
+
* call-scd.c (agent_card_scd): Pass assuan comment lines to the
caller.
(ASSUAN_CONVEY_COMMENTS): Provide replacement if needed.
2010-08-09 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Add NETLIBS for sake of the TCP
logging.
2010-06-24 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_pattern): Use HANG option for
gnupg_wait_progress. Fixes regression from 2010-06-09.
2010-06-21 Werner Koch <wk@g10code.com>
* protect-tool.c (export_p12_file, import_p12_cert_cb)
(import_p12_file, sexp_to_kparms, store_private_key): Remove
unused code.
2010-06-18 Werner Koch <wk@g10code.com>
* protect-tool.c (store_private_key, rsa_key_check): Remove.
* command.c (cmd_export_key): New.
2010-06-15 Werner Koch <wk@g10code.com>
* command.c (cmd_keywrap_key, cmd_import_key): New.
* genkey.c (agent_genkey, agent_protect_and_store): Factor common
code out to...
(agent_ask_new_passphrase): .. new.
* findkey.c (agent_write_private_key): Return GPG_ERR_EEXIST
instead of GPG_ERR_GENERAL.
2010-06-14 Werner Koch <wk@g10code.com>
* protect-tool.c: Remove commands --p12-import and --p12-export.
* minip12.c, minip12.h: Move to ../sm.
* Makefile.am (gpg_protect_tool_SOURCES): Remove them.
* preset-passphrase.c: Remove unneeded minip12.h.
* command.c (cmd_keywrap_key): New.
* command.c (leave_cmd): New.
(cmd_istrusted, cmd_listtrusted, cmd_marktrusted, cmd_pksign)
(cmd_pkdecrypt, cmd_genkey, cmd_readkey, cmd_keyinfo)
(cmd_get_passphrase, cmd_get_confirmation, cmd_learn)
(cmd_passwd, cmd_preset_passphrase, cmd_getval, cmd_putval): Use it.
2010-05-12 Werner Koch <wk@g10code.com>
* preset-passphrase.c (forget_passphrase): Actually implement
this. Fixes bug#1198.
2010-05-11 Werner Koch <wk@g10code.com>
* agent.h (opt): Add field USE_STANDARD_SOCKET.
* gpg-agent.c (use_standard_socket): Remove. Use new option instead.
* command.c (cmd_killagent, cmd_reloadagent): Provide command also
for non-W32 platforms.
(cmd_getinfo): New subcommands std_session_env and std_startup_env.
2010-05-03 Werner Koch <wk@g10code.com>
* gpg-agent.c (check_own_socket_thread): Do not release SOCKNAME
too early.
2010-04-30 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Add command --use-standard-socket-p.
2010-04-26 Werner Koch <wk@g10code.com>
* gpg-agent.c (create_server_socket) [W32]: Also check for EEXIST.
2010-04-19 Werner Koch <wk@g10code.com>
* pksign.c (get_dsa_qbits, do_encode_dsa): New.
(agent_pksign_do): Detect DSA keys and use do_encode_dsa.
* findkey.c (agent_public_key_from_file): Factor some code out to ..
(key_parms_from_sexp): New.
(agent_is_dsa_key): New.
* command.c (cmd_sethash): Clear digeest.RAW_VALUE.
2010-04-14 Werner Koch <wk@g10code.com>
* Makefile.am (libexec_PROGRAMS) [W32CE]: Do not build
gpg-preset-passphrase for now.
(pwquery_libs) [W32CE]: Set to empty.
* trustlist.c (read_one_trustfile): Use estream.
2010-04-13 Werner Koch <wk@g10code.com>
* findkey.c (read_key_file): Use estream.
(agent_write_private_key): Ditto.
2010-04-07 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_connections) [W32]: Assume that PTh support
the handle event. Use a dummy event for W32CE.
(get_agent_scd_notify_event) [W32CE]: Do not build.
* call-pinentry.c: Remove setenv.h. Include sysutils.h.
(atfork_cb): s/setenv/gnupg_setenv/.
* gpg-agent.c: Do not include setenv.h.
(main): s/unsetenv/gnupg_unsetenv/.
* protect.c (calibrate_get_time) [W32CE]: Use GetThreadTimes.
2010-04-06 Werner Koch <wk@g10code.com>
* call-scd.c [!HAVE_SIGNAL_H]: Do not include signal.h.
* findkey.c (agent_write_private_key): s/remove/gnupg_remove/.
* command-ssh.c (search_control_file): Replace rewind by fseek and
clearerr.
* genkey.c (check_passphrase_pattern): Ditto.
* gpg-agent.c [!HAVE_SIGNAL_H]: Do not include signal.h.
(remove_socket): s/remove/gnupg_remove/.
(create_private_keys_directory): Use gnupg_mkdir.
2010-03-11 Werner Koch <wk@g10code.com>
* gpg-agent.c: Include "asshelp.h".
(main): Remove assuan_set_assuan_log_prefix. Add
assuan_set_log_cb.
(handle_signal): Disable pth ctrl dumping.
(parse_rereadable_options, main): Remove assuan_set_assuan_log_stream.
* call-scd.c (start_scd): Remove assuan_set_log_stream.
2010-03-10 Werner Koch <wk@g10code.com>
* Makefile.am (common_libs): Remove libjnlib.a.
* trustlist.c, protect-tool.c, command-ssh.c: Remove estream.h.
2010-02-17 Werner Koch <wk@g10code.com>
* call-pinentry.c (start_pinentry): Always free OPTSTR. Send
default-xxx strings.
2010-01-26 Werner Koch <wk@g10code.com>
* protect.c (do_encryption): Encode the s2kcount and no not use a
static value of 96.
2009-12-21 Werner Koch <wk@g10code.com>
* command.c (cmd_getinfo): Add sub-command s2k_count.
2009-12-14 Werner Koch <wk@g10code.com>
* protect.c (agent_unprotect): Decode the S2K count here and take
care of the new unencoded values. Add a lower limit sanity check.
(hash_passphrase): Do not decode here.
(get_standard_s2k_count, calibrate_s2k_count): New.
(calibrate_get_time, calibrate_elapsed_time): New.
(do_encryption): Use get_standard_s2k_count.
2009-12-08 Werner Koch <wk@g10code.com>
* protect.c (agent_unprotect): Avoid compiler warning.
2009-12-08 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (start_pinentry): Convert posix fd to assuan fd.
* call-scd.c (start_scd): Likewise.
2009-12-03 Werner Koch <wk@g10code.com>
* gpg-agent.c (set_debug): Allow for numerical debug leveles. Print
active debug flags.
2009-12-02 Werner Koch <wk@g10code.com>
* trustlist.c (read_trustfiles): Store the pointer returned from
shrinking the memory and not the orginal one. Fixes bug#1163.
Reported by TAKAHASHI Tamotsu. Also return correct error after
memory failure.
2009-11-27 Marcus Brinkmann <marcus@g10code.de>
* command.c (start_command_handler): Do not call
assuan_set_log_stream anymore.
* gpg-agent.c (main): But call assuan_set_assuan_log_stream here.
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* command.c (start_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not
assuan_pipe_connect_ext.
* command.c (start_command_handler): Change
assuan_init_socket_server_ext into assuan_init_socket_server.
* call-scd.c (start_scd): Update use of assuan_socket_connect and
assuan_pipe_connect.
* gpg-agent.c (check_own_socket_thread, check_for_running_agent):
Update use of assuan_socket_connect.
2009-11-04 Werner Koch <wk@g10code.com>
* command.c (register_commands): Add help arg to
assuan_register_command. Convert all command comments to help
strings.
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* command.c (reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
2009-10-16 Marcus Brinkmann <marcus@g10code.com>
* gpg_agent_CFLAGS, gpg_agent_LDADD: Use libassuan instead of
libassuan-pth.
* gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
(main): Call assuan_set_system_hooks and assuan_sock_init.
Fix invocation of assuan_socket_connect.
2009-09-23 Werner Koch <wk@g10code.com>
* command.c (register_commands) [HAVE_ASSUAN_SET_IO_MONITOR]:
Remove cpp condition.
(start_command_handler) [HAVE_ASSUAN_SET_IO_MONITOR]: Ditto.
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
2009-09-04 Marcus Brinkmann <marcus@g10code.com>
* command.c (start_command_handler): Add comment about gap in
implementation (in dead code), for future reference.
2009-08-11 Werner Koch <wk@g10code.com>
* divert-scd.c (ask_for_card): I18n a prompt string.
2009-07-06 Werner Koch <wk@g10code.com>
* agent.h: Include session-env.h.
(opt): Replace most of the startup_xxx fields by a session_env_t.
(struct server_control_s): Likewise.
* gpg-agent.c (main): Rewrite setting of the startup fields.
(handle_connections, main): Allocate SESSION_ENV.
(agent_init_default_ctrl, agent_deinit_default_ctrl): Change
accordingly.
* command.c (option_handler): Ditto.
(cmd_updatestartuptty): Change accordingly. Protect old values
from out of core failures.
* command-ssh.c (start_command_handler_ssh): Ditto.
(start_command_handler_ssh): Replace strdup by xtrystrdup.
* call-pinentry.c (atfork_cb): Pass new envrinmnet variables.
(start_pinentry): Use session_env stuff.
* protect-tool.c (main): Adjust call to gnupg_prepare_get_passphrase.
2009-06-24 Werner Koch <wk@g10code.com>
* genkey.c (agent_protect_and_store): Return RC and not 0.
* protect.c (do_encryption): Fix ignored error code from malloc.
Reported by Fabian Keil.
2009-06-17 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_get_confirmation): Add arg WITH_CANCEL.
Change all callers.
* trustlist.c (agent_marktrusted): Use WITH_CANCEL
2009-06-09 Werner Koch <wk@g10code.com>
* learncard.c (send_cert_back): Ignore certain error codes.
2009-06-05 Werner Koch <wk@g10code.com>
* protect-tool.c (store_private_key): Fix last change by appending
a ".key".
2009-06-03 Werner Koch <wk@g10code.com>
* protect-tool.c: Include estream.h.
(store_private_key): Replace stdio streams by estream functions
for a portable use of the "x" mode.
* trustlist.c: Include estream.h.
(agent_marktrusted): Replace stdio stream by estream functions.
* protect-tool.c (store_private_key): Use bin2hex.
2009-06-02 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Run pth_kill after fork. Fixes bug#1066.
2009-05-19 Werner Koch <wk@g10code.com>
* gpg-agent.c (JNLIB_NEED_AFLOCAL): Define.
(create_server_socket): Use SUN_LEN macro.
2009-05-15 Werner Koch <wk@g10code.com>
Fix bug #1053.
* agent.h (lookup_ttl_t): New.
* findkey.c (unprotect): Add arg LOOKUP_TTL.
(agent_key_from_file): Ditto.
* pksign.c (agent_pksign_do): Ditto.
* command-ssh.c (ttl_from_sshcontrol): New.
(data_sign): Pass new function to agent_pksign_do.
(search_control_file): Add new arg R_TTL.
2009-05-14 Werner Koch <wk@g10code.com>
* command.c (cmd_get_passphrase): Add option --qualitybar.
* call-pinentry.c (agent_askpin): Factor some code out to ...
(setup_qualitybar): .. new.
(agent_get_passphrase): Add arg WITH_QUALITYBAR and implement it.
2009-04-14 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (agent_get_confirmation): Try SETNOTOK command
with pinentry.
2009-04-01 Werner Koch <wk@g10code.com>
* protect-tool.c (pe_opt): New.
(opts): Add option --agent-program. Use ARGPARSE macros.
(get_new_passphrase): Remove.
(get_passphrase): Use gpg-agent directly. Remove arg OPT_CHECK and
change all callers.
* Makefile.am (gpg_protect_tool_LDADD): Replace pwquery_libs by
LIBASSUAN_LIBS.
(gpg_protect_tool_CFLAGS): New.
* command.c (percent_plus_unescape): Remove.
(cmd_putval): Use percent_plus_unescape_inplace.
* call-scd.c (unescape_status_string): Remove.
(card_getattr_cb): Use percent_plus_unescape.
* protect-tool.c (main): Use percent_plus_unescape from common/.
(percent_plus_unescape, percent_plus_unescape_string): Remove.
2009-03-27 Werner Koch <wk@g10code.com>
* learncard.c (agent_handle_learn): Add new certtype 111.
2009-03-26 Werner Koch <wk@g10code.com>
* agent.h (MAX_DIGEST_LEN): Change to 64.
* command.c (cmd_sethash): Allow digest length of 48 and 64.
(cmd_sethash): Allow more hash algos.
* trustlist.c (reformat_name): New.
(agent_marktrusted): Use a reformatted name. Reload the table
before the update and always reload it at the end.
(agent_istrusted): Check early for the disabled flag.
2009-03-25 Werner Koch <wk@g10code.com>
* pkdecrypt.c (agent_pkdecrypt): Return a specific error message
if the key is not available.
* gpg-agent.c (main): Print a started message to show the real pid.
2009-03-20 Werner Koch <wk@g10code.com>
* learncard.c (struct kpinfo_cp_parm_s): Add field CTRL.
(struct certinfo_cb_parm_s): Ditto.
(agent_handle_learn): Set CTRL field.
(kpinfo_cb, certinfo_cb): Send progress status.
* agent.h (agent_write_status): Flag with GNUPG_GCC_A_SENTINEL.
2009-03-19 Werner Koch <wk@g10code.com>
* trustlist.c (struct trustitem_s): Add field DISABLED.
(read_one_trustfile): Parse the '!' flag.
(agent_istrusted, agent_listtrusted): Check flag.
(agent_istrusted): Add arg R_DISABLED. Change all callers.
(agent_marktrusted): Do not ask if flagged as disabled. Reverse
the order of the questions. Store the disabled flag.
* gpg-agent.c (main): Save signal mask and open fds. Restore mask
and close all fds prior to the exec. Fixes bug#1013.
2009-03-17 Werner Koch <wk@g10code.com>
* command.c (cmd_get_passphrase): Break repeat loop on error.
Show error message.
(cmd_getinfo): Add subcommand "cmd_has_option".
(command_has_option): New.
2009-03-17 Daiki Ueno <ueno@unixuser.org>
* command.c (option_value): New function.
(cmd_get_passphrase): Accept new option --repeat, which makes
gpg-agent to ask passphrase several times.
2009-03-06 Werner Koch <wk@g10code.com>
* command.c (cmd_keyinfo): New command.
(register_commands): Register it.
(agent_write_status): Make sure not to print LR or CR.
* divert-scd.c (ask_for_card): Factor shadow info parsing out to ...
* protect.c (parse_shadow_info): New.
* findkey.c (agent_key_from_file): Use make_canon_sexp.
(agent_write_private_key, unprotect, read_key_file)
(agent_key_available): Use bin2hex.
(agent_key_info_from_file): New.
(read_key_file): Log no error message for ENOENT.
2009-03-05 Werner Koch <wk@g10code.com>
* divert-scd.c (getpin_cb): Support flag 'P'. Change max_digits
from 8 to 16. Append a message about keypads.
* findkey.c (unprotect): Change max digits to 16.
2009-03-02 Werner Koch <wk@g10code.com>
* command.c (cmd_getinfo): Add subcommand "scd_running".
* call-scd.c (agent_scd_check_running): New.
* gpg-agent.c: Add missing option strings for "--batch" and
"--homedir". Reported by Petr Uzel.
* protect-tool.c (import_p12_file): Take care of canceled
passphrase entry. Fixes bug#1003.
(export_p12_file): Ditto.
2008-12-17 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_connections): Set action of all pth event
handled signals to SIG_IGN. Use a different pth_sigmask strategy.
2008-12-10 Werner Koch <wk@g10code.com>
* command.c (cmd_get_passphrase): Implement option --no-ask.
2008-12-09 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Call i18n_init before init_common_subsystems.
* preset-passphrase.c (main): Ditto.
* protect-tool.c (main): Ditto.
* command.c (cmd_preset_passphrase): Allow an arbitrary string for
the cache id.
2008-12-08 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_connections): Sync the ticker to the next
full second. This is bug#871.
2008-12-05 Werner Koch <wk@g10code.com>
* minip12.c (decrypt_block): Fix const modified of CHARSETS.
* learncard.c (sinfo_cb_parm_s): Remove superflous semicolon.
Reported by Stoyan Angelov.
2008-11-18 Werner Koch <wk@g10code.com>
* gpg-agent.c (make_libversion): New.
(my_strusage): Print libgcrypt version
2008-11-11 Werner Koch <wk@g10code.com>
* call-scd.c (membuf_data_cb): Change return type to
assuan_error_t to avoid warnings with newer libassuan versions.
2008-11-04 Werner Koch <wk@g10code.com>
* command.c (cmd_killagent): Stop the agent immediately.
(start_command_handler): Take care of GPG_ERR_EOF.
2008-10-29 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Move USE_STANDARD_SOCKET to the outer scope.
(create_socket_name): Remove arg USE_STANDARD_SOCKET. Change all
callers.
(create_server_socket): Remove IS_STANDARD_NAME and replace it by
USE_STANDARD_SOCKET. Change all callers.
(check_own_socket_running): New.
(check_own_socket, check_own_socket_thread): New.
(handle_tick): Check server socket once a minute.
(handle_connections): Remove the extra pth_wait in the shutdown
case.
2008-10-20 Werner Koch <wk@g10code.com>
* command.c (cmd_geteventcounter): Mark unused arg.
(cmd_listtrusted, cmd_pksign, cmd_pkdecrypt, cmd_genkey): Ditto.
(cmd_updatestartuptty, post_cmd_notify): Ditto.
* command-ssh.c (add_control_entry)
(ssh_handler_request_identities, ssh_handler_remove_identity)
(ssh_handler_remove_all_identities, ssh_handler_lock)
(ssh_handler_unlock): Ditto.
* call-pinentry.c (pinentry_active_p, popup_message_thread)
(agent_popup_message_stop): Ditto.
* findkey.c (agent_public_key_from_file): Ditto.
* genkey.c (check_passphrase_pattern): Ditto.
* call-scd.c (atfork_cb): Ditto.
* protect-tool.c (import_p12_cert_cb): Ditto.
* t-protect.c (main): Ditto.
2008-10-17 Werner Koch <wk@g10code.com>
* call-scd.c (start_scd) [W32]: Use snprintf again because we now
always use the estream variant.
2008-10-15 Werner Koch <wk@g10code.com>
* call-scd.c (start_scd): Enable assuan loggging if requested.
(agent_scd_check_aliveness) [W32]: Fix use of GetExitCodeProcess.
2008-10-14 Werner Koch <wk@g10code.com>
* gpg-agent.c (get_agent_scd_notify_event): Need to use a manual
reset event.
2008-09-29 Werner Koch <wk@g10code.com>
* agent.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER.
(GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and
change all users.
2008-09-25 Werner Koch <wk@g10code.com>
* divert-scd.c (getpin_cb): Support a Reset Code style PINs..
2008-09-03 Werner Koch <wk@g10code.com>
* command.c (parse_keygrip): Use hex2bin.
(cmd_preset_passphrase): Decode the passphrase. Reported by Kiss
Gabor. Fixes #679 again.
* preset-passphrase.c (make_hexstring): Remove.
(preset_passphrase): Use bin2hex.
2008-05-27 Werner Koch <wk@g10code.com>
* trustlist.c (insert_colons): Fix stupidly wrong allocation size
computation.
2008-05-26 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Re-initialize default assuan log stream if a
log file is used.
* trustlist.c (agent_marktrusted): Use xtryasprintf and xfree.
* gpg-agent.c (main, agent_deinit_default_ctrl): Always use xfree
because our asprintf is mapped to an xmalloc style function in
util.h. Replace xstrdup by xtrystrdup.
* w32main.c (build_argv): Ditto.
* preset-passphrase.c (preset_passphrase): Ditto.
* divert-scd.c (ask_for_card): Ditto.
* command.c (option_handler): Ditto.
* command-ssh.c (ssh_handler_request_identities): Ditto.
* call-pinentry.c (start_pinentry): Ditto.
* gpg-agent.c (start_connection_thread)
(start_connection_thread_ssh): Use pth_thread_id for useful output
under W32.
(pth_thread_id) [!PTH_HAVE_PTH_THREAD_ID]: New.
2008-03-17 Werner Koch <wk@g10code.com>
* agent.h (agent_inq_pinentry_launched): New prototype.
* call-pinentry.c: Include sys/types.h and signal.h.
2008-02-14 Werner Koch <wk@g10code.com>
* command.c (agent_inq_pinentry_launched): New.
(option_handler): Add option allow-pinentry-notify.
* call-pinentry.c (getinfo_pid_cb): New.
(start_pinentry): Ask for the PID and notify the client.
2008-01-15 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (start_pinentry): Start pinentry in detached
mode.
2007-12-04 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_askpin): Use gnupg_get_help_string.
2007-12-03 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): s/standard_socket/use_standard_socket/ for
clarity.
(create_server_socket): New arg IS_SSH to avoid testing with
assuan commands.
2007-11-20 Werner Koch <wk@g10code.com>
* gpg-agent.c (get_agent_scd_notify_event): New.
(handle_signal): Factor SIGUSR2 code out to:
(agent_sigusr2_action): .. New.
(agent_sighup_action): Print info message here and not in
handle_signal.
(handle_connections) [PTH_EVENT_HANDLE]: Call agent_sigusr2_action.
* call-scd.c (agent_scd_check_aliveness) [W32]: Implemented.
(start_scd) [W32]: Send event-signal option.
2007-11-19 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_askpin): Set the tooltip for the quality
bar.
2007-11-15 Werner Koch <wk@g10code.com>
* agent.h (struct server_control_s): Add XAUTHORITY and
PINENTRY_USER_DATA.
* gpg-agent.c: New option --xauthority.
(main, agent_init_default_ctrl)
(agent_deinit_default_ctrl): Implemented
* command.c (cmd_updatestartuptty): Ditto.
* command-ssh.c (start_command_handler_ssh): Ditto.
* call-pinentry.c (atfork_cb): Set the environment.
(start_pinentry): Pass CTRL as arg to atfork_cb.
2007-11-14 Werner Koch <wk@g10code.com>
* call-scd.c (start_scd) [W32]: Take care of fflush peculiarities.
2007-11-07 Werner Koch <wk@g10code.com>
* agent.h: Remove errors.h.
2007-10-24 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_constraints): Changed the wording of
the warning messages.
2007-10-19 Werner Koch <wk@g10code.com>
* protect-tool.c (get_passphrase): Use new utf8 switch fucntions.
2007-10-15 Daiki Ueno <ueno@unixuser.org> (wk)
* command-ssh.c (reenter_compare_cb): New function; imported from
genkey.c.
(ssh_identity_register): Ask initial passphrase twice.
2007-10-02 Werner Koch <wk@g10code.com>
* command.c (cmd_getinfo): Add "pid" subcommand.
2007-10-01 Werner Koch <wk@g10code.com>
* agent.h (struct server_control_s): Remove unused CONNECTION_FD.
* gpg-agent.c: Remove w32-afunix.h. Include mkdtemp.h.
(socket_nonce, socket_nonce_ssh): New.
(create_server_socket): Use assuan socket wrappers. Remove W32
specific stuff. Save the server nonce.
(check_nonce): New.
(start_connection_thread, start_connection_thread_ssh): Call it.
(handle_connections): Change args to gnupg_fd_t.
* command.c (start_command_handler): Change LISTEN_FD to gnupg_fd_t.
* command-ssh.c (start_command_handler_ssh): Ditto.
2007-09-18 Werner Koch <wk@g10code.com>
* agent.h (struct pin_entry_info_s): Add element WITH_QUALITYBAR.
* genkey.c (check_passphrase_constraints): New arg SILENT.
Changed all callers.
(agent_protect_and_store, agent_genkey): Enable qualitybar.
* call-pinentry.c (agent_askpin): Send that option.
(unescape_passphrase_string): New.
(inq_quality): New.
(estimate_passphrase_quality): New.
2007-09-14 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (agent_popup_message_stop): Implement kill for
Windows.
2007-08-28 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Add option --faked-system-time.
* protect-tool.c (read_and_unprotect): Print the protected-at date.
* agent.h (struct server_control_s): Add member IN_PASSWD.
* command.c (cmd_passwd): Set it.
* findkey.c (try_unprotect_cb): Use it.
* protect.c (do_encryption): Replace asprintf by xtryasprint.
(agent_protect): Create the protected-at item.
(agent_unprotect): Add optional arg PROTECTED_AT.
(merge_lists): Add args CUTOFF and CUTLEN.
(agent_unprotect): Use them.
* findkey.c (try_unprotect_cb): Add code to test for expired keys.
(unprotect): Allow changing the passphrase.
2007-08-27 Werner Koch <wk@g10code.com>
* gpg-agent.c: Add options --min-passphrase-nonalpha,
--check-passphrase-pattern and --enforce-passphrase-constraints.
(MIN_PASSPHRASE_NONALPHA): Init nonalpha option to 1.
(main): Declare options for gpgconf.
* agent.h (struct): Add members MIN_PASSPHRASE_NONALPHA,
ENFORCE_PASSPHRASE_CONSTRAINTS and CHECK_PASSPHRASE_PATTERN.
* genkey.c (nonalpha_charcount): New.
(check_passphrase_pattern): New.
(check_passphrase_constraints): Implement. Factor some code out...
(take_this_one_anyway, take_this_one_anyway2): .. New.
* call-pinentry.c (agent_show_message): New.
(agent_askpin): We better reset the pin buffer before asking.
* trustlist.c (insert_colons): New.
(agent_marktrusted): Pretty print the fpr.
2007-08-22 Werner Koch <wk@g10code.com>
* findkey.c (O_BINARY): Make sure it is defined.
(agent_write_private_key): Use O_BINARY
* protect-tool.c (import_p12_file): Add hack to allow importing of
gnupg 2.0.4 generated files.
2007-08-06 Werner Koch <wk@g10code.com>
* trustlist.c (read_one_trustfile): Add flag "cm".
(agent_istrusted): Ditto.
2007-08-02 Werner Koch <wk@g10code.com>
* gpg-agent.c: Include gc-opt-flags.h and remove their definition
here.
2007-07-13 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_constraints): Require a confirmation
for an empty passphrase.
(agent_genkey, agent_protect_and_store): No need to repeat an
empty passphrase.
2007-07-05 Werner Koch <wk@g10code.com>
* call-scd.c (struct inq_needpin_s): New.
(inq_needpin): Pass unknown inquiries up.
2007-07-04 Werner Koch <wk@g10code.com>
* gpg-agent.c (TIMERTICK_INTERVAL): New.
(fixed_gcry_pth_init, main): Kludge to fix Pth initialization.
2007-07-03 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_connections): Do not use FD_SETSIZE for
select but compute the correct number.
2007-07-02 Werner Koch <wk@g10code.com>
* command.c (cmd_reloadagent) [W32]: New.
(register_commands) [W32]: New command RELOADAGENT.
* Makefile.am (gpg_agent_SOURCES): Remove w32main.c and w32main.h.
(gpg_agent_res_ldflags): Remove icon file as we don't have a
proper icon yet.
* gpg-agent.c (main): do not include w32main.h. Remove all calls
to w32main.c.
(agent_sighup_action): New.
(handle_signal): Use it.
2007-06-26 Werner Koch <wk@g10code.com>
* gpg-agent.c (create_directories) [W32]: Made it work.
2007-06-21 Werner Koch <wk@g10code.com>
* agent.h (ctrl_t): Remove. It is now declared in ../common/util.h.
* gpg-agent.c (check_for_running_agent): New arg SILENT. Changed
all callers.
(create_server_socket): If the standard socket is in use check
whether a agent is running and avoid starting another one.
2007-06-18 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (main): Percent escape pathname in --gpgconf-list
output.
2007-06-18 Werner Koch <wk@g10code.com>
* w32main.c (build_argv): New.
(WinMain): Use it.
* command.c (cmd_killagent) [W32]: New.
(cmd_getinfo): New.
* gpg-agent.c (get_agent_ssh_socket_name): New.
(no_force_standard_socket) New.
(create_server_socket): Use it.
* Makefile.am (gpg_agent_res_ldflags): Pass windows option to ld.
2007-06-14 Werner Koch <wk@g10code.com>
* protect-tool.c (main): Setup default socket name for
simple-pwquery.
(MAP_SPWQ_ERROR_IMPL): New. Use map_spwq_error for spqw related
error codes.
* preset-passphrase.c (main): Setup default socket name for
simple-pwquery.
(map_spwq_error): Remove.
(MAP_SPWQ_ERROR_IMPL): New.
* call-pinentry.c (start_pinentry): Use gnupg_module_name.
* call-scd.c (start_scd): Ditto.
2007-06-12 Werner Koch <wk@g10code.com>
* taskbar.c: New.
* trustlist.c (read_one_trustfile): Replace GNUPG_SYSCONFDIR by a
function call.
(read_trustfiles): Ditto.
* gpg-agent.c (main): Replace some calls by init_common_subsystems.
* preset-passphrase.c (main): Ditto.
* protect-tool.c (main): Ditto.
2007-06-11 Werner Koch <wk@g10code.com>
* Makefile.am (common_libs): Use libcommonstd macro.
(commonpth_libs): Use libcommonpth macro.
* protect-tool.c (main) [W32]: Call pth_init.
* preset-passphrase.c (main) [W32]: Replace the explicit Winsocket
init by a call to pth_init.
* trustlist.c (initialize_module_trustlist): New.
* gpg-agent.c (main): Call it.
* call-pinentry.c (initialize_module_query): Rename to
initialize_module_call_pinentry.
* minip12.c: Remove iconv.h. Add utf8conf.h. Changed all iconv
calss to use these jnlib wrappers.
2007-06-06 Werner Koch <wk@g10code.com>
* minip12.c (enum): Rename CONTEXT to ASNCONTEXT as winnt.h
defines such a symbol to access the process context.
* call-pinentry.c (dump_mutex_state) [W32]: Handle the W32Pth case.
* call-scd.c (dump_mutex_state): Ditto.
* protect-tool.c (i18n_init): Remove.
* preset-passphrase.c (i18n_init): Remove.
* gpg-agent.c (i18n_init): Remove.
2007-05-19 Marcus Brinkmann <marcus@g10code.de>
* protect-tool.c (get_passphrase): Free ORIG_CODESET on error.
2007-05-14 Werner Koch <wk@g10code.com>
* protect.c (make_shadow_info): Replace sprintf by smklen.
2007-04-20 Werner Koch <wk@g10code.com>
* gpg-agent.c (my_gcry_logger, my_gcry_outofcore_handler): Removed.
(main): Call the setup_libgcrypt_logging helper.
* protect-tool.c (my_gcry_logger): Removed.
(main): Call the setup_libgcrypt_logging helper.
2007-04-03 Werner Koch <wk@g10code.com>
* trustlist.c (read_trustfiles): Take a missing trustlist as an
empty one.
2007-03-20 Werner Koch <wk@g10code.com>
* protect-tool.c: New option --p12-charset.
* minip12.c (p12_build): Implement it.
2007-03-19 Werner Koch <wk@g10code.com>
* minip12.c: Include iconv.h.
(decrypt_block): New.
(parse_bag_encrypted_data, parse_bag_data): Use it here.
(bag_data_p, bag_decrypted_data_p): New helpers.
2007-03-06 Werner Koch <wk@g10code.com>
* gpg-agent.c (main) <gpgconf>: Add entries for all ttl options.
2007-02-20 Werner Koch <wk@g10code.com>
* call-pinentry.c (start_pinentry): Fix for OS X to allow loading
of the bundle. Tested by Benjamin Donnachie.
2007-02-14 Werner Koch <wk@g10code.com>
* gpg-agent.c: New option --pinentry-touch-file.
(get_agent_socket_name): New.
* agent.h (opt): Add pinentry_touch_file.
* call-pinentry.c (start_pinentry): Send new option to the
pinentry.
2007-01-31 Moritz Schulte <moritz@g10code.com> (wk)
* command-ssh.c (stream_read_string): Initialize LENGTH to zero.
(start_command_handler_ssh): Use es_fgetc/es_ungetc to check if
EOF has been reached before trying to process another request.
2007-01-31 Werner Koch <wk@g10code.com>
* command-ssh.c (start_command_handler_ssh):
* Makefile.am (t_common_ldadd): Add LIBICONV.
2007-01-25 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_constraints): Get ngettext call right
and use UTF-8 aware strlen.
* protect-tool.c (get_passphrase): New arg OPT_CHECK.
(get_new_passphrase): Enable OPT_CHECK on the first call.
* command.c (cmd_get_passphrase): Implement option --check.
2007-01-24 Werner Koch <wk@g10code.com>
* gpg-agent.c (MIN_PASSPHRASE_LEN): New
(parse_rereadable_options): New option --min-passphrase-len.
* genkey.c (check_passphrase_constraints): New.
(agent_genkey, agent_protect_and_store): Call new function. Fix
memory leak.
* call-pinentry.c (agent_askpin): Allow translation of the displayed
error message.
(agent_popup_message_start): Remove arg CANCEL_BTN.
(popup_message_thread): Use --one-button option.
* command.c (cmd_passwd): Now that we don't distinguish between
assuan and regular error codes we can jump to the end on error.
2006-12-07 David Shaw <dshaw@jabberwocky.com>
* Makefile.am: Link to iconv for jnlib dependency.
2006-11-20 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_popup_message_stop): Use SIGKILL.
* call-scd.c (inq_needpin): Implement POPUPKEYPADPROMPT and
DISMISSKEYPADPROMPT.
2006-11-15 Werner Koch <wk@g10code.com>
* protect.c (make_shadow_info): Cast printf arg to unsigned int.
* minip12.c (parse_bag_encrypted_data): Ditto.
(parse_bag_data, p12_parse): Ditto.
* command-ssh.c (ssh_identity_register): Changed buffer_n to
size_t.
* agent.h (struct server_control_s): New field thread_startup.
* command.c (start_command_handler): Moved CTRL init code to ..
* gpg-agent.c (start_connection_thread): .. here.
(agent_deinit_default_ctrl): New.
(agent_init_default_ctrl): Made static.
(handle_connections): Allocate CTRL and pass it pth_spawn.
* command-ssh.c (start_command_handler_ssh): Moved CTRL init code
to ..
* gpg-agent.c (start_connection_thread_ssh): .. here.
2006-11-14 Werner Koch <wk@g10code.com>
* command.c (bump_key_eventcounter): New.
(bump_card_eventcounter): New.
(cmd_geteventcounter): New command.
* gpg-agent.c (handle_signal): Call bump_card_eventcounter.
* findkey.c (agent_write_private_key): Call bump_key_eventcounter.
* trustlist.c (agent_reload_trustlist): Ditto.
* command.c (post_cmd_notify, io_monitor): New.
(register_commands, start_command_handler): Register them.
2006-11-09 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): In detached mode connect standard
descriptors to /dev/null.
* trustlist.c (read_trustfiles): Make sure not to pass a zero size
to realloc as the C standards says that this behaves like free.
2006-11-06 Werner Koch <wk@g10code.com>
* protect-tool.c (my_strusage): Fixed typo.
2006-10-23 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): New command --gpgconf-test.
* minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for
a salt of 20 bytes.
2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Use GPG_ERROR_LIBS instead -o just -l
2006-10-19 Werner Koch <wk@g10code.com>
* findkey.c (unprotect): Use it to avoid unnecessary calls to
agent_askpin.
* call-pinentry.c (pinentry_active_p): New.
2006-10-17 Werner Koch <wk@g10code.com>
* Makefile.am (gpg_agent_LDADD): Link to libcommonpth.
(gpg_agent_CFLAGS): New. This allows to only link this with Pth.
2006-10-16 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_get_confirmation): Map Cancel code here too.
* trustlist.c (agent_marktrusted): Return Cancel instead of
Not_Confirmed for the first question.
2006-10-12 Werner Koch <wk@g10code.com>
* protect-tool.c (get_passphrase): Fix if !HAVE_LANGINFO_CODESET.
2006-10-06 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
(gpg_agent_LDADD): Ditto.
* divert-scd.c (divert_pksign): Use PKAUTH for the TLS algo.
2006-10-05 Werner Koch <wk@g10code.com>
* command.c (has_option_name): New.
(cmd_sethash): New --hash option.
* pksign.c (do_encode_raw_pkcs1): New.
(agent_pksign_do): Use it here for the TLS algo.
* agent.h (GCRY_MD_USER_TLS_MD5SHA1): New.
* divert-scd.c (pksign): Add case for tls-md5sha1.
* divert-scd.c (encode_md_for_card): Check that the algo is valid.
2006-10-04 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_get_passphrase): Changed to return the
unencoded passphrase.
(agent_askpin, agent_get_passphrase, agent_get_confirmation): Need
to map the cancel error.
* command.c (send_back_passphrase): New.
(cmd_get_passphrase): Use it here. Also implement --data option.
(skip_options): New.
2006-09-26 Werner Koch <wk@g10code.com>
* learncard.c (agent_handle_learn): Send back the keypair
information.
2006-09-25 Werner Koch <wk@g10code.com>
* trustlist.c (read_one_trustfile): Allow extra flags.
(struct trustitem_s): Replaced KEYFLAGS by a FLAGS struct.
Changed all code to use this.
(agent_istrusted): New arg CTRL. Changed all callers. Send back
flags.
* command.c (agent_write_status): New.
2006-09-20 Werner Koch <wk@g10code.com>
* Makefile.am: Changes to allow parallel make runs.
2006-09-15 Werner Koch <wk@g10code.com>
* trustlist.c: Entirely rewritten.
(agent_trustlist_housekeeping): Removed and removed all calls.
2006-09-14 Werner Koch <wk@g10code.com>
Replaced all call gpg_error_from_errno(errno) by
gpg_error_from_syserror().
* call-pinentry.c (start_pinentry): Replaced pipe_connect2 by
pipe_connect_ext.
* call-scd.c (start_scd): Ditto.
* command.c (start_command_handler): Replaced
init_connected_socket_server by init_socket_server_ext.
2006-09-13 Werner Koch <wk@g10code.com>
* preset-passphrase.c (main) [W32]: Check for WSAStartup error.
2006-09-08 Werner Koch <wk@g10code.com>
* call-scd.c: Add signal.h as we are referencing SIGUSR2.
2006-09-06 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(GPG_ERR_CFLAGS).
(gpg_agent_LDADD): Replace -lgpg-error with $(GPG_ERROR_LIBS).
2006-09-06 Werner Koch <wk@g10code.com>
* query.c: Renamed to ..
* call-pinentry.c: .. this.
* agent.h (out_of_core): Removed.
(CTRL): Removed and changed everywhere to ctrl_t.
Replaced all Assuan error codes by libgpg-error codes. Removed
all map_to_assuan_status and map_assuan_err.
* gpg-agent.c (main): Call assuan_set_assuan_err_source to have Assuan
switch to gpg-error codes.
* command.c (set_error): Adjusted.
2006-09-04 Werner Koch <wk@g10code.com>
* command.c (percent_plus_unescape): New.
(cmd_get_val, cmd_putval): New.
2006-08-29 Werner Koch <wk@g10code.com>
* command-ssh.c (stream_read_mpi): Sanity check for early
detecting of too large keys.
* gpg-agent.c (my_gcry_outofcore_handler): New.
(main): Register it.
(main): No allocate 32k secure memory (was 16k).
2006-07-31 Werner Koch <wk@g10code.com>
* preset-passphrase.c (make_hexstring): For consistency use
xtrymalloc and changed caller to use xfree. Fixed function
comment.
2006-07-29 Marcus Brinkmann <marcus@g10code.de>
* preset-passphrase.c (preset_passphrase): Do not strip off last
character of passphrase.
(make_hexstring): New function.
* command.c (cmd_preset_passphrase): Use parse_hexstring to syntax
check passphrase argument. Truncate passphrase at delimiter.
2006-07-24 Werner Koch <wk@g10code.com>
* minip12.c (build_key_bag): New args SHA1HASH and
KEYIDSTR. Append bag Attributes if these args are given.
(build_cert_sequence): ditto.
(p12_build): Calculate certificate hash and pass to build
functions.
2006-07-21 Werner Koch <wk@g10code.com>
* minip12.c (oid_pkcs_12_keyBag): New.
(parse_bag_encrypted_data): New arg R_RESULT. Support keybags and
return the key object.
(p12_parse): Take new arg into account. Free RESULT on error.
2006-06-26 Werner Koch <wk@g10code.com>
* gpg-agent.c (handle_signal): Print info for SIGUSR2 only in
verbose mode.
2006-06-22 Werner Koch <wk@g10code.com>
* command-ssh.c (make_cstring): Use memcpy instead of strncpy.
(ssh_receive_mpint_list, sexp_key_extract, data_sign): Use
xtrycalloc instead of xtrymalloc followed by memset.
2006-06-20 Werner Koch <wk@g10code.com>
* minip12.c (create_final): New arg PW. Add code to calculate the
MAC.
2006-06-09 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (gpg_agent_LDADD): Add $(NETLIBS).
(gpg_protect_tool_LDADD): Likewise.
(gpg_preset_passphrase_LDADD): Likewise.
2006-04-09 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_request_process): Removed FIXME mentioning a
possible DoS attack.
2006-04-01 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20
instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL
byte - KEY_GRIP_RAW is a raw binary string anyway.
2006-02-09 Werner Koch <wk@g10code.com>
* call-scd.c (struct scd_local_s): New field next_local.
(scd_local_list): New.
(start_scd): Put new local into list.
(agent_reset_scd): Remove it from the list.
(agent_scd_check_aliveness): Here is the actual reason why we need
all this stuff.
(agent_reset_scd): Send the new command RESTART instead of RESET.
2005-12-16 Werner Koch <wk@g10code.com>
* minip12.c (cram_octet_string): New
(p12_parse): Use it for NDEFed bags.
(parse_bag_data): Ditto.
(string_to_key, set_key_iv, crypt_block): New arg SALTLEN.
(p12_build): Use old value 8 for new arg.
(parse_bag_encrypted_data, parse_bag_data): Allow for salts of 8
to 16 bytes. Add new arg R_CONSUMED.
2005-11-24 Werner Koch <wk@g10code.com>
* minip12.c (p12_parse): Fixed for case that the key object comes
prior to the certificate.
2005-10-19 Werner Koch <wk@g10code.com>
* divert-scd.c (getpin_cb): Hack to use it for a keypad message.
* call-scd.c (inq_needpin): Reworked to support the new KEYPADINFO.
* query.c (start_pinentry): Keep track of the owner.
(popup_message_thread, agent_popup_message_start)
(agent_popup_message_stop, agent_reset_query): New.
* command.c (start_command_handler): Make sure a popup window gets
closed.
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (gpg_protect_tool_LDADD): Add ../gl/libgnu.a.
(gpg_preset_passphrase_LDADD, t_common_ldadd): Likewise.
(gpg_agent_LDADD): Add ../gl/libgnu.a after ../common/libcommon.a.
2005-09-16 Werner Koch <wk@g10code.com>
* minip12.c (build_key_sequence, build_cert_sequence): Fixed
padding.
2005-09-15 Moritz Schulte <moritz@g10code.com>
* t-protect.c (test_agent_protect): Implemented.
(main): Disable use of secure memory.
2005-09-09 Werner Koch <wk@g10code.com>
* minip12.c (p12_build): Oops, array needs to be larger for the
certificate.
(build_cert_bag): Fixed yesterdays change.
* command-ssh.c (card_key_available): Let the card handler decide
whether the card is supported here. Also get a short serial
number to return from the card handler.
2005-09-08 Werner Koch <wk@g10code.com>
* minip12.c (build_cert_bag): Use a non constructed object.
i.e. 0x80 and not 0xa0.
2005-08-16 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Use a default file name for --write-env-file.
2005-07-25 Werner Koch <wk@g10code.com>
* findkey.c (agent_public_key_from_file): Fixed array assignment.
This was the cause for random segvs.
2005-06-29 Werner Koch <wk@g10code.com>
* command-ssh.c (data_sign): Removed empty statement.
2005-06-21 Werner Koch <wk@g10code.com>
* minip12.c (create_final): Cast size_t to ulong for printf.
(build_key_bag, build_cert_bag, build_cert_sequence): Ditto.
2005-06-16 Werner Koch <wk@g10code.com>
* protect-tool.c (make_advanced): Makde RESULT a plain char.
* call-scd.c (unescape_status_string): Need to cast unsigned char*
for strcpy.
(agent_card_pksign): Made arg R_BUF an unsigned char**.
* divert-scd.c (divert_pksign): Made SIGVAL unsigned char*.
(encode_md_for_card): Initialize R_VAL and R_LEN.
* genkey.c (store_key): Made BUF unsigned.
* protect.c (do_encryption): Ditto.
(do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT
and RESULTLEN even on error.
(merge_lists): Need to cast unsigned char * for strcpy. Initialize
RESULTand RESULTLEN even on error.
(agent_unprotect): Likewise for strtoul.
(make_shadow_info): Made P and INFO plain char.
(agent_shadow_key): Made P plain char.
2005-06-15 Werner Koch <wk@g10code.com>
* query.c (agent_get_passphrase): Made HEXSTRING a char*.
* command-ssh.c (ssh_key_grip): Made arg BUFFER unsigned.
(ssh_key_grip): Simplified.
(data_sign): Initialize variables with the definition.
(ssh_convert_key_to_blob): Make sure that BLOB and BLOB_SIZE
are set to NULL on error. Cool, gcc-4 detects uninitialized stuff
beyond function boundaries; well it can't know that we do error
proper error handling so that this was not a real error.
(file_to_buffer): Likewise for BUFFER and BUFFER_N.
(data_sign): Likewise for SIG and SIG_N.
(stream_read_byte): Set B to a value even on error.
* command.c (cmd_genkey): Changed VALUE to char.
(cmd_readkey): Cast arg for gcry_sexp_sprint.
* agent.h (struct server_control_s): Made KEYGRIP unsigned.
2005-06-13 Werner Koch <wk@g10code.com>
* command-ssh.c (start_command_handler_ssh): Reset the SCD.
2005-06-09 Werner Koch <wk@g10code.com>
* gpg-agent.c (create_socket_name): New option --max-cache-ttl-ssh.
* cache.c (housekeeping): Use it.
(agent_put_cache): Use a switch to get the default ttl so that it
is easier to add more cases.
2005-06-06 Werner Koch <wk@g10code.com>
* gpg-agent.c: New option --default-cache-ttl-ssh.
* agent.h (cache_mode_t): New.
* pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the
ARG IGNORE_CACHE. Changed all callers.
(agent_pksign): Ditto.
* findkey.c (agent_key_from_file): Ditto. Canged all callers.
(unprotect): Ditto.
* command-ssh.c (data_sign): Use CACHE_MODE_SSH.
* cache.c (agent_get_cache): New arg CACHE_MODE.
(agent_put_cache): Ditto. Store it in the cache.
* query.c (agent_query_dump_state, dump_mutex_state): New.
(unlock_pinentry): Reset the global context before releasing the
mutex.
* gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1.
* call-scd.c (agent_scd_check_aliveness): Always do a waitpid and
add a timeout to the locking.
2005-06-03 Werner Koch <wk@g10code.com>
* command.c (cmd_updatestartuptty): New.
* gpg-agent.c: New option --write-env-file.
* gpg-agent.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
2005-06-02 Werner Koch <wk@g10code.com>
* call-scd.c (agent_scd_dump_state, dump_mutex_state): New.
* gpg-agent.c (handle_signal): Print it on SIGUSR1.
(handle_connections): Include the file descriptor into the
threadnames.
2005-06-01 Werner Koch <wk@g10code.com>
* gpg-agent.c: Include setenv.h.
2005-05-31 Werner Koch <wk@g10code.com>
* agent.h (out_of_core): s/__inline__/inine. Noted by Ray Link.
2005-05-25 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Do not unset the DISPLAY when we are
continuing as child.
2005-05-24 Werner Koch <wk@g10code.com>
* call-scd.c (inq_needpin): Skip leading spaces in of PIN
description.
* divert-scd.c (getpin_cb): Enhanced to cope with description
flags.
* query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all
callers.
2005-05-21 Werner Koch <wk@g10code.com>
* call-scd.c (start_scd): Don't test for an alive scdaemon here.
(agent_scd_check_aliveness): New.
* gpg-agent.c (handle_tick): Test for an alive scdaemon.
(handle_signal): Print thread info on SIGUSR1.
2005-05-20 Werner Koch <wk@g10code.com>
* protect-tool.c: New option --canonical.
(show_file): Implement it.
* keyformat.txt: Define the created-at attribute for keys.
2005-05-18 Werner Koch <wk@g10code.com>
* divert-scd.c (ask_for_card): Removed the card reset kludge.
2005-05-17 Werner Koch <wk@g10code.com>
* call-scd.c (unlock_scd): Add new arg CTRL. Changed all callers.
(start_scd): Reoworked to allow for additional connections.
* agent.h (ctrl_t): Add local data for the SCdaemon.
* command.c (start_command_handler): Release SERVER_LOCAL.
* gpg-agent.c (create_server_socket): Use xmalloc.
(main): Removed option --disable-pth a dummy. Removed non-pth
code path.
(cleanup_sh): Removed. Not needed anymore.
2005-05-05 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_key_to_buffer): Rename to ...
(ssh_key_to_protected_buffer): ... this; change callers.
Improved documentation.
Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used
before.
(ssh_handler_sign_request): Removed unusued variable P.
2005-04-20 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_handler_request_identities): Removed
debugging code (sleep call), which was commited unintenionally.
2005-04-20 Werner Koch <wk@g10code.com>
* minip12.c (parse_bag_encrypted_data): Fix the unpadding hack.
* gpg-agent.c: New option --disable-scdaemon.
(handle_connections): Add time event to drive ...
(handle_tick): New function.
(main): Record the parent PID. Fixed segv when using ssh and a
command.
* call-scd.c (start_scd): Take care of this option.
2005-04-03 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_request_spec): New member: secret_input.
(REQUEST_SPEC_DEFINE): New argument: secret_input.
(request_specs): Add secret_input flag.
(request_spec_lookup): New function ...
(ssh_request_process): ... use it here; depending on secret_input
flag allocate secure or non-secure memory.
2005-03-02 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (sexp_key_extract): Removed FIXME, since
xtrymallos does set errno correctly by now.
(sexp_extract_identifier): Remove const attribute from identifier.
(ssh_handler_request_identities): Remove const attribute from
key_type; removes ugly casts and FIXME.
(sexp_key_extract): Remove const attribute from comment.
(ssh_send_key_public): Remove const attribute from
key_type/comment; removes ugly cast.
(data_sign): Remove const attribute from identifier; removes ugly
cast.
(key_secret_to_public): Remove const attribute from comment;
removes ugly cast.
(ssh_handler_sign_request): Remove const attribute from p.
(sexp_key_extract): Use make_cstring().
(ssh_key_extract_comment): Likewise.
(ssh_key_to_buffer): Use secure memory for memory area to hold the
key S-Expression.
Added more comments.
2005-02-25 Werner Koch <wk@g10code.com>
* findkey.c (modify_description): Keep invalid % escapes, so that
%0A may pass through.
* agent.h (server_control_s): New field USE_AUTH_CALL.
* call-scd.c (agent_card_pksign): Make use of it.
* command-ssh.c (data_sign): Set the flag.
(ssh_send_key_public): New arg OVERRIDE_COMMENT.
(card_key_available): Add new arg CARDSN.
(ssh_handler_request_identities): Use the card s/n as comment.
(sexp_key_extract): Use GCRYMPI_FMT_STD.
(data_sign): Ditto.
* learncard.c (make_shadow_info): Moved to ..
* protect.c (make_shadow_info): .. here. Return NULL on malloc
failure. Made global.
* agent.h: Add prototype.
2005-02-24 Werner Koch <wk@g10code.com>
* call-scd.c (unescape_status_string): New. Actual a copy of
../g10/call-agent.c
(card_getattr_cb, agent_card_getattr): New.
* command-ssh.c (card_key_available): New.
(ssh_handler_request_identities): First see whether a card key is
available.
* gpg-agent.c (handle_connections): Need to check for events if
select returns with -1.
2005-02-23 Werner Koch <wk@g10code.com>
* command-ssh.c (get_passphrase): Removed.
(ssh_identity_register): Partly rewritten.
(open_control_file, search_control_file, add_control_entry): New.
(ssh_handler_request_identities): Return only files listed in our
control file.
* findkey.c (unprotect): Check for allocation error.
* agent.h (opt): Add fields to record the startup terminal
settings.
* gpg-agent.c (main): Record them and do not force keep display
with --enable-ssh-support.
* command-ssh.c (start_command_handler_ssh): Use them here.
* gpg-agent.c: Renamed option --ssh-support to
--enable-ssh-support.
* command.c (cmd_readkey): New.
(register_commands): Register new command "READKEY".
* command-ssh.c (ssh_request_process): Improved logging.
* findkey.c (agent_write_private_key): Always use plain open.
Don't depend on an umask for permissions.
(agent_key_from_file): Factored file reading code out to ..
(read_key_file): .. new function.
(agent_public_key_from_file): New.
2005-02-22 Werner Koch <wk@g10code.com>
* command-ssh.c (stream_read_string): Removed call to abort on
memory error because the CVS version of libgcrypt makes sure
that ERRNO gets always set on error even with a faulty user
supplied function.
2005-02-19 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do
not use elems_secret member of key_spec.
(ssh_key_type_spec): Removed member: elems_secret.
(ssh_key_types): Removed elems_secret data.
(ssh_sexp_construct): Renamed to ...
(sexp_key_construct): ... this; changed callers.
(ssh_sexp_extract): Renamed to ...
(sexp_key_extract): ... this; changed callers.
(ssh_sexp_extract_key_type): Renamed to ...
(sexp_extract_identifier): ... this; changed callers; use
make_cstring().
Added more comments.
2005-02-18 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp
template, clarified.
(ssh_sexp_extract): Support shadowed-private-key-sexp; treat
protected-private key and shadowed-private-key as public keys.
(key_secret_to_public): Rewritten: simply use ssh_sexp_extract()
and ssh_sexp_construct().
2005-02-15 Werner Koch <wk@g10code.com>
* findkey.c (modify_description): Don't increment OUT_LEN during
the second pass.
2005-02-14 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (es_read_byte): Renamed to ...
(stream_es_read_byte): ... this; changed callers.
(es_write_byte): Renamed to ...
(stream_write_byte): ... this; changed callers.
(es_read_uint32): Renamed to ...
(stream_read_uint32): ... this; changed callers.
(es_write_uint32): Renamed to ...
(stream_write_uint32): ... this; changed callers.
(es_read_data): Renamed to ...
(stream_read_data): ... this; changed callers.
(es_write_data): Renamed to ...
(stream_write_data): ... this; changed callers.
(es_read_string): Renamed to ...
(stream_read_string): ... this; changed callers.
(es_read_cstring): Renamed to ...
(stream_read_cstring): ... this; changed callers.
(es_write_string): Renamed to ...
(stream_write_string): ... this; changed callers.
(es_write_cstring): Renamed to ...
(stream_write_cstring): ... this; changed callers.
(es_read_mpi): Renamed to ...
(stream_read_mpi): ... this; changed callers.
(es_write_mpi): Renamed to ...
(stream_write_mpi): ... this; changed callers.
(es_copy): Renamed to ...
(stream_copy): ... this; changed callers.
(es_read_file): Renamed to ...
(file_to_buffer): ... this; changed callers.
(ssh_identity_register): Removed variable description_length;
changed code to use asprintf for description.
(stream_write_uint32): Do not filter out the last byte of shift
expression.
(uint32_construct): New macro ...
(stream_read_uint32): ... use it; removed unnecessary cast.
2005-02-03 Werner Koch <wk@g10code.com>
* agent.h (agent_exit): Add JNLIB_GCC_A_NR to indicate that this
function won't return.
* gpg-agent.c (check_for_running_agent): Initialize pid to a
default value if not needed.
* command-ssh.c: Removed stdint.h. s/byte_t/unsigned char/,
s/uint32/u32/ becuase that is what we have always used in GnuPG.
(ssh_request_specs): Moved to top of file.
(ssh_key_types): Ditto.
(make_cstring): Ditto.
(data_sign): Don't use a variable for the passphrase prompt, make
it translatable.
(ssh_request_process):
* findkey.c (modify_description): Renamed arguments for clarity,
polished documentation. Make comment a C-string. Fixed case of
DESCRIPTION being just "%".
(agent_key_from_file): Make sure comment string to a C-string.
* gpg-agent.c (create_socket_name): Cleanup the implemntation, use
DIMof, agent_exit, removed superflous args and return the
allocated string as value. Documented. Changed callers.
(create_server_socket): Cleanups similar to above. Changed callers.
(cleanup_do): Renamed to ..
(remove_socket): .. this. Changed caller.
(handle_connections): The signals are to be handled in the select
and not in the accept. Test all FDs after returning from a
select. Remove the event tests from the accept calls. The select
already assured that the accept won't block.
2005-01-29 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_handler_request_identities)
(ssh_handler_sign_request, ssh_handler_add_identity)
(ssh_handler_remove_identity, ssh_handler_remove_all_identities)
(ssh_handler_lock, ssh_handler_unlock): Changed to return an error
code instead of a boolean.
(ssh_request_process): Changed to return a boolean instead of an
error; adjust caller.
(ssh_request_handle_t): Adjusted type.
(ssh_request_spec): New member: identifier.
(REQUEST_SPEC_DEFINE): New macro; use it for initialization of
request_specs[].
(ssh_request_process): In debugging mode, log identifier of
handler to execute.
(start_command_handler_ssh): Moved most of the stream handling
code ...
(ssh_request_process): ... here.
2005-01-28 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_handler_add_identity): Pass ctrl to
ssh_identity_register().
(ssh_identity_register): New argument: ctrl; pass ctrl to
get_passphrase().
(get_passphrase): Pass ctrl instead of NULL to agent_askpin().
(start_command_handler_ssh): Use agent_init_default_ctrl();
deallocate structure members, which might be dynamically
allocated.
(lifetime_default): Removed variable.
(ssh_handler_add_identity): Fix ttl handling; renamed variable
`death' to `ttl'.
(ssh_identity_register): Fix key grip handling.
2005-01-26 Moritz Schulte <moritz@g10code.com>
* command-ssh.c (ssh_handler_sign_request): Confirm to agent
protocol in case of failure.
* command-ssh.c: New file.
* Makefile.am (gpg_agent_SOURCES): New source file: command-ssh.c.
* findkey.c (modify_description): New function.
(agent_key_from_file): Support comment field in key s-expressions.
* gpg-agent.c (enum cmd_and_opt_values): New item: oSSHSupport.
(opts) New entry for oSSHSupport.
New variable: socket_name_ssh.
(cleanup_do): New function based on cleanup().
(cleanup): Use cleanup_do() for socket_name and socket_name_ssh.
(main): New switch case for oSSHSupport.
(main): Move socket name creation code to ...
(create_socket_name): ... this new function.
(main): Use create_socket_name() for creating socket names for
socket_name and for socket_name_ssh in case ssh support is
enabled.
Move socket creation code to ...
(create_server_socket): ... this new function.
(main): Use create_server_socket() for creating sockets.
In case standard_socket is set, do not only store a socket name in
socket_name, but also in socket_name_ssh.
Generate additional environment info strings for ssh support.
Pass additional ssh socket argument to handle_connections.
(start_connection_thread_ssh): New function.
(handle_connections): Use select to multiplex between gpg-agent
and ssh-agent protocol.
* agent.h (struct opt): New member: ssh_support.
(start_command_handler_ssh): Add prototype.
2005-01-04 Werner Koch <wk@g10code.com>
* trustlist.c (agent_marktrusted): Use "Cancel" for the first
confirmation and made the strings translatable.
* cache.c (agent_put_cache): Fix the test for using the default
TTL.
2004-12-21 Werner Koch <wk@g10code.com>
* preset-passphrase.c (preset_passphrase): Handle --passphrase.
* Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that
pwquery may use stuff from jnlib. Conditionally add -lwsock2
(gpg_protect_tool_LDADD): Ditto.
* preset-passphrase.c (main): Use default_homedir().
(main) [W32]: Initialize sockets.
2004-12-21 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libexec_PROGRAMS): Add gpg-preset-passphrase.
(gpg_preset_passphrase_SOURCES, gpg_preset_passphrase_LDADD): New
targets.
* agent.h (opt): New member allow_cache_passphrase.
* cache.c (housekeeping): Check if R->ttl is not negative.
(agent_put_cache): Allow ttl to be negative.
* command.c (parse_hexstring): Allow something to follow the
hexstring.
(cmd_cache_passphrase): New function.
(register_commands): Add it.
* gpg-agent.c: Handle --allow-preset-passphrase.
* preset-passphrase.c: New file.
2004-12-21 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Use default_homedir().
* protect-tool.c (main): Ditto.
2004-12-20 Werner Koch <wk@g10code.com>
* gpg-agent.c (main) [W32]: Now that Mutexes work we can remove
the pth_init kludge.
(main): Add new options --[no-]use-standard-socket.
(check_for_running_agent): Check whether it is running on the
standard socket.
* call-scd.c (init_membuf, put_membuf, get_membuf): Removed. We
now use the identical implementation from ../common/membuf.c.
* pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use
membuf functions to return the value.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* genkey.c (agent_genkey): Ditto.
* command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced
assuan_get_data_fp() by a the membuf scheme.
(clear_outbuf, write_and_clear_outbuf): New.
2004-12-19 Werner Koch <wk@g10code.com>
* query.c (initialize_module_query): New.
* call-scd.c (initialize_module_call_scd): New.
* gpg-agent.c (main): Call them.
2004-12-18 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Remove special Pth initialize.
* agent.h (map_assuan_err): Define in terms of
map_assuan_err_with_source.
2004-12-17 Moritz Schulte <moritz@g10code.com>
* query.c: Undo change from 2004-12-05.
2004-12-15 Werner Koch <wk@g10code.com>
* gpg-agent.c [W32]: Various hacks to make it work.
* findkey.c (agent_write_private_key) [W32]: Adjust open call.
* call-scd.c (start_scd) [W32]: Don't check whether the daemon
didn't died. To hard to do under Windows.
(start_scd) [W32]: Disable sending of the event signal option.
* protect-tool.c (read_file, export_p12_file) [W32]: Use setmode
to get stdout and stin into binary mode.
2004-12-05 Moritz Schulte <moritz@g10code.com>
* query.c (start_pinentry): Allow CTRL be NULL.
2004-10-22 Werner Koch <wk@g10code.com>
* gpg-agent.c (parse_rereadable_options): Return "not handled"
when the log file has not beend hadled. This is will let the main
option processing continue. Fixed a bug introduced on 2004-09-4
resulting in logging to stderr until a HUP has been given.
(main): Don't close the listen FD.
2004-09-30 Werner Koch <wk@g10code.com>
* Makefile.am: Adjusted from gettext 1.14.
2004-09-29 Werner Koch <wk@g10code.com>
* minip12.c (parse_bag_encrypted_data): Print error if a bad
passphrase has been given.
2004-09-28 Werner Koch <wk@g10code.com>
* protect.c (agent_unprotect): Fixed wiping of CLEARTEXT. Thanks
to Moritz for pointing this out.
2004-09-25 Moritz Schulte <moritz@g10code.com>
* agent.h: Declare: agent_pksign_do.
(struct server_control_s): New member: raw_value.
* pksign.c (do_encode_md): New argument: raw_value; support
generation of raw (non-pkcs1) data objects; adjust callers.
(agent_pksign_do): New function, based on code ripped
out from agent_pksign.
(agent_pksign): Use agent_pksign_do.
* command.c (start_command_handler): Set ctrl.digest.raw_value.
2004-09-09 Werner Koch <wk@g10code.de>
* gpg-agent.c (check_for_running_agent): New.
(main): The default action is now to check for an already running
agent.
(parse_rereadable_options): Set logfile only on reread.
(main): Do not print the "is development version" note.
2004-08-20 Werner Koch <wk@g10code.de>
* gpg-agent.c: New option --max-cache-ttl. Suggested by Alexander
Belopolsky.
* cache.c (housekeeping): Use it here instead of the hardwired
default of 1 hour.
* query.c (start_pinentry): Use a timeout for the pinentry lock.
2004-08-18 Werner Koch <wk@g10code.de>
* protect-tool.c (get_passphrase): Make sure that the default
prompts passed to gpg-agent are utf-8 encoded. Add new prompt values.
(import_p12_file, import_p12_file, export_p12_file): Changed calls
to get_passphrase so that better prompts are displayed.
(get_new_passphrase): New.
2004-07-22 Werner Koch <wk@g10code.de>
* trustlist.c (read_list): Allow colons in the fingerprint.
(headerblurb): Rephrased.
* gpg-agent.c (handle_connections): Increase the stack size ot 256k.
2004-06-20 Moritz Schulte <moritz@g10code.com>
* gpg-agent.c: Include <sys/stat.h> (build fix for BSD).
2004-05-11 Werner Koch <wk@gnupg.org>
* gpg-agent.c (handle_signal): Reload the trustlist on SIGHUP.
(start_connection_thread): Hack to simulate a ticker.
* trustlist.c (agent_trustlist_housekeeping)
(agent_reload_trustlist): New. Protected all global functions
here with a simple counter which is sufficient for Pth.
2004-05-03 Werner Koch <wk@gnupg.org>
* gpg-agent.c: Remove help texts for options lile --lc-ctype.
(main): New option --allow-mark-trusted.
* trustlist.c (agent_marktrusted): Use it here.
2004-04-30 Werner Koch <wk@gnupg.org>
* protect-tool.c: New option --enable-status-msg.
(store_private_key): Print status messages for imported keys.
(read_and_unprotect): Ditto for bad passphrase.
* gpg-agent.c (parse_rereadable_options): New arg REREAD. Allow
changing oLogFile.
(current_logfile): New.
2004-04-26 Werner Koch <wk@gnupg.org>
* call-scd.c (start_scd): Do not register an event signal if we
are running as a pipe server.
2004-04-21 Werner Koch <wk@gnupg.org>
* call-scd.c (start_scd): Send event-signal option. Always check
that the scdaemon is still running.
* gpg-agent.c (handle_signal): Do not use SIGUSR{1,2} anymore for
changing the verbosity.
2004-04-16 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Tell the logging code that we are running
detached.
2004-04-06 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Use new libgcrypt thread library register
scheme.
2004-03-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (main): For now, always print the default config
file name for --gpgconf-list.
2004-03-17 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main) <gpgconf>: Fixed default value quoting.
2004-03-16 Werner Koch <wk@gnupg.org>
* gpg-agent.c (parse_rereadable_options): Use the new
DEFAULT_CACHE_TTL macro.
(main): Updated --gpgconf-list output.
2004-02-21 Werner Koch <wk@gnupg.org>
* command.c (cmd_passwd): Take acount of a key description.
* genkey.c (reenter_compare_cb): Do not set the error text.
(agent_protect_and_store, agent_genkey): Force a re-enter after a
non-matching passphrase.
* query.c (agent_askpin): Add new arg INITIAL_ERRTEXT; changed
all callers.
2004-02-19 Werner Koch <wk@gnupg.org>
* protect-tool.c: New options --have-cert and --prompt.
(export_p12_file): Read a certificate from STDIN and pass it to
p12_build. Detect a keygrip and construct the filename in that
case. Unprotcet a key if needed. Print error messages for key
formats we can't handle.
(release_passphrase): New.
(get_passphrase): New arg PROMPTNO. Return the allocated
string. Changed all callers.
* minip12.c: Revamped the build part.
(p12_build): New args CERT and CERTLEN.
2004-02-18 Werner Koch <wk@gnupg.org>
* protect-tool.c (main): Setup the used character set.
* gpg-agent.c (main): Ditto.
* gpg-agent.c (set_debug): New. New option --debug-level.
(main): New option --gpgconf-list.
2004-02-17 Werner Koch <wk@gnupg.org>
* pksign.c (do_encode_md): Cleaned up by using gcry_sexp_build.
* Makefile.am (gpg_protect_tool_SOURCES): Removed
simple-pwquery.[ch], as we once moved it to ../common.
2004-02-13 Werner Koch <wk@gnupg.org>
* command.c (cmd_setkeydesc): New.
(register_commands): Add command SETKEYDESC.
(cmd_pksign, cmd_pkdecrypt): Use the key description.
(reset_notify): Reset the description.
* findkey.c (unprotect): Add arg DESC_TEXT.
(agent_key_from_file): Ditto.
* pksign.c (agent_pksign): Ditto.
* pkdecrypt.c (agent_pkdecrypt): Ditto. Made CIPHERTEXT an
unsigned char*.
* protect-tool.c (main): New options --no-fail-on-exist, --homedir.
(store_private_key): Use them here.
2004-02-12 Werner Koch <wk@gnupg.org>
* protect-tool.c (read_file, main): Allow reading from stdin.
* Makefile.am: Include cmacros.am for common flags.
(libexec_PROGRAMS): Put gpg-protect-tool there.
2004-02-10 Werner Koch <wk@gnupg.org>
* minip12.c (parse_bag_encrypted_data): Finished implementation.
(p12_parse): Add callback args.
* protect-tool.c (import_p12_cert_cb): New.
(import_p12_file): Use it.
2004-02-06 Werner Koch <wk@gnupg.org>
* minip12.c (crypt_block): Add arg CIPHER_ALGO; changed all callers.
(set_key_iv): Add arg KEYBYTES; changed caller.
2004-02-03 Werner Koch <wk@gnupg.org>
* findkey.c (agent_key_from_file): Extra paranoid wipe.
* protect.c (agent_unprotect): Ditto.
(merge_lists): Ditto. Add arg RESULTLEN.
* pkdecrypt.c (agent_pkdecrypt): Don't show the secret key even in
debug mode.
* protect.c: Add DSA and Elgamal description.
2004-01-29 Werner Koch <wk@gnupg.org>
* agent.h (server_control_s): Add connection_fd field.
* command.c (start_command_handler): Init it here.
* gpg-agent.c (agent_init_default_ctrl): and here.
* call-scd.c: Add the CTRL arg to all functions calling start_scd
and pass it to start_scd. Changed all callers
(start_scd): Keep track of the current active connection.
(agent_reset_scd): New.
* command.c (start_command_handler): Call it here.
* learncard.c (agent_handle_learn): Add arg CTRL; changed caller.
(send_cert_back): Ditto.
2004-01-28 Werner Koch <wk@gnupg.org>
* trustlist.c (agent_marktrusted): Check whether the trustlist is
writable.
2004-01-27 Werner Koch <wk@gnupg.org>
* sexp-parse.h: Moved to ../common.
2004-01-24 Werner Koch <wk@gnupg.org>
* call-scd.c (atfork_cb): New.
(start_scd): Make sure secmem gets cleared.
* query.c (atfork_cb): New.
(start_pinentry): Make sure secmem gets cleared.
2004-01-16 Werner Koch <wk@gnupg.org>
* findkey.c (agent_key_from_file): Now return an error code so
that we have more detailed error messages in the upper layers.
This fixes the handling of pinentry's cancel button.
* pksign.c (agent_pksign): Changed accordingly.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* command.c (cmd_passwd): Ditto.
2003-12-16 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Set the prefixes for assuan logging.
2003-12-15 Werner Koch <wk@gnupg.org>
* protect.c (do_encryption): Use gcry_create_nonce instad of the
obsolete WEAK_RANDOM.
2003-11-20 Werner Koch <wk@gnupg.org>
* sexp-parse.h (snext): Don't use atoi_1 and digitp macros, so
that this file is useful by other applications too.
2003-10-27 Werner Koch <wk@gnupg.org>
* command.c (cmd_get_confirmation): New command.
2003-08-20 Timo Schulz <twoaday@freakmail.de>
* pksign.c (do_encode_md): Allocate enough space. Cast md
byte to unsigned char to prevent sign extension.
2003-08-14 Timo Schulz <twoaday@freakmail.de>
* pksign.c (do_encode_md): Due to the fact pkcs#1 padding
is now in Libgcrypt, use the new interface.
2003-07-31 Werner Koch <wk@gnupg.org>
* Makefile.am (gpg_agent_LDADD): Added INTLLIBS.
(gpg_protect_tool_SOURCES): Added simple-pwquery.[ch]
2003-07-27 Werner Koch <wk@gnupg.org>
Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
2003-07-15 Werner Koch <wk@gnupg.org>
* simple-pwquery.c, simple-pwquery.h: Moved to ../common.
* Makefile.am (gpg_protect_tool_LDADD): Add simple-pwquery.o.
Removed it from xx_SOURCES.
2003-07-04 Werner Koch <wk@gnupg.org>
* gpg-agent.c (handle_connections): Kludge to allow use of Pth 1
and 2.
2003-06-30 Werner Koch <wk@gnupg.org>
* call-scd.c (learn_status_cb): Store the serialno in PARM.
2003-06-26 Werner Koch <wk@gnupg.org>
* call-scd.c (agent_card_serialno): Don't do a RESET anymore.
2003-06-25 Werner Koch <wk@gnupg.org>
* command.c (cmd_scd): New.
* call-scd.c (agent_card_scd): New.
* divert-scd.c (divert_generic_cmd): New
* call-scd.c (agent_card_learn): New callback args SINFO.
(learn_status_cb): Pass all other status lines to the sinfo
callback.
* learncard.c (release_sinfo, sinfo_cb): New.
(agent_handle_learn): Pass the new cb to the learn function and
pass the collected information back to the client's assuan
connection.
* gpg-agent.c (main): Moved pth_init before gcry_check_version.
2003-06-24 Werner Koch <wk@gnupg.org>
* gpg-agent.c (handle_connections): Adjusted for Pth 2.0
Adjusted for changes in the libgcrypt API. Some more fixes for the
libgpg-error stuff.
2003-06-04 Werner Koch <wk@gnupg.org>
Renamed error codes from INVALID to INV and removed _ERROR suffixes.
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* agent.h: Include gpg-error.h and errno.h
* Makefile.am: Link with libgpg-error
* query.c: assuan.h is now a system header.
* genkey.c (agent_genkey): Fixed silly use of xmalloc by
xtrymalloc.
2003-04-29 Werner Koch <wk@gnupg.org>
* command.c (register_commands): Adjusted for new Assuan semantics.
* Makefile.am: Don't override LDFLAGS.
2002-12-04 Werner Koch <wk@gnupg.org>
* gpg-agent.c: New variable config_filename.
(parse_rereadable_options): New.
(main): Use it here. Add setting of default values, set
config_filename.
(reread_configuration): Filled with actual code.
2002-12-03 Werner Koch <wk@gnupg.org>
* protect-tool.c (read_key): Don't run make_canonical on a NULL
buffer.
* command.c (parse_hexstring): New.
(cmd_sethash): Use it.
(parse_keygrip): New.
(cmd_havekey, cmd_sigkey): Use it.
(cmd_passwd): New.
* genkey.c (agent_protect_and_store): New.
(store_key): Add arg FORCE.
(agent_genkey): Pass false to this force of store_key.
2002-11-13 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Switch all messages to utf-8.
* simple-pwquery.c (agent_send_all_options): Use $GPG_TTY and
stdin with ttyname.
* cache.c (new_data): Uiih - /sizeof d/sizeof *d/.
2002-11-10 Werner Koch <wk@gnupg.org>
* command.c (option_handler): Fix keep_tty check.
2002-11-06 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Make sure we have a default ttyname.
* command.c (option_handler): Check opt.keep_tty here
* query.c (start_pinentry): but not anymore here.
2002-11-05 Werner Koch <wk@gnupg.org>
* agent.h (opt,server_control_s): Move display and lc_ variables
to the control struct so that they are per connection.
* gpg-agent.c (agent_init_default_ctrl): New.
(main): Assign those command line options to new default_* variables.
Reset DISPLAY in server mode so that tehre is no implicit default.
* command.c (start_command_handler): Initialize and deinitialize
the control values.
(option_handler): Work on the ctrl values and not on the opt.
* query.c (start_pinentry): New argument CTRL to set the display
connection specific. Changed all callers to pass this value.
(agent_askpin,agent_get_passphrase,agent_get_confirmation): Add
CTRL arg and pass it ot start_pinentry.
* command.c (cmd_get_passphrase): Pass CTRL argument.
* trustlist.c (agent_marktrusted): Add CTRL argument
* command.c (cmd_marktrusted): Pass CTRL argument
* divert-scd.c (ask_for_card): Add CTRL arg.
(divert_pksign,divert_pkdecrypt): Ditto. Changed caller.
(getpin_cb): Use OPAQUE to pass the CTRL variable. Changed both
users.
* findkey.c (unprotect): Add CTRL arg.
(agent_key_from_file): Ditto.
* query.c (unlock_pinentry): Disconnect the pinentry so that we
start a new one for each request. This is required to support
clients with different environments (e.g. X magic cookies).
2002-09-05 Neal H. Walfield <neal@cs.uml.edu>
* gpg-agent.c (main) [USE_GNU_PTH]: No need to call
assuan_set_io_func as assuan is smart.
2002-09-25 Werner Koch <wk@gnupg.org>
* gpg-agent.c (handle_signal): Flush cache on SIGHUP.
* cache.c (agent_flush_cache): New.
* gpg-agent.c, agent.h: Add --keep-display and --keep-tty.
* query.c (start_pinentry): Implement them. The option passing
needs more thoughts.
2002-09-09 Werner Koch <wk@gnupg.org>
* gpg-agent.c (create_private_keys_directory)
(create_directories): New.
(main): Try to create a home directory.
2002-09-04 Neal H. Walfield <neal@g10code.de>
* gpg-agent.c (main): Use sigaction, not signal.
2002-09-03 Neal H. Walfield <neal@g10code.de>
* findkey.c: Include <fcntl.h>.
(agent_write_private_key): Prefer POSIX compatibity, open and
fdopen, over the simplicity of GNU extensions, fopen(file, "x").
2002-08-22 Werner Koch <wk@gnupg.org>
* query.c (agent_askpin): Provide the default desc text depending
on the pininfo. Do the basic PIN verification only when
min_digits is set.
2002-08-21 Werner Koch <wk@gnupg.org>
* query.c (agent_askpin): Hack to show the right default prompt.
(agent_get_passphrase): Ditto.
* trans.c: Removed and replaced all usages with standard _()
* divert-scd.c (getpin_cb): Pass a more descritive text to the
pinentry.
* Makefile.am: Renamed the binary protect-tool to gpg-protect-tool.
* protect-tool.c: Removed the note about internal use only.
* gpg-agent.c (main): New option --daemon so that the program is
not accidently started in the background.
2002-08-16 Werner Koch <wk@gnupg.org>
* call-scd.c (learn_status_cb): Handle CERTINFO status.
(agent_card_learn): Add args for certinfo cb.
* learncard.c (release_certinfo,certinfo_cb): New.
(send_cert_back): New. With factored out code from ..
(agent_handle_learn): here. Return certinfo stuff.
2002-07-26 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): New option --ignore-cache-for-signing.
* command.c (option_handler): New server option
use-cache-for-signing defaulting to true.
(cmd_pksign): handle global and per session option.
* findkey.c (agent_key_from_file, unprotect): New arg
ignore_cache. Changed all callers.
* pksign.c (agent_pksign): Likewise.
2002-06-29 Werner Koch <wk@gnupg.org>
* query.c (start_pinentry): Use GNUPG_DERAULT_PINENTRY.
* call-scd.c (start_scd): Use GNUPG_DEFAULT_SCDAEMON.
2002-06-28 Werner Koch <wk@gnupg.org>
* protect-tool.c (export_p12_file): New.
(main): New command --p12-export.
* minip12.c (create_final,p12_build,compute_tag_length): New.
(store_tag_length): New.
2002-06-27 Werner Koch <wk@gnupg.org>
* minip12.c (crypt_block): Renamed from decrypt_block, add arg to
allow encryption.
* Makefile.am (pkglib_PROGRAMS): Put protect-tool there.
* findkey.c (agent_write_private_key,agent_key_from_file)
(agent_key_available): Use GNUPG_PRIVATE_KEYS_DIR constant.
* gpg-agent.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
* protect-tool.c (store_private_key): New.
(import_p12_file): Store the new file if requested.
(main): New options --force and --store.
* gpg-agent.c (main): Set a global flag when running detached.
* query.c (start_pinentry): Pass the list of FD to keep in the
child when not running detached.
* call-scd.c (start_scd): Ditto.
2002-06-26 Werner Koch <wk@gnupg.org>
* command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted)
(cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_get_passphrase)
(cmd_learn): Print an error message for a failed operation.
* simple-pwquery.c, simple-pwquery.h: New.
* protect-tool. (get_passphrase): New, used to get a passphrase
from the agent if none was given on the command line.
2002-06-25 Werner Koch <wk@gnupg.org>
* protect-tool.c (rsa_key_check): New.
(import_p12_file): New.
(main): New command --p12-import.
* minip12.c, minip12.h: New.
2002-06-24 Werner Koch <wk@gnupg.org>
* protect-tool.c (read_file): New.
(read_key): Factored most code out to read_file.
2002-06-17 Werner Koch <wk@gnupg.org>
* agent.h: Add a callback function to the pin_entry_info structure.
* query.c (agent_askpin): Use the callback to check for a correct
PIN. Removed the start_err_text argument because it is not
anymore needed; changed callers.
* findkey.c (unprotect): Replace our own check loop by a callback.
(try_unprotect_cb): New.
* genkey.c (reenter_compare_cb): New.
(agent_genkey): Use this callback here. Fixed setting of the pi2
variable and a segv in case of an empty PIN.
* divert-scd.c (getpin_cb): Removed some unused stuff and
explained what we still have to change.
2002-06-12 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): New option --disable-pth.
2002-06-11 Werner Koch <wk@gnupg.org>
* protect-tool.c: Add command --show-keygrip
(show_keygrip): New.
2002-05-23 Werner Koch <wk@gnupg.org>
* call-scd.c: Seirialized all scdaeom access when using Pth.
* cache.c: Made the cache Pth-thread-safe.
(agent_unlock_cache_entry): New.
* findkey.c (unprotect): Unlock the returned cache value.
* command.c (cmd_get_passphrase): Ditto.
* gpg-agent.c (main): Register pth_read/write with Assuan.
2002-05-22 Werner Koch <wk@gnupg.org>
* query.c: Serialized all pinentry access when using Pth.
* gpg-agent.c (handle_signal,start_connection_thread)
(handle_connections): New
(main): Use the new Pth stuff to allow concurrent connections.
* command.c (start_command_handler): Add new arg FD so that the
fucntion can also be used for an already connected socket.
* Makefile.am: Link with Pth.
2002-05-14 Werner Koch <wk@gnupg.org>
* cache.c (housekeeping, agent_put_cache): Use our time() wrapper.
2002-04-26 Werner Koch <wk@gnupg.org>
* cache.c (agent_put_cache): Reinitialize the creation time and
the ttl when reusing a slot.
* call-scd.c (start_scd): Print debug messages only with debug
flags set.
* query.c (start_pinentry): Ditto.
2002-04-25 Marcus Brinkmann <marcus@g10code.de>
* agent.h (agent_get_confirmation): Replace paramter prompt with
two parameters ok and cancel.
* query.c (agent_get_confirmation): Likewise. Implement this.
* trustlist.c (agent_marktrusted): Fix invocation of
agent_get_confirmation.
* divert-scd.c (ask_for_card): Likewise.
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
* agent.h (struct opt): Add members display, ttyname, ttytype,
lc_ctype, and lc_messages.
* gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname,
oTTYtype, oLCctype, and LCmessages.
(main): Handle these options.
* command.c (option_handler): New function.
(register_commands): Register option handler.
* query.c (start_pinentry): Pass the various display and tty
options to the pinentry.
2002-04-05 Werner Koch <wk@gnupg.org>
* protect-tool.c (show_file): New. Used as default action.
2002-03-28 Werner Koch <wk@gnupg.org>
* divert-scd.c (encode_md_for_card): Don't do the pkcs-1 padding,
the scdaemon should take care of it.
(ask_for_card): Hack to not display the trailing zero.
2002-03-11 Werner Koch <wk@gnupg.org>
* learncard.c (kpinfo_cb): Remove the content restrictions from
the keyID.
2002-03-06 Werner Koch <wk@gnupg.org>
* learncard.c: New.
* divert-scd.c (ask_for_card): The serial number is binary so
convert it to hex here.
* findkey.c (agent_write_private_key): New.
* genkey.c (store_key): And use it here.
* pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done.
* divert-scd.c (divert_pkdecrypt): Changed interface and
implemented it.
2002-03-05 Werner Koch <wk@gnupg.org>
* call-scd.c (inq_needpin): New.
(agent_card_pksign): Add getpin_cb args.
(agent_card_pkdecrypt): New.
2002-03-04 Werner Koch <wk@gnupg.org>
* pksign.c (agent_pksign): Changed how the diversion is done.
* divert-scd.c (divert_pksign): Changed interface and implemented it.
(encode_md_for_card): New.
* call-scd.c (agent_card_pksign): New.
2002-02-28 Werner Koch <wk@gnupg.org>
* pksign.c (agent_pksign): Detect whether a Smartcard is to be
used and divert the operation in this case.
* pkdecrypt.c (agent_pkdecrypt): Likewise
* findkey.c (agent_key_from_file): Add optional arg shadow_info
and have it return information about a shadowed key.
* protect.c (agent_get_shadow_info): New.
* protect.c (snext,sskip,smatch): Moved to
* sexp-parse.h: New file.
* divert-scd.c: New.
2002-02-27 Werner Koch <wk@gnupg.org>
* protect.c (agent_shadow_key): New.
* command.c (cmd_learn): New command LEARN.
* gpg-agent.c: New option --scdaemon-program.
* call-scd.c (start_scd): New. Based on query.c
* query.c: Add 2 more arguments to all uses of assuan_transact.
2002-02-18 Werner Koch <wk@gnupg.org>
* findkey.c (unprotect): Show an error message for a bad passphrase.
* command.c (cmd_marktrusted): Implemented.
* trustlist.c (agent_marktrusted): New.
(open_list): Add APPEND arg.
* query.c (agent_get_confirmation): New.
2002-02-06 Werner Koch <wk@gnupg.org>
* cache.c (housekeeping): Fixed linking in the remove case.
2002-02-01 Werner Koch <wk@gnupg.org>
* gpg-agent.c: New option --default-cache-ttl.
* cache.c (agent_put_cache): Use it.
* cache.c: Add a few debug outputs.
* protect.c (agent_private_key_type): New.
* agent.h: Add PRIVATE_KEY_ enums.
* findkey.c (agent_key_from_file): Use it to decide whether we
have to unprotect a key.
(unprotect): Cache the passphrase.
* findkey.c (agent_key_from_file,agent_key_available): The key
files do now require a ".key" suffix to make a script's life
easier.
* genkey.c (store_key): Ditto.
2002-01-31 Werner Koch <wk@gnupg.org>
* genkey.c (store_key): Protect the key.
(agent_genkey): Ask for the passphrase.
* findkey.c (unprotect): Actually unprotect the key.
* query.c (agent_askpin): Add an optional start_err_text.
2002-01-30 Werner Koch <wk@gnupg.org>
* protect.c: New.
(hash_passphrase): Based on the GnuPG 1.0.6 version.
* protect-tool.c: New
2002-01-29 Werner Koch <wk@gnupg.org>
* findkey.c (agent_key_available): New.
* command.c (cmd_havekey): New.
(register_commands): And register new command.
2002-01-20 Werner Koch <wk@gnupg.org>
* command.c (cmd_get_passphrase): Remove the plus signs.
* query.c (start_pinentry): Send no-grab option to pinentry
* gpg-agent.c (main): Move variable grab as no_grab to agent.h.
2002-01-19 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Disable core dumps.
* cache.c: New.
* command.c (cmd_get_passphrase): Use the cache.
(cmd_clear_passphrase): Ditto.
* gpg-agent.c: Removed unused cruft and implement the socket
based server.
(my_strusage): Take bug report address from configure.ac.
* command.c (start_command_handler): Add an argument to start as
regular server.
(start_command_handler): Enable Assuan logging.
2002-01-15 Werner Koch <wk@gnupg.org>
* trustlist.c: New.
* command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted): New.
2002-01-07 Werner Koch <wk@gnupg.org>
* genkey.c: Store the secret part and return the public part.
2002-01-03 Werner Koch <wk@gnupg.org>
* command.c (cmd_get_passphrase): New.
(cmd_clear_passphrase): New.
* query.c (agent_get_passphrase): New.
2002-01-02 Werner Koch <wk@gnupg.org>
* genkey.c: New.
* command.c (cmd_genkey): New.
* command.c (rc_to_assuan_status): Removed and changed all callers
to use map_to_assuan_status.
2001-12-19 Werner Koch <wk@gnupg.org>
* keyformat.txt: New.
2001-12-19 Marcus Brinkmann <marcus@g10code.de>
* query.c (start_pinentry): Add new argument to assuan_pipe_connect.
2001-12-18 Werner Koch <wk@gnupg.org>
* Makefile.am: Use LIBGCRYPT macros
2001-12-14 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): New option --batch. New option --debug-wait
n, so that it is possible to attach gdb when used in server mode.
* query.c (agent_askpin): Don't ask in batch mode.
* command.c: Removed the conversion macros as they are now in
../common/util.h.
2001-12-14 Marcus Brinkmann <marcus@g10code.de>
* query.c (LINELENGTH): Removed.
(agent_askpin): Use ASSUAN_LINELENGTH, not LINELENGTH.
2001-11-19 Werner Koch <wk@gnupg.org>
* gpg-agent.c: Removed all GUI code, removed code for old
protocol. New code to use the Assuan protocol as a server and
also to communicate with a new ask-passphrase utility.
2000-11-22 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): csh support by Dan Winship, new options --sh
and --csh and set default by consulting $SHELL.
Mon Aug 21 17:59:17 CEST 2000 Werner Koch <wk@openit.de>
* gpg-agent.c (passphrase_dialog): Cleanup the window and added the
user supplied text to the window.
(main): Fixed segv in gtk_init when used without a command to start.
* gpg-agent.c: --flush option.
(req_flush): New.
(req_clear_passphrase): Implemented.
Fri Aug 18 14:27:14 CEST 2000 Werner Koch <wk@openit.de>
* gpg-agent.c: New.
* Makefile.am: New.
Copyright 2001, 2002, 2003, 2004, 2005,
2007, 2008, 2009, 2010 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 01c9fc5fc..d00fdf6fc 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -1,1171 +1,1178 @@
/* call-pinentry.c - Spawn the pinentry to query stuff from the user
* Copyright (C) 2001, 2002, 2004, 2007, 2008,
* 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <assert.h>
#include <unistd.h>
#include <sys/stat.h>
#ifndef HAVE_W32_SYSTEM
# include <sys/wait.h>
# include <sys/types.h>
# include <signal.h>
#endif
#include <pth.h>
#include "agent.h"
#include <assuan.h>
#include "sysutils.h"
#include "i18n.h"
#ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX
#else
#define MAX_OPEN_FDS 20
#endif
/* Because access to the pinentry must be serialized (it is and shall
be a global mutual dialog) we should better timeout further
requests after some time. 2 minutes seem to be a reasonable
time. */
#define LOCK_TIMEOUT (1*60)
/* The assuan context of the current pinentry. */
static assuan_context_t entry_ctx;
/* The control variable of the connection owning the current pinentry.
This is only valid if ENTRY_CTX is not NULL. Note, that we care
only about the value of the pointer and that it should never be
dereferenced. */
static ctrl_t entry_owner;
/* A mutex used to serialize access to the pinentry. */
static pth_mutex_t entry_lock;
/* The thread ID of the popup working thread. */
static pth_t popup_tid;
/* A flag used in communication between the popup working thread and
its stop function. */
static int popup_finished;
/* Data to be passed to our callbacks, */
struct entry_parm_s
{
int lines;
size_t size;
unsigned char *buffer;
};
/* This function must be called once to initialize this module. This
has to be done before a second thread is spawned. We can't do the
static initialization because Pth emulation code might not be able
to do a static init; in particular, it is not possible for W32. */
void
initialize_module_call_pinentry (void)
{
static int initialized;
if (!initialized)
{
if (pth_mutex_init (&entry_lock))
initialized = 1;
}
}
static void
dump_mutex_state (pth_mutex_t *m)
{
#ifdef _W32_PTH_H
(void)m;
log_printf ("unknown under W32");
#else
if (!(m->mx_state & PTH_MUTEX_INITIALIZED))
log_printf ("not_initialized");
else if (!(m->mx_state & PTH_MUTEX_LOCKED))
log_printf ("not_locked");
else
log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count);
#endif
}
/* This function may be called to print infromation pertaining to the
current state of this module to the log. */
void
agent_query_dump_state (void)
{
log_info ("agent_query_dump_state: entry_lock=");
dump_mutex_state (&entry_lock);
log_printf ("\n");
log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld popup_tid=%p\n",
entry_ctx, (long)assuan_get_pid (entry_ctx), popup_tid);
}
/* Called to make sure that a popup window owned by the current
connection gets closed. */
void
agent_reset_query (ctrl_t ctrl)
{
if (entry_ctx && popup_tid && entry_owner == ctrl)
{
agent_popup_message_stop (ctrl);
}
}
/* Unlock the pinentry so that another thread can start one and
disconnect that pinentry - we do this after the unlock so that a
stalled pinentry does not block other threads. Fixme: We should
have a timeout in Assuan for the disconnect operation. */
static int
unlock_pinentry (int rc)
{
assuan_context_t ctx = entry_ctx;
entry_ctx = NULL;
if (!pth_mutex_release (&entry_lock))
{
log_error ("failed to release the entry lock\n");
if (!rc)
rc = gpg_error (GPG_ERR_INTERNAL);
}
assuan_release (ctx);
return rc;
}
/* To make sure we leave no secrets in our image after forking of the
pinentry, we use this callback. */
static void
atfork_cb (void *opaque, int where)
{
ctrl_t ctrl = opaque;
if (!where)
{
int iterator = 0;
const char *name, *assname, *value;
gcry_control (GCRYCTL_TERM_SECMEM);
while ((name = session_env_list_stdenvnames (&iterator, &assname)))
{
/* For all new envvars (!ASSNAME) and the two medium old
ones which do have an assuan name but are conveyed using
environment variables, update the environment of the
forked process. */
if (!assname
|| !strcmp (name, "XAUTHORITY")
|| !strcmp (name, "PINENTRY_USER_DATA"))
{
value = session_env_getenv (ctrl->session_env, name);
if (value)
gnupg_setenv (name, value, 1);
}
}
}
}
static gpg_error_t
getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
{
unsigned long *pid = opaque;
char pidbuf[50];
/* There is only the pid in the server's response. */
if (length >= sizeof pidbuf)
length = sizeof pidbuf -1;
if (length)
{
strncpy (pidbuf, buffer, length);
pidbuf[length] = 0;
*pid = strtoul (pidbuf, NULL, 10);
}
return 0;
}
/* Fork off the pin entry if this has not already been done. Note,
that this function must always be used to aquire the lock for the
pinentry - we will serialize _all_ pinentry calls.
*/
static int
start_pinentry (ctrl_t ctrl)
{
int rc;
const char *pgmname;
assuan_context_t ctx;
const char *argv[5];
int no_close_list[3];
int i;
pth_event_t evt;
const char *tmpstr;
unsigned long pinentry_pid;
const char *value;
evt = pth_event (PTH_EVENT_TIME, pth_timeout (LOCK_TIMEOUT, 0));
if (!pth_mutex_acquire (&entry_lock, 0, evt))
{
if (pth_event_occurred (evt))
rc = gpg_error (GPG_ERR_TIMEOUT);
else
rc = gpg_error (GPG_ERR_INTERNAL);
pth_event_free (evt, PTH_FREE_THIS);
log_error (_("failed to acquire the pinentry lock: %s\n"),
gpg_strerror (rc));
return rc;
}
pth_event_free (evt, PTH_FREE_THIS);
entry_owner = ctrl;
if (entry_ctx)
return 0;
if (opt.verbose)
log_info ("starting a new PIN Entry\n");
#ifdef HAVE_W32_SYSTEM
fflush (stdout);
fflush (stderr);
#endif
if (fflush (NULL))
{
#ifndef HAVE_W32_SYSTEM
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
#endif
log_error ("error flushing pending output: %s\n", strerror (errno));
/* At least Windows XP fails here with EBADF. According to docs
and Wine an fflush(NULL) is the same as _flushall. However
the Wime implementaion does not flush stdin,stdout and stderr
- see above. Lets try to ignore the error. */
#ifndef HAVE_W32_SYSTEM
return unlock_pinentry (tmperr);
#endif
}
if (!opt.pinentry_program || !*opt.pinentry_program)
opt.pinentry_program = gnupg_module_name (GNUPG_MODULE_NAME_PINENTRY);
pgmname = opt.pinentry_program;
if ( !(pgmname = strrchr (opt.pinentry_program, '/')))
pgmname = opt.pinentry_program;
else
pgmname++;
/* OS X needs the entire file name in argv[0], so that it can locate
the resource bundle. For other systems we stick to the usual
convention of supplying only the name of the program. */
#ifdef __APPLE__
argv[0] = opt.pinentry_program;
#else /*!__APPLE__*/
argv[0] = pgmname;
#endif /*__APPLE__*/
if (!opt.keep_display
&& (value = session_env_getenv (ctrl->session_env, "DISPLAY")))
{
argv[1] = "--display";
argv[2] = value;
argv[3] = NULL;
}
else
argv[1] = NULL;
i=0;
if (!opt.running_detached)
{
if (log_get_fd () != -1)
no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
}
no_close_list[i] = -1;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
return rc;
}
/* Connect to the pinentry and perform initial handshaking. Note
that atfork is used to change the environment for pinentry. We
start the server in detached mode to suppress the console window
under Windows. */
rc = assuan_pipe_connect (ctx, opt.pinentry_program, argv,
no_close_list, atfork_cb, ctrl,
ASSUAN_PIPE_CONNECT_DETACHED);
if (rc)
{
log_error ("can't connect to the PIN entry module: %s\n",
gpg_strerror (rc));
assuan_release (ctx);
return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
}
entry_ctx = ctx;
if (DBG_ASSUAN)
log_debug ("connection to PIN entry established\n");
rc = assuan_transact (entry_ctx,
opt.no_grab? "OPTION no-grab":"OPTION grab",
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
value = session_env_getenv (ctrl->session_env, "GPG_TTY");
if (value)
{
char *optstr;
if (asprintf (&optstr, "OPTION ttyname=%s", value) < 0 )
return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
xfree (optstr);
if (rc)
return unlock_pinentry (rc);
}
value = session_env_getenv (ctrl->session_env, "TERM");
if (value)
{
char *optstr;
if (asprintf (&optstr, "OPTION ttytype=%s", value) < 0 )
return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
xfree (optstr);
if (rc)
return unlock_pinentry (rc);
}
if (ctrl->lc_ctype)
{
char *optstr;
if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 )
return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
xfree (optstr);
if (rc)
return unlock_pinentry (rc);
}
if (ctrl->lc_messages)
{
char *optstr;
if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 )
return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
xfree (optstr);
if (rc)
return unlock_pinentry (rc);
}
{
/* Provide a few default strings for use by the pinentries. This
may help a pinentry to avoid implementing localization code. */
static struct { const char *key, *value; } tbl[] = {
/* TRANSLATORS: These are labels for buttons etc used in
Pinentries. An underscore indicates that the next letter
should be used as an accelerator. Double the underscore for
a literal one. The actual to be translated text starts after
the second vertical bar. */
{ "ok", N_("|pinentry-label|_OK") },
{ "cancel", N_("|pinentry-label|_Cancel") },
{ "prompt", N_("|pinentry-label|PIN:") },
{ NULL, NULL}
};
char *optstr;
int idx;
const char *s, *s2;
for (idx=0; tbl[idx].key; idx++)
{
s = _(tbl[idx].value);
if (*s == '|' && (s2=strchr (s+1,'|')))
s = s2+1;
if (asprintf (&optstr, "OPTION default-%s=%s", tbl[idx].key, s) < 0 )
return unlock_pinentry (out_of_core ());
assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
xfree (optstr);
}
}
/* Tell the pinentry the name of a file it shall touch after having
messed with the tty. This is optional and only supported by
newer pinentries and thus we do no error checking. */
tmpstr = opt.pinentry_touch_file;
if (tmpstr && !strcmp (tmpstr, "/dev/null"))
tmpstr = NULL;
else if (!tmpstr)
tmpstr = get_agent_socket_name ();
if (tmpstr)
{
char *optstr;
if (asprintf (&optstr, "OPTION touch-file=%s", tmpstr ) < 0 )
;
else
{
assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
xfree (optstr);
}
}
/* Now ask the Pinentry for its PID. If the Pinentry is new enough
it will send the pid back and we will use an inquire to notify
our client. The client may answer the inquiry either with END or
with CAN to cancel the pinentry. */
rc = assuan_transact (entry_ctx, "GETINFO pid",
getinfo_pid_cb, &pinentry_pid,
NULL, NULL, NULL, NULL);
if (rc)
{
log_info ("You may want to update to a newer pinentry\n");
rc = 0;
}
else if (!rc && (pid_t)pinentry_pid == (pid_t)(-1))
log_error ("pinentry did not return a PID\n");
else
{
rc = agent_inq_pinentry_launched (ctrl, pinentry_pid);
if (gpg_err_code (rc) == GPG_ERR_CANCELED)
return unlock_pinentry (gpg_error (GPG_ERR_CANCELED));
rc = 0;
}
return 0;
}
/* Returns True is the pinentry is currently active. If WAITSECONDS is
greater than zero the function will wait for this many seconds
before returning. */
int
pinentry_active_p (ctrl_t ctrl, int waitseconds)
{
(void)ctrl;
if (waitseconds > 0)
{
pth_event_t evt;
int rc;
evt = pth_event (PTH_EVENT_TIME, pth_timeout (waitseconds, 0));
if (!pth_mutex_acquire (&entry_lock, 0, evt))
{
if (pth_event_occurred (evt))
rc = gpg_error (GPG_ERR_TIMEOUT);
else
rc = gpg_error (GPG_ERR_INTERNAL);
pth_event_free (evt, PTH_FREE_THIS);
return rc;
}
pth_event_free (evt, PTH_FREE_THIS);
}
else
{
if (!pth_mutex_acquire (&entry_lock, 1, NULL))
return gpg_error (GPG_ERR_LOCKED);
}
if (!pth_mutex_release (&entry_lock))
log_error ("failed to release the entry lock at %d\n", __LINE__);
return 0;
}
static gpg_error_t
getpin_cb (void *opaque, const void *buffer, size_t length)
{
struct entry_parm_s *parm = opaque;
if (!buffer)
return 0;
/* we expect the pin to fit on one line */
if (parm->lines || length >= parm->size)
return gpg_error (GPG_ERR_ASS_TOO_MUCH_DATA);
/* fixme: we should make sure that the assuan buffer is allocated in
secure memory or read the response byte by byte */
memcpy (parm->buffer, buffer, length);
parm->buffer[length] = 0;
parm->lines++;
return 0;
}
static int
all_digitsp( const char *s)
{
for (; *s && *s >= '0' && *s <= '9'; s++)
;
return !*s;
}
/* Return a new malloced string by unescaping the string S. Escaping
is percent escaping and '+'/space mapping. A binary Nul will
silently be replaced by a 0xFF. Function returns NULL to indicate
an out of memory status. PArsing stops at the end of the string or
a white space character. */
static char *
unescape_passphrase_string (const unsigned char *s)
{
char *buffer, *d;
buffer = d = xtrymalloc_secure (strlen ((const char*)s)+1);
if (!buffer)
return NULL;
while (*s && !spacep (s))
{
if (*s == '%' && s[1] && s[2])
{
s++;
*d = xtoi_2 (s);
if (!*d)
*d = '\xff';
d++;
s += 2;
}
else if (*s == '+')
{
*d++ = ' ';
s++;
}
else
*d++ = *s++;
}
*d = 0;
return buffer;
}
/* Estimate the quality of the passphrase PW and return a value in the
range 0..100. */
static int
estimate_passphrase_quality (const char *pw)
{
int goodlength = opt.min_passphrase_len + opt.min_passphrase_len/3;
int length;
const char *s;
if (goodlength < 1)
return 0;
for (length = 0, s = pw; *s; s++)
if (!spacep (s))
length ++;
if (length > goodlength)
return 100;
return ((length*10) / goodlength)*10;
}
/* Handle the QUALITY inquiry. */
static gpg_error_t
inq_quality (void *opaque, const char *line)
{
assuan_context_t ctx = opaque;
char *pin;
int rc;
int percent;
char numbuf[20];
if (!strncmp (line, "QUALITY", 7) && (line[7] == ' ' || !line[7]))
{
line += 7;
while (*line == ' ')
line++;
pin = unescape_passphrase_string (line);
if (!pin)
rc = gpg_error_from_syserror ();
else
{
percent = estimate_passphrase_quality (pin);
if (check_passphrase_constraints (NULL, pin, 1))
percent = -percent;
snprintf (numbuf, sizeof numbuf, "%d", percent);
rc = assuan_send_data (ctx, numbuf, strlen (numbuf));
xfree (pin);
}
}
else
{
log_error ("unsupported inquiry `%s' from pinentry\n", line);
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
return rc;
}
/* Helper for agent_askpin and agent_get_passphrase. */
static int
setup_qualitybar (void)
{
int rc;
char line[ASSUAN_LINELENGTH];
char *tmpstr, *tmpstr2;
const char *tooltip;
/* TRANSLATORS: This string is displayed by Pinentry as the label
for the quality bar. */
tmpstr = try_percent_escape (_("Quality:"), "\t\r\n\f\v");
snprintf (line, DIM(line)-1, "SETQUALITYBAR %s", tmpstr? tmpstr:"");
line[DIM(line)-1] = 0;
xfree (tmpstr);
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc == 103 /*(Old assuan error code)*/
|| gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
; /* Ignore Unknown Command from old Pinentry versions. */
else if (rc)
return rc;
tmpstr2 = gnupg_get_help_string ("pinentry.qualitybar.tooltip", 0);
if (tmpstr2)
tooltip = tmpstr2;
else
{
/* TRANSLATORS: This string is a tooltip, shown by pinentry when
hovering over the quality bar. Please use an appropriate
string to describe what this is about. The length of the
tooltip is limited to about 900 characters. If you do not
translate this entry, a default english text (see source)
will be used. */
tooltip = _("pinentry.qualitybar.tooltip");
if (!strcmp ("pinentry.qualitybar.tooltip", tooltip))
tooltip = ("The quality of the text entered above.\n"
"Please ask your administrator for "
"details about the criteria.");
}
tmpstr = try_percent_escape (tooltip, "\t\r\n\f\v");
xfree (tmpstr2);
snprintf (line, DIM(line)-1, "SETQUALITYBAR_TT %s", tmpstr? tmpstr:"");
line[DIM(line)-1] = 0;
xfree (tmpstr);
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc == 103 /*(Old assuan error code)*/
|| gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
; /* Ignore Unknown Command from old pinentry versions. */
else if (rc)
return rc;
return 0;
}
/* Call the Entry and ask for the PIN. We do check for a valid PIN
number here and repeat it as long as we have invalid formed
numbers. */
int
agent_askpin (ctrl_t ctrl,
const char *desc_text, const char *prompt_text,
const char *initial_errtext,
struct pin_entry_info_s *pininfo)
{
int rc;
char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm;
const char *errtext = NULL;
int is_pin = 0;
+ int saveflag;
if (opt.batch)
return 0; /* fixme: we should return BAD PIN */
if (!pininfo || pininfo->max_length < 1)
return gpg_error (GPG_ERR_INV_VALUE);
if (!desc_text && pininfo->min_digits)
desc_text = _("Please enter your PIN, so that the secret key "
"can be unlocked for this session");
else if (!desc_text)
desc_text = _("Please enter your passphrase, so that the secret key "
"can be unlocked for this session");
if (prompt_text)
is_pin = !!strstr (prompt_text, "PIN");
else
is_pin = desc_text && strstr (desc_text, "PIN");
rc = start_pinentry (ctrl);
if (rc)
return rc;
snprintf (line, DIM(line)-1, "SETDESC %s", desc_text);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
snprintf (line, DIM(line)-1, "SETPROMPT %s",
prompt_text? prompt_text : is_pin? "PIN:" : "Passphrase:");
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
/* If a passphrase quality indicator has been requested and a
minimum passphrase length has not been disabled, send the command
to the pinentry. */
if (pininfo->with_qualitybar && opt.min_passphrase_len )
{
rc = setup_qualitybar ();
if (rc)
return unlock_pinentry (rc);
}
if (initial_errtext)
{
snprintf (line, DIM(line)-1, "SETERROR %s", initial_errtext);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
}
for (;pininfo->failed_tries < pininfo->max_tries; pininfo->failed_tries++)
{
memset (&parm, 0, sizeof parm);
parm.size = pininfo->max_length;
*pininfo->pin = 0; /* Reset the PIN. */
parm.buffer = (unsigned char*)pininfo->pin;
if (errtext)
{
/* TRANLATORS: The string is appended to an error message in
the pinentry. The %s is the actual error message, the
two %d give the current and maximum number of tries. */
snprintf (line, DIM(line)-1, _("SETERROR %s (try %d of %d)"),
errtext, pininfo->failed_tries+1, pininfo->max_tries);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
errtext = NULL;
}
+ saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
+ assuan_begin_confidential (entry_ctx);
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx, NULL, NULL);
+ assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
not to the code for a user cancel. Fix this here. */
if (rc && gpg_err_source (rc)
&& gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA)
errtext = is_pin? _("PIN too long")
: _("Passphrase too long");
else if (rc)
return unlock_pinentry (rc);
if (!errtext && pininfo->min_digits)
{
/* do some basic checks on the entered PIN. */
if (!all_digitsp (pininfo->pin))
errtext = _("Invalid characters in PIN");
else if (pininfo->max_digits
&& strlen (pininfo->pin) > pininfo->max_digits)
errtext = _("PIN too long");
else if (strlen (pininfo->pin) < pininfo->min_digits)
errtext = _("PIN too short");
}
if (!errtext && pininfo->check_cb)
{
/* More checks by utilizing the optional callback. */
pininfo->cb_errtext = NULL;
rc = pininfo->check_cb (pininfo);
if (rc == -1 && pininfo->cb_errtext)
errtext = pininfo->cb_errtext;
else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
|| gpg_err_code (rc) == GPG_ERR_BAD_PIN)
errtext = (is_pin? _("Bad PIN")
: _("Bad Passphrase"));
else if (rc)
return unlock_pinentry (rc);
}
if (!errtext)
return unlock_pinentry (0); /* okay, got a PIN or passphrase */
}
return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
: GPG_ERR_BAD_PASSPHRASE));
}
/* Ask for the passphrase using the supplied arguments. The returned
passphrase needs to be freed by the caller. */
int
agent_get_passphrase (ctrl_t ctrl,
char **retpass, const char *desc, const char *prompt,
const char *errtext, int with_qualitybar)
{
int rc;
char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm;
+ int saveflag;
*retpass = NULL;
if (opt.batch)
return gpg_error (GPG_ERR_BAD_PASSPHRASE);
rc = start_pinentry (ctrl);
if (rc)
return rc;
if (!prompt)
prompt = desc && strstr (desc, "PIN")? "PIN": _("Passphrase");
if (desc)
snprintf (line, DIM(line)-1, "SETDESC %s", desc);
else
snprintf (line, DIM(line)-1, "RESET");
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
snprintf (line, DIM(line)-1, "SETPROMPT %s", prompt);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
if (with_qualitybar && opt.min_passphrase_len)
{
rc = setup_qualitybar ();
if (rc)
return unlock_pinentry (rc);
}
if (errtext)
{
snprintf (line, DIM(line)-1, "SETERROR %s", errtext);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
}
memset (&parm, 0, sizeof parm);
parm.size = ASSUAN_LINELENGTH/2 - 5;
parm.buffer = gcry_malloc_secure (parm.size+10);
if (!parm.buffer)
return unlock_pinentry (out_of_core ());
+ saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx, NULL, NULL);
+ assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
not to the code for a user cancel. Fix this here. */
if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
if (rc)
xfree (parm.buffer);
else
*retpass = parm.buffer;
return unlock_pinentry (rc);
}
/* Pop up the PIN-entry, display the text and the prompt and ask the
user to confirm this. We return 0 for success, ie. the user
confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
other error. If WITH_CANCEL it true an extra cancel button is
displayed to allow the user to easily return a GPG_ERR_CANCELED.
if the Pinentry does not support this, the user can still cancel by
closing the Pinentry window. */
int
agent_get_confirmation (ctrl_t ctrl,
const char *desc, const char *ok,
const char *notok, int with_cancel)
{
int rc;
char line[ASSUAN_LINELENGTH];
rc = start_pinentry (ctrl);
if (rc)
return rc;
if (desc)
snprintf (line, DIM(line)-1, "SETDESC %s", desc);
else
snprintf (line, DIM(line)-1, "RESET");
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
not to the code for a user cancel. Fix this here. */
if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
if (rc)
return unlock_pinentry (rc);
if (ok)
{
snprintf (line, DIM(line)-1, "SETOK %s", ok);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx,
line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
}
if (notok)
{
/* Try to use the newer NOTOK feature if a cancel button is
requested. If no cancel button is requested we keep on using
the standard cancel. */
if (with_cancel)
{
snprintf (line, DIM(line)-1, "SETNOTOK %s", notok);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx,
line, NULL, NULL, NULL, NULL, NULL, NULL);
}
else
rc = GPG_ERR_ASS_UNKNOWN_CMD;
if (gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
{
snprintf (line, DIM(line)-1, "SETCANCEL %s", notok);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
}
if (rc)
return unlock_pinentry (rc);
}
rc = assuan_transact (entry_ctx, "CONFIRM",
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
return unlock_pinentry (rc);
}
/* Pop up the PINentry, display the text DESC and a button with the
text OK_BTN (which may be NULL to use the default of "OK") and waut
for the user to hit this button. The return value is not
relevant. */
int
agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn)
{
int rc;
char line[ASSUAN_LINELENGTH];
rc = start_pinentry (ctrl);
if (rc)
return rc;
if (desc)
snprintf (line, DIM(line)-1, "SETDESC %s", desc);
else
snprintf (line, DIM(line)-1, "RESET");
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
not to the code for a user cancel. Fix this here. */
if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
if (rc)
return unlock_pinentry (rc);
if (ok_btn)
{
snprintf (line, DIM(line)-1, "SETOK %s", ok_btn);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL,
NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
}
rc = assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL,
NULL, NULL, NULL);
if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
return unlock_pinentry (rc);
}
/* The thread running the popup message. */
static void *
popup_message_thread (void *arg)
{
(void)arg;
/* We use the --one-button hack instead of the MESSAGE command to
allow the use of old Pinentries. Those old Pinentries will then
show an additional Cancel button but that is mostly a visual
annoyance. */
assuan_transact (entry_ctx, "CONFIRM --one-button",
NULL, NULL, NULL, NULL, NULL, NULL);
popup_finished = 1;
return NULL;
}
/* Pop up a message window similar to the confirm one but keep it open
until agent_popup_message_stop has been called. It is crucial for
the caller to make sure that the stop function gets called as soon
as the message is not anymore required because the message is
system modal and all other attempts to use the pinentry will fail
(after a timeout). */
int
agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn)
{
int rc;
char line[ASSUAN_LINELENGTH];
pth_attr_t tattr;
rc = start_pinentry (ctrl);
if (rc)
return rc;
if (desc)
snprintf (line, DIM(line)-1, "SETDESC %s", desc);
else
snprintf (line, DIM(line)-1, "RESET");
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return unlock_pinentry (rc);
if (ok_btn)
{
snprintf (line, DIM(line)-1, "SETOK %s", ok_btn);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL,NULL,NULL,NULL,NULL,NULL);
if (rc)
return unlock_pinentry (rc);
}
tattr = pth_attr_new();
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 1);
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 256*1024);
pth_attr_set (tattr, PTH_ATTR_NAME, "popup-message");
popup_finished = 0;
popup_tid = pth_spawn (tattr, popup_message_thread, NULL);
if (!popup_tid)
{
rc = gpg_error_from_syserror ();
log_error ("error spawning popup message handler: %s\n",
strerror (errno) );
pth_attr_destroy (tattr);
return unlock_pinentry (rc);
}
pth_attr_destroy (tattr);
return 0;
}
/* Close a popup window. */
void
agent_popup_message_stop (ctrl_t ctrl)
{
int rc;
pid_t pid;
(void)ctrl;
if (!popup_tid || !entry_ctx)
{
log_debug ("agent_popup_message_stop called with no active popup\n");
return;
}
pid = assuan_get_pid (entry_ctx);
if (pid == (pid_t)(-1))
; /* No pid available can't send a kill. */
else if (popup_finished)
; /* Already finished and ready for joining. */
#ifdef HAVE_W32_SYSTEM
/* Older versions of assuan set PID to 0 on Windows to indicate an
invalid value. */
else if (pid != (pid_t) INVALID_HANDLE_VALUE
&& pid != 0)
{
HANDLE process = (HANDLE) pid;
/* Arbitrary error code. */
TerminateProcess (process, 1);
}
#else
else if (pid && ((rc=waitpid (pid, NULL, WNOHANG))==-1 || (rc == pid)) )
{ /* The daemon already died. No need to send a kill. However
because we already waited for the process, we need to tell
assuan that it should not wait again (done by
unlock_pinentry). */
if (rc == pid)
assuan_set_flag (entry_ctx, ASSUAN_NO_WAITPID, 1);
}
else if (pid > 0)
kill (pid, SIGKILL); /* Need to use SIGKILL due to bad
interaction of SIGINT with Pth. */
#endif
/* Now wait for the thread to terminate. */
rc = pth_join (popup_tid, NULL);
if (!rc)
log_debug ("agent_popup_message_stop: pth_join failed: %s\n",
strerror (errno));
popup_tid = NULL;
entry_owner = NULL;
/* Now we can close the connection. */
unlock_pinentry (0);
}
diff --git a/common/ChangeLog b/common/ChangeLog
index 9e6956370..b4c79e234 100644
--- a/common/ChangeLog
+++ b/common/ChangeLog
@@ -1,2076 +1,2080 @@
+2010-08-12 Werner Koch <wk@g10code.com>
+
+ * sysutils.c (gnupg_remove) [W32CE]: Fix returned error.
+
2010-08-09 Werner Koch <wk@g10code.com>
* logging.c (WITH_IPV6): New macro.
(parse_portno): New. From libassuan.
(fun_writer): Support TCP logging on all platforms.
(sock_close): New.
2010-08-06 Werner Koch <wk@g10code.com>
* homedir.c (dirmngr_socket_name) [W32CE]: Base on default homedir.
(gnupg_cachedir) [W32CE]: Drop drive letter.
* http.c (http_open_document): Rename to _http_open_document and
add arg ERRSOURCE. Pass ERRSOURCE to all called funcs.
(http_wait_response, http_open, http_parse_uri): Likewise.
(do_parse_uri, parse_response, store_header): Change to return an
gpg_err_code_t. Change callers.
(send_request): Add arg ERRSOURCE. Change callers.
* http.h (http_open_document, http_wait_response, http_open)
(http_parse_uri): Define as macro.
2010-08-05 Werner Koch <wk@g10code.com>
* estream.h (es_asprintf, es_vasprintf): Add lost prototyps.
* http.c: Require estream and make HTTP_USE_ESTREAM obsolete. It
make the code unreadable and we require estream anyway for GnuPG.
(http_wait_response): Get use of cookies right.
(send_request): s/xtryasprintf/es_asprintf/ to allow standalone
use of the code.
(insert_escapes, connect_server): s/sprintf/snprintf/.
(parse_response): s/my_read_line/es_read_line/.
(my_read_line): Remove.
(write_server): Use pth_write.
2010-07-26 Werner Koch <wk@g10code.com>
* estream.c (es_func_fp_write) [W32]: Write smaller chunks.
2010-07-25 Werner Koch <wk@g10code.com>
* argparse.c (initialize): Use ARGPARSE_PRINT_WARNING constant.
2010-07-24 Werner Koch <wk@g10code.com>
* estream.c (es_set_binary): New.
2010-07-19 Werner Koch <wk@g10code.com>
* utf8conv.c (utf8_to_wchar): s/malloc/jnlib_malloc/.
2010-07-16 Werner Koch <wk@g10code.com>
* http.h (HTTP_FLAG_IGNORE_CL): Add flag .
* http.c (WITHOUT_GNU_PTH): Test macro for Pth support.
(http_parse_uri): s/xcalloc/xtrycalloc/.
(send_request): Replace of discrete allocation and sprintf by
xtryasprintf.
(http_wait_response): Replace HTTP_FLAG_NO_SHUTDOWN by
HTTP_FLAG_SHUTDOWN to change the default to no shutdown.
(cookie_read) [HAVE_PTH]: Use pth_read.
(longcounter_t): New.
(struct cookie_s): Add support for content length. Turn flag
fields into bit types.
(parse_response): Parse content length header.
(cookie_read): Take care of the content length.
2010-07-08 Werner Koch <wk@g10code.com>
* estream.c (estream_functions_file): Remove and replace by
identical estream_functions_fd.
2010-07-06 Werner Koch <wk@g10code.com>
* util.h (b64state): Add field STREAM.
* b64enc.c (b64enc_start): Factor code out to ..
(enc_start): new.
(b64enc_start_es, my_fputs): New.
(b64enc_write, b64enc_finish): Support estream.
2010-06-24 Werner Koch <wk@g10code.com>
* asshelp.c (lock_agent_spawning) [W32]: Use CreateMutexW.
(start_new_gpg_agent): Use HANG option for gnupg_wait_progress.
Fixes regression from 2010-06-09.
2010-06-21 Werner Koch <wk@g10code.com>
* util.h (xfree_fnc): New.
2010-06-18 Werner Koch <wk@g10code.com>
* util.h (GPG_ERR_MISSING_KEY) [!GPG_ERR_MISSING_KEY]: New.
* sexputil.c (make_canon_sexp_pad): Add arg SECURE.
2010-06-17 Werner Koch <wk@g10code.com>
* sexputil.c (make_canon_sexp_pad): New.
2010-06-14 Werner Koch <wk@g10code.com>
* membuf.c (put_membuf): Add shortcut for !LEN.
2010-06-11 Marcus Brinkmann <marcus@g10code.de>
* sysutils.c (translate_sys2libc_fd): Revert last change.
(translate_sys2libc_fd_int): Revert last change.
2010-06-10 Marcus Brinkmann <marcus@g10code.de>
* sysutils.c (translate_sys2libc_fd) [HAVE_W32CE_SYSTEM]:
Implement.
(translate_sys2libc_fd_int) [HAVE_W32CE_SYSTEM]: Don't call
translate_sys2libc_fd.
* estream.c (_es_get_std_stream): Fix cut&paste bug.
2010-06-09 Werner Koch <wk@g10code.com>
* exechelp-posix.c, exechelp-w32.c
* exechelp-w32ce.c (gnupg_wait_process): Add new arg HANG. Change
all callers.
(gnupg_release_process): New. Use it after all calls to
gnupg_wait_process.
* util.h (GNUPG_MODULE_NAME_DIRMNGR_LDAP): New.
* homedir.c (gnupg_cachedir): New.
(w32_try_mkdir): New.
(dirmngr_socket_name): Change standard socket name.
(gnupg_module_name): Support GNUPG_MODULE_NAME_DIRMNGR_LDAP.
* logging.c (log_set_get_tid_callback): Replace by ...
(log_set_pid_suffix_cb): .. new.
(do_logv): Change accordingly.
2010-06-08 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
(t_common_ldadd): Add $(LIBASSUAN_LIBS).
* sysutils.c: Include <assuan.h>.
(translate_sys2libc_fd_int): Cast to silence gcc warning.
* iobuf.c: Include <assuan.h>
(translate_file_handle): Fix syntax error.
2010-06-08 Werner Koch <wk@g10code.com>
* iobuf.c (translate_file_handle) [W32CE]: Handle rendezvous ids.
2010-06-07 Werner Koch <wk@g10code.com>
* sysutils.c [W32CE]: Finish pipe creation.
* estream.c (es_fname_get, es_fname_set): New.
(fname_set_internal): New.
(struct estream_internal): Add fields printable_fname and
printable_fname_inuse.
(_es_get_std_stream): Set stream name.
(es_fopen, es_freopen, es_deinitialize): Set fname.
* exechelp-posix.c (gnupg_spawn_process): Allow passing INFILE or
OUTFILE as NULL.
* exechelp-w32.c (gnupg_spawn_process): Ditto.
* exechelp-w32ce.c (gnupg_spawn_process): Return an error for
INFILE or OUTFILE passed as NULL.
2010-06-01 Werner Koch <wk@g10code.com>
* logging.c (log_get_stream): Make sture a log stream is available.
2010-05-30 Werner Koch <wk@g10code.com>
* init.c (writestring_via_estream): New.
(init_common_subsystems): Register with argparse.
* argparse.c (argparse_register_outfnc): New.
(writestrings, flushstrings): New. Use them instead of stdout or
stderr based functions.
2010-05-04 Werner Koch <wk@g10code.com>
* estream.c (_es_get_std_stream): Re-use registered standard fds.
(IS_INVALID_FD, ESTREAM_SYS_YIELD): New.
(es_func_fd_read, es_func_fd_write, es_func_fd_seek)
(es_func_fd_destroy): Implement a dummy stream.
* exechelp-w32ce.c (build_w32_commandline): Add args FD0_ISNULL
and FD1_ISNULL. Remove arg PGMNAME. Change callers.
(gnupg_spawn_process_detached): Implement.
(gnupg_spawn_process_fd): Implement one special case for now.
2010-05-03 Werner Koch <wk@g10code.com>
* asshelp.c (lock_agent_spawning, unlock_agent_spawning): New.
(start_new_gpg_agent): Test for configured standard socket and
try to fire up the agent in this case.
* exechelp-posix.c (gnupg_wait_process): Do not log a message if
EXITCODE is given.
(gnupg_spawn_process_detached): Do not reuse PID for the second fork.
2010-04-26 Werner Koch <wk@g10code.com>
* utf8conv.c (load_libiconv) [W32CE]: No libiconv warning
* init.c (init_common_subsystems) [W32CE]: Register the sleep
function before es_init.
2010-04-20 Werner Koch <wk@g10code.com>
* estream.c (es_deinit): New.
(es_init_do): Install atexit handler to flush all streams.
* Makefile.am (common_sources): Add gettime.h.
2010-04-20 Marcus Brinkmann <marcus@g10code.de>
* logging.c (do_log_ignore_arg): New helper function.
(log_string): Use it to remove ugly volatile hack that causes gcc
warning.
(log_flush): Likewise.
* sysutils.c (gnupg_unsetenv) [!HAVE_W32CE_SYSTEM]: Return something.
(gnupg_setenv) [!HAVE_W32CE_SYSTEM]: Likewise.
* pka.c (get_pka_info): Solve strict aliasing rule violation.
* t-exechelp.c (test_close_all_fds): Use dummy variables to
silence gcc warning.
2010-04-15 Werner Koch <wk@g10code.com>
* util.h: Factor time related functions out to ...
* gettime.h: New.
(gnupg_copy_time): Move to ...
* gettime.c (gnupg_copy_time): New.
* sysutils.c (gnupg_setenv) [!W32CE]: Add missing return.
(gnupg_unsetenv) [!W32CE]: Add missing return.
2010-04-14 Werner Koch <wk@g10code.com>
* Makefile.am (noinst_LIBRARIES) [W32CE]: Exclude libsimple-pwquery.
* w32help.h (umask) [W32CE]: New.
* sysutils.c (_gnupg_isatty): New.
* util.h (gnupg_isatty): New.
* asshelp.c (setup_libassuan_logging): Read ASSUAN_DEBUG envvar.
(my_libassuan_log_handler): Use it.
* sysutils.c (_gnupg_getenv): Implement ASSUAN_DEBUG.
2010-04-08 Werner Koch <wk@g10code.com>
* w32help.h (_setmode, setmode) [W32CE]: Provide prototype and
macro.
2010-04-07 Werner Koch <wk@g10code.com>
* mischelp.c (timegm): Replace unsetenv/putenv by gnupg_unsetenv.
* sysutils.c: Include setenv.h.
(gnupg_setenv, gnupg_unsetenv): New.
2010-04-06 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_mkdir): New.
2010-03-29 Werner Koch <wk@g10code.com>
* init.c (sleep_on_exit): Change to 400ms.
2010-03-25 Werner Koch <wk@g10code.com>
* init.c (sleep_on_exit) [W32CE]: New.
(init_common_subsystems): Call it.
2010-03-24 Werner Koch <wk@g10code.com>
* stringhelp.c (change_slashes, compare_filenames): Replace
HAVE_DRIVE_LETTERS by HAVE_DOSISH_SYSTEM.
(make_basename, make_dirname): Detect backslashes and drive
letters separately.
* dotlock.c (make_dotlock, create_dotlock, release_dotlock): Use
LockFileEx and UnlockFileEx to support W32CE.
* ttyio.c (USE_W32_CONSOLE): Replace all _WIN32 by this.
(init_ttyfp) [W32CE]: Use stderr.
* iobuf.c (FD_FOR_STDIN, FD_FOR_STDOUT) [W32CE]: Use estream.
(translate_file_handle) [W32CE]: Remove handle translation.
2010-03-23 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_remove): New.
2010-03-22 Werner Koch <wk@g10code.com>
* exechelp-w32ce.c (build_w32_commandline): Replace by code from
libassuan.
(create_inheritable_pipe): Use _assuan_w32ce_prepare_pipe.
(build_w32_commandline_copy, do_create_pipe): Remove.
* exechelp-posix.c (gnupg_spawn_process): Change to use estream
also for INFILE and STATUSFILE.
* exechelp-w32.c (gnupg_spawn_process): Ditto.
2010-03-22 Werner Koch <wk@g10code.com>
* exechelp.c: Remove after factoring all code out to ...
* exechelp-posix.c, exechelp-w32.c, exechelp-w32ce.c: .. new.
* exechelp.c (create_inheritable_pipe_r)
(create_inheritable_pipe_w): Fold both into ...
(create_inheritable_pipe): .. New. Change callers to use this.
(gnupg_create_inbound_pipe, gnupg_create_outbound_pipe): Factor
code out to ...
(do_create_pipe): .. New.
* init.c (parse_std_file_handles): Change to use rendezvous ids.
2010-03-15 Werner Koch <wk@g10code.com>
* init.c (init_common_subsystems): Add args ARGCP and
ARGVP. Change all callers to provide them.
(parse_std_file_handles): New.
* t-sysutils.c (rewind) [W32CE]: Provide a replacement.
* Makefile.am (module_tests) [W32CE]: Don't build t-exechelp for now.
* sysutils.c (gnupg_allow_set_foregound_window) [W32CE]: Don't
call AllowSetForegroundWindow.
* logging.c (isatty) [W32CE]: New.
(fun_writer, set_file_fd): Use estream even for the internal error
messages.
(log_string, log_flush): Make DUMMY_ARG_PTR static.
2010-03-15 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment) [!HAVE_SETLOCALE]: Do not
define OLD_LC.
* http.c (connect_server) [!USE_DNS_SRV]: Mark SRVTAG unused.
* dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Mark args unused.
* pka.c (get_pka_info): Ditto.
* signal.c (pause_on_sigusr): Remove. It was used in ancient gpg
version with shared memory IPC. Last caller removed on 2006-04-18.
(do_block) [W32]: Mark arg unused.
* exechelp.c (w32_open_null): Use CreateFileW.
* init.c (init_common_subsystems): Add args ARGCP and ARGVP.
Change all callers to pass them.
* logging.c (S_IRGRP, S_IROTH, S_IWGRP, S_IWOTH) [W32]: New.
(fun_writer, set_file_fd) [W32]: Disable socket code.
* localename.c: Include gpg-error.h.
* util.h (GPG_ERR_NOT_ENABLED): Remove this temporary definition.
2010-03-12 Werner Koch <wk@g10code.com>
* status.h (STATUS_ENTER): New.
* ttyio.c (tty_fprintf): Change to use estream.
* miscellaneous.c (print_utf8_string): Rename to print_utf8_buffer
and change FP arg to an estream. Change all callers.
(print_utf8_string2): Ditto; new name is to print_utf8_buffer2.
2010-03-11 Werner Koch <wk@g10code.com>
* miscellaneous.c (print_string): Remove.
* estream.c (es_setvbuf): Fix parameter check.
(es_set_buffering): Allow a SIZE of 0.
* asshelp.c (setup_libassuan_logging, my_libassuan_log_handler): New.
* logging.c (do_logv): Add arg IGNORE_ARG_PTR. Change all callers.
(log_string): New.
(log_flush): New.
(set_file_fd): Simplify by using estreams es_stderr.
* estream.h (es_stdout, es_stderr, es_stdin): New.
2010-03-10 Werner Koch <wk@g10code.com>
* estream.c (es_func_fp_read, es_func_fp_write, es_func_fp_seek)
(es_func_fp_destroy): Allow a NULL FP to implement a dummy stream.
(do_fpopen): Ditto.
(es_vfprintf_unlocked): New.
(es_fprintf_unlocked): Make public.
(es_fputs_unlocked): New.
* logging.h: Replace FILE* by estream_t.
* logging.c: Remove USE_FUNWRITER cpp conditional because we now
use estream.
(my_funopen_hook_ret_t, my_funopen_hook_size_t): Replace by
ssize_t.
(log_get_stream): Change to return an estream_t.
(set_file_fd): Always close the log stream because it can't be
assigned to stderr or stdout directly. Use a dummy estream as
last resort log stream.
(log_test_fd, log_get_fd): Use es_fileno.
(log_get_stream): Assert that we have a log stream.
(do_logv): Use estream functions and lock the output.
2010-03-10 Werner Koch <wk@g10code.com>
* util.h: Replace jnlib path part by common.
(snprintf): Use the replacement macro on all platforms.
* Makefile.am (jnlib_sources): New.
(libcommon_a_SOURCES, libcommonpth_a_SOURCES): Add jnlib_sources.
(jnlib_tests): New.
(noinst_PROGRAMS, TESTS): Add jnlib_tests.
(t_common_ldadd): Remove libjnlib.a.
* README.jnlib, ChangeLog.jnlib, libjnlib-config.h, argparse.c
* argparse.h, dotlock.c, dotlock.h, dynload.h, logging.c
* logging.h, mischelp.c, mischelp.h, stringhelp.c, stringhelp.h
* strlist.c, strlist.h, types.h, utf8conv.c, utf8conv.h
* w32-afunix.c, w32-afunix.h, w32-reg.c, w32help.h, xmalloc.c
* xmalloc.h, t-stringhelp.c, t-support.c, t-support.h
* t-timestuff.c, t-w32-reg.c: Move from jnlib to here.
* init.c: Remove "estream.h".
* util.h: Include "estream.h".
* xasprintf.c, ttyio.c: Remove "estream-printf.h".
2010-03-08 Werner Koch <wk@g10code.com>
* exechelp.c [!HAVE_SIGNAL_H]: Do not include signal.h.
(DETACHED_PROCESS, CREATE_NEW_PROCESS_GROUP) [W32CE]: Provide stubs.
* iobuf.h (iobuf_ioctl_t): New. Use the new macros instead of the
hard wired values.
* iobuf.c (iobuf_append): Remove.
(iobuf_fdopen): Factor code out to ...
(do_iobuf_fdopen): ... new.
(iobuf_fdopen_nc): New.
(iobuf_open_fd_or_name): Implement using iobuf_fdopen_nc.
* iobuf.c (INVALID_FD): Replace by GNUPG_INVALID_FD.
(fp_or_fd_t): Replace by gnupg_fd_t.
(my_fileno): Replace by the FD2INT macro.
(FILEP_OR_FD_FOR_STDIN, FILEP_OR_FD_FOR_STDOUT): Rename to
FD_FOR_STDIN, FD_FOR_STDOUT.
(file_filter): Make full use of FD_FOR_STDIN.
(USE_SETMODE): Remove. Not needed without stdio.
(my_fopen_ro, my_fopen): Replace unneeded macros.
* iobuf.c [FILE_FILTER_USES_STDIO]: Remove all code. It has not
been used for a long time.
* exechelp.h: Include "estream.h".
* exechelp.c (gnupg_spawn_process): Change OUTFILE to an estream_t.
2010-03-02 Werner Koch <wk@g10code.com>
* estream.c, estream.h, estream-printf.c, estream-printf.h: Update
from libestream.
2010-03-01 Werner Koch <wk@g10code.com>
* signal.c [!HAVE_SIGNAL_H]: Don't include signal.h.
* iobuf.c (direct_open) [W32CE]: Make filename to wchar_t.
(iobuf_cancel) [W32CE]: Use DeleteFile.
* gettime.c (dump_isotime): Use "%s" to print "none".
* homedir.c (standard_homedir) [W32CE]: Use wchar_t to create the
directory.
(w32_rootdir) [W32CE]: Likewise.
* sysutils.c (translate_sys2libc_fd) [W32CE]: Add support.
(gnupg_tmpfile) [W32CE]: Ditto.
(_gnupg_getenv) [W32CE]: New.
* util.h (getpid, getenv) [W32CE]: New.
* i18n.c (i18n_switchto_utf8)
(i18n_switchback) [USE_SIMPLE_GETTEXT]: Use new function from
libgpg-error which supports proper restoring.
* sysutils.c (get_session_marker): Simplified by using gcrypt.
2009-12-08 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No
longer include these rules if not in maintainer mode.
2009-12-08 Werner Koch <wk@g10code.com>
* userids.h, userids.c: New.
(classify_user_id): Merged from similar fucntions in sm/ and g10/.
* dns-cert.c (get_dns_cert): Add support for ADNS.
2009-12-08 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD.
* asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing
argument in assuan_socket_connect invocation.
* iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function
declaration.
2009-12-07 Werner Koch <wk@g10code.com>
* pka.c (get_pka_info): Add support for ADNS.
* src.v (getsrv): Add support for ADNS.
* srv.c (getsrv): s/xrealloc/xtryrealloc/.
2009-12-04 Werner Koch <wk@g10code.com>
* Makefile.am (audit-events.h, status-codes.h): Create files in
the source dir. Fixes bug#1164.
2009-12-02 Werner Koch <wk@g10code.com>
* audit.c (proc_type_decrypt, proc_type_sign): Implemented.
(proc_type_verify): Print hash algo infos.
* audit.h (AUDIT_DATA_CIPHER_ALGO, AUDIT_BAD_DATA_CIPHER_ALSO)
(AUDIT_NEW_RECP, AUDIT_DECRYPTION_RESULT, AUDIT_RECP_RESULT)
(AUDIT_ATTR_HASH_ALGO, AUDIT_SIGNED_BY, AUDIT_SIGNING_DONE):
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
type to gpg_error_t.
2009-10-28 Werner Koch <wk@g10code.com>
* status.h (STATUS_MOUNTPOINT): New.
2009-10-16 Marcus Brinkmann <marcus@g10code.com>
* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
of LIBASSUAN_PTH_CFLAGS.
2009-10-13 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_kill_process): New.
2009-09-29 Werner Koch <wk@g10code.com>
* exechelp.c (create_inheritable_pipe): Rename to
create_inheritable_pipe_w.
(create_inheritable_pipe_r): New.
(gnupg_create_outbound_pipe): New.
* iobuf.h: Include "sysutils.h"
* iobuf.c (iobuf_open_fd_or_name): New.
(iobuf_get_fname_nonnull): New.
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
2009-09-03 Werner Koch <wk@g10code.com>
Update from libestream:
* estream-printf.c: Include stdint.h only if HAVE_STDINT_H is
defined.
* estream-printf.c: Remove all test code. Use macro DEBUG instead
of TEST for debugging.
* estream-printf.c (pr_float): Make buffer larger for silly high
numbers.
2009-08-11 David Shaw <dshaw@jabberwocky.com>
* ttyio.h, ttyio.c (tty_enable_completion): Some ifdefs around
HAVE_LIBREADLINE to allow building when readline isn't available.
2009-08-06 Werner Koch <wk@g10code.com>
* status.h (STATUS_INV_SGNR, STATUS_NO_SGNR): New.
* status.c (get_inv_recpsgnr_code): New.
2009-07-23 David Shaw <dshaw@jabberwocky.com>
* srv.c (getsrv): Fix type-punning warning.
2009-07-23 Werner Koch <wk@g10code.com>
* util.h (GPG_ERR_NOT_ENABLED): New.
* audit.h (enum): Add AUDIT_CRL_CHECK.
* audit.c (proc_type_verify): Show CRL check result.
2009-07-06 Werner Koch <wk@g10code.com>
* get-passphrase.c (struct agentargs): Add SESSION_ENV and remove
obsolete args.
(gnupg_prepare_get_passphrase): Ditto.
* session-env.c, session-env.h: New.
* t-session-env.c: New.
* Makefile.am (common_sources, module_tests): Add them.
* asshelp.h: Include "session-env.h"
* asshelp.c (send_one_option): Add arg PUTENV.
(send_pinentry_environment): Replace most args by SESSION_ENV and
rewrite fucntion.
(start_new_gpg_agent): Likewise.
* t-exechelp.c (test_close_all_fds): Remove debug code.
2009-07-01 Werner Koch <wk@g10code.com>
* sexputil.c (get_pk_algo_from_canon_sexp): New.
2009-06-29 Werner Koch <wk@g10code.com>
* estream.c (BUFFER_ROUND_TO_BLOCK): Remove unused macro.
(es_func_mem_write): Rewrite reallocation part.
* estream.c (es_write_sanitized_utf8_buffer): Typo typo fix.
2009-06-25 Werner Koch <wk@g10code.com>
* estream.c (es_write_sanitized_utf8_buffer): Typo fix.
2009-06-24 Werner Koch <wk@g10code.com>
* estream.c (es_read_line): In the malloc error case, set
MAX_LENGTH to 0 only if requested.
* xreadline.c (read_line): Ditto.
* estream.c (es_write_sanitized_utf8_buffer): Pass on error from
es_fputs.
* sexputil.c (get_rsa_pk_from_canon_sexp): Check for error after
the loop. Reported by Fabian Keil.
2009-06-22 Werner Koch <wk@g10code.com>
* estream.c (es_pth_read, es_pth_write) [W32]: New.
(ESTREAM_SYS_READ, ESTREAM_SYS_WRITE) [HAVE_PTH]: Use them.
2009-06-03 Werner Koch <wk@g10code.com>
* estream.c (es_convert_mode): Rewrite and support the "x" flag.
2009-05-28 David Shaw <dshaw@jabberwocky.com>
From 1.4:
* http.h, http.c (send_request) Pass in a STRLIST for additional
headers. Change all callers.
2009-05-27 David Shaw <dshaw@jabberwocky.com>
From 1.4:
* http.h, http.c (send_request): Pass in srvtag and make its
presence sufficient to turn the feature on.
(http_open): From here.
(http_document): And here.
* srv.c (getsrv): Raise maximum packet size to 2048, as PACKETSZ
is too small these days.
2009-05-22 Werner Koch <wk@g10code.com>
* ttyio.c (tty_cleanup_after_signal): New.
2009-05-19 Werner Koch <wk@g10code.com>
* simple-pwquery.c (agent_open): Use SUN_LEN
(JNLIB_NEED_AFLOCAL): Define and include mischelp.h.
2009-05-07 Werner Koch <wk@g10code.com>
* sexputil.c (get_rsa_pk_from_canon_sexp): New.
* t-sexputil.c (test_make_canon_sexp_from_rsa_pk): Extend the test.
2009-04-28 Werner Koch <wk@g10code.com>
* sexputil.c (make_canon_sexp_from_rsa_pk): New.
* t-sexputil.c (test_make_canon_sexp_from_rsa_pk): New.
2009-04-01 Werner Koch <wk@g10code.com>
* iobuf.c: Port David's changes from 1.4:
(fd_cache_invalidate): Pass return code from close back.
(direct_open, iobuf_ioctl): Check that return value.
(fd_cache_synchronize): New.
(iobuf_ioctl): Add new sub command 4 (fsync).
* iobuf.c (fd_cache_strcmp): New. Taken from 1.4.
(fd_cache_invalidate, fd_cache_close, fd_cache_open): Use it.
* exechelp.c (gnupg_spawn_process): Implement new flag bit 6.
* sysutils.c (gnupg_allow_set_foregound_window): Allow the use of
ASFW_ANY.
* membuf.c (put_membuf, get_membuf): Wipe memory on out of core.
2009-03-31 Werner Koch <wk@g10code.com>
* percent.c (percent_unescape, percent_plus_unescape): New.
(percent_plus_unescape_inplace, percent_unescape_inplace): New.
(do_plus_or_plain_unescape, count_unescape, do_unescape): New.
(do_unescape_inplace): New.
* t-percent.c (test_percent_plus_escape): Test percent_plus_unescape.
* get-passphrase.c, get-passphrase.h: New.
* Makefile.am (without_pth_sources): New.
2009-03-18 Werner Koch <wk@g10code.com>
* exechelp.c: Include sys/resource.h and sys/stat.h.
(get_max_open_fds): New.
(do_exec): Use it.
(get_all_open_fds): New.
(close_all_fds): New.
(do_exec): Use close_all_fds.
* t-exechelp.c: New.
2009-03-13 David Shaw <dshaw@jabberwocky.com>
* http.c (do_parse_uri): Properly handle IPv6 literal addresses as
per RFC-2732. Adapted from patch by Phil Pennock.
2009-03-12 Werner Koch <wk@g10code.com>
* gettime.c: Include i18n.h.
(dump_isotime): New.
2009-03-06 Werner Koch <wk@g10code.com>
* sexputil.c (make_canon_sexp): New.
2009-03-03 Werner Koch <wk@g10code.com>
* exechelp.c (do_exec): Make sure that /dev/null connected FDs are
not closed.
2009-01-19 Werner Koch <wk@g10code.com>
* audit.c (writeout_li): Translate a few more result strings.
Fixes bug#970.
* convert.c (hex2str): Fix optimization to append a nul character.
2008-12-05 Werner Koch <wk@g10code.com>
* percent.c, t-percent.c: New.
* exechelp.c (gnupg_spawn_process, gnupg_spawn_process_fd)
(gnupg_spawn_process_detached) [W32]: Remove debug output.
2008-11-20 Werner Koch <wk@g10code.com>
* audit.c (writeout_li): Translate OKTEXT.
2008-11-04 Werner Koch <wk@g10code.com>
* i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Adjust for changed
w32-gettext.c.
* homedir.c (gnupg_localedir): New.
2008-10-20 Werner Koch <wk@g10code.com>
* http.c (http_register_tls_callback) [!HTTP_USE_GNUTLS]: Mark
unused arg.
* localename.c (do_nl_locale_name): Ditto.
* audit.c (event2str): Silent gcc warning.
* sysutils.c (translate_sys2libc_fd): Mark unused arg.
(translate_sys2libc_fd_int): Ditto.
* iobuf.c (translate_file_handle): Ditto.
* asshelp.c (send_one_option): Ditto.
* exechelp.c (gnupg_spawn_process): Ditto.
* signal.c (got_usr_signal): Ditto
* estream.c (es_func_fd_create) [!W32]: Ditto.
(es_func_fp_create) [!W32]: Ditto.
(es_write_hexstring): Ditto.
(dummy_mutex_call_void, dummy_mutex_call_int) [HAVE_PTH]: New.
(ESTREAM_MUTEX_LOCK, ESTREAM_MUTEX_UNLOCK, ESTREAM_MUTEX_TRYLOCK)
(ESTREAM_MUTEX_INITIALIZE) [HAVE_PTH]: Use dummy calls so to mark
unused arg.
2008-10-19 Werner Koch <wk@g10code.com>
* estream-printf.c (estream_vsnprintf): Fix return value.
(check_snprintf): Add a new test.
(one_test) [W32]: Disable test.
2008-10-17 Werner Koch <wk@g10code.com>
* util.h (snprintf) [W32]: Redefine to estream_snprintf.
2008-09-03 Werner Koch <wk@g10code.com>
* convert.c (hex2str): New.
(hex2str_alloc): New.
* t-convert.c (test_hex2str): New.
2008-08-19 Werner Koch <wk@g10code.com>
* iobuf.c: Avoid passing a NULL (iobuf_t)->desc to the log
function. Should in general never be NULL, but well. Reported by
M. Heneka.
2008-06-26 Werner Koch <wk@g10code.com>
* estream.c (es_write_sanitized): Loose check for control
characters to better cope with utf-8. The range 0x80..0x9f is
nowadays not anymore accidently used for control charaters.
2008-06-25 Marcus Brinkmann <marcus@g10code.de>
Revert last three changes related to handle translation.
* sysutils.c:
(FD_TRANSLATE_MAX, fd_translate, fd_translate_len)
(translate_table_init, translate_table_lookup): Removed.
* iobuf.c (check_special_filename): Do not use
translate_table_lookup.
* sysutils.h (translate_table_init, translate_table_lookup):
Remove prototypes.
2008-06-19 Werner Koch <wk@g10code.com>
* sysutils.c: Remove <ctype.h>.
(fd_translate_max): Use macro for the size.
(translate_table_init): Protect read against EINTR and replace
isspace by spacep.
2008-06-18 Marcus Brinkmann <marcus@g10code.de>
* sysutils.c (TRANS_MAX): Bump up to 350 to be on the safe side.
* sysutils.h (translate_table_init, translate_table_lookup): New
prototypes.
* sysutils.c: Include <ctype.h>.
(FD_TRANSLATE_MAX): New macro.
(fd_translate, fd_translate_len): New static variables.
(translate_table_init, translate_table_lookup): New functions.
(translate_sys2libc_fd_int): Translate file descriptor.
* iobuf.c (check_special_filename): Translate handle values from
special filenames.
2008-06-16 Werner Koch <wk@g10code.com>
* homedir.c (w32_commondir): New.
(gnupg_sysconfdir): Use it.
2008-06-09 Werner Koch <wk@g10code.com>
* b64dec.c: New.
2008-06-05 Werner Koch <wk@g10code.com>
* util.h (gnupg_copy_time): Replace strcpy by memcpy.
2008-05-26 Werner Koch <wk@g10code.com>
* asshelp.c (send_one_option, send_pinentry_environment): use
xfree and xtrystrdup.
* i18n.c (i18n_switchto_utf8) [USE_SIMPLE_GETTEXT]: Return NULL.
* homedir.c (gnupg_module_name): Add
GNUPG_MODULE_NAME_CONNECT_AGENT and GNUPG_MODULE_NAME_GPGCONF.
2008-04-21 Werner Koch <wk@g10code.com>
* http.c (http_wait_response) [W32]: Use DuplicateHandle because
it is a socket.
(cookie_read) [W32]: Use recv in place of read.
2008-04-08 Werner Koch <wk@g10code.com>
* i18n.c (i18n_switchto_utf8, i18n_switchback)
[USE_SIMPLE_GETTEXT]: Implement.
2008-04-07 Werner Koch <wk@g10code.com>
* b64enc.c (b64enc_start): Detect PGP mode.
(b64enc_finish): Write PGP CRC.
* util.h (struct b64state): Add field CRC.
* t-b64.c: New.
* pka.c (get_pka_info): Use xtrymalloc and check result.
2008-03-25 Werner Koch <wk@g10code.com>
* localename.c: Strip all W32 code. Include w32help.h.
(gnupg_messages_locale_name) [W32]: Use the gettext_localename.
2008-03-17 Werner Koch <wk@g10code.com>
* iobuf.c (IOBUF_BUFFER_SIZE): Actually use this macro.
* simple-pwquery.c (agent_send_all_options): Fix last change.
2008-03-06 Werner Koch <wk@g10code.com>
* simple-pwquery.c (agent_send_all_options): Add support for
XAUTHORITY and PINENTRY_USER_DATA.
2008-02-15 Marcus Brinkmann <marcus@g10code.de>
* exechelp.c (gnupg_spawn_process_fd): Add flag DETACHED_PROCESS
unconditionally (required for all callers at the moment).
2008-02-14 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_allow_set_foregound_window): New.
(WINVER) [W32]: Define.
2008-01-31 Werner Koch <wk@g10code.com>
* audit.c (audit_print_result): Make sure that the output is
always UTF8.
2008-01-27 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_spawn_process): Add arg FLAGS and changed all
callers to pass 0 for it.
2007-12-13 Werner Koch <wk@g10code.com>
* sexputil.c (hash_algo_from_sigval): New.
* t-sexputil.c: New.
* Makefile.am (module_tests): Add it.
2007-12-11 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Allow using of old
gpg-agents not capabale of the xauthority and pinentry_user_data
options.
2007-12-04 Werner Koch <wk@g10code.com>
* Makefile.am (t_helpfile_LDADD, module_maint_tests): New.
* t-helpfile.c: New.
* helpfile.c: New.
* membuf.h (is_membuf_ready, MEMBUF_ZERO): New.
* localename.c: New. Taken from gettext with modifications as done
for GpgOL. Export one new function.
* util.h (gnupg_messages_locale_name, gnupg_get_help_string): Added.
* sysutils.c (gnupg_reopen_std): New. Taken from ../g10/gpg.c.
2007-11-27 Werner Koch <wk@g10code.com>
* Makefile.am (CLEANFILES): New.
* homedir.c (dirmngr_socket_name): Use CSIDL_WINDOWS.
2007-11-15 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Add args XAUTHORITY and
PINENTRY_USER_DATA.
(start_new_gpg_agent): Ditto.
2007-11-07 Werner Koch <wk@g10code.com>
* status.h: New.
* errors.h: Remove.
2007-11-05 Werner Koch <wk@g10code.com>
* audit.c, audit.h: New.
* Makefile.am: Add rules to build audit-events.h.
* exaudit.awk: New.
* mkstrtable.awk: New. Taken from libgpg-error.
2007-10-19 Werner Koch <wk@g10code.com>
* i18n.c (i18n_switchto_utf8, i18n_switchback): New.
2007-10-01 Werner Koch <wk@g10code.com>
* sysutils.h (FD2INT, INT2FD): New.
2007-09-21 Werner Koch <wk@g10code.com>
* homedir.c (default_homedir): Make registry work. Reported by
Marc Mutz.
2007-08-29 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_wait_process): Add arg EXITCODE. Changed all
callers.
(gnupg_create_inbound_pipe): New.
* util.h (GNUPG_MODULE_NAME_GPGSM, GNUPG_MODULE_NAME_GPG): New.
* homedir.c (gnupg_module_name): Add them
2007-08-28 Werner Koch <wk@g10code.com>
* gettime.c (check_isotime, add_isotime): New. Originally written
for DirMngr by me.
(add_days_to_isotime): New.
(date2jd, jd2date, days_per_month, days_per_year): New. Taken from
my ancient (1988) code used in Wedit (time2.c).
2007-08-27 Werner Koch <wk@g10code.com>
* util.h (GNUPG_MODULE_NAME_CHECK_PATTERN): New.
* homedir.c (gnupg_module_name): Add it.
* exechelp.c (w32_fd_or_null) [W32]: New.
(gnupg_spawn_process_fd): New.
(gnupg_wait_process) [W32]: Close the handle after if the process has
returned.
2007-08-22 Werner Koch <wk@g10code.com>
Updated estream from libestream.
* estream.c (mem_malloc, mem_realloc, mem_free): New. Use them
instead of the ES_MEM_foo.
* estream.c (estream_cookie_mem): Remove members DONT_FREE,
APPEND_ZERO, PTR and SIZE. Add MEMORY_LIMIT. Put GROW into a new
FLAGS struct.
(es_func_mem_create): Remove APPEND_ZERO, DONT_FREE, PTR and
SIZE. Add MEMORY_LIMIT.
(es_func_mem_write, es_func_mem_seek, es_func_mem_destroy): Revamp.
(es_open_memstream): Change API to just take a memory limit and a
mode argument. Rename to ..
(es_fopenmem): .. this.
(HAVE_W32_SYSTEM) [_WIN32]: Define if not defined.
(tmpfd) [W32]: Implement directly using the W32 API.
(es_fgets): Rewrite without using doreadline.
2007-08-21 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_tmpfile): New.
* t-sysutils.c: New.
* Makefile.am (module_tests): Add t-sysutils.
2007-08-20 Werner Koch <wk@g10code.com>
* exechelp.c [W32]: Redefine X_OK to F_OK.
2007-08-16 Werner Koch <wk@g10code.com>
* Makefile.am (t_convert_DEPENDENCIES): Remove
($(PROGRAMS)): Remove.
(t_common_ldadd): Use libcommon.a and not the macro.
2007-08-14 Werner Koch <wk@g10code.com>
* homedir.c (dirmngr_socket_name): New.
2007-08-07 Werner Koch <wk@g10code.com>
* tlv.c, tlv.h: Move from ../scd/.
* tlv.c (parse_sexp, parse_ber_header): Add ERRSOURCE arg and prefix
name with a _.
* tlv.h: Use macro to convey ERRSOURCE.
2007-08-02 Werner Koch <wk@g10code.com>
* gc-opt-flags.h: New.
2007-08-01 Werner Koch <wk@g10code.com>
* estream-printf.c (read_dummy_value): Removed as it is useless now.
(read_values): Remove check on !vaargs which is not anymore needed
and anyway not portable. Reported by Peter O'Gorman.
2007-07-16 Werner Koch <wk@g10code.com>
* estream.c (es_func_file_create): Clear NO_CLOSE flag.
2007-07-12 Werner Koch <wk@g10code.com>
* sysutils.h (gnupg_fd_t): New.
* sysutils.c (translate_sys2libc_fd): Use that type instead of int.
(translate_sys2libc_fd_int): New.
2007-07-09 Werner Koch <wk@g10code.com>
* t-gettime.c (test_isotime2epoch): Use time_t and not u32.
2007-07-05 Werner Koch <wk@g10code.com>
* t-gettime.c: New.
* gettime.c (isotime2epoch, epoch2isotime): New.
2007-07-04 Werner Koch <wk@g10code.com>
* estream.c (es_init_do): Do not throw an error if pth has already
been initialized.
2007-06-26 Werner Koch <wk@g10code.com>
* Makefile.am ($(PROGRAMS)): New.
* util.h (init_common_subsystems): Moved to ..
* init.h: .. New.
* util.h: Include init.h.
* homedir.c (standard_homedir): New.
(default_homedir) [W32]: Reimplemented in terms of
standard_homedir. Fixed memory leak.
2007-06-25 Werner Koch <wk@g10code.com>
* iobuf.c: Add more documentation and slighly restructured macro
defintion for better readability.
(FILEP_OR_FD): Rename to fp_or_fd_t.
(CLOSE_CACHE): Rename to close_cache_t.
* sysutils.c (translate_sys2libc_fd): New using the code from iobuf.c.
* iobuf.c: Include sysutils.h.
(iobuf_translate_file_handle): Remove.
(translate_file_handle): Use new function.
* estream-printf.c [TEST]: Header including fixes.
(do_format): Do not append a trailing Nul. This avoids spurious
Nuls in the es_printf output.
(estream_vsnprintf, estream_vasprintf): Take this in account.
* estream.h (struct es__stream): Change FLAGS to a bit structure.
(ES__FLAG_WRITING): Replace by a bit from FLAGS. * estream.c
(struct estream_internal): Rename FLAGS to MODEFLAGS so that they
are not confused with the estream flags.
(es_initialize, es_create): Add arg MODEFLAGS so that we can setup
the intial writemode. Changed all callers to pass them.
(es_convert_mode): Set O_BINARY.
(es_func_fd_create, es_func_fp_create, es_func_file_create) [W32]:
Call setmode if requested.
2007-06-24 Werner Koch <wk@g10code.com>
* estream.c (do_fpopen, es_fpopen, es_fpopen_nc): New.
(es_func_fp_create, es_func_fp_read, es_func_fp_write)
(es_func_fp_seek, es_func_fp_destroy): New.
2007-06-22 Werner Koch <wk@g10code.com>
* estream.c (es_fdopen): Factored code out to..
(do_fdopen): .. new.
(es_fdopen_nc): New.
(estream_cookie_fd): Add field NO_CLOSE.
(es_func_fd_create): Add arg NO_CLOSE and changed all callers.
(es_func_fd_destroy): Handle the new flag.
* homedir.c (gnupg_libexecdir) [W32]: Factor code out to ..
(w32_rootdir): .. new.
(gnupg_sysconfdir, gnupg_libdir, gnupg_datadir) [W32]: Return
name based on w32_rootdir().
2007-06-21 Werner Koch <wk@g10code.com>
* membuf.h (get_membuf_len): New.
* membuf.c (init_membuf_secure): Really allocate in secure memory.
(put_membuf_str): New.
* ttyio.c (tty_getf): New.
* util.h (ctrl_t): Declare it here.
* asshelp.c (start_new_gpg_agent): New. Based on code from
../sm/call-agent.c
2007-06-20 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_sleep): New.
* sysutils.h [W32]: Remove _sleep wrapper. Changed all callers to
use gnupg_sleep.
* exechelp.c (build_w32_commandline_copy): New.
(build_w32_commandline): Factored some code out to new function
and correctly process a PGMNAME with spaces.
(gnupg_spawn_process_detached) [W32]: Implement.
2007-06-14 Werner Koch <wk@g10code.com>
* simple-pwquery.h (MAP_SPWQ_ERROR_IMPL): New.
(SPWQ_NO_PIN_ENTRY): New.
* simple-pwquery.c (simple_pw_set_socket): New.
(agent_open): Use it if GPG_AGENT_INFO is not set.
(simple_pwquery): Extended to allow returning of otehyr error codes.
* util.h (GNUPG_MODULE_NAME_AGENT, GNUPG_MODULE_NAME_PINENTRY)
(GNUPG_MODULE_NAME_SCDAEMON, GNUPG_MODULE_NAME_DIRMNGR)
(GNUPG_MODULE_NAME_PROTECT_TOOL): New.
* homedir.c (gnupg_module_name): New.
(gnupg_bindir): New.
2007-06-12 Werner Koch <wk@g10code.com>
* homedir.c (gnupg_sysconfdir): New.
(gnupg_libexecdir): New. Taken from g10/misc.c:get_libexecdir.
(gnupg_datadir): New.
(gnupg_libdir): New.
* http.c (connect_server) [W32]: Do not call init_sockets if
HTTP_NO_WSASTARTUP is defined.
* init.c: New.
* estream.c (es_init_do): Init stream lock here because we can't
use a static initialization with W32pth.
2007-06-11 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Use libcommonstd macro.
2007-06-06 Werner Koch <wk@g10code.com>
* Makefile.am: Include am/cmacros.am.
* sysutils.h [W32]: Remove prototypes for the registry access.
* w32reg.c: Move to ../jnlib/w32-reg.c.
* i18n.c (i18n_init): New.
* simple-gettext.c: Remove.
* iobuf.c (iobuf_get_filelength): Rename SIZE to EXSIZE to silent
shadowing warning.
2007-06-04 Werner Koch <wk@g10code.com>
* http.c [W32]: Include unistd.h also in this case.
(write_server) [W32]: Fixed error code.
(init_sockets): Fixed syntax error.
(cookie_close): Replace close by sock_close macro.
* estream.c [w32]: Do not init Mutex.
* Makefile.am (common_sources) [USE_SNS_SRV]: Build srv.c only
when needed.
* ttyio.c (init_ttyfp) [W32]: Do not use TTYFP.
* util.h: Include ../jnlib/dynload.h.
* dynload.h: Move to ../jnlib.
2007-05-30 Werner Koch <wk@g10code.com>
* estream.c (MEM_FREE, MEM_ALLOC, MEM_REALLOC): Prefix with ES_ as
windows.h also has such definitions,
2007-05-15 Werner Koch <wk@g10code.com>
* util.h: Do not include gnulib's vasprintf. Redefine asprintf
and vasprintf.
* xasprintf.c (xasprintf, xtryasprintf): Use estream_vasprintf.
* estream-printf.h, estream-printf.c: New. Taken from current
libestream SVN.
* Makefile.am (common_sources): Add them.
2007-05-14 Werner Koch <wk@g10code.com>
* sexp-parse.h (smklen): New.
* sexputil.c: Include sexp-parse.h.
(make_simple_sexp_from_hexstr): Replace sprintf by smklen.
2007-05-07 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal): Protect SIG from being clobbered by
a faulty signal implementaion. Suggested by James Juran.
2007-04-25 Werner Koch <wk@g10code.com>
* i18n.h (ngettext): New.
* simple-gettext.c (ngettext): New.
2007-04-20 Werner Koch <wk@g10code.com>
* miscellaneous.c (my_gcry_logger, my_gcry_outofcore_handler):
Moved from gpg-agent to here.
(my_gcry_fatalerror_handler): new.
(setup_libgcrypt_logging): New.
2007-03-19 Werner Koch <wk@g10code.com>
* miscellaneous.c (print_hexstring): New.
* estream.c (es_fprintf_unlocked): New.
(es_write_sanitized): New.
(es_write_hexstring): New.
(es_write_sanitized_utf8_buffer) [GNUPG_MAJOR_VERSION]: New.
2007-03-09 David Shaw <dshaw@jabberwocky.com>
From STABLE-BRANCH-1-4
* http.c (do_parse_uri): Remove the hkp port 11371 detection. We
implement hkp in the keyserver handler, and the support here makes
it appear like a bad hkp request actually succeeded.
2007-01-31 Werner Koch <wk@g10code.com>
* Makefile.am (t_common_ldadd): Add LIBINCONV and LIBINTL.
2007-01-25 Werner Koch <wk@g10code.com>
* simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.
2006-12-13 David Shaw <dshaw@jabberwocky.com>
* Makefile.am (AM_CPPFLAGS): Include intl/ so we can reference the
built-in headers.
2006-11-23 Werner Koch <wk@g10code.com>
* http.c: Include i18n.h
2006-11-21 Werner Koch <wk@g10code.com>
* estream.c: Remove explicit Pth soft mapping diabling becuase it
is now done in config.h.
2006-11-15 Werner Koch <wk@g10code.com>
* estream.c: Disabled Pth soft mapping.
(my_funopen_hook_ret_t): New.
(print_fun_writer): Use it here.
* iobuf.c (fd_cache_close): Use %d instead of %p for debug output.
2006-11-03 Werner Koch <wk@g10code.com>
* Makefile.am (t_convert_DEPENDENCIES): Add libcommon. From
Gentoo.
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libcommon_a_CFLAGS): Add $(LIBASSUAN_CFLAGS).
(libsimple_pwquery_a_CFLAGS): New variable.
2006-10-20 Werner Koch <wk@g10code.com>
* convert.c (hex2bin): New.
2006-10-17 Werner Koch <wk@g10code.com>
* estream.c (struct estream_internal, es_initialize)
(es_deinitialize, print_fun_writer, es_print): New and modified
functions to avoid tempfiles for printf style printing.
* Makefile.am (libcommonpth_a_SOURCES): New. We now build a secon
version of the library with explicit Pth support.
* exechelp.c, estream.c: Make use of WITHOUT_GNU_PTH.
2006-10-08 Werner Koch <wk@g10code.com>
* gpgrlhelp.c: Trun all functions into dummies if readline is not
available.
2006-10-06 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
* util.h (GNUPG_GCC_A_SENTINEL): Defined for gcc >= 4.
2006-10-04 David Shaw <dshaw@jabberwocky.com>
* gpgrlhelp.c: readline requires stdio.h.
2006-10-04 Werner Koch <wk@g10code.com>
* membuf.c (init_membuf_secure): New.
(put_membuf): Make sure that ERRNO is set even if the underlying
malloc code does not work properly.
(get_membuf): Set ERRNO on error.
(get_membuf): Allow to pass LEN as NULL.
2006-10-02 Werner Koch <wk@g10code.com>
* iobuf.c (iobuf_unread): Removed. This code is not required.
Also removed the entire unget buffer stuff.
2006-09-27 Werner Koch <wk@g10code.com>
* util.h: Do not include strsep.h and strpbrk.h.
(isascii): Removed as it is now in jnlib.
* iobuf.c (pop_filter, underflow, iobuf_close): Free the unget
buffer.
2006-09-27 Florian Weimer <fweimer@bfk.de> (wk)
* iobuf.c (iobuf_unread): New.
2006-09-22 Werner Koch <wk@g10code.com>
* i18n.h: Changed license to an all permissive one.
* ttyio.c (tty_get): We need to use readline too. Added two more
hooks.
2006-09-21 Werner Koch <wk@g10code.com>
* ttyio.c (tty_private_set_rl_hooks): New.
(tty_enable_completion, tty_disable_completion): Use a hook to
enable readline support. Now always available.
(tty_cleanup_rl_after_signal): New.
* ttyio.h: Removed readline specific stuff. Included util.h.
* common-defs.h: New.
2006-09-15 Werner Koch <wk@g10code.com>
* convert.c: New.
(hexcolon2bin): New.
(bin2hex, bin2hexcolon, do_binhex): New.
* t-convert.c: New
2006-09-14 Werner Koch <wk@g10code.com>
* util.h (out_of_core): Use new gpg_error_from_syserror function.
* http.c (init_sockets): Changed it to require 2.2 unless it is
build within gnupg 1 where we require 1.1 (and not anymore allow
for 1.0).
2006-09-07 Werner Koch <wk@g10code.com>
* exechelp.c (gnupg_spawn_process): Factor out post fork code to ..
(do_exec): .. new function. Allow passing of -1 for the fds.
(gnupg_spawn_process): Terminate gcrypt's secure memory in the child.
(gnupg_spawn_process_detached): New.
2006-09-06 Werner Koch <wk@g10code.com>
* maperror.c: Removed.
* util.h (out_of_core): New.
2006-09-04 Werner Koch <wk@g10code.com>
* http.c (http_get_header): New.
(capitalize_header_name, store_header): New.
(parse_response): Store headers away.
(send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
* http.h: New flag HTTP_FLAG_NEED_HEADER.
2006-08-21 Werner Koch <wk@g10code.com>
* Makefile.am (libcommon_a_SOURCES): Added keyserver.h
* openpgpdefs.h: New. Stripped from ..g10/packet.h.
2006-08-16 Werner Koch <wk@g10code.com>
* keyserver.h: Moved from ../include to here.
* http.c: Include srv.h.
* srv.c, srv.h: New. Taken from GnuPG 1.4
2006-08-14 Werner Koch <wk@g10code.com>
* http.h (struct http_context_s): Moved to implementation.
* http.c (http_open): Changed call to return a context.
(http_open_document): Ditto.
(http_get_read_ptr, http_get_read_ptr, http_get_status_code): New.
(do_parse_uri): Replaced strlwr by straight code to ease
standalone use of this file.
(http_wait_response): Removed arg STATUS_CODE as it is available
through an accessor function. Adjusted caller.
(http_escape_string): New.
* estream.c (es_read_line): Renamed to ..
(doreadline): .. this. Changed all callers.
(es_read_line): New. This is theusual limited getline variabnt as
used at several places. Here taken and adjusted from xreadline.c
(es_free): New.
2006-08-11 Werner Koch <wk@g10code.com>
* http.c: Major internal changes to optionallly support GNUTLS and
ESTREAM.
(http_open): Move initialization of the stream ...
(send_request): .. here.
(http_register_tls_callback): New.
* estream.c (es_writen): Try to seek only is a seek function has
been registered.
2006-08-09 Werner Koch <wk@g10code.com>
* http.c, http.h: New. Taken from gnupg 1.4.5, merged with
changes done for the Dirmngr project (by g10 Code) and cleaned up
some stuff.
(make_header_line): New. Change all caller to make user of the new
* Makefile.am (libcommon_a_SOURCES): Added http.c and http.h.
2006-05-23 Werner Koch <wk@g10code.com>
* gettime.c (isotimestamp): New.
* ttyio.c (tty_get_ttyname): Posixly correct usage of ctermid.
* dns-cert.c: New. Taken from 1.4.3's util/cert.c.
* dns-cert.h: New.
2006-05-22 Werner Koch <wk@g10code.com>
* pka.c: New. Taked from 1.4.3.
* pka.h: New.
* Makefile.am: Added pka.
2006-05-19 Werner Koch <wk@g10code.com>
* yesno.c (answer_is_yes_no_default, answer_is_yes_no_quit):
Updated from 1.4.3.
(answer_is_okay_cancel): new. From 1.4.3.
* miscellaneous.c (match_multistr): New. Taken from 1.4.3.
* ttyio.c (tty_enable_completion, tty_disable_completion): New
dummy functions.
* ttyio.h: Add prototypes and stubs.
2006-04-19 Werner Koch <wk@g10code.com>
* iobuf.c (iobuf_get_fd): New. Taken from 1.4.3.
(iobuf_is_pipe_filename): New.
(pop_filter): Made static.
(iobuf_skip_rest): New. Orginal patch by Florian
Weimer. Added new argument PARTIAL.
(block_filter): Remove the old gpg indeterminate length mode.
(block_filter): Properly handle a partial body stream
that ends with a 5-byte length that happens to be zero.
(iobuf_set_block_mode, iobuf_in_block_mode): Removed as
superfluous.
(iobuf_get_filelength): New arg OVERFLOW.
(iobuf_get_filelength) [W32]: Use GetFileSizeEx if available
* miscellaneous.c (is_file_compressed): Take care of OVERFLOW.
2006-04-18 Werner Koch <wk@g10code.com>
* homedir.c (w32_shgetfolderpath): New. Taken from gpg 1.4.3.
(default_homedir): Use it.
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
* signal.c (get_signal_name): Check value of HAVE_DECL_SYS_SIGLIST
instead of just if it is defined.
2005-09-28 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
2005-07-04 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.h (simple_pwclear): New prototype.
* simple-pwquery.c (simple_pwclear): New function.
2005-06-15 Werner Koch <wk@g10code.com>
* miscellaneous.c (make_printable_string): Made P a void*.
* sexputil.c (keygrip_from_canon_sexp, cmp_simple_canon_sexp):
Fixed signed/unsigned pointer mismatch.
(make_simple_sexp_from_hexstr): Ditto. This is all too ugly; I
wonder why gcc-4's default is to warn about them and forcing us to
use cast the warning away.
* iobuf.c (block_filter): Ditto.
(iobuf_flush): Ditto.
(iobuf_read_line): Ditto.
(iobuf_read): Make BUFFER a void *.
(iobuf_write): Make BUFFER a const void *.
* ttyio.c (tty_print_utf8_string2): Ditto.
* estream.c (estream_cookie_mem): Make MEMORY unsigned char*.
(es_write): Make BUFFER a void *.
(es_writen): Ditto.
(es_func_fd_read, es_func_fd_write, es_func_mem_read)
(es_func_mem_write): Ditto.
(es_read, es_readn): Ditto.
(es_func_mem_write): Made MEMORY_NEW an unsigned char *.
* estream.h (es_cookie_read_function_t)
(es_cookie_write_function_t): Changed buffer arg to void*.
2005-06-03 Werner Koch <wk@g10code.com>
* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
(es_func_fd_read, es_func_fd_write): Protect against EINTR.
2005-06-01 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CPPFLAGS): Added.
* util.h: Add some includes for gnulib.
(ttyname, isascii): Define them inline.
* fseeko.c, ftello.c: Removed.
* strsep.c, mkdtemp.c: Removed.
* ttyname.c, isascii.c: Removed.
2005-05-31 Werner Koch <wk@g10code.com>
* dynload.h: s/__inline__/inline/.
2005-05-13 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal): Print the signal number if we can't
get a name for it.
(get_signal_name): Return NULL if no name is available. Fixed
conditional for sys_siglist to the correct one.
2005-04-17 Werner Koch <wk@g10code.com>
* sexputil.c (cmp_simple_canon_sexp): New.
(make_simple_sexp_from_hexstr): New.
2005-04-07 Werner Koch <wk@g10code.com>
* sexputil.c: New.
2005-04-11 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.c (simple_pwquery): Use spwq_secure_free.
2005-03-03 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Added PTH_CFLAGS. Noted by Kazu Yamamoto.
2005-02-25 Werner Koch <wk@g10code.com>
* xasprintf.c (xtryasprintf): New.
2005-01-26 Moritz Schulte <moritz@g10code.com>
* Makefile.am (libcommon_a_SOURCES): New source files: estream.c,
estream.h.
* estream.c, estream.h: New files.
2005-01-03 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Fixed changed from
2004-12-18; cut+paste error for lc-messages.
2004-12-21 Werner Koch <wk@g10code.com>
* simple-pwquery.c (agent_open) [W32]: Implement for W32.
(readline) [W32]: Use recv instead of read.
(writen) [W32]: Use send instead of write.
(my_stpcpy): Define a stpcpy replacement so that this file
continues to be self-contained.
(agent_send_all_options) [W32]: Don't call ttyname.
2004-12-21 Marcus Brinkmann <marcus@g10code.de>
* simple-pwquery.h (simple_query): Add prototype.
* simple-pwquery.c (simple_query): New function.
2004-12-21 Werner Koch <wk@g10code.com>
* signal.c (got_fatal_signal, got_usr_signal)
(got_fatal_signal) [DOSISH]: Don't build.
* simple-gettext.c: Include sysutils.h
* homedir.c: New. Use CSIDL_APPDATA for W32 as the default home
directory.
* Makefile.am (libcommon_a_SOURCES): Add it.
(EXTRA_DIST): Removed mkerror and mkerrtok.
2004-12-20 Werner Koch <wk@g10code.com>
* sysutils.h [W32]: Define sleep.
* util.h: Add prototype for mkdtemp.
* membuf.c (put_membuf): Wipe out buffer after a failed realloc.
2004-12-19 Werner Koch <wk@g10code.com>
* maperror.c (map_assuan_err_with_source): Oops, args were swapped.
2004-12-18 Werner Koch <wk@g10code.com>
* maperror.c (map_assuan_err): Renamed to ..
(map_assuan_err_with_source): .. this and add arg SOURCE.c
* asshelp.c (send_pinentry_environment, send_one_option): Add arg
ERRSOURCE.
2004-12-15 Werner Koch <wk@g10code.com>
* sysutils.h [W32]: Prototypes for registry functions.
* w32reg.c: Include sysutils.h
* simple-pwquery.c [W32]: Dummy code to allow a build.
* exechelp.c [W32]: Implemented for W32 .
* ttyname.c: New.
* asshelp.c (send_one_option): New.
(send_pinentry_environment): Cleaned up and made sure that empty
values are not send.
2004-12-07 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment) [W32]: Do not use ttyname.
2004-12-06 Werner Koch <wk@g10code.com>
* exechelp.h, exechelp.c: New. Based on code from ../sm/import.c.
2004-12-03 Werner Koch <wk@g10code.com>
* strsep.c: Fixed copyright comments.
2004-11-26 Werner Koch <wk@g10code.com>
* simple-gettext.c: New taken from gnupg 1.3.x
* simple-pwquery.c [_WIN32]: Include winsock2.h.
(agent_open): Disable it until we have our AF_UNIX implementation
ready.
* fseeko.c, ftello.c: Include sys/types for the sake of W32.
2004-11-23 Werner Koch <wk@g10code.com>
* b64enc.c: Include stdio.h and string.h
2004-08-18 Werner Koch <wk@g10code.de>
* simple-pwquery.c (simple_pwquery): Handle gpg-error style return
code for canceled.
2004-07-20 Werner Koch <wk@g10code.de>
* maperror.c: Removed header ksba.h. Not required anymore.
2004-06-14 Werner Koch <wk@gnupg.org>
* xreadline.c: New. Based on the iobuf_read_line function.
2004-05-12 Werner Koch <wk@gnupg.org>
* util.h (xtrycalloc_secure,xtrymalloc_secure): New.
2004-05-11 Werner Koch <wk@gnupg.org>
* sysutils.c (disable_core_dumps): Only set the current limit.
(enable_core_dumps): New.
2004-04-13 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (copy_and_escape): Relaxed quoting.
2004-04-05 Werner Koch <wk@gnupg.org>
* errors.h (STATUS_NEWSIG): New.
2004-03-11 Werner Koch <wk@gnupg.org>
* dynload.h [__MINGW32__]: Define RTLD_LAZY.
2004-03-09 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Map the Locale_Problem item.
2004-03-03 Werner Koch <wk@gnupg.org>
* asshelp.c, asshelp.h: New.
(send_pinentry_environment): New. Code taken from ../sm/call-agent.c.
2004-02-19 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (agent_open): Don't mangle INFOSTR.
2004-02-17 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (agent_open): Ignore an empty GPG_AGENT_INFO.
* errors.h: Added STATUS_IMPORT_OK.
2004-02-10 Werner Koch <wk@gnupg.org>
* b64enc.c: New. Based on code from ../sm/base64.c.
2004-01-30 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (libcommon_a_SOURCES): Add xasprintf.c.
* miscellaneous.c (xasprintf): Moved to ...
* xasprintf (xasprintf): ... here. New file.
This allows to use xasprintf without sucking in gpg-error.
2004-01-27 Werner Koch <wk@gnupg.org>
* sexp-parse.h: New; moved from../agent.
* util.h (xtoi_4): New.
2003-12-23 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Prepared for a new error code.
2003-12-17 Werner Koch <wk@gnupg.org>
* gettime.c (asctimestamp): Add a note on a non-avoidable gcc warning.
* util.h [!HAVE_VASPRINTF]: Add printf format attribute to the
replacement function.
* miscellaneous.c (xasprintf): New.
2003-11-14 Werner Koch <wk@gnupg.org>
* mkdtemp.c (mkdtemp): Use gcry_create_nonce.
* cryptmiss.c: Removed.
2003-11-13 Werner Koch <wk@gnupg.org>
* util.h (vasprintf): Also fixed the prototype.
* vasprintf.c (vasprintf): ARGS should not be a pointer. Fixed
segv on Solaris. Reported by Andrew J. Schorr.
2003-11-12 Werner Koch <wk@gnupg.org>
* maperror.c (map_ksba_err, map_gcry_err, map_kbx_err): Removed.
2003-10-31 Werner Koch <wk@gnupg.org>
* util.h (gnupg_isotime_t): New.
(gnupg_copy_time): New.
* gettime.c (gnupg_get_isotime): New.
2003-09-23 Werner Koch <wk@gnupg.org>
* iobuf.c (check_special_filename): Replaced is isdigit by digitp
to avoid passing negative values and potential locale problems.
Problem noted by Christian Biere.
* util.h (ascii_isspace): New.
2003-09-18 Werner Koch <wk@gnupg.org>
* ttyio.c (tty_fprintf): New.
(tty_print_string, tty_print_utf8_string2)
(tty_print_utf8_string): Made P argument const byte*.
2003-08-20 Marcus Brinkmann <marcus@g10code.de>
* maperror.c (map_ksba_err): Map -1. Use gpg_err_make to set
the error source.
2003-08-14 Timo Schulz <twoaday@freakmail.de>
* dynload.h. New. W32 wrapper around the dynload mechanism.
2003-07-15 Werner Koch <wk@gnupg.org>
* simple-pwquery.c, simple-pwquery.h: New; moved from ../agent.
* Makefile.am (libsimple_pwquery_a_LIBADD): New.
2003-06-25 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Directly map 0 to 0.
2003-06-17 Werner Koch <wk@gnupg.org>
* gettime.c (scan_isodatestr,add_days_to_timestamp,strtimevalue)
(strtimestamp,asctimestamp): New. Code taken from gnupg 1.3.2
mischelp.c.
* yesno.c: New. Code taken from gnupg 1.3.2 mischelp.c
* miscellaneous.c: New.
* util.h: Include utf8conf.h
2003-06-16 Werner Koch <wk@gnupg.org>
* gettime.c (make_timestamp): New.
* ttyio.c: New. Taken from gnupg 1.2.
* ttyio.h: Move from ../include.
2003-06-13 Werner Koch <wk@gnupg.org>
* util.h (seterr): Removed macro.
(xmalloc_secure,xcalloc_secure): New.
2003-06-11 Werner Koch <wk@gnupg.org>
* iobuf.c (iobuf_writebyte,iobuf_write): Return error code from
iobuf_flush.
(iobuf_writestr): Ditto.
2003-06-10 Werner Koch <wk@gnupg.org>
* iobuf.c, iobuf.h: New. Taken from current gnupg 1.3 CVS. Run
indent on it and adjusted error handling to libgpg-error style.
Replaced IOBUF by iobuf_t. Renamed malloc functions.
2003-06-04 Werner Koch <wk@gnupg.org>
* errors.h: Removed all error codes. We keep the status codes for
now.
* Makefile.am: Do not create errors.c anymore; remove it from the
sources.
* maperror.c: Don't include error.h. Change all error codes to
libgpg-error style.
(map_assuan_err): Changed to new Assuan error code convention.
(map_to_assuan_status): Likewise.
(map_gcry_err,map_kbx_err): Not needed. For now dummy functions.
* membuf.c, membuf.h: New. Code taken from ../sm/call-agent.h.
* Makefile.am: Added above.
2003-04-29 Werner Koch <wk@gnupg.org>
* util.h (fopencokokie): Removed prototype and struct.
* fopencookie.c: Removed.
* maperror.c: Use system assuan.h
2002-10-31 Neal H. Walfield <neal@g10code.de>
* isascii.c: New file.
* putc_unlocked.c: Likewise.
2002-10-28 Neal H. Walfield <neal@g10code.de>
* signal.c (caught_fatal_sig): Remove superfluous zero
initializer.
(caught_sigusr1): Likewise.
2002-09-04 Neal H. Walfield <neal@g10code.de>
* vasprintf.c (vasprintf) [va_copy]: Use va_copy.
[!va_copy && __va_copy]: Use __va_copy.
[!va_copy && !__va_copy]: Only now fall back to using memcpy.
2002-08-21 Werner Koch <wk@gnupg.org>
* errors.h: Added STATUS_IMPORT_PROBLEM.
2002-08-20 Werner Koch <wk@gnupg.org>
* vasprintf.c: Hack to handle NULL for %s.
2002-08-09 Werner Koch <wk@gnupg.org>
* signal.c: New. Taken from GnuPG 1.1.91.
2002-07-23 Werner Koch <wk@gnupg.org>
* util.h (_IO_cookie_io_functions_t): Fixed typo. Noted by
Richard Lefebvre.
2002-07-22 Werner Koch <wk@gnupg.org>
* fseeko.c, ftello.c: New.
2002-06-28 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map more errorcodes to Bad
Certificate.
2002-06-26 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map EOF to No_Data_Available.
2002-06-10 Werner Koch <wk@gnupg.org>
* errors.h (gnupg_error_token): Add new prototype.
(STATUS_ERROR): New.
* mkerrtok: New.
* Makefile.am: Use it to create the new error token function.
2002-06-04 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): Map Bad_CA_Certificate.
2002-05-23 Werner Koch <wk@gnupg.org>
* no-pth.c, Makefile.am: Removed.
2002-05-22 Werner Koch <wk@gnupg.org>
* mkdtemp.c: Replaced byte by unsigned char because it is no longer
defined in gcrypt.h.
2002-05-21 Werner Koch <wk@gnupg.org>
* maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors.
(map_ksba_err): Add a few mappings.
2002-05-14 Werner Koch <wk@gnupg.org>
* gettime.c: New.
2002-05-03 Werner Koch <wk@gnupg.org>
* errors.h: Added STARUS_EXPSIG and STATUS_EXPKEYSIG.
2002-04-15 Werner Koch <wk@gnupg.org>
* cryptmiss.c: New.
2002-02-14 Werner Koch <wk@gnupg.org>
* maperror.c: Add more assuan<->gnupg mappings.
2002-02-12 Werner Koch <wk@gnupg.org>
* fopencookie.c: Dummy function.
* vasprintf.c: New. Taken from binutils-2.9.1 and dropped all non
ANSI-C stuff. Merged with asprintf version.
* no-pth.c: New.
2002-01-23 Werner Koch <wk@gnupg.org>
* mkdtemp.c: Copied from gnupg-1.0.6c and changed to use libgcrypt.
2002-01-19 Werner Koch <wk@gnupg.org>
* sysutils.c: New. This is the misc.c file from gnupg 1.0.6 with
the OpenPGP stuff removed.
* sysutils.h: New.
2002-01-15 Werner Koch <wk@gnupg.org>
* maperror.c: Add mapping for Not_Trusted.
2002-01-11 Werner Koch <wk@gnupg.org>
* maperror.c (map_assuan_err): Codes for CRL
2002-01-08 Werner Koch <wk@gnupg.org>
* util.h (spacep): New.
2002-01-02 Werner Koch <wk@gnupg.org>
* maperror.c (map_to_assuan_status): New. Merged from ../agent
and ../sm.
2001-12-20 Werner Koch <wk@gnupg.org>
* maperror.c (map_gcry_err): Add some mappings.
2001-12-18 Werner Koch <wk@gnupg.org>
* Makefile.am (AM_CPPFLAGS): Include flags for gcrypt and ksba
2001-12-14 Werner Koch <wk@gnupg.org>
* util.h (digitp, hexdigitp): New ctype like macros.
(atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New.
Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
2009, 2010 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/common/sysutils.c b/common/sysutils.c
index 82d9959d8..b75c5e1e5 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -1,670 +1,670 @@
/* sysutils.c - system helpers
* Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004,
* 2007, 2008 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#ifdef WITHOUT_GNU_PTH /* Give the Makefile a chance to build without Pth. */
# undef HAVE_PTH
# undef USE_GNU_PTH
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#ifdef HAVE_STAT
# include <sys/stat.h>
#endif
#if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
# include <asm/sysinfo.h>
# include <asm/unistd.h>
#endif
#ifdef HAVE_SETRLIMIT
# include <time.h>
# include <sys/time.h>
# include <sys/resource.h>
#endif
#ifdef HAVE_W32_SYSTEM
# define WINVER 0x0500 /* Required for AllowSetForegroundWindow. */
# include <windows.h>
#endif
#ifdef HAVE_PTH
# include <pth.h>
#endif
#include <fcntl.h>
#include <assuan.h>
#include "setenv.h" /* Gnulib replacement. */
#include "util.h"
#include "i18n.h"
#include "sysutils.h"
#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
#if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
#warning using trap_unaligned
static int
setsysinfo(unsigned long op, void *buffer, unsigned long size,
int *start, void *arg, unsigned long flag)
{
return syscall(__NR_osf_setsysinfo, op, buffer, size, start, arg, flag);
}
void
trap_unaligned(void)
{
unsigned int buf[2];
buf[0] = SSIN_UACPROC;
buf[1] = UAC_SIGBUS | UAC_NOPRINT;
setsysinfo(SSI_NVPAIRS, buf, 1, 0, 0, 0);
}
#else
void
trap_unaligned(void)
{ /* dummy */
}
#endif
int
disable_core_dumps (void)
{
#ifdef HAVE_DOSISH_SYSTEM
return 0;
#else
# ifdef HAVE_SETRLIMIT
struct rlimit limit;
/* We only set the current limit unless we were not able to
retrieve the old value. */
if (getrlimit (RLIMIT_CORE, &limit))
limit.rlim_max = 0;
limit.rlim_cur = 0;
if( !setrlimit (RLIMIT_CORE, &limit) )
return 0;
if( errno != EINVAL && errno != ENOSYS )
log_fatal (_("can't disable core dumps: %s\n"), strerror(errno) );
#endif
return 1;
#endif
}
int
enable_core_dumps (void)
{
#ifdef HAVE_DOSISH_SYSTEM
return 0;
#else
# ifdef HAVE_SETRLIMIT
struct rlimit limit;
if (getrlimit (RLIMIT_CORE, &limit))
return 1;
limit.rlim_cur = limit.rlim_max;
setrlimit (RLIMIT_CORE, &limit);
return 1; /* We always return true because this function is
merely a debugging aid. */
# endif
return 1;
#endif
}
/* Return a string which is used as a kind of process ID. */
const byte *
get_session_marker (size_t *rlen)
{
static byte marker[SIZEOF_UNSIGNED_LONG*2];
static int initialized;
if (!initialized)
{
gcry_create_nonce (marker, sizeof marker);
initialized = 1;
}
*rlen = sizeof (marker);
return marker;
}
#if 0 /* not yet needed - Note that this will require inclusion of
cmacros.am in Makefile.am */
int
check_permissions(const char *path,int extension,int checkonly)
{
#if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
char *tmppath;
struct stat statbuf;
int ret=1;
int isdir=0;
if(opt.no_perm_warn)
return 0;
if(extension && path[0]!=DIRSEP_C)
{
if(strchr(path,DIRSEP_C))
tmppath=make_filename(path,NULL);
else
tmppath=make_filename(GNUPG_LIBDIR,path,NULL);
}
else
tmppath=m_strdup(path);
/* It's okay if the file doesn't exist */
if(stat(tmppath,&statbuf)!=0)
{
ret=0;
goto end;
}
isdir=S_ISDIR(statbuf.st_mode);
/* Per-user files must be owned by the user. Extensions must be
owned by the user or root. */
if((!extension && statbuf.st_uid != getuid()) ||
(extension && statbuf.st_uid!=0 && statbuf.st_uid!=getuid()))
{
if(!checkonly)
log_info(_("Warning: unsafe ownership on %s \"%s\"\n"),
isdir?"directory":extension?"extension":"file",path);
goto end;
}
/* This works for both directories and files - basically, we don't
care what the owner permissions are, so long as the group and
other permissions are 0 for per-user files, and non-writable for
extensions. */
if((extension && (statbuf.st_mode & (S_IWGRP|S_IWOTH)) !=0) ||
(!extension && (statbuf.st_mode & (S_IRWXG|S_IRWXO)) != 0))
{
char *dir;
/* However, if the directory the directory/file is in is owned
by the user and is 700, then this is not a problem.
Theoretically, we could walk this test up to the root
directory /, but for the sake of sanity, I'm stopping at one
level down. */
dir= make_dirname (tmppath);
if(stat(dir,&statbuf)==0 && statbuf.st_uid==getuid() &&
S_ISDIR(statbuf.st_mode) && (statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
{
xfree (dir);
ret=0;
goto end;
}
m_free(dir);
if(!checkonly)
log_info(_("Warning: unsafe permissions on %s \"%s\"\n"),
isdir?"directory":extension?"extension":"file",path);
goto end;
}
ret=0;
end:
m_free(tmppath);
return ret;
#endif /* HAVE_STAT && !HAVE_DOSISH_SYSTEM */
return 0;
}
#endif
/* Wrapper around the usual sleep fucntion. This one won't wake up
before the sleep time has really elapsed. When build with Pth it
merely calls pth_sleep and thus suspends only the current
thread. */
void
gnupg_sleep (unsigned int seconds)
{
#ifdef HAVE_PTH
/* With Pth we force a regular sleep for seconds == 0 so that also
the process will give up its timeslot. */
if (!seconds)
{
# ifdef HAVE_W32_SYSTEM
Sleep (0);
# else
sleep (0);
# endif
}
pth_sleep (seconds);
#else
/* Fixme: make sure that a sleep won't wake up to early. */
# ifdef HAVE_W32_SYSTEM
Sleep (seconds*1000);
# else
sleep (seconds);
# endif
#endif
}
/* This function is a NOP for POSIX systems but required under Windows
as the file handles as returned by OS calls (like CreateFile) are
different from the libc file descriptors (like open). This function
translates system file handles to libc file handles. FOR_WRITE
gives the direction of the handle. */
int
translate_sys2libc_fd (gnupg_fd_t fd, int for_write)
{
#if defined(HAVE_W32CE_SYSTEM)
(void)for_write;
return (int) fd;
#elif defined(HAVE_W32_SYSTEM)
int x;
if (fd == GNUPG_INVALID_FD)
return -1;
/* Note that _open_osfhandle is currently defined to take and return
a long. */
x = _open_osfhandle ((long)fd, for_write ? 1 : 0);
if (x == -1)
log_error ("failed to translate osfhandle %p\n", (void *) fd);
return x;
#else /*!HAVE_W32_SYSTEM */
(void)for_write;
return fd;
#endif
}
/* This is the same as translate_sys2libc_fd but takes an integer
which is assumed to be such an system handle. On WindowsCE the
passed FD is a rendezvous ID and the function finishes the pipe
creation. */
int
translate_sys2libc_fd_int (int fd, int for_write)
{
#if HAVE_W32CE_SYSTEM
fd = (int) _assuan_w32ce_finish_pipe (fd, for_write);
return translate_sys2libc_fd ((void*)fd, for_write);
#elif HAVE_W32_SYSTEM
if (fd <= 2)
return fd; /* Do not do this for error, stdin, stdout, stderr. */
return translate_sys2libc_fd ((void*)fd, for_write);
#else
(void)for_write;
return fd;
#endif
}
/* Replacement for tmpfile(). This is required because the tmpfile
function of Windows' runtime library is broken, insecure, ignores
TMPDIR and so on. In addition we create a file with an inheritable
handle. */
FILE *
gnupg_tmpfile (void)
{
#ifdef HAVE_W32_SYSTEM
int attempts, n;
#ifdef HAVE_W32CE_SYSTEM
wchar_t buffer[MAX_PATH+7+12+1];
# define mystrlen(a) wcslen (a)
wchar_t *name, *p;
#else
char buffer[MAX_PATH+7+12+1];
# define mystrlen(a) strlen (a)
char *name, *p;
#endif
HANDLE file;
int pid = GetCurrentProcessId ();
unsigned int value;
int i;
SECURITY_ATTRIBUTES sec_attr;
memset (&sec_attr, 0, sizeof sec_attr );
sec_attr.nLength = sizeof sec_attr;
sec_attr.bInheritHandle = TRUE;
n = GetTempPath (MAX_PATH+1, buffer);
if (!n || n > MAX_PATH || mystrlen (buffer) > MAX_PATH)
{
gpg_err_set_errno (ENOENT);
return NULL;
}
p = buffer + mystrlen (buffer);
#ifdef HAVE_W32CE_SYSTEM
wcscpy (p, L"_gnupg");
p += 7;
#else
p = stpcpy (p, "_gnupg");
#endif
/* We try to create the directory but don't care about an error as
it may already exist and the CreateFile would throw an error
anyway. */
CreateDirectory (buffer, NULL);
*p++ = '\\';
name = p;
for (attempts=0; attempts < 10; attempts++)
{
p = name;
value = (GetTickCount () ^ ((pid<<16) & 0xffff0000));
for (i=0; i < 8; i++)
{
*p++ = tohex (((value >> 28) & 0x0f));
value <<= 4;
}
#ifdef HAVE_W32CE_SYSTEM
wcscpy (p, L".tmp");
#else
strcpy (p, ".tmp");
#endif
file = CreateFile (buffer,
GENERIC_READ | GENERIC_WRITE,
0,
&sec_attr,
CREATE_NEW,
FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE,
NULL);
if (file != INVALID_HANDLE_VALUE)
{
FILE *fp;
#ifdef HAVE_W32CE_SYSTEM
int fd = (int)file;
fp = _wfdopen (fd, L"w+b");
#else
int fd = _open_osfhandle ((long)file, 0);
if (fd == -1)
{
CloseHandle (file);
return NULL;
}
fp = fdopen (fd, "w+b");
#endif
if (!fp)
{
int save = errno;
close (fd);
gpg_err_set_errno (save);
return NULL;
}
return fp;
}
Sleep (1); /* One ms as this is the granularity of GetTickCount. */
}
gpg_err_set_errno (ENOENT);
return NULL;
#undef mystrlen
#else /*!HAVE_W32_SYSTEM*/
return tmpfile ();
#endif /*!HAVE_W32_SYSTEM*/
}
/* Make sure that the standard file descriptors are opened. Obviously
some folks close them before an exec and the next file we open will
get one of them assigned and thus any output (i.e. diagnostics) end
up in that file (e.g. the trustdb). Not actually a gpg problem as
this will hapen with almost all utilities when called in a wrong
way. However we try to minimize the damage here and raise
awareness of the problem.
Must be called before we open any files! */
void
gnupg_reopen_std (const char *pgmname)
{
#if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM)
struct stat statbuf;
int did_stdin = 0;
int did_stdout = 0;
int did_stderr = 0;
FILE *complain;
if (fstat (STDIN_FILENO, &statbuf) == -1 && errno ==EBADF)
{
if (open ("/dev/null",O_RDONLY) == STDIN_FILENO)
did_stdin = 1;
else
did_stdin = 2;
}
if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF)
{
if (open ("/dev/null",O_WRONLY) == STDOUT_FILENO)
did_stdout = 1;
else
did_stdout = 2;
}
if (fstat (STDERR_FILENO, &statbuf)==-1 && errno==EBADF)
{
if (open ("/dev/null", O_WRONLY) == STDERR_FILENO)
did_stderr = 1;
else
did_stderr = 2;
}
/* It's hard to log this sort of thing since the filehandle we would
complain to may be closed... */
if (!did_stderr)
complain = stderr;
else if (!did_stdout)
complain = stdout;
else
complain = NULL;
if (complain)
{
if (did_stdin == 1)
fprintf (complain, "%s: WARNING: standard input reopened\n", pgmname);
if (did_stdout == 1)
fprintf (complain, "%s: WARNING: standard output reopened\n", pgmname);
if (did_stderr == 1)
fprintf (complain, "%s: WARNING: standard error reopened\n", pgmname);
if (did_stdin == 2 || did_stdout == 2 || did_stderr == 2)
fprintf(complain,"%s: fatal: unable to reopen standard input,"
" output, or error\n", pgmname);
}
if (did_stdin == 2 || did_stdout == 2 || did_stderr == 2)
exit (3);
#else /* !(HAVE_STAT && !HAVE_W32_SYSTEM) */
(void)pgmname;
#endif
}
/* Hack required for Windows. */
void
gnupg_allow_set_foregound_window (pid_t pid)
{
if (!pid)
log_info ("%s called with invalid pid %lu\n",
"gnupg_allow_set_foregound_window", (unsigned long)pid);
#if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
else if (!AllowSetForegroundWindow ((pid_t)pid == (pid_t)(-1)?ASFW_ANY:pid))
log_info ("AllowSetForegroundWindow(%lu) failed: %s\n",
(unsigned long)pid, w32_strerror (-1));
#endif
}
int
gnupg_remove (const char *fname)
{
#ifdef HAVE_W32CE_SYSTEM
int rc;
wchar_t *wfname;
wfname = utf8_to_wchar (fname);
if (!wfname)
rc = 0;
else
{
rc = DeleteFile (wfname);
xfree (wfname);
}
if (!rc)
- gpg_err_set_errno (EIO);
- return !rc;
+ return -1; /* ERRNO is automagically provided by gpg-error.h. */
+ return 0;
#else
return remove (fname);
#endif
}
/* A wrapper around mkdir which takes a string for the mode argument.
This makes it easier to handle the mode argument which is not
defined on all systems. The format of the modestring is
"-rwxrwxrwx"
'-' is a don't care or not set. 'r', 'w', 'x' are read allowed,
write allowed, execution allowed with the first group for the user,
the second for the group and the third for all others. If the
string is shorter than above the missing mode characters are meant
to be not set. */
int
gnupg_mkdir (const char *name, const char *modestr)
{
#ifdef HAVE_W32CE_SYSTEM
wchar_t *wname;
(void)modestr;
wname = utf8_to_wchar (name);
if (!wname)
return -1;
if (!CreateDirectoryW (wname, NULL))
{
xfree (wname);
return -1; /* ERRNO is automagically provided by gpg-error.h. */
}
xfree (wname);
return 0;
#elif MKDIR_TAKES_ONE_ARG
(void)modestr;
/* Note: In the case of W32 we better use CreateDirectory and try to
set appropriate permissions. However using mkdir is easier
because this sets ERRNO. */
return mkdir (name);
#else
mode_t mode = 0;
if (modestr && *modestr)
{
modestr++;
if (*modestr && *modestr++ == 'r')
mode |= S_IRUSR;
if (*modestr && *modestr++ == 'w')
mode |= S_IWUSR;
if (*modestr && *modestr++ == 'x')
mode |= S_IXUSR;
if (*modestr && *modestr++ == 'r')
mode |= S_IRGRP;
if (*modestr && *modestr++ == 'w')
mode |= S_IWGRP;
if (*modestr && *modestr++ == 'x')
mode |= S_IXGRP;
if (*modestr && *modestr++ == 'r')
mode |= S_IROTH;
if (*modestr && *modestr++ == 'w')
mode |= S_IWOTH;
if (*modestr && *modestr++ == 'x')
mode |= S_IXOTH;
}
return mkdir (name, mode);
#endif
}
int
gnupg_setenv (const char *name, const char *value, int overwrite)
{
#ifdef HAVE_W32CE_SYSTEM
(void)name;
(void)value;
(void)overwrite;
return 0;
#else
return setenv (name, value, overwrite);
#endif
}
int
gnupg_unsetenv (const char *name)
{
#ifdef HAVE_W32CE_SYSTEM
(void)name;
return 0;
#else
# ifdef HAVE_UNSETENV
return unsetenv (name);
# else
return putenv (name);
# endif
#endif
}
#ifdef HAVE_W32CE_SYSTEM
/* There is a isatty function declaration in cegcc but it does not
make sense, thus we redefine it. */
int
_gnupg_isatty (int fd)
{
(void)fd;
return 0;
}
#endif
#ifdef HAVE_W32CE_SYSTEM
/* Replacement for getenv which takes care of the our use of getenv.
The code is not thread safe but we expect it to work in all cases
because it is called for the first time early enough. */
char *
_gnupg_getenv (const char *name)
{
static int initialized;
static char *assuan_debug;
if (!initialized)
{
assuan_debug = read_w32_registry_string (NULL,
"\\Software\\GNU\\libassuan",
"debug");
initialized = 1;
}
if (!strcmp (name, "ASSUAN_DEBUG"))
return assuan_debug;
else
return NULL;
}
#endif /*HAVE_W32CE_SYSTEM*/
diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog
index 737ff35fa..8f861c6a0 100644
--- a/dirmngr/ChangeLog
+++ b/dirmngr/ChangeLog
@@ -1,1448 +1,1457 @@
+2010-08-12 Werner Koch <wk@g10code.com>
+
+ * crlcache.c (update_dir, crl_cache_insert): s/unlink/gnupg_remove/.
+
+ * dirmngr.c (dirmngr_sighup_action): New.
+
+ * server.c (cmd_killdirmngr, cmd_reloaddirmngr): New.
+ (struct server_local_s): Add field STOPME.
+ (start_command_handler): Act on STOPME.
+
2010-08-06 Werner Koch <wk@g10code.com>
* dirmngr.c (JNLIB_NEED_AFLOCAL): Define macro.
(main): Use SUN_LEN macro.
(main) [W32]: Allow EEXIST in addition to EADDRINUSE.
- (JNLIB_NEED_AFLOCAL):
2010-08-05 Werner Koch <wk@g10code.com>
* server.c (set_error, leave_cmd): New.
(cmd_validate, cmd_ldapserver, cmd_isvalid, cmd_checkcrl)
(cmd_checkocsp, cmd_lookup, cmd_listcrls, cmd_cachecert): Use
leave_cmd.
(cmd_getinfo): New.
(data_line_cookie_write, data_line_cookie_close): New.
(cmd_listcrls): Replace assuan_get_data_fp by es_fopencookie.
* misc.c (create_estream_ksba_reader, my_estream_ksba_reader_cb): New.
* certcache.c (load_certs_from_dir): Use create_estream_ksba_reader.
* crlcache.c (crl_cache_load): Ditto.
2010-08-03 Werner Koch <wk@g10code.com>
* dirmngr_ldap.c (pth_enter, pth_leave) [USE_LDAPWRAPPER]: Turn
into functions for use in a 'for' control stmt.
2010-07-26 Werner Koch <wk@g10code.com>
* dirmngr_ldap.c (print_ldap_entries): Remove special fwrite case
for W32 because that is now handles by estream.
2010-07-25 Werner Koch <wk@g10code.com>
* Makefile.am (dirmngr_SOURCES) [!USE_LDAPWRAPPER]: Build
ldap-wrapper-ce.
* ldap-wrapper-ce.c: New.
* dirmngr_ldap.c (opt): Remove global variable ...
(my_opt_t): ... and declare a type instead.
(main): Define a MY_OPT variable and change all references to OPT
to this.
(set_timeout, print_ldap_entries, fetch_ldap, process_url): Pass
MYOPT arg.
2010-07-24 Werner Koch <wk@g10code.com>
* dirmngr_ldap.c (main): Init common subsystems. Call
es_set_binary.
2010-07-19 Werner Koch <wk@g10code.com>
* dirmngr.c: Include ldap-wrapper.h.
(launch_reaper_thread): Move code to ...
* ldap-wrapper.c (ldap_wrapper_launch_thread): .. here. Change
callers.
(ldap_wrapper_thread): Rename to ...
(wrapper_thread): this and make local.
* ldap.c (destroy_wrapper, print_log_line)
(read_log_data, ldap_wrapper_thread)
(ldap_wrapper_wait_connections, ldap_wrapper_release_context)
(ldap_wrapper_connection_cleanup, reader_callback, ldap_wrapper):
Factor code out to ...
* ldap-wrapper.c: new.
(ldap_wrapper): Make public.
(read_buffer): Copy from ldap.c.
* ldap-wrapper.h: New.
* Makefile.am (dirmngr_SOURCES): Add new files.
2010-07-16 Werner Koch <wk@g10code.com>
* http.c, http.h: Remove.
* dirmngr-err.h: New.
* dirmngr.h: Include dirmngr-err.h instead of gpg-error.h
* cdblib.c: Replace assignments to ERRNO by a call to
gpg_err_set_errno. Include dirmngr-err.h.
(cdb_free) [__MINGW32CE__]: Do not use get_osfhandle.
* dirmngr.c [!HAVE_SIGNAL_H]: Don't include signal.h.
(USE_W32_SERVICE): New. Use this to control the use of the W32
service system.
2010-07-06 Werner Koch <wk@g10code.com>
* dirmngr.c (main): Print note on directory name changes.
Replace almost all uses of stdio by estream.
* b64dec.c, b64enc.c: Remove. They are duplicated in ../common/.
2010-06-28 Werner Koch <wk@g10code.com>
* dirmngr_ldap.c (my_i18n_init): Remove.
(main): Call i18n_init instead of above function.
* dirmngr-client.c (my_i18n_init): Remove.
(main): Call i18n_init instead of above function.
* Makefile.am (dirmngr_LDADD): Add ../gl/libgnu.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
2010-06-09 Werner Koch <wk@g10code.com>
* i18n.h: Remove.
* Makefile.am (no-libgcrypt.c): New rule.
* exechelp.h: Remove.
* exechelp.c: Remove.
(dirmngr_release_process): Change callers to use the gnupg func.
(dirmngr_wait_process): Likewise.
(dirmngr_kill_process): Likewise. This actually implements it for
W32.
* ldap.c (ldap_wrapper): s/get_dirmngr_ldap_path/gnupg_module_name/.
(ldap_wrapper_thread): Use gnupg_wait_process and adjust for
changed semantics.
(ldap_wrapper): Replace xcalloc by xtrycalloc. Replace spawn
mechanism.
* server.c (start_command_handler): Remove assuan_set_log_stream.
* validate.c: Remove gcrypt.h and ksba.h.
* ldapserver.c: s/util.h/dirmngr.h/.
* dirmngr.c (sleep) [W32]: Remove macro.
(main): s/sleep/gnupg_sleep/.
(pid_suffix_callback): Change arg type.
(my_gcry_logger): Remove.
(fixed_gcry_pth_init): New.
(main): Use it.
(FD2INT): Remove.
2010-06-08 Werner Koch <wk@g10code.com>
* misc.h (copy_time): Remove and replace by gnupg_copy_time which
allows to set a null date.
* misc.c (dump_isotime, get_time, get_isotime, set_time)
(check_isotime, add_isotime): Remove and replace all calls by the
versions from common/gettime.c.
* crlcache.c, misc.c, misc.h: s/dirmngr_isotime_t/gnupg_isotime_t/.
* server.c, ldap.c: Reorder include directives.
* crlcache.h, misc.h: Remove all include directives.
* certcache.c (cmp_simple_canon_sexp): Remove.
(compare_serialno): Rewrite using cmp_simple_canon_sexp from
common/sexputil.c
* error.h: Remove.
* dirmngr.c: Remove transitional option "--ignore-ocsp-servic-url".
(opts): Use ARGPARSE macros.
(i18n_init): Remove.
(main): Use GnuPG init functions.
* dirmngr.h: Remove duplicated stuff now taken from ../common.
* get-path.c, util.h: Remove.
* Makefile.am: Adjust to GnuPG system.
* estream.c, estream.h, estream-printf.c, estream-printf.h: Remove.
2010-06-07 Werner Koch <wk@g10code.com>
* OAUTHORS, ONEWS, ChangeLog.1: New.
* ChangeLog, Makefile.am, b64dec.c, b64enc.c, cdb.h, cdblib.c
* certcache.c, certcache.h, crlcache.c, crlcache.h, crlfetch.c
* crlfetch.h, dirmngr-client.c, dirmngr.c, dirmngr.h
* dirmngr_ldap.c, error.h, estream-printf.c, estream-printf.h
* estream.c, estream.h, exechelp.c, exechelp.h, get-path.c, http.c
* http.h, i18n.h, ldap-url.c, ldap-url.h, ldap.c, ldapserver.c
* ldapserver.h, misc.c, misc.h, ocsp.c, ocsp.h, server.c, util.h
* validate.c, validate.h: Imported from the current SVN of the
dirmngr package (only src/).
2010-03-13 Werner Koch <wk@g10code.com>
* dirmngr.c (int_and_ptr_u): New.
(pid_suffix_callback): Trick out compiler.
(start_connection_thread): Ditto.
(handle_connections): Ditto.
2010-03-09 Werner Koch <wk@g10code.com>
* dirmngr.c (set_debug): Allow numerical values.
2009-12-15 Werner Koch <wk@g10code.com>
* dirmngr.c: Add option --ignore-cert-extension.
(parse_rereadable_options): Implement.
* dirmngr.h (opt): Add IGNORED_CERT_EXTENSIONS.
* validate.c (unknown_criticals): Handle ignored extensions.
2009-12-08 Marcus Brinkmann <marcus@g10code.de>
* dirmngr-client.c (start_dirmngr): Convert posix FDs to assuan fds.
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (start_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* server.c (start_command_handler): Update use of
assuan_init_socket_server.
* dirmngr-client.c (start_dirmngr): Update use of
assuan_pipe_connect and assuan_socket_connect.
2009-11-04 Werner Koch <wk@g10code.com>
* server.c (register_commands): Add help arg to
assuan_register_command. Change all command comments to strings.
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* server.c (reset_notify): Take LINE argument, return gpg_error_t.
2009-10-16 Marcus Brinkmann <marcus@g10code.com>
* Makefile.am: (dirmngr_LDADD): Link to $(LIBASSUAN_LIBS) instead
of $(LIBASSUAN_PTH_LIBS).
* dirmngr.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
(main): Call assuan_set_system_hooks and assuan_sock_init.
2009-09-22 Marcus Brinkmann <marcus@g10code.de>
* dirmngr.c (main): Update to new Assuan interface.
* server.c (option_handler, cmd_ldapserver, cmd_isvalid)
(cmd_checkcrl, cmd_checkocsp, cmd_lookup, cmd_loadcrl)
(cmd_listcrls, cmd_cachecert, cmd_validate): Return gpg_error_t
instead int.
(register_commands): Likewise for member HANDLER.
(start_command_handler): Allocate context with assuan_new before
starting server. Release on error.
* dirmngr-client.c (main): Update to new Assuan interface.
(start_dirmngr): Allocate context with assuan_new before
connecting to server. Release on error.
2009-08-12 Werner Koch <wk@g10code.com>
* dirmngr-client.c (squid_loop_body): Flush stdout. Suggested by
Philip Shin.
2009-08-07 Werner Koch <wk@g10code.com>
* crlfetch.c (my_es_read): Add explicit check for EOF.
* http.c (struct http_context_s): Turn IN_DATA and IS_HTTP_0_9 to
bit fields.
(struct cookie_s): Add CONTENT_LENGTH_VALID and CONTENT_LENGTH.
(parse_response): Parse the Content-Length header.
(cookie_read): Handle content length.
(http_open): Make NEED_HEADER the semi-default.
* http.h (HTTP_FLAG_IGNORE_CL): New.
2009-08-04 Werner Koch <wk@g10code.com>
* ldap.c (ldap_wrapper_thread): Factor some code out to ...
(read_log_data): ... new. Close the log fd on error.
(ldap_wrapper_thread): Delay cleanup until the log fd is closed.
(SAFE_PTH_CLOSE): New. Use it instead of pth_close.
2009-07-31 Werner Koch <wk@g10code.com>
* server.c (cmd_loadcrl): Add option --url.
* dirmngr-client.c (do_loadcrl): Make use of --url.
* crlfetch.c (crl_fetch): Remove HTTP_FLAG_NO_SHUTDOWN. Add
flag HTTP_FLAG_LOG_RESP with active DBG_LOOKUP.
* http.c: Require estream. Remove P_ES macro.
(write_server): Remove.
(my_read_line): Remove. Replace all callers by es_read_line.
(send_request): Use es_asprintf. Always store the cookie.
(http_wait_response): Remove the need to dup the socket. USe new
shutdown flag.
* http.h (HTTP_FLAG_NO_SHUTDOWN): Rename to HTTP_FLAG_SHUTDOWN.
* estream.c, estream.h, estream-printf.c, estream-printf.h: Update
from current libestream. This is provide es_asprintf.
2009-07-20 Werner Koch <wk@g10code.com>
* dirmngr.c (pid_suffix_callback): New.
(main): Use log_set_pid_suffix_cb.
(start_connection_thread): Put the fd into the tls.
* ldap.c (ldap_wrapper_thread): Print ldap worker stati.
(ldap_wrapper_release_context): Print a debug info.
(end_cert_fetch_ldap): Release the reader. Might fix bug#999.
2009-06-17 Werner Koch <wk@g10code.com>
* util.h: Remove unused dotlock.h.
2009-05-26 Werner Koch <wk@g10code.com>
* ldap.c (ldap_wrapper): Show reader object in diagnostics.
* crlcache.c (crl_cache_reload_crl): Ditto. Change debug messages
to regular diagnostics.
* dirmngr_ldap.c (print_ldap_entries): Add extra diagnostics.
2009-04-03 Werner Koch <wk@g10code.com>
* dirmngr.h (struct server_local_s): Move back to ...
* server.c (struct server_local_s): ... here.
(get_ldapservers_from_ctrl): New.
* ldapserver.h (ldapserver_iter_begin): Use it.
2008-10-29 Marcus Brinkmann <marcus@g10code.de>
* estream.c (es_getline): Add explicit cast to silence gcc -W
warning.
* crlcache.c (finish_sig_check): Likewise.
* dirmngr.c (opts): Add missing initializer to silence gcc
-W warning.
* server.c (register_commands): Likewise.
* dirmngr-client.c (opts): Likewise.
* dirmngr_ldap.c (opts): Likewise.
* dirmngr-client.c (status_cb, inq_cert, data_cb): Change return
type to gpg_error_t to silence gcc warning.
2008-10-21 Werner Koch <wk@g10code.com>
* certcache.c (load_certs_from_dir): Accept ".der" files.
* server.c (get_istrusted_from_client): New.
* validate.c (validate_cert_chain): Add new optional arg
R_TRUST_ANCHOR. Adjust all callers
* crlcache.c (crl_cache_entry_s): Add fields USER_TRUST_REQ
and CHECK_TRUST_ANCHOR.
(release_one_cache_entry): Release CHECK_TRUST_ANCHOR.
(list_one_crl_entry): Print info about the new fields.
(open_dir, write_dir_line_crl): Support the new U-flag.
(crl_parse_insert): Add arg R_TRUST_ANCHOR and set it accordingly.
(crl_cache_insert): Store trust anchor in entry object.
(cache_isvalid): Ask client for trust is needed.
* crlcache.c (open_dir): Replace xcalloc by xtrycalloc.
(next_line_from_file): Ditt. Add arg to return the gpg error.
Change all callers.
(update_dir): Replace sprintf and malloc by estream_asprintf.
(crl_cache_insert): Ditto.
(crl_cache_isvalid): Replace xmalloc by xtrymalloc.
(get_auth_key_id): Ditto.
(crl_cache_insert): Ditto.
* crlcache.c (start_sig_check): Remove HAVE_GCRY_MD_DEBUG test.
* validate.c (check_cert_sig): Ditto. Remove workaround for bug
in libgcrypt 1.2.
* estream.c, estream.h, estream-printf.c, estream-printf.h: Update
from current libestream (svn rev 61).
2008-09-30 Marcus Brinkmann <marcus@g10code.com>
* get-path.c (get_dirmngr_ldap_path): Revert last change.
Instead, use dirmngr_libexecdir().
(find_program_at_standard_place): Don't define for now.
2008-09-30 Marcus Brinkmann <marcus@g10code.com>
* get-path.c (dirmngr_cachedir): Make COMP a pointer to const to
silence gcc warning.
(get_dirmngr_ldap_path): Look for dirmngr_ldap in the installation
directory.
2008-08-06 Marcus Brinkmann <marcus@g10code.com>
* dirmngr.c (main): Mark the ldapserverlist-file option as
read-only.
2008-07-31 Werner Koch <wk@g10code.com>
* crlcache.c (start_sig_check) [!HAVE_GCRY_MD_DEBUG]: Use
gcry_md_start_debug
2008-06-16 Werner Koch <wk@g10code.com>
* get-path.c (w32_commondir): New.
(dirmngr_sysconfdir): Use it here.
(dirmngr_datadir): Ditto.
2008-06-12 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (dirmngr_SOURCES): Add ldapserver.h and ldapserver.c.
* ldapserver.h, ldapserver.c: New files.
* ldap.c: Include "ldapserver.h".
(url_fetch_ldap): Use iterator to get session servers as well.
(attr_fetch_ldap, start_default_fetch_ldap): Likewise.
* dirmngr.c: Include "ldapserver.h".
(free_ldapservers_list): Removed. Change callers to
ldapserver_list_free.
(parse_ldapserver_file): Use ldapserver_parse_one.
* server.c: Include "ldapserver.h".
(cmd_ldapserver): New command.
(register_commands): Add new command LDAPSERVER.
(reset_notify): New function.
(start_command_handler): Register reset notify handler.
Deallocate session server list.
(lookup_cert_by_pattern): Use iterator to get session servers as well.
(struct server_local_s): Move to ...
* dirmngr.h (struct server_local_s): ... here. Add new member
ldapservers.
2008-06-10 Werner Koch <wk@g10code.com>
Support PEM encoded CRLs. Fixes bug#927.
* crlfetch.c (struct reader_cb_context_s): New.
(struct file_reader_map_s): Replace FP by new context.
(register_file_reader, get_file_reader): Adjust accordingly.
(my_es_read): Detect Base64 encoded CRL and decode if needed.
(crl_fetch): Pass new context to the callback.
(crl_close_reader): Cleanup the new context.
* b64dec.c: New. Taken from GnuPG.
* util.h (struct b64state): Add new fields STOP_SEEN and
INVALID_ENCODING.
2008-05-26 Marcus Brinkmann <marcus@g10code.com>
* dirmngr.c (main) [HAVE_W32_SYSTEM]: Switch to system
configuration on gpgconf related commands, and make all options
unchangeable.
2008-03-25 Marcus Brinkmann <marcus@g10code.de>
* dirmngr_ldap.c (print_ldap_entries): Add code alternative for
W32 console stdout (unused at this point).
2008-03-21 Marcus Brinkmann <marcus@g10code.de>
* estream.c (ESTREAM_MUTEX_DESTROY): New macro.
(es_create, es_destroy): Use it.
2008-02-21 Werner Koch <wk@g10code.com>
* validate.c (check_cert_sig) [HAVE_GCRY_MD_DEBUG]: Use new debug
function if available.
* crlcache.c (abort_sig_check): Mark unused arg.
* exechelp.c (dirmngr_release_process) [!W32]: Mark unsed arg.
* validate.c (is_root_cert): New. Taken from GnuPG.
(validate_cert_chain): Use it in place of the simple DN compare.
2008-02-15 Marcus Brinkmann <marcus@g10code.de>
* dirmngr.c (main): Reinitialize assuan log stream if necessary.
* crlcache.c (update_dir) [HAVE_W32_SYSTEM]: Remove destination
file before rename.
(crl_cache_insert) [HAVE_W32_SYSTEM]: Remove destination file
before rename.
2008-02-14 Marcus Brinkmann <marcus@g10code.de>
* validate.c (check_cert_policy): Use ksba_free instead of xfree.
(validate_cert_chain): Likewise. Free SUBJECT on error.
(cert_usage_p): Likewise.
* crlcache.c (finish_sig_check): Undo last change.
(finish_sig_check): Close md.
(abort_sig_check): New function.
(crl_parse_insert): Use abort_sig_check to clean up.
* crlcache.c (crl_cache_insert): Clean up CDB on error.
2008-02-13 Marcus Brinkmann <marcus@g10code.de>
* crlcache.c (finish_sig_check): Call gcry_md_stop_debug.
* exechelp.h (dirmngr_release_process): New prototype.
* exechelp.c (dirmngr_release_process): New function.
* ldap.c (ldap_wrapper_thread): Release pid.
(destroy_wrapper): Likewise.
* dirmngr.c (launch_reaper_thread): Destroy tattr.
(handle_connections): Likewise.
2008-02-12 Marcus Brinkmann <marcus@g10code.de>
* ldap.c (pth_close) [! HAVE_W32_SYSTEM]: New macro.
(struct wrapper_context_s): New member log_ev.
(destroy_wrapper): Check FDs for != -1 rather than != 0. Use
pth_close instead of close. Free CTX->log_ev.
(ldap_wrapper_thread): Rewritten to use pth_wait instead of
select. Also use pth_read instead of read and pth_close instead
of close.
(ldap_wrapper): Initialize CTX->log_ev.
(reader_callback): Use pth_close instead of close.
* exechelp.c (create_inheritable_pipe) [HAVE_W32_SYSTEM]: Removed.
(dirmngr_spawn_process) [HAVE_W32_SYSTEM]: Use pth_pipe instead.
* dirmngr_ldap.c [HAVE_W32_SYSTEM]: Include <fcntl.h>.
(main) [HAVE_W32_SYSTEM]: Set mode of stdout to binary.
2008-02-01 Werner Koch <wk@g10code.com>
* ldap.c: Remove all ldap headers as they are unused.
* dirmngr_ldap.c (LDAP_DEPRECATED): New, to have OpenLDAP use the
old standard API.
2008-01-10 Werner Koch <wk@g10code.com>
* dirmngr-client.c: New option --local.
(do_lookup): Use it.
* server.c (lookup_cert_by_pattern): Implement local lookup.
(return_one_cert): New.
* certcache.c (hexsn_to_sexp): New.
(classify_pattern, get_certs_bypattern): New.
* misc.c (unhexify): Allow passing NULL for RESULT.
(cert_log_subject): Do not call ksba_free on an unused variable.
2008-01-02 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (dirmngr_LDADD, dirmngr_ldap_LDADD)
(dirmngr_client_LDADD): Add $(LIBICONV). Reported by Michael
Nottebrock.
2007-12-11 Werner Koch <wk@g10code.com>
* server.c (option_handler): New option audit-events.
* dirmngr.h (struct server_control_s): Add member AUDIT_EVENTS.
2007-11-26 Marcus Brinkmann <marcus@g10code.de>
* get-path.c (dirmngr_cachedir): Create intermediate directories.
(default_socket_name): Use CSIDL_WINDOWS.
2007-11-21 Werner Koch <wk@g10code.com>
* server.c (lookup_cert_by_pattern): Add args SINGLE and CACHE_ONLY.
(cmd_lookup): Add options --single and --cache-only.
2007-11-16 Werner Koch <wk@g10code.com>
* certcache.c (load_certs_from_dir): Also log the subject DN.
* misc.c (cert_log_subject): New.
2007-11-14 Werner Koch <wk@g10code.com>
* dirmngr-client.c: Replace --lookup-url by --url.
(main): Remove extra code for --lookup-url.
(do_lookup): Remove LOOKUP_URL arg and use the
global option OPT.URL.
* server.c (has_leading_option): New.
(cmd_lookup): Use it.
* crlfetch.c (fetch_cert_by_url): Use GPG_ERR_INV_CERT_OBJ.
(fetch_cert_by_url): Use gpg_error_from_syserror.
2007-11-14 Moritz <moritz@gnu.org> (wk)
* dirmngr-client.c: New command: --lookup-url <URL>.
(do_lookup): New parameter: lookup_url. If TRUE, include "--url"
switch in LOOKUP transaction.
(enum): New entry: oLookupUrl.
(opts): Likewise.
(main): Handle oLookupUrl. New variable: cmd_lookup_url, set
during option parsing, pass to do_lookup() and substitute some
occurences of "cmd_lookup" with "cmd_lookup OR cmd_lookup_url".
* crlfetch.c (fetch_cert_by_url): New function, uses
url_fetch_ldap() to create a reader object and libksba functions
to read a single cert from that reader.
* server.c (lookup_cert_by_url, lookup_cert_by_pattern): New
functions.
(cmd_lookup): Moved almost complete code ...
(lookup_cert_by_pattern): ... here.
(cmd_lookup): Support new optional argument: --url. Depending on
the presence of that switch, call lookup_cert_by_url() or
lookup_cert_by_pattern().
(lookup_cert_by_url): Heavily stripped down version of
lookup_cert_by_pattern(), using fetch_cert_by_url.
2007-10-24 Marcus Brinkmann <marcus@g10code.de>
* exechelp.c (dirmngr_spawn_process): Fix child handles.
2007-10-05 Marcus Brinkmann <marcus@g10code.de>
* dirmngr.h: Include assuan.h.
(start_command_handler): Change type of FD to assuan_fd_t.
* dirmngr.c: Do not include w32-afunix.h.
(socket_nonce): New global variable.
(create_server_socket): Use assuan socket wrappers. Remove W32
specific stuff. Save the server nonce.
(check_nonce): New function.
(start_connection_thread): Call it.
(handle_connections): Change args to assuan_fd_t.
* server.c (start_command_handler): Change type of FD to assuan_fd_t.
2007-09-12 Marcus Brinkmann <marcus@g10code.de>
* dirmngr.c (main): Percent escape pathnames in --gpgconf-list output.
2007-08-27 Moritz Schulte <moritz@g10code.com>
* src/Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SOCKETDIR based on
$(localstatedir).
* src/get-path.c (default_socket_name): Use DIRMNGR_SOCKETDIR
instead of hard-coded "/var/run/dirmngr".
2007-08-16 Werner Koch <wk@g10code.com>
* get-path.c (get_dirmngr_ldap_path): Make PATHNAME const.
* dirmngr.c (my_ksba_hash_buffer): Mark unused arg.
(dirmngr_init_default_ctrl): Ditto.
(my_gcry_logger): Ditto.
* dirmngr-client.c (status_cb): Ditto.
* dirmngr_ldap.c (catch_alarm): Ditto.
* estream-printf.c (pr_bytes_so_far): Ditto.
* estream.c (es_func_fd_create): Ditto.
(es_func_fp_create): Ditto.
(es_write_hexstring): Ditto.
* server.c (cmd_listcrls): Ditto.
(cmd_cachecert): Ditto.
* crlcache.c (cache_isvalid): Ditto.
* ocsp.c (do_ocsp_request): Ditto.
* ldap.c (ldap_wrapper_thread): Ditto.
* http.c (http_register_tls_callback): Ditto.
(connect_server): Ditto.
(write_server) [!HTTP_USE_ESTREAM]: Don't build.
2007-08-14 Werner Koch <wk@g10code.com>
* get-path.c (dirmngr_cachedir) [W32]: Use CSIDL_LOCAL_APPDATA.
2007-08-13 Werner Koch <wk@g10code.com>
* dirmngr.c (handle_connections): Use a timeout in the accept
function. Block signals while creating a new thread.
(shutdown_pending): Needs to be volatile as also accessed bt the
service function.
(w32_service_control): Do not use the regular log fucntions here.
(handle_tick): New.
(main): With system_service in effect use aDaemon as default
command.
(main) [W32]: Only temporary redefine main for the sake of Emacs's
"C-x 4 a".
* dirmngr-client.c (main) [W32]: Initialize sockets.
(start_dirmngr): Use default_socket_name instead of a constant.
* Makefile.am (dirmngr_client_SOURCES): Add get-path.c
2007-08-09 Werner Koch <wk@g10code.com>
* dirmngr.c (parse_ocsp_signer): New.
(parse_rereadable_options): Set opt.ocsp_signer to this.
* dirmngr.h (fingerprint_list_t): New.
* ocsp.c (ocsp_isvalid, check_signature, validate_responder_cert):
Allow for several default ocscp signers.
(ocsp_isvalid): Return GPG_ERR_NO_DATA for an unknwon status.
* dirmngr-client.c: New option --force-default-responder.
* server.c (has_option, skip_options): New.
(cmd_checkocsp): Add option --force-default-responder.
(cmd_isvalid): Ditto. Also add option --only-ocsp.
* ocsp.c (ocsp_isvalid): New arg FORCE_DEFAULT_RESPONDER.
* dirmngr.c: New option --ocsp-max-period.
* ocsp.c (ocsp_isvalid): Implement it and take care that a missing
next_update is to be ignored.
* crlfetch.c (my_es_read): New. Use it instead of es_read.
* estream.h, estream.c, estream-printf.c: Updated from current
libestream SVN.
2007-08-08 Werner Koch <wk@g10code.com>
* crlcache.c (crl_parse_insert): Hack to allow for a missing
nextUpdate.
* dirmngr_ldap.c (print_ldap_entries): Strip the extension from
the want_attr.
* exechelp.c (dirmngr_wait_process): Reworked for clear error
semantics.
* ldap.c (ldap_wrapper_thread): Adjust for new
dirmngr_wait_process semantics.
2007-08-07 Werner Koch <wk@g10code.com>
* get-path.c (default_socket_name) [!W32]: Fixed syntax error.
* ldap.c (X509CACERT, make_url, fetch_next_cert_ldap): Support
x509caCert as used by the Bundesnetzagentur.
(ldap_wrapper): Do not pass the prgtram name as the first
argument. dirmngr_spawn_process takes care of that.
2007-08-04 Marcus Brinkmann <marcus@g10code.de>
* dirmngr.h (opt): Add member system_service.
* dirmngr.c (opts) [HAVE_W32_SYSTEM]: New entry for option
--service.
(DEFAULT_SOCKET_NAME): Removed.
(service_handle, service_status,
w32_service_control) [HAVE_W32_SYSTEM]: New symbols.
(main) [HAVE_W32_SYSTEM]: New entry point for --service. Rename
old function to ...
(real_main) [HAVE_W32_SYSTEM]: ... this. Use default_socket_name
instead of DEFAULT_SOCKET_NAME, and similar for other paths.
Allow colons in Windows socket path name, and implement --service
option.
* util.h (dirmngr_sysconfdir, dirmngr_libexecdir, dirmngr_datadir,
dirmngr_cachedir, default_socket_name): New prototypes.
* get-path.c (dirmngr_sysconfdir, dirmngr_libexecdir)
(dirmngr_datadir, dirmngr_cachedir, default_socket_name): New
functions.
(DIRSEP_C, DIRSEP_S): New macros.
2007-08-03 Marcus Brinkmann <marcus@g10code.de>
* get-path.c: Really add the file this time.
2007-07-31 Marcus Brinkmann <marcus@g10code.de>
* crlfetch.c: Include "estream.h".
(crl_fetch): Use es_read callback instead a file handle.
(crl_close_reader): Use es_fclose instead of fclose.
(struct file_reader_map_s): Change type of FP to estream_t.
(register_file_reader, crl_fetch, crl_close_reader): Likewise.
* ocsp.c: Include "estream.h".
(read_response): Change type of FP to estream_t.
(read_response, do_ocsp_request): Use es_* variants of I/O
functions.
* http.c: Include <pth.h>.
(http_wait_response) [HAVE_W32_SYSTEM]: Use DuplicateHandle.
(cookie_read): Use pth_read instead read.
(cookie_write): Use pth_write instead write.
2007-07-30 Marcus Brinkmann <marcus@g10code.de>
* ldap-url.c (ldap_str2charray): Fix buglet in ldap_utf8_strchr
invocation.
2007-07-27 Marcus Brinkmann <marcus@g10code.de>
* estream.h, estream.c: Update from recent GnuPG.
* get-path.c: New file.
* Makefile.am (dirmngr_SOURCES): Add get-path.c.
* util.h (default_homedir, get_dirmngr_ldap_path): New prototypes.
* dirmngr.c (main): Use default_homedir().
* ldap-url.h: Remove japanese white space (sorry!).
2007-07-26 Marcus Brinkmann <marcus@g10code.de>
* ldap.c (pth_yield): Remove macro.
* ldap.c (pth_yield) [HAVE_W32_SYSTEM]: Define to Sleep(0).
* dirmngr_ldap.c [HAVE_W32_SYSTEM]: Do not include <ldap.h>, but
<winsock2.h>, <winldap.h> and "ldap-url.h".
* ldap.c [HAVE_W32_SYSTEM]: Do not include <ldap.h>, but
<winsock2.h> and <winldap.h>.
* ldap-url.c: Do not include <ldap.h>, but <winsock2.h>,
<winldap.h> and "ldap-url.h".
(LDAP_P): New macro.
* ldap-url.h: New file.
* Makefile.am (ldap_url): Add ldap-url.h.
* Makefile.am (ldap_url): New variable.
(dirmngr_ldap_SOURCES): Add $(ldap_url).
(dirmngr_ldap_LDADD): Add $(LIBOBJS).
* ldap-url.c: New file, excerpted from OpenLDAP.
* dirmngr.c (main) [HAVE_W32_SYSTEM]: Avoid the daemonization.
* dirmngr_ldap.c: Include "util.h".
(main) [HAVE_W32_SYSTEM]: Don't set up alarm.
(set_timeout) [HAVE_W32_SYSTEM]: Likewise.
* ldap.c [HAVE_W32_SYSTEM]: Add macros for setenv and pth_yield.
* no-libgcrypt.h (NO_LIBGCRYPT): Define.
* util.h [NO_LIBGCRYPT]: Don't include <gcrypt.h>.
2007-07-23 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (dirmngr_SOURCES): Add exechelp.h and exechelp.c.
* exechelp.h, exechelp.c: New files.
* ldap.c: Don't include <sys/wait.h> but "exechelp.h".
(destroy_wrapper, ldap_wrapper_thread,
ldap_wrapper_connection_cleanup): Use dirmngr_kill_process instead
of kill.
(ldap_wrapper_thread): Use dirmngr_wait_process instead of
waitpid.
(ldap_wrapper): Use dirmngr_spawn_process.
2007-07-20 Marcus Brinkmann <marcus@g10code.de>
* certcache.c (cert_cache_lock): Do not initialize statically.
(init_cache_lock): New function.
(cert_cache_init): Call init_cache_lock.
* estream.h, estream.c, estream-printf.h, estream-printf.c: New
files.
* Makefile.am (dirmngr_SOURCES): Add estream.c, estream.h,
estream-printf.c, estream-printf.h.
* http.c: Update to latest version from GnuPG.
* Makefile.am (cdb_sources)
* cdblib.c: Port to windows (backport from tinycdb 0.76).
* crlcache.c [HAVE_W32_SYSTEM]: Don't include sys/utsname.h.
[MKDIR_TAKES_ONE_ARG]: Define mkdir as a macro for such systems.
(update_dir, crl_cache_insert) [HAVE_W32_SYSTEM]: Don't get uname.
* server.c (start_command_handler) [HAVE_W32_SYSTEM]: Don't log
peer credentials.
* dirmngr.c [HAVE_W32_SYSTEM]: Do not include sys/socket.h or
sys/un.h, but ../jnlib/w32-afunix.h.
(sleep) [HAVE_W32_SYSTEM]: New macro.
(main) [HAVE_W32_SYSTEM]: Don't mess with SIGPIPE. Use W32 socket
API.
(handle_signal) [HAVE_W32_SYSTEM]: Deactivate the bunch of the
code.
(handle_connections) [HAVE_W32_SYSTEM]: don't handle signals.
2006-11-29 Werner Koch <wk@g10code.com>
* dirmngr.c (my_strusage): Use macro for the bug report address
and the copyright line.
* dirmngr-client.c (my_strusage): Ditto.
* dirmngr_ldap.c (my_strusage): Ditto.
* Makefile.am: Do not link against LIBICONV.
2006-11-19 Werner Koch <wk@g10code.com>
* dirmngr.c: Include i18n.h.
2006-11-17 Werner Koch <wk@g10code.com>
* Makefile.am (dirmngr_LDADD): Use LIBASSUAN_PTH_LIBS.
2006-11-16 Werner Koch <wk@g10code.com>
* server.c (start_command_handler): Replaced
assuan_init_connected_socket_server by assuan_init_socket_server_ext.
* crlcache.c (update_dir): Put a diagnostic into DIR.txt.
(open_dir): Detect invalid and duplicate entries.
(update_dir): Fixed search for second field.
2006-10-23 Werner Koch <wk@g10code.com>
* dirmngr.c (main): New command --gpgconf-test.
2006-09-14 Werner Koch <wk@g10code.com>
* server.c (start_command_handler): In vebose mode print
information about the peer. This may later be used to restrict
certain commands.
2006-09-12 Werner Koch <wk@g10code.com>
* server.c (start_command_handler): Print a more informative hello
line.
* dirmngr.c: Moved config_filename into the opt struct.
2006-09-11 Werner Koch <wk@g10code.com>
Changed everything to use Assuan with gpg-error codes.
* maperror.c: Removed.
* server.c (map_to_assuan_status): Removed.
* dirmngr.c (main): Set assuan error source.
* dirmngr-client.c (main): Ditto.
2006-09-04 Werner Koch <wk@g10code.com>
* crlfetch.c (crl_fetch): Implement HTTP redirection.
* ocsp.c (do_ocsp_request): Ditto.
New HTTP code version taken from gnupg svn release 4236.
* http.c (http_get_header): New.
(capitalize_header_name, store_header): New.
(parse_response): Store headers away.
(send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
* http.h: New flag HTTP_FLAG_NEED_HEADER.
2006-09-01 Werner Koch <wk@g10code.com>
* crlfetch.c (register_file_reader, get_file_reader): New.
(crl_fetch): Register the file pointer for HTTP.
(crl_close_reader): And release it.
* http.c, http.h: Updated from GnuPG SVN trunk. Changed all users
to adopt the new API.
* dirmngr.h: Moved inclusion of jnlib header to ...
* util.h: .. here. This is required becuase http.c includes only
a file util.h but makes use of log_foo. Include gcrypt.h so that
gcry_malloc et al are declared.
2006-08-31 Werner Koch <wk@g10code.com>
* ocsp.c (check_signature): Make use of the responder id.
2006-08-30 Werner Koch <wk@g10code.com>
* validate.c (check_cert_sig): Workaround for rimemd160.
(allowed_ca): Always allow trusted CAs.
* dirmngr.h (cert_ref_t): New.
(struct server_control_s): Add field OCSP_CERTS.
* server.c (start_command_handler): Release new field
* ocsp.c (release_ctrl_ocsp_certs): New.
(check_signature): Store certificates in OCSP_CERTS.
* certcache.c (find_issuing_cert): Reset error if cert was found
by subject.
(put_cert): Add new arg FPR_BUFFER. Changed callers.
(cache_cert_silent): New.
* dirmngr.c (parse_rereadable_options): New options
--ocsp-max-clock-skew and --ocsp-current-period.
* ocsp.c (ocsp_isvalid): Use them here.
* ocsp.c (validate_responder_cert): New optional arg signer_cert.
(check_signature_core): Ditto.
(check_signature): Use the default signer certificate here.
2006-06-27 Werner Koch <wk@g10code.com>
* dirmngr-client.c (inq_cert): Take care of SENDCERT_SKI.
2006-06-26 Werner Koch <wk@g10code.com>
* crlcache.c (lock_db_file): Count open files when needed.
(find_entry): Fixed deleted case.
2006-06-23 Werner Koch <wk@g10code.com>
* misc.c (cert_log_name): New.
* certcache.c (load_certs_from_dir): Also print certificate name.
(find_cert_bysn): Release ISSDN.
* validate.h: New VALIDATE_MODE_CERT.
* server.c (cmd_validate): Use it here so that no policy checks
are done. Try to validated a cached copy of the target.
* validate.c (validate_cert_chain): Implement a validation cache.
(check_revocations): Print more diagnostics. Actually use the
loop variable and not the head of the list.
(validate_cert_chain): Do not check revocations of CRL issuer
certificates in plain CRL check mode.
* ocsp.c (ocsp_isvalid): Make sure it is reset for a status of
revoked.
2006-06-22 Werner Koch <wk@g10code.com>
* validate.c (cert_use_crl_p): New.
(cert_usage_p): Add a mode 6 for CRL signing.
(validate_cert_chain): Check that the certificate may be used for
CRL signing. Print a note when not running as system daemon.
(validate_cert_chain): Reduce the maximum depth from 50 to 10.
* certcache.c (find_cert_bysn): Minor restructuring
(find_cert_bysubject): Ditto. Use get_cert_local when called
without KEYID.
* crlcache.c (get_crlissuer_cert_bysn): Removed.
(get_crlissuer_cert): Removed.
(crl_parse_insert): Use find_cert_bysubject and find_cert_bysn
instead of the removed functions.
2006-06-19 Werner Koch <wk@g10code.com>
* certcache.c (compare_serialno): Silly me. Using 0 as true is
that hard; tsss. Fixed call cases except for the only working one
which are both numbers of the same length.
2006-05-15 Werner Koch <wk@g10code.com>
* crlfetch.c (crl_fetch): Use no-shutdown flag for HTTP. This
seems to be required for "IBM_HTTP_Server/2.0.47.1 Apache/2.0.47
(Unix)".
* http.c (parse_tuple): Set flag to to indicate no value.
(build_rel_path): Take care of it.
* crlcache.c (crl_cache_reload_crl): Also iterate over all names
within a DP.
2005-09-28 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (dirmngr_LDADD): Add @LIBINTL@ and @LIBICONV@.
(dirmngr_ldap_LDADD): Likewise.
(dirmngr_client_LDADD): Likewise.
2005-09-12 Werner Koch <wk@g10code.com>
* dirmngr.c: Fixed description to match the one in gpgconf.
2005-06-15 Werner Koch <wk@g10code.com>
* server.c (cmd_lookup): Take care of NO_DATA which might get
returned also by start_cert_fetch().
2005-04-20 Werner Koch <wk@g10code.com>
* ldap.c (ldap_wrapper_wait_connections): Set a shutdown flag.
(ldap_wrapper_thread): Handle shutdown in a special way.
2005-04-19 Werner Koch <wk@g10code.com>
* server.c (get_cert_local, get_issuing_cert_local)
(get_cert_local_ski): Bail out if called without a local context.
2005-04-18 Werner Koch <wk@g10code.com>
* certcache.c (find_issuing_cert): Fixed last resort method which
should be finding by subject and not by issuer. Try to locate it
also using the keyIdentifier method. Improve error reporting.
(cmp_simple_canon_sexp): New.
(find_cert_bysubject): New.
(find_cert_bysn): Ask back to the caller before trying an extarnl
lookup.
* server.c (get_cert_local_ski): New.
* crlcache.c (crl_parse_insert): Also try to locate issuer
certificate using the keyIdentifier. Improved error reporting.
2005-04-14 Werner Koch <wk@g10code.com>
* ldap.c (start_cert_fetch_ldap): Really return ERR.
2005-03-17 Werner Koch <wk@g10code.com>
* http.c (parse_response): Changed MAXLEN and LEN to size_t to
match the requirement of read_line.
* http.h (http_context_s): Ditto for BUFFER_SIZE.
2005-03-15 Werner Koch <wk@g10code.com>
* ldap.c: Included time.h. Reported by Bernhard Herzog.
2005-03-09 Werner Koch <wk@g10code.com>
* dirmngr.c: Add a note to the help listing check the man page for
other options.
2005-02-01 Werner Koch <wk@g10code.com>
* crlcache.c (crl_parse_insert): Renamed a few variables and
changed diagnostic strings for clarity.
(get_issuer_cert): Renamed to get_crlissuer_cert. Try to locate
the certificate from the cache using the subject name. Use new
fetch function.
(get_crlissuer_cert_bysn): New.
(crl_parse_insert): Use it here.
* crlfetch.c (ca_cert_fetch): Changed interface.
(fetch_next_ksba_cert): New.
* ldap.c (run_ldap_wrapper): Add arg MULTI_MODE. Changed all
callers.
(start_default_fetch_ldap): New
* certcache.c (get_cert_bysubject): New.
(clean_cache_slot, put_cert): Store the subject DN if available.
(MAX_EXTRA_CACHED_CERTS): Increase limit of cachable certificates
to 1000.
(find_cert_bysn): Loop until a certificate with a matching S/N has
been found.
* dirmngr.c (main): Add honor-http-proxy to the gpgconf list.
2005-01-31 Werner Koch <wk@g10code.com>
* ldap.c: Started to work on support for userSMIMECertificates.
* dirmngr.c (main): Make sure to always pass a server control
structure to the caching functions. Reported by Neil Dunbar.
2005-01-05 Werner Koch <wk@g10code.com>
* dirmngr-client.c (read_pem_certificate): Skip trailing percent
escaped linefeeds.
2005-01-03 Werner Koch <wk@g10code.com>
* dirmngr-client.c (read_pem_certificate): New.
(read_certificate): Divert to it depending on pem option.
(squid_loop_body): New.
(main): New options --pem and --squid-mode.
2004-12-17 Werner Koch <wk@g10code.com>
* dirmngr.c (launch_ripper_thread): Renamed to launch_reaper_thread.
(shutdown_reaper): New. Use it for --server and --daemon.
* ldap.c (ldap_wrapper_wait_connections): New.
2004-12-17 Werner Koch <wk@g10code.com>
* Makefile.am (dirmngr_ldap_LDADD): Adjusted for new LDAP checks.
2004-12-16 Werner Koch <wk@g10code.com>
* ldap.c (ldap_wrapper): Peek on the output to detect empty output
early.
2004-12-15 Werner Koch <wk@g10code.com>
* ldap.c (ldap_wrapper): Print a diagnostic after forking for the
ldap wrapper.
* certcache.h (find_cert_bysn): Add this prototype.
* crlcache.c (start_sig_check): Write CRL hash debug file.
(finish_sig_check): Dump the signer's certificate.
(crl_parse_insert): Try to get the issuing cert by authKeyId.
Moved certificate retrieval after item processing.
2004-12-13 Werner Koch <wk@g10code.com>
* dirmngr_ldap.c (catch_alarm, set_timeout): new.
(main): Install alarm handler. Add new option --only-search-timeout.
(print_ldap_entries, fetch_ldap): Use set_timeout ();
* dirmngr.h: Make LDAPTIMEOUT a simple unsigned int. Change all
initializations.
* ldap.c (start_cert_fetch_ldap, run_ldap_wrapper): Pass timeout
option to the wrapper.
(INACTIVITY_TIMEOUT): Depend on LDAPTIMEOUT.
(run_ldap_wrapper): Add arg IGNORE_TIMEOUT.
(ldap_wrapper_thread): Check for special timeout exit code.
* dirmngr.c: Workaround a typo in gpgconf for
ignore-ocsp-service-url.
2004-12-10 Werner Koch <wk@g10code.com>
* ldap.c (url_fetch_ldap): Use TMP and not a HOST which is always
NULL.
* misc.c (host_and_port_from_url): Fixed bad encoding detection.
2004-12-03 Werner Koch <wk@g10code.com>
* crlcache.c (crl_cache_load): Re-implement it.
* dirmngr-client.c: New command --load-crl
(do_loadcrl): New.
* dirmngr.c (parse_rereadable_options, main): Make --allow-ocsp,
--ocsp-responder, --ocsp-signer and --max-replies re-readable.
* ocsp.c (check_signature): try to get the cert from the cache
first.
(ocsp_isvalid): Print the next and this update times on time
conflict.
* certcache.c (load_certs_from_dir): Print the fingerprint for
trusted certificates.
(get_cert_byhexfpr): New.
* misc.c (get_fingerprint_hexstring_colon): New.
2004-12-01 Werner Koch <wk@g10code.com>
* Makefile.am (dirmngr_LDADD): Don't use LDAP_LIBS.
* validate.c (validate_cert_chain): Fixed test; as written in the
comment we want to do this only in daemon mode. For clarity
reworked by using a linked list of certificates and include root
and tragte certificate.
(check_revocations): Likewise. Introduced a recursion sentinel.
2004-11-30 Werner Koch <wk@g10code.com>
* crlfetch.c (ca_cert_fetch, crl_fetch_default): Do not use the
binary prefix as this will be handled in the driver.
* dirmngr_ldap.c: New option --log-with-pid.
(fetch_ldap): Handle LDAP_NO_SUCH_OBJECT.
* ldap.c (run_ldap_wrapper, start_cert_fetch_ldap): Use new log
option.
2004-11-25 Werner Koch <wk@g10code.com>
* Makefile.am (dirmngr_ldap_CFLAGS): Added GPG_ERROR_CFLAGS.
Noted by Bernhard Herzog.
2004-11-24 Werner Koch <wk@g10code.com>
* ldap.c (ldap_wrapper): Fixed default name of the ldap wrapper.
* b64enc.c (b64enc_start, b64enc_finish): Use standard strdup/free
to manage memory.
* dirmngr.c: New options --ignore-http-dp, --ignore-ldap-dp and
--ignore-ocsp-service-url.
* crlcache.c (crl_cache_reload_crl): Implement them.
* ocsp.c (ocsp_isvalid): Ditto.
2004-11-23 Werner Koch <wk@g10code.com>
* ldap.c (ldap_wrapper_thread, reader_callback, ldap_wrapper):
Keep a timestamp and terminate the wrapper after some time of
inactivity.
* dirmngr-client.c (do_lookup): New.
(main): New option --lookup.
(data_cb): New.
* b64enc.c: New. Taken from GnuPG 1.9.
* no-libgcrypt.c (gcry_strdup): Added.
* ocsp.c (ocsp_isvalid): New arg CERT and lookup the issuer
certificate using the standard methods.
* server.c (cmd_lookup): Truncation is now also an indication for
error.
(cmd_checkocsp): Implemented.
* dirmngr_ldap.c (fetch_ldap): Write an error marker for a
truncated search.
* ldap.c (add_server_to_servers): Reactivated.
(url_fetch_ldap): Call it here and try all configured servers in
case of a a failed lookup.
(fetch_next_cert_ldap): Detect the truncation error flag.
* misc.c (host_and_port_from_url, remove_percent_escapes): New.
2004-11-22 Werner Koch <wk@g10code.com>
* dirmngr_ldap.c (main): New option --proxy.
* ocsp.c (do_ocsp_request): Take care of opt.disable_http.
* crlfetch.c (crl_fetch): Honor the --honor-http-proxy variable.
(crl_fetch): Take care of opt.disable_http and disable_ldap.
(crl_fetch_default, ca_cert_fetch, start_cert_fetch):
* ldap.c (run_ldap_wrapper): New arg PROXY.
(url_fetch_ldap, attr_fetch_ldap, start_cert_fetch_ldap): Pass it.
* http.c (http_open_document): Add arg PROXY.
(http_open): Ditto.
(send_request): Ditto and implement it as an override.
* ocsp.c (validate_responder_cert): Use validate_cert_chain.
* Makefile.am (AM_CPPFLAGS): Add macros for a few system
directories.
* dirmngr.h (opt): New members homedir_data, homedir_cache,
ldap_wrapper_program, system_daemon, honor_http_proxy, http_proxy,
ldap_proxy, only_ldap_proxy, disable_ldap, disable_http.
* dirmngr.c (main): Initialize new opt members HOMEDIR_DATA and
HOMEDIR_CACHE.
(parse_rereadable_options): New options --ldap-wrapper-program,
--http-wrapper-program, --disable-ldap, --disable-http,
--honor-http-proxy, --http-proxy, --ldap-proxy, --only-ldap-proxy.
(reread_configuration): New.
* ldap.c (ldap_wrapper): Use the correct name for the wrapper.
* crlcache.c (DBDIR_D): Make it depend on opt.SYSTEM_DAEMON.
(cleanup_cache_dir, open_dir, update_dir, make_db_file_name)
(crl_cache_insert, create_directory_if_needed): Use opt.HOMEDIR_CACHE
* validate.c (check_revocations): New.
* crlcache.c (crl_cache_isvalid): Factored most code out to
(cache_isvalid): .. new.
(crl_cache_cert_isvalid): New.
* server.c (cmd_checkcrl): Cleaned up by using this new function.
(reload_crl): Moved to ..
* crlcache.c (crl_cache_reload_crl): .. here and made global.
* certcache.c (cert_compute_fpr): Renamed from computer_fpr and
made global.
(find_cert_bysn): Try to lookup missing certs.
(cert_cache_init): Intialize using opt.HOMEDIR_DATA.
2004-11-19 Werner Koch <wk@g10code.com>
* dirmngr-client.c (status_cb): New. Use it in very verbose mode.
* server.c (start_command_handler): Malloc the control structure
and properly release it. Removed the primary_connection
hack. Cleanup running wrappers.
(dirmngr_status): Return an error code.
(dirmngr_tick): Return an error code and detect a
cancellation. Use wall time and not CPU time.
* validate.c (validate_cert_chain): Add CTRL arg and changed callers.
* crlcache.c (crl_cache_isvalid):
* crlfetch.c (ca_cert_fetch, start_cert_fetch, crl_fetch_default)
(crl_fetch): Ditto.
* ldap.c (ldap_wrapper, run_ldap_wrapper, url_fetch_ldap)
(attr_fetch_ldap, start_cert_fetch_ldap): Ditto.
(ldap_wrapper_release_context): Reset the stored CTRL.
(reader_callback): Periodically call dirmngr_tick.
(ldap_wrapper_release_context): Print an error message for read
errors.
(ldap_wrapper_connection_cleanup): New.
2004-11-18 Werner Koch <wk@g10code.com>
* dirmngr.c (main): Do not cd / if not running detached.
* dirmngr-client.c: New options --cache-cert and --validate.
(do_cache, do_validate): New.
* server.c (cmd_cachecert, cmd_validate): New.
* crlcache.c (get_issuer_cert): Make use of the certificate cache.
(crl_parse_insert): Validate the issuer certificate.
* dirmngr.c (handle_signal): Reinitialize the certificate cache on
a HUP.
(struct opts): Add --homedir to enable the already implemented code.
(handle_signal): Print stats on SIGUSR1.
* certcache.c (clean_cache_slot, cert_cache_init)
(cert_cache_deinit): New.
(acquire_cache_read_lock, acquire_cache_write_lock)
(release_cache_lock): New. Use them where needed.
(put_cert): Renamed from put_loaded_cert.
(cache_cert): New.
(cert_cache_print_stats): New.
(compare_serialno): Fixed.
2004-11-16 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SYSCONFDIR and
DIRMNGR_LIBEXECDIR.
* misc.c (dump_isotime, dump_string, dump_cert): New. Taken from
gnupg 1.9.
(dump_serial): New.
2004-11-15 Werner Koch <wk@g10code.com>
* validate.c: New. Based on gnupg's certchain.c
* ldap.c (get_cert_ldap): Removed.
(read_buffer): New.
(start_cert_fetch_ldap, fetch_next_cert_ldap)
(end_cert_fetch_ldap): Rewritten to make use of the ldap wrapper.
2004-11-12 Werner Koch <wk@g10code.com>
* http.c (insert_escapes): Print the percent sign too.
* dirmngr-client.c (inq_cert): Ignore "SENDCERT" and
"SENDISSUERCERT".
* server.c (do_get_cert_local): Limit the length of a retruned
certificate. Return NULL without an error if an empry value has
been received.
* crlfetch.c (ca_cert_fetch): Use the ksba_reader_object.
(setup_funopen, fun_reader, fun_closer): Removed.
* crlcache.c (get_issuer_cert): Adjust accordingly.
* ldap.c (attr_fetch_ldap_internal, attr_fetch_fun_closer)
(attr_fetch_fun_reader, url_fetch_ldap_internal)
(get_attr_from_result_ldap): Removed.
(destroy_wrapper, print_log_line, ldap_wrapper_thread)
(ldap_wrapper_release_context, reader_callback, ldap_wrapper)
(run_ldap_wrapper): New.
(url_fetch_ldap): Make use of the new ldap wrapper and return a
ksba reader object instead of a stdio stream.
(attr_fetch_ldap): Ditto.
(make_url, escape4url): New.
2004-11-11 Werner Koch <wk@g10code.com>
* dirmngr.c (launch_ripper_thread): New.
(main): Start it wheere appropriate. Always ignore SIGPIPE.
(start_connection_thread): Maintain a connection count.
(handle_signal, handle_connections): Use it here instead of the
thread count.
* crlcache.c (crl_cache_insert): Changed to use ksba reader
object. Changed all callers to pass this argument.
2004-11-08 Werner Koch <wk@g10code.com>
* dirmngr_ldap.c: New.
* crlcache.c (crl_cache_init): Don't return a cache object but
keep it module local. We only need one.
(crl_cache_deinit): Don't take cache object but work on existing
one.
(get_current_cache): New.
(crl_cache_insert, crl_cache_list, crl_cache_load): Use the global
cache object and removed the cache arg. Changed all callers.
* dirmngr-client.c: New option --ping.
* dirmngr.c (main): New option --daemon. Initialize PTH.
(handle_connections, start_connection_thread): New.
(handle_signal): New.
(parse_rereadable_options): New. Changed main to make use of it.
(set_debug): Don't bail out on invalid debug levels.
(main): Init the crl_chache for server and daemon mode.
* server.c (start_command_handler): New arg FD. Changed callers.
2004-11-06 Werner Koch <wk@g10code.com>
* server.c (map_assuan_err): Factored out to ..
* maperror.c: .. new file.
* util.h: Add prototype
2004-11-05 Werner Koch <wk@g10code.com>
* no-libgcrypt.c: New, used as helper for dirmngr-client which
does not need libgcrypt proper but jnlib references the memory
functions. Taken from gnupg 1.9.12.
* dirmngr.h: Factored i18n and xmalloc code out to ..
* i18n.h, util.h: .. New.
* dirmngr-client.c: New. Some code taken from gnupg 1.9.12.
* Makefile.am (bin_PROGRAMS) Add dirmngr-client.
2004-11-04 Werner Koch <wk@g10code.com>
* src/server.c (get_fingerprint_from_line, cmd_checkcrl)
(cmd_checkocsp): New.
(register_commands): Register new commands.
(inquire_cert_and_load_crl): Factored most code out to ..
(reload_crl): .. new function.
* src/certcache.h, src/certcache.c: New.
* src/Makefile.am (dirmngr_SOURCES): Add new files.
2004-11-04 Werner Koch <wk@g10code.com>
Please note that earlier entries are found in the top level
ChangeLog.
[Update after merge with GnuPG: see ./ChangeLog.1]
Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010 g10 Code GmbH
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index e08741924..14bffe350 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -1,2539 +1,2539 @@
/* crlcache.c - LDAP access
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
* Copyright (C) 2003, 2004, 2005, 2008 g10 Code GmbH
*
* This file is part of DirMngr.
*
* DirMngr is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* DirMngr is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
/*
1. To keep track of the CRLs actually cached and to store the meta
information of the CRLs a simple record oriented text file is
used. Fields in the file are colon (':') separated and values
containing colons or linefeeds are percent escaped (e.g. a colon
itself is represented as "%3A").
The first field is a record type identifier, so that the file is
useful to keep track of other meta data too.
The name of the file is "DIR.txt".
1.1. Comment record
Field 1: Constant beginning with "#".
Other fields are not defined and such a record is simply
skipped during processing.
1.2. Version record
Field 1: Constant "v"
Field 2: Version number of this file. Must be 1.
This record must be the first non-comment record record and
there shall only exist one record of this type.
1.3. CRL cache record
Field 1: Constant "c", "u" or "i".
A "c" or "u" indicate a valid cache entry, however
"u" requires that a user root certificate check needs
to be done.
An "i" indicates an invalid Cache entry which should
not be used but still exists so that it can be
updated at NEXT_UPDATE.
Field 2: Hexadecimal encoded SHA-1 hash of the issuer DN using
uppercase letters.
Field 3: Issuer DN in RFC-2253 notation.
Field 4: URL used to retrieve the corresponding CRL.
Field 5: 15 character ISO timestamp with THIS_UPDATE.
Field 6: 15 character ISO timestamp with NEXT_UPDATE.
Field 7: Hexadecimal encoded MD-5 hash of the DB file to detect
accidental modified (i.e. deleted and created) cache files.
Field 8: optional CRL number as a hex string.
Field 9: AuthorityKeyID.issuer, each Name separated by 0x01
Field 10: AuthorityKeyID.serial
Field 11: Hex fingerprint of trust anchor if field 1 is 'u'.
2. Layout of the standard CRL Cache DB file:
We use records of variable length with this structure
n bytes Serialnumber (binary) used as key
thus there is no need to store the length explicitly with DB2.
1 byte Reason for revocation
(currently the KSBA reason flags are used)
15 bytes ISO date of revocation (e.g. 19980815T142000)
Note that there is no terminating 0 stored.
The filename used is the hexadecimal (using uppercase letters)
SHA-1 hash value of the issuer DN prefixed with a "crl-" and
suffixed with a ".db". Thus the length of the filename is 47.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/stat.h>
#include <assert.h>
#include <dirent.h>
#include <fcntl.h>
#include <unistd.h>
#ifndef HAVE_W32_SYSTEM
#include <sys/utsname.h>
#endif
#ifdef MKDIR_TAKES_ONE_ARG
#undef mkdir
#define mkdir(a,b) mkdir(a)
#endif
#include "dirmngr.h"
#include "validate.h"
#include "certcache.h"
#include "crlcache.h"
#include "crlfetch.h"
#include "misc.h"
#include "cdb.h"
#include "estream-printf.h"
/* Change this whenever the format changes */
#define DBDIR_D (opt.system_daemon? "crls.d" : "dirmngr-cache.d")
#define DBDIRFILE "DIR.txt"
#define DBDIRVERSION 1
/* The number of DB files we may have open at one time. We need to
limit this because there is no guarantee that the number of issuers
has a upper limit. We are currently using mmap, so it is a good
idea anyway to limit the number of opened cache files. */
#define MAX_OPEN_DB_FILES 5
static const char oidstr_crlNumber[] = "2.5.29.20";
static const char oidstr_issuingDistributionPoint[] = "2.5.29.28";
static const char oidstr_authorityKeyIdentifier[] = "2.5.29.35";
/* Definition of one cached item. */
struct crl_cache_entry_s
{
struct crl_cache_entry_s *next;
int deleted; /* True if marked for deletion. */
int mark; /* Internally used by update_dir. */
unsigned int lineno;/* A 0 indicates a new entry. */
char *release_ptr; /* The actual allocated memory. */
char *url; /* Points into RELEASE_PTR. */
char *issuer; /* Ditto. */
char *issuer_hash; /* Ditto. */
char *dbfile_hash; /* MD5 sum of the cache file, points into RELEASE_PTR.*/
int invalid; /* Can't use this CRL. */
int user_trust_req; /* User supplied root certificate required. */
char *check_trust_anchor; /* Malloced fingerprint. */
ksba_isotime_t this_update;
ksba_isotime_t next_update;
ksba_isotime_t last_refresh; /* Use for the force_crl_refresh feature. */
char *crl_number;
char *authority_issuer;
char *authority_serialno;
struct cdb *cdb; /* The cache file handle or NULL if not open. */
unsigned int cdb_use_count; /* Current use count. */
unsigned int cdb_lru_count; /* Used for LRU purposes. */
int dbfile_checked; /* Set to true if the dbfile_hash value has
been checked one. */
};
/* Definition of the entire cache object. */
struct crl_cache_s
{
crl_cache_entry_t entries;
};
typedef struct crl_cache_s *crl_cache_t;
/* Prototypes. */
static crl_cache_entry_t find_entry (crl_cache_entry_t first,
const char *issuer_hash);
/* The currently loaded cache object. This isi usually initialized
right at startup. */
static crl_cache_t current_cache;
/* Return the current cache object or bail out if it is has not yet
been initialized. */
static crl_cache_t
get_current_cache (void)
{
if (!current_cache)
log_fatal ("CRL cache has not yet been initialized\n");
return current_cache;
}
/*
Create ae directory if it does not yet exists. Returns on
success, or -1 on error.
*/
static int
create_directory_if_needed (const char *name)
{
DIR *dir;
char *fname;
fname = make_filename (opt.homedir_cache, name, NULL);
dir = opendir (fname);
if (!dir)
{
log_info (_("creating directory `%s'\n"), fname);
if (mkdir (fname, S_IRUSR|S_IWUSR|S_IXUSR) )
{
int save_errno = errno;
log_error (_("error creating directory `%s': %s\n"),
fname, strerror (errno));
xfree (fname);
gpg_err_set_errno (save_errno);
return -1;
}
}
else
closedir (dir);
xfree (fname);
return 0;
}
/* Remove all files from the cache directory. If FORCE is not true,
some sanity checks on the filenames are done. Return 0 if
everything went fine. */
static int
cleanup_cache_dir (int force)
{
char *dname = make_filename (opt.homedir_cache, DBDIR_D, NULL);
DIR *dir;
struct dirent *de;
int problem = 0;
if (!force)
{ /* Very minor sanity checks. */
if (!strcmp (dname, "~/") || !strcmp (dname, "/" ))
{
log_error (_("ignoring database dir `%s'\n"), dname);
xfree (dname);
return -1;
}
}
dir = opendir (dname);
if (!dir)
{
log_error (_("error reading directory `%s': %s\n"),
dname, strerror (errno));
xfree (dname);
return -1;
}
while ((de = readdir (dir)))
{
if (strcmp (de->d_name, "." ) && strcmp (de->d_name, ".."))
{
char *cdbname = make_filename (dname, de->d_name, NULL);
int okay;
struct stat sbuf;
if (force)
okay = 1;
else
okay = (!stat (cdbname, &sbuf) && S_ISREG (sbuf.st_mode));
if (okay)
{
log_info (_("removing cache file `%s'\n"), cdbname);
- if (unlink (cdbname))
+ if (gnupg_remove (cdbname))
{
log_error ("failed to remove `%s': %s\n",
cdbname, strerror (errno));
problem = -1;
}
}
else
log_info (_("not removing file `%s'\n"), cdbname);
xfree (cdbname);
}
}
xfree (dname);
closedir (dir);
return problem;
}
/* Read the next line from the file FP and return the line in an
malloced buffer. Return NULL on error or EOF. There is no
limitation os the line length. The trailing linefeed has been
removed, the function will read the last line of a file, even if
that is not terminated by a LF. */
static char *
next_line_from_file (estream_t fp, gpg_error_t *r_err)
{
char buf[300];
char *largebuf = NULL;
size_t buflen;
size_t len = 0;
unsigned char *p;
int c;
char *tmpbuf;
*r_err = 0;
p = buf;
buflen = sizeof buf - 1;
while ((c=es_getc (fp)) != EOF && c != '\n')
{
if (len >= buflen)
{
if (!largebuf)
{
buflen += 1024;
largebuf = xtrymalloc ( buflen + 1 );
if (!largebuf)
{
*r_err = gpg_error_from_syserror ();
return NULL;
}
memcpy (largebuf, buf, len);
}
else
{
buflen += 1024;
tmpbuf = xtryrealloc (largebuf, buflen + 1);
if (!tmpbuf)
{
*r_err = gpg_error_from_syserror ();
xfree (largebuf);
return NULL;
}
largebuf = tmpbuf;
}
p = largebuf;
}
p[len++] = c;
}
if (c == EOF && !len)
return NULL;
p[len] = 0;
if (largebuf)
tmpbuf = xtryrealloc (largebuf, len+1);
else
tmpbuf = xtrystrdup (buf);
if (!tmpbuf)
{
*r_err = gpg_error_from_syserror ();
xfree (largebuf);
}
return tmpbuf;
}
/* Release one cache entry. */
static void
release_one_cache_entry (crl_cache_entry_t entry)
{
if (entry)
{
if (entry->cdb)
{
int fd = cdb_fileno (entry->cdb);
cdb_free (entry->cdb);
xfree (entry->cdb);
if (close (fd))
log_error (_("error closing cache file: %s\n"), strerror(errno));
}
xfree (entry->release_ptr);
xfree (entry->check_trust_anchor);
xfree (entry);
}
}
/* Release the CACHE object. */
static void
release_cache (crl_cache_t cache)
{
crl_cache_entry_t entry, entry2;
if (!cache)
return;
for (entry = cache->entries; entry; entry = entry2)
{
entry2 = entry->next;
release_one_cache_entry (entry);
}
cache->entries = NULL;
xfree (cache);
}
/* Open the dir file FNAME or create a new one if it does not yet
exist. */
static estream_t
open_dir_file (const char *fname)
{
estream_t fp;
fp = es_fopen (fname, "r");
if (!fp)
{
log_error (_("failed to open cache dir file `%s': %s\n"),
fname, strerror (errno));
/* Make sure that the directory exists, try to create if otherwise. */
if (create_directory_if_needed (NULL)
|| create_directory_if_needed (DBDIR_D))
return NULL;
fp = es_fopen (fname, "w");
if (!fp)
{
log_error (_("error creating new cache dir file `%s': %s\n"),
fname, strerror (errno));
return NULL;
}
es_fprintf (fp, "v:%d:\n", DBDIRVERSION);
if (es_ferror (fp))
{
log_error (_("error writing new cache dir file `%s': %s\n"),
fname, strerror (errno));
es_fclose (fp);
return NULL;
}
if (es_fclose (fp))
{
log_error (_("error closing new cache dir file `%s': %s\n"),
fname, strerror (errno));
return NULL;
}
log_info (_("new cache dir file `%s' created\n"), fname);
fp = es_fopen (fname, "r");
if (!fp)
{
log_error (_("failed to re-open cache dir file `%s': %s\n"),
fname, strerror (errno));
return NULL;
}
}
return fp;
}
/* Helper for open_dir. */
static gpg_error_t
check_dir_version (estream_t *fpadr, const char *fname,
unsigned int *lineno,
int cleanup_on_mismatch)
{
char *line;
gpg_error_t lineerr = 0;
estream_t fp = *fpadr;
int created = 0;
retry:
while ((line = next_line_from_file (fp, &lineerr)))
{
++*lineno;
if (*line == 'v' && line[1] == ':')
break;
else if (*line != '#')
{
log_error (_("first record of `%s' is not the version\n"), fname);
xfree (line);
return gpg_error (GPG_ERR_CONFIGURATION);
}
xfree (line);
}
if (lineerr)
return lineerr;
if (strtol (line+2, NULL, 10) != DBDIRVERSION)
{
if (!created && cleanup_on_mismatch)
{
log_error (_("old version of cache directory - cleaning up\n"));
es_fclose (fp);
*fpadr = NULL;
if (!cleanup_cache_dir (1))
{
*lineno = 0;
fp = *fpadr = open_dir_file (fname);
if (!fp)
{
xfree (line);
return gpg_error (GPG_ERR_CONFIGURATION);
}
created = 1;
goto retry;
}
}
log_error (_("old version of cache directory - giving up\n"));
xfree (line);
return gpg_error (GPG_ERR_CONFIGURATION);
}
xfree (line);
return 0;
}
/* Open the dir file and read in all available information. Store
that in a newly allocated cache object and return that if
everything worked out fine. Create the cache directory and the dir
if it does not yet exist. Remove all files in that directory if
the version does not match. */
static gpg_error_t
open_dir (crl_cache_t *r_cache)
{
crl_cache_t cache;
char *fname;
char *line = NULL;
gpg_error_t lineerr = 0;
estream_t fp;
crl_cache_entry_t entry, *entrytail;
unsigned int lineno;
gpg_error_t err = 0;
int anyerr = 0;
cache = xtrycalloc (1, sizeof *cache);
if (!cache)
return gpg_error_from_syserror ();
fname = make_filename (opt.homedir_cache, DBDIR_D, DBDIRFILE, NULL);
lineno = 0;
fp = open_dir_file (fname);
if (!fp)
{
err = gpg_error (GPG_ERR_CONFIGURATION);
goto leave;
}
err = check_dir_version (&fp, fname, &lineno, 1);
if (err)
goto leave;
/* Read in all supported entries from the dir file. */
cache->entries = NULL;
entrytail = &cache->entries;
xfree (line);
while ((line = next_line_from_file (fp, &lineerr)))
{
int fieldno;
char *p, *endp;
lineno++;
if ( *line == 'c' || *line == 'u' || *line == 'i' )
{
entry = xtrycalloc (1, sizeof *entry);
if (!entry)
{
err = gpg_error_from_syserror ();
goto leave;
}
entry->lineno = lineno;
entry->release_ptr = line;
if (*line == 'i')
{
entry->invalid = atoi (line+1);
if (entry->invalid < 1)
entry->invalid = 1;
}
else if (*line == 'u')
entry->user_trust_req = 1;
for (fieldno=1, p = line; p; p = endp, fieldno++)
{
endp = strchr (p, ':');
if (endp)
*endp++ = '\0';
switch (fieldno)
{
case 1: /* record type */ break;
case 2: entry->issuer_hash = p; break;
case 3: entry->issuer = unpercent_string (p); break;
case 4: entry->url = unpercent_string (p); break;
case 5: strncpy (entry->this_update, p, 15); break;
case 6: strncpy (entry->next_update, p, 15); break;
case 7: entry->dbfile_hash = p; break;
case 8: if (*p) entry->crl_number = p; break;
case 9:
if (*p)
entry->authority_issuer = unpercent_string (p);
break;
case 10:
if (*p)
entry->authority_serialno = unpercent_string (p);
break;
case 11:
if (*p)
entry->check_trust_anchor = xtrystrdup (p);
break;
default:
if (*p)
log_info (_("extra field detected in crl record of "
"`%s' line %u\n"), fname, lineno);
break;
}
}
if (!entry->issuer_hash)
{
log_info (_("invalid line detected in `%s' line %u\n"),
fname, lineno);
xfree (entry);
entry = NULL;
}
else if (find_entry (cache->entries, entry->issuer_hash))
{
/* Fixme: The duplicate checking used is not very
effective for large numbers of issuers. */
log_info (_("duplicate entry detected in `%s' line %u\n"),
fname, lineno);
xfree (entry);
entry = NULL;
}
else
{
line = NULL;
*entrytail = entry;
entrytail = &entry->next;
}
}
else if (*line == '#')
;
else
log_info (_("unsupported record type in `%s' line %u skipped\n"),
fname, lineno);
if (line)
xfree (line);
}
if (lineerr)
{
err = lineerr;
log_error (_("error reading `%s': %s\n"), fname, gpg_strerror (err));
goto leave;
}
if (es_ferror (fp))
{
log_error (_("error reading `%s': %s\n"), fname, strerror (errno));
err = gpg_error (GPG_ERR_CONFIGURATION);
goto leave;
}
/* Now do some basic checks on the data. */
for (entry = cache->entries; entry; entry = entry->next)
{
assert (entry->lineno);
if (strlen (entry->issuer_hash) != 40)
{
anyerr++;
log_error (_("invalid issuer hash in `%s' line %u\n"),
fname, entry->lineno);
}
else if ( !*entry->issuer )
{
anyerr++;
log_error (_("no issuer DN in `%s' line %u\n"),
fname, entry->lineno);
}
else if ( check_isotime (entry->this_update)
|| check_isotime (entry->next_update))
{
anyerr++;
log_error (_("invalid timestamp in `%s' line %u\n"),
fname, entry->lineno);
}
/* Checks not leading to an immediate fail. */
if (strlen (entry->dbfile_hash) != 32)
log_info (_("WARNING: invalid cache file hash in `%s' line %u\n"),
fname, entry->lineno);
}
if (anyerr)
{
log_error (_("detected errors in cache dir file\n"));
log_info (_("please check the reason and manually delete that file\n"));
err = gpg_error (GPG_ERR_CONFIGURATION);
}
leave:
es_fclose (fp);
xfree (line);
xfree (fname);
if (err)
{
release_cache (cache);
cache = NULL;
}
*r_cache = cache;
return err;
}
static void
write_percented_string (const char *s, estream_t fp)
{
for (; *s; s++)
if (*s == ':')
es_fputs ("%3A", fp);
else if (*s == '\n')
es_fputs ("%0A", fp);
else if (*s == '\r')
es_fputs ("%0D", fp);
else
es_putc (*s, fp);
}
static void
write_dir_line_crl (estream_t fp, crl_cache_entry_t e)
{
if (e->invalid)
es_fprintf (fp, "i%d", e->invalid);
else if (e->user_trust_req)
es_putc ('u', fp);
else
es_putc ('c', fp);
es_putc (':', fp);
es_fputs (e->issuer_hash, fp);
es_putc (':', fp);
write_percented_string (e->issuer, fp);
es_putc (':', fp);
write_percented_string (e->url, fp);
es_putc (':', fp);
es_fwrite (e->this_update, 15, 1, fp);
es_putc (':', fp);
es_fwrite (e->next_update, 15, 1, fp);
es_putc (':', fp);
es_fputs (e->dbfile_hash, fp);
es_putc (':', fp);
if (e->crl_number)
es_fputs (e->crl_number, fp);
es_putc (':', fp);
if (e->authority_issuer)
write_percented_string (e->authority_issuer, fp);
es_putc (':', fp);
if (e->authority_serialno)
es_fputs (e->authority_serialno, fp);
es_putc (':', fp);
if (e->check_trust_anchor && e->user_trust_req)
es_fputs (e->check_trust_anchor, fp);
es_putc ('\n', fp);
}
/* Update the current dir file using the cache. */
static gpg_error_t
update_dir (crl_cache_t cache)
{
char *fname = NULL;
char *tmpfname = NULL;
char *line = NULL;
gpg_error_t lineerr = 0;
estream_t fp;
estream_t fpout = NULL;
crl_cache_entry_t e;
unsigned int lineno;
gpg_error_t err = 0;
fname = make_filename (opt.homedir_cache, DBDIR_D, DBDIRFILE, NULL);
/* Fixme: Take an update file lock here. */
for (e= cache->entries; e; e = e->next)
e->mark = 1;
lineno = 0;
fp = es_fopen (fname, "r");
if (!fp)
{
err = gpg_error_from_errno (errno);
log_error (_("failed to open cache dir file `%s': %s\n"),
fname, strerror (errno));
goto leave;
}
err = check_dir_version (&fp, fname, &lineno, 0);
if (err)
goto leave;
es_rewind (fp);
lineno = 0;
/* Create a temporary DIR file. */
{
char *tmpbuf, *p;
const char *nodename;
#ifndef HAVE_W32_SYSTEM
struct utsname utsbuf;
#endif
#ifdef HAVE_W32_SYSTEM
nodename = "unknown";
#else
if (uname (&utsbuf))
nodename = "unknown";
else
nodename = utsbuf.nodename;
#endif
estream_asprintf (&tmpbuf, "DIR-tmp-%s-%u-%p.txt.tmp",
nodename, (unsigned int)getpid (), &tmpbuf);
if (!tmpbuf)
{
err = gpg_error_from_errno (errno);
log_error (_("failed to create temporary cache dir file `%s': %s\n"),
tmpfname, strerror (errno));
goto leave;
}
for (p=tmpbuf; *p; p++)
if (*p == '/')
*p = '.';
tmpfname = make_filename (opt.homedir_cache, DBDIR_D, tmpbuf, NULL);
xfree (tmpbuf);
}
fpout = es_fopen (tmpfname, "w");
if (!fpout)
{
err = gpg_error_from_errno (errno);
log_error (_("failed to create temporary cache dir file `%s': %s\n"),
tmpfname, strerror (errno));
goto leave;
}
while ((line = next_line_from_file (fp, &lineerr)))
{
lineno++;
if (*line == 'c' || *line == 'u' || *line == 'i')
{
/* Extract the issuer hash field. */
char *fieldp, *endp;
fieldp = strchr (line, ':');
endp = fieldp? strchr (++fieldp, ':') : NULL;
if (endp)
{
/* There should be no percent within the issuer hash
field, thus we can compare it pretty easily. */
*endp = 0;
e = find_entry ( cache->entries, fieldp);
*endp = ':'; /* Restore orginal line. */
if (e && e->deleted)
{
/* Marked for deletion, so don't write it. */
e->mark = 0;
}
else if (e)
{
/* Yep, this is valid entry we know about; write it out */
write_dir_line_crl (fpout, e);
e->mark = 0;
}
else
{ /* We ignore entries we don't have in our cache
because they may have been added in the meantime
by other instances of dirmngr. */
es_fprintf (fpout, "# Next line added by "
"another process; our pid is %lu\n",
(unsigned long)getpid ());
es_fputs (line, fpout);
es_putc ('\n', fpout);
}
}
else
{
es_fputs ("# Invalid line detected: ", fpout);
es_fputs (line, fpout);
es_putc ('\n', fpout);
}
}
else
{
/* Write out all non CRL lines as they are. */
es_fputs (line, fpout);
es_putc ('\n', fpout);
}
xfree (line);
}
if (!es_ferror (fp) && !es_ferror (fpout) && !lineerr)
{
/* Write out the remaining entries. */
for (e= cache->entries; e; e = e->next)
if (e->mark)
{
if (!e->deleted)
write_dir_line_crl (fpout, e);
e->mark = 0;
}
}
if (lineerr)
{
err = lineerr;
log_error (_("error reading `%s': %s\n"), fname, gpg_strerror (err));
goto leave;
}
if (es_ferror (fp))
{
err = gpg_error_from_errno (errno);
log_error (_("error reading `%s': %s\n"), fname, strerror (errno));
}
if (es_ferror (fpout))
{
err = gpg_error_from_errno (errno);
log_error (_("error writing `%s': %s\n"), tmpfname, strerror (errno));
}
if (err)
goto leave;
/* Rename the files. */
es_fclose (fp);
fp = NULL;
if (es_fclose (fpout))
{
err = gpg_error_from_errno (errno);
log_error (_("error closing `%s': %s\n"), tmpfname, strerror (errno));
goto leave;
}
fpout = NULL;
#ifdef HAVE_W32_SYSTEM
/* No atomic mv on W32 systems. */
- unlink (fname);
+ gnupg_remove (fname);
#endif
if (rename (tmpfname, fname))
{
err = gpg_error_from_errno (errno);
log_error (_("error renaming `%s' to `%s': %s\n"),
tmpfname, fname, strerror (errno));
goto leave;
}
leave:
/* Fixme: Relinquish update lock. */
xfree (line);
es_fclose (fp);
xfree (fname);
if (fpout)
{
es_fclose (fpout);
if (err && tmpfname)
gnupg_remove (tmpfname);
}
xfree (tmpfname);
return err;
}
/* Create the filename for the cache file from the 40 byte ISSUER_HASH
string. Caller must release the return string. */
static char *
make_db_file_name (const char *issuer_hash)
{
char bname[50];
assert (strlen (issuer_hash) == 40);
memcpy (bname, "crl-", 4);
memcpy (bname + 4, issuer_hash, 40);
strcpy (bname + 44, ".db");
return make_filename (opt.homedir_cache, DBDIR_D, bname, NULL);
}
/* Hash the file FNAME and return the MD5 digest in MD5BUFFER. The
caller must allocate MD%buffer wityh at least 16 bytes. Returns 0
on success. */
static int
hash_dbfile (const char *fname, unsigned char *md5buffer)
{
estream_t fp;
char *buffer;
size_t n;
gcry_md_hd_t md5;
gpg_err_code_t err;
buffer = xtrymalloc (65536);
fp = buffer? es_fopen (fname, "rb") : NULL;
if (!fp)
{
log_error (_("can't hash `%s': %s\n"), fname, strerror (errno));
xfree (buffer);
return -1;
}
err = gcry_md_open (&md5, GCRY_MD_MD5, 0);
if (err)
{
log_error (_("error setting up MD5 hash context: %s\n"),
gpg_strerror (err));
xfree (buffer);
es_fclose (fp);
return -1;
}
/* We better hash some information about the cache file layout in. */
sprintf (buffer, "%.100s/%.100s:%d", DBDIR_D, DBDIRFILE, DBDIRVERSION);
gcry_md_write (md5, buffer, strlen (buffer));
for (;;)
{
n = es_fread (buffer, 1, 65536, fp);
if (n < 65536 && es_ferror (fp))
{
log_error (_("error hashing `%s': %s\n"), fname, strerror (errno));
xfree (buffer);
es_fclose (fp);
gcry_md_close (md5);
return -1;
}
if (!n)
break;
gcry_md_write (md5, buffer, n);
}
es_fclose (fp);
xfree (buffer);
gcry_md_final (md5);
memcpy (md5buffer, gcry_md_read (md5, GCRY_MD_MD5), 16);
gcry_md_close (md5);
return 0;
}
/* Compare the file FNAME against the dexified MD5 hash MD5HASH and
return 0 if they match. */
static int
check_dbfile (const char *fname, const char *md5hexvalue)
{
unsigned char buffer1[16], buffer2[16];
if (strlen (md5hexvalue) != 32)
{
log_error (_("invalid formatted checksum for `%s'\n"), fname);
return -1;
}
unhexify (buffer1, md5hexvalue);
if (hash_dbfile (fname, buffer2))
return -1;
return memcmp (buffer1, buffer2, 16);
}
/* Open the cache file for ENTRY. This function implements a caching
strategy and might close unused cache files. It is required to use
unlock_db_file after using the file. */
static struct cdb *
lock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
{
char *fname;
int fd;
int open_count;
crl_cache_entry_t e;
if (entry->cdb)
{
entry->cdb_use_count++;
return entry->cdb;
}
for (open_count = 0, e = cache->entries; e; e = e->next)
{
if (e->cdb)
open_count++;
/* log_debug ("CACHE: cdb=%p use_count=%u lru_count=%u\n", */
/* e->cdb,e->cdb_use_count,e->cdb_lru_count); */
}
/* If there are too many file open, find the least recent used DB
file and close it. Note that for Pth thread safeness we need to
use a loop here. */
while (open_count >= MAX_OPEN_DB_FILES )
{
crl_cache_entry_t last_e = NULL;
unsigned int last_lru = (unsigned int)(-1);
for (e = cache->entries; e; e = e->next)
if (e->cdb && !e->cdb_use_count && e->cdb_lru_count < last_lru)
{
last_lru = e->cdb_lru_count;
last_e = e;
}
if (!last_e)
{
log_error (_("too many open cache files; can't open anymore\n"));
return NULL;
}
/* log_debug ("CACHE: closing file at cdb=%p\n", last_e->cdb); */
fd = cdb_fileno (last_e->cdb);
cdb_free (last_e->cdb);
xfree (last_e->cdb);
last_e->cdb = NULL;
if (close (fd))
log_error (_("error closing cache file: %s\n"), strerror(errno));
open_count--;
}
fname = make_db_file_name (entry->issuer_hash);
if (opt.verbose)
log_info (_("opening cache file `%s'\n"), fname );
if (!entry->dbfile_checked)
{
if (!check_dbfile (fname, entry->dbfile_hash))
entry->dbfile_checked = 1;
/* Note, in case of an error we don't print an error here but
let require the caller to do that check. */
}
entry->cdb = xtrycalloc (1, sizeof *entry->cdb);
if (!entry->cdb)
{
xfree (fname);
return NULL;
}
fd = open (fname, O_RDONLY);
if (fd == -1)
{
log_error (_("error opening cache file `%s': %s\n"),
fname, strerror (errno));
xfree (entry->cdb);
entry->cdb = NULL;
xfree (fname);
return NULL;
}
if (cdb_init (entry->cdb, fd))
{
log_error (_("error initializing cache file `%s' for reading: %s\n"),
fname, strerror (errno));
xfree (entry->cdb);
entry->cdb = NULL;
close (fd);
xfree (fname);
return NULL;
}
xfree (fname);
entry->cdb_use_count = 1;
entry->cdb_lru_count = 0;
return entry->cdb;
}
/* Unlock a cache file, so that it can be reused. */
static void
unlock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
{
if (!entry->cdb)
log_error (_("calling unlock_db_file on a closed file\n"));
else if (!entry->cdb_use_count)
log_error (_("calling unlock_db_file on an unlocked file\n"));
else
{
entry->cdb_use_count--;
entry->cdb_lru_count++;
}
/* If the entry was marked for deletion in the meantime do it now.
We do this for the sake of Pth thread safeness. */
if (!entry->cdb_use_count && entry->deleted)
{
crl_cache_entry_t eprev, enext;
enext = entry->next;
for (eprev = cache->entries;
eprev && eprev->next != entry; eprev = eprev->next)
;
assert (eprev);
if (eprev == cache->entries)
cache->entries = enext;
else
eprev->next = enext;
}
}
/* Find ISSUER_HASH in our cache FIRST. This may be used to enumerate
the linked list we use to keep the CRLs of an issuer. */
static crl_cache_entry_t
find_entry (crl_cache_entry_t first, const char *issuer_hash)
{
while (first && (first->deleted || strcmp (issuer_hash, first->issuer_hash)))
first = first->next;
return first;
}
/* Create a new CRL cache. This fucntion is usually called only once.
never fail. */
void
crl_cache_init(void)
{
crl_cache_t cache = NULL;
gpg_error_t err;
if (current_cache)
{
log_error ("crl cache has already been initialized - not doing twice\n");
return;
}
err = open_dir (&cache);
if (err)
log_fatal (_("failed to create a new cache object: %s\n"),
gpg_strerror (err));
current_cache = cache;
}
/* Remove the cache information and all its resources. Note that we
still keep the cache on disk. */
void
crl_cache_deinit (void)
{
if (current_cache)
{
release_cache (current_cache);
current_cache = NULL;
}
}
/* Delete the cache from disk. Return 0 on success.*/
int
crl_cache_flush (void)
{
int rc;
rc = cleanup_cache_dir (0)? -1 : 0;
return rc;
}
/* Check whether the certificate identified by ISSUER_HASH and
SN/SNLEN is valid; i.e. not listed in our cache. With
FORCE_REFRESH set to true, a new CRL will be retrieved even if the
cache has not yet expired. We use a 30 minutes threshold here so
that invoking this function several times won't load the CRL over
and over. */
static crl_cache_result_t
cache_isvalid (ctrl_t ctrl, const char *issuer_hash,
const unsigned char *sn, size_t snlen,
int force_refresh)
{
crl_cache_t cache = get_current_cache ();
crl_cache_result_t retval;
struct cdb *cdb;
int rc;
crl_cache_entry_t entry;
gnupg_isotime_t current_time;
size_t n;
(void)ctrl;
entry = find_entry (cache->entries, issuer_hash);
if (!entry)
{
log_info (_("no CRL available for issuer id %s\n"), issuer_hash );
return CRL_CACHE_DONTKNOW;
}
gnupg_get_isotime (current_time);
if (strcmp (entry->next_update, current_time) < 0 )
{
log_info (_("cached CRL for issuer id %s too old; update required\n"),
issuer_hash);
return CRL_CACHE_DONTKNOW;
}
if (force_refresh)
{
gnupg_isotime_t tmptime;
if (*entry->last_refresh)
{
gnupg_copy_time (tmptime, entry->last_refresh);
add_seconds_to_isotime (tmptime, 30 * 60);
if (strcmp (tmptime, current_time) < 0 )
{
log_info (_("force-crl-refresh active and %d minutes passed for"
" issuer id %s; update required\n"),
30, issuer_hash);
return CRL_CACHE_DONTKNOW;
}
}
else
{
log_info (_("force-crl-refresh active for"
" issuer id %s; update required\n"),
issuer_hash);
return CRL_CACHE_DONTKNOW;
}
}
if (entry->invalid)
{
log_info (_("available CRL for issuer ID %s can't be used\n"),
issuer_hash);
return CRL_CACHE_CANTUSE;
}
cdb = lock_db_file (cache, entry);
if (!cdb)
return CRL_CACHE_DONTKNOW; /* Hmmm, not the best error code. */
if (!entry->dbfile_checked)
{
log_error (_("cached CRL for issuer id %s tampered; we need to update\n")
, issuer_hash);
unlock_db_file (cache, entry);
return CRL_CACHE_DONTKNOW;
}
rc = cdb_find (cdb, sn, snlen);
if (rc == 1)
{
n = cdb_datalen (cdb);
if (n != 16)
{
log_error (_("WARNING: invalid cache record length for S/N "));
log_printhex ("", sn, snlen);
}
else if (opt.verbose)
{
unsigned char record[16];
char *tmp = hexify_data (sn, snlen);
if (cdb_read (cdb, record, n, cdb_datapos (cdb)))
log_error (_("problem reading cache record for S/N %s: %s\n"),
tmp, strerror (errno));
else
log_info (_("S/N %s is not valid; reason=%02X date=%.15s\n"),
tmp, *record, record+1);
xfree (tmp);
}
retval = CRL_CACHE_INVALID;
}
else if (!rc)
{
if (opt.verbose)
{
char *serialno = hexify_data (sn, snlen);
log_info (_("S/N %s is valid, it is not listed in the CRL\n"),
serialno );
xfree (serialno);
}
retval = CRL_CACHE_VALID;
}
else
{
log_error (_("error getting data from cache file: %s\n"),
strerror (errno));
retval = CRL_CACHE_DONTKNOW;
}
if (entry->user_trust_req
&& (retval == CRL_CACHE_VALID || retval == CRL_CACHE_INVALID))
{
if (!entry->check_trust_anchor)
{
log_error ("inconsistent data on user trust check\n");
retval = CRL_CACHE_CANTUSE;
}
else if (get_istrusted_from_client (ctrl, entry->check_trust_anchor))
{
if (opt.verbose)
log_info ("no system trust and client does not trust either\n");
retval = CRL_CACHE_CANTUSE;
}
else
{
/* Okay, the CRL is considered valid by the client and thus
we can return the result as is. */
}
}
unlock_db_file (cache, entry);
return retval;
}
/* Check whether the certificate identified by ISSUER_HASH and
SERIALNO is valid; i.e. not listed in our cache. With
FORCE_REFRESH set to true, a new CRL will be retrieved even if the
cache has not yet expired. We use a 30 minutes threshold here so
that invoking this function several times won't load the CRL over
and over. */
crl_cache_result_t
crl_cache_isvalid (ctrl_t ctrl, const char *issuer_hash, const char *serialno,
int force_refresh)
{
crl_cache_result_t result;
unsigned char snbuf_buffer[50];
unsigned char *snbuf;
size_t n;
n = strlen (serialno)/2+1;
if (n < sizeof snbuf_buffer - 1)
snbuf = snbuf_buffer;
else
{
snbuf = xtrymalloc (n);
if (!snbuf)
return CRL_CACHE_DONTKNOW;
}
n = unhexify (snbuf, serialno);
result = cache_isvalid (ctrl, issuer_hash, snbuf, n, force_refresh);
if (snbuf != snbuf_buffer)
xfree (snbuf);
return result;
}
/* Check whether the certificate CERT is valid; i.e. not listed in our
cache. With FORCE_REFRESH set to true, a new CRL will be retrieved
even if the cache has not yet expired. We use a 30 minutes
threshold here so that invoking this function several times won't
load the CRL over and over. */
gpg_error_t
crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert,
int force_refresh)
{
gpg_error_t err;
crl_cache_result_t result;
unsigned char issuerhash[20];
char issuerhash_hex[41];
ksba_sexp_t serial;
unsigned char *sn;
size_t snlen;
char *endp, *tmp;
int i;
/* Compute the hash value of the issuer name. */
tmp = ksba_cert_get_issuer (cert, 0);
if (!tmp)
{
log_error ("oops: issuer missing in certificate\n");
return gpg_error (GPG_ERR_INV_CERT_OBJ);
}
gcry_md_hash_buffer (GCRY_MD_SHA1, issuerhash, tmp, strlen (tmp));
xfree (tmp);
for (i=0,tmp=issuerhash_hex; i < 20; i++, tmp += 2)
sprintf (tmp, "%02X", issuerhash[i]);
/* Get the serial number. */
serial = ksba_cert_get_serial (cert);
if (!serial)
{
log_error ("oops: S/N missing in certificate\n");
return gpg_error (GPG_ERR_INV_CERT_OBJ);
}
sn = serial;
if (*sn != '(')
{
log_error ("oops: invalid S/N\n");
xfree (serial);
return gpg_error (GPG_ERR_INV_CERT_OBJ);
}
sn++;
snlen = strtoul (sn, &endp, 10);
sn = endp;
if (*sn != ':')
{
log_error ("oops: invalid S/N\n");
xfree (serial);
return gpg_error (GPG_ERR_INV_CERT_OBJ);
}
sn++;
/* Check the cache. */
result = cache_isvalid (ctrl, issuerhash_hex, sn, snlen, force_refresh);
switch (result)
{
case CRL_CACHE_VALID:
err = 0;
break;
case CRL_CACHE_INVALID:
err = gpg_error (GPG_ERR_CERT_REVOKED);
break;
case CRL_CACHE_DONTKNOW:
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
case CRL_CACHE_CANTUSE:
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
break;
default:
log_fatal ("cache_isvalid returned invalid status code %d\n", result);
}
xfree (serial);
return err;
}
/* Prepare a hash context for the signature verification. Input is
the CRL and the output is the hash context MD as well as the uses
algorithm identifier ALGO. */
static gpg_error_t
start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
{
gpg_error_t err;
const char *algoid;
algoid = ksba_crl_get_digest_algo (crl);
*algo = gcry_md_map_name (algoid);
if (!*algo)
{
log_error (_("unknown hash algorithm `%s'\n"), algoid? algoid:"?");
return gpg_error (GPG_ERR_DIGEST_ALGO);
}
err = gcry_md_open (md, *algo, 0);
if (err)
{
log_error (_("gcry_md_open for algorithm %d failed: %s\n"),
*algo, gcry_strerror (err));
return err;
}
if (DBG_HASHING)
gcry_md_debug (*md, "hash.cert");
ksba_crl_set_hash_function (crl, HASH_FNC, *md);
return 0;
}
/* Finish a hash context and verify the signature. This function
should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the
signature does not verify or any other error code. CRL is the CRL
object we are working on, MD the hash context and ISSUER_CERT the
certificate of the CRL issuer. This function closes MD. */
static gpg_error_t
finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
ksba_cert_t issuer_cert)
{
gpg_error_t err;
ksba_sexp_t sigval = NULL, pubkey = NULL;
const char *s;
char algoname[50];
size_t n;
gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
unsigned int i;
/* This also stops debugging on the MD. */
gcry_md_final (md);
/* Get and convert the signature value. */
sigval = ksba_crl_get_sig_val (crl);
n = gcry_sexp_canon_len (sigval, 0, NULL, NULL);
if (!n)
{
log_error (_("got an invalid S-expression from libksba\n"));
err = gpg_error (GPG_ERR_INV_SEXP);
goto leave;
}
err = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
if (err)
{
log_error (_("converting S-expression failed: %s\n"),
gcry_strerror (err));
goto leave;
}
/* Get and convert the public key for the issuer certificate. */
if (DBG_X509)
dump_cert ("crl_issuer_cert", issuer_cert);
pubkey = ksba_cert_get_public_key (issuer_cert);
n = gcry_sexp_canon_len (pubkey, 0, NULL, NULL);
if (!n)
{
log_error (_("got an invalid S-expression from libksba\n"));
err = gpg_error (GPG_ERR_INV_SEXP);
goto leave;
}
err = gcry_sexp_sscan (&s_pkey, NULL, pubkey, n);
if (err)
{
log_error (_("converting S-expression failed: %s\n"),
gcry_strerror (err));
goto leave;
}
/* Create an S-expression with the actual hash value. */
s = gcry_md_algo_name (algo);
for (i = 0; *s && i < sizeof(algoname) - 1; s++, i++)
algoname[i] = ascii_tolower (*s);
algoname[i] = 0;
err = gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
algoname,
gcry_md_get_algo_dlen (algo), gcry_md_read (md, algo));
if (err)
{
log_error (_("creating S-expression failed: %s\n"), gcry_strerror (err));
goto leave;
}
/* Pass this on to the signature verification. */
err = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_X509)
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (err));
leave:
xfree (sigval);
xfree (pubkey);
gcry_sexp_release (s_sig);
gcry_sexp_release (s_hash);
gcry_sexp_release (s_pkey);
gcry_md_close (md);
return err;
}
/* Call this to match a start_sig_check that can not be completed
normally. */
static void
abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
{
(void)crl;
gcry_md_close (md);
}
/* Workhorse of the CRL loading machinery. The CRL is read using the
CRL object and stored in the data base file DB with the name FNAME
(only used for printing error messages). That DB should be a
temporary one and not the actual one. If the function fails the
caller should delete this temporary database file. CTRL is
required to retrieve certificates using the general dirmngr
callback service. R_CRLISSUER returns an allocated string with the
crl-issuer DN, THIS_UPDATE and NEXT_UPDATE are filled with the
corresponding data from the CRL. Note that these values might get
set even if the CRL processing fails at a later step; thus the
caller should free *R_ISSUER even if the function returns with an
error. R_TRUST_ANCHOR is set on exit to NULL or a string with the
hexified fingerprint of the root certificate, if checking this
certificate for trustiness is required.
*/
static int
crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
struct cdb_make *cdb, const char *fname,
char **r_crlissuer,
ksba_isotime_t thisupdate, ksba_isotime_t nextupdate,
char **r_trust_anchor)
{
gpg_error_t err;
ksba_stop_reason_t stopreason;
ksba_cert_t crlissuer_cert = NULL;
gcry_md_hd_t md = NULL;
int algo = 0;
size_t n;
(void)fname;
*r_crlissuer = NULL;
*thisupdate = *nextupdate = 0;
*r_trust_anchor = NULL;
/* Start of the KSBA parser loop. */
do
{
err = ksba_crl_parse (crl, &stopreason);
if (err)
{
log_error (_("ksba_crl_parse failed: %s\n"), gpg_strerror (err) );
goto failure;
}
switch (stopreason)
{
case KSBA_SR_BEGIN_ITEMS:
{
if (start_sig_check (crl, &md, &algo ))
goto failure;
err = ksba_crl_get_update_times (crl, thisupdate, nextupdate);
if (err)
{
log_error (_("error getting update times of CRL: %s\n"),
gpg_strerror (err));
err = gpg_error (GPG_ERR_INV_CRL);
goto failure;
}
if (opt.verbose || !*nextupdate)
log_info (_("update times of this CRL: this=%s next=%s\n"),
thisupdate, nextupdate);
if (!*nextupdate)
{
log_info (_("nextUpdate not given; "
"assuming a validity period of one day\n"));
gnupg_copy_time (nextupdate, thisupdate);
add_seconds_to_isotime (nextupdate, 86400);
}
}
break;
case KSBA_SR_GOT_ITEM:
{
ksba_sexp_t serial;
const unsigned char *p;
ksba_isotime_t rdate;
ksba_crl_reason_t reason;
int rc;
unsigned char record[1+15];
err = ksba_crl_get_item (crl, &serial, rdate, &reason);
if (err)
{
log_error (_("error getting CRL item: %s\n"),
gpg_strerror (err));
err = gpg_error (GPG_ERR_INV_CRL);
ksba_free (serial);
goto failure;
}
p = serial_to_buffer (serial, &n);
if (!p)
BUG ();
record[0] = (reason & 0xff);
memcpy (record+1, rdate, 15);
rc = cdb_make_add (cdb, p, n, record, 1+15);
if (rc)
{
err = gpg_error_from_errno (errno);
log_error (_("error inserting item into "
"temporary cache file: %s\n"),
strerror (errno));
goto failure;
}
ksba_free (serial);
}
break;
case KSBA_SR_END_ITEMS:
break;
case KSBA_SR_READY:
{
char *crlissuer;
ksba_name_t authid;
ksba_sexp_t authidsn;
ksba_sexp_t keyid;
/* We need to look for the issuer only after having read
all items. The issuer itselfs comes before the items
but the optional authorityKeyIdentifier comes after the
items. */
err = ksba_crl_get_issuer (crl, &crlissuer);
if( err )
{
log_error (_("no CRL issuer found in CRL: %s\n"),
gpg_strerror (err) );
err = gpg_error (GPG_ERR_INV_CRL);
goto failure;
}
/* Note: This should be released by ksba_free, not xfree.
May need a memory reallocation dance. */
*r_crlissuer = crlissuer; /* (Do it here so we don't need
to free it later) */
if (!ksba_crl_get_auth_key_id (crl, &keyid, &authid, &authidsn))
{
const char *s;
if (opt.verbose)
log_info (_("locating CRL issuer certificate by "
"authorityKeyIdentifier\n"));
s = ksba_name_enum (authid, 0);
if (s && *authidsn)
crlissuer_cert = find_cert_bysn (ctrl, s, authidsn);
if (!crlissuer_cert && keyid)
crlissuer_cert = find_cert_bysubject (ctrl,
crlissuer, keyid);
if (!crlissuer_cert)
{
log_info ("CRL issuer certificate ");
if (keyid)
{
log_printf ("{");
dump_serial (keyid);
log_printf ("} ");
}
if (authidsn)
{
log_printf ("(#");
dump_serial (authidsn);
log_printf ("/");
dump_string (s);
log_printf (") ");
}
log_printf ("not found\n");
}
ksba_name_release (authid);
xfree (authidsn);
xfree (keyid);
}
else
crlissuer_cert = find_cert_bysubject (ctrl, crlissuer, NULL);
err = 0;
if (!crlissuer_cert)
{
err = gpg_error (GPG_ERR_MISSING_CERT);
goto failure;
}
err = finish_sig_check (crl, md, algo, crlissuer_cert);
if (err)
{
log_error (_("CRL signature verification failed: %s\n"),
gpg_strerror (err));
goto failure;
}
md = NULL;
err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
VALIDATE_MODE_CRL_RECURSIVE,
r_trust_anchor);
if (err)
{
log_error (_("error checking validity of CRL "
"issuer certificate: %s\n"),
gpg_strerror (err));
goto failure;
}
}
break;
default:
log_debug ("crl_parse_insert: unknown stop reason\n");
err = gpg_error (GPG_ERR_BUG);
goto failure;
}
}
while (stopreason != KSBA_SR_READY);
assert (!err);
failure:
if (md)
abort_sig_check (crl, md);
ksba_cert_release (crlissuer_cert);
return err;
}
/* Return the crlNumber extension as an allocated hex string or NULL
if there is none. */
static char *
get_crl_number (ksba_crl_t crl)
{
gpg_error_t err;
ksba_sexp_t number;
char *string;
err = ksba_crl_get_crl_number (crl, &number);
if (err)
return NULL;
string = serial_hex (number);
ksba_free (number);
return string;
}
/* Return the authorityKeyIdentifier or NULL if it is not available.
The issuer name may consists of several parts - they are delimted by
0x01. */
static char *
get_auth_key_id (ksba_crl_t crl, char **serialno)
{
gpg_error_t err;
ksba_name_t name;
ksba_sexp_t sn;
int idx;
const char *s;
char *string;
size_t length;
*serialno = NULL;
err = ksba_crl_get_auth_key_id (crl, NULL, &name, &sn);
if (err)
return NULL;
*serialno = serial_hex (sn);
ksba_free (sn);
if (!name)
return xstrdup ("");
length = 0;
for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
{
char *p = ksba_name_get_uri (name, idx);
length += strlen (p?p:s) + 1;
xfree (p);
}
string = xtrymalloc (length+1);
if (string)
{
*string = 0;
for (idx=0; (s = ksba_name_enum (name, idx)); idx++)
{
char *p = ksba_name_get_uri (name, idx);
if (*string)
strcat (string, "\x01");
strcat (string, p?p:s);
xfree (p);
}
}
ksba_name_release (name);
return string;
}
/* Insert the CRL retrieved using URL into the cache specified by
CACHE. The CRL itself will be read from the stream FP and is
expected in binary format. */
gpg_error_t
crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
{
crl_cache_t cache = get_current_cache ();
gpg_error_t err, err2;
ksba_crl_t crl;
char *fname = NULL;
char *newfname = NULL;
struct cdb_make cdb;
int fd_cdb = -1;
char *issuer = NULL;
char *issuer_hash = NULL;
ksba_isotime_t thisupdate, nextupdate;
crl_cache_entry_t entry = NULL;
crl_cache_entry_t e;
gnupg_isotime_t current_time;
char *checksum = NULL;
int invalidate_crl = 0;
int idx;
const char *oid;
int critical;
char *trust_anchor = NULL;
/* FIXME: We should acquire a mutex for the URL, so that we don't
simultaneously enter the same CRL twice. However this needs to be
interweaved with the checking function.*/
err2 = 0;
err = ksba_crl_new (&crl);
if (err)
{
log_error (_("ksba_crl_new failed: %s\n"), gpg_strerror (err));
goto leave;
}
err = ksba_crl_set_reader (crl, reader);
if ( err )
{
log_error (_("ksba_crl_set_reader failed: %s\n"), gpg_strerror (err));
goto leave;
}
/* Create a temporary cache file to load the CRL into. */
{
char *tmpfname, *p;
const char *nodename;
#ifndef HAVE_W32_SYSTEM
struct utsname utsbuf;
#endif
#ifdef HAVE_W32_SYSTEM
nodename = "unknown";
#else
if (uname (&utsbuf))
nodename = "unknown";
else
nodename = utsbuf.nodename;
#endif
estream_asprintf (&tmpfname, "crl-tmp-%s-%u-%p.db.tmp",
nodename, (unsigned int)getpid (), &tmpfname);
if (!tmpfname)
{
err = gpg_error_from_syserror ();
goto leave;
}
for (p=tmpfname; *p; p++)
if (*p == '/')
*p = '.';
fname = make_filename (opt.homedir_cache, DBDIR_D, tmpfname, NULL);
xfree (tmpfname);
if (!gnupg_remove (fname))
log_info (_("removed stale temporary cache file `%s'\n"), fname);
else if (errno != ENOENT)
{
err = gpg_error_from_syserror ();
log_error (_("problem removing stale temporary cache file `%s': %s\n"),
fname, gpg_strerror (err));
goto leave;
}
}
fd_cdb = open (fname, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fd_cdb == -1)
{
err = gpg_error_from_errno (errno);
log_error (_("error creating temporary cache file `%s': %s\n"),
fname, strerror (errno));
goto leave;
}
cdb_make_start(&cdb, fd_cdb);
err = crl_parse_insert (ctrl, crl, &cdb, fname,
&issuer, thisupdate, nextupdate, &trust_anchor);
if (err)
{
log_error (_("crl_parse_insert failed: %s\n"), gpg_strerror (err));
/* Error in cleanup ignored. */
cdb_make_finish (&cdb);
goto leave;
}
/* Finish the database. */
if (cdb_make_finish (&cdb))
{
err = gpg_error_from_errno (errno);
log_error (_("error finishing temporary cache file `%s': %s\n"),
fname, strerror (errno));
goto leave;
}
if (close (fd_cdb))
{
err = gpg_error_from_errno (errno);
log_error (_("error closing temporary cache file `%s': %s\n"),
fname, strerror (errno));
goto leave;
}
fd_cdb = -1;
/* Create a checksum. */
{
unsigned char md5buf[16];
if (hash_dbfile (fname, md5buf))
{
err = gpg_error (GPG_ERR_CHECKSUM);
goto leave;
}
checksum = hexify_data (md5buf, 16);
}
/* Check whether that new CRL is still not expired. */
gnupg_get_isotime (current_time);
if (strcmp (nextupdate, current_time) < 0 )
{
if (opt.force)
log_info (_("WARNING: new CRL still too old; it expired on %s "
"- loading anyway\n"), nextupdate);
else
{
log_error (_("new CRL still too old; it expired on %s\n"),
nextupdate);
if (!err2)
err2 = gpg_error (GPG_ERR_CRL_TOO_OLD);
invalidate_crl |= 1;
}
}
/* Check for unknown critical extensions. */
for (idx=0; !(err=ksba_crl_get_extension (crl, idx, &oid, &critical,
NULL, NULL)); idx++)
{
if (!critical
|| !strcmp (oid, oidstr_authorityKeyIdentifier)
|| !strcmp (oid, oidstr_crlNumber) )
continue;
log_error (_("unknown critical CRL extension %s\n"), oid);
if (!err2)
err2 = gpg_error (GPG_ERR_INV_CRL);
invalidate_crl |= 2;
}
if (gpg_err_code (err) == GPG_ERR_EOF
|| gpg_err_code (err) == GPG_ERR_NO_DATA )
err = 0;
if (err)
{
log_error (_("error reading CRL extensions: %s\n"), gpg_strerror (err));
err = gpg_error (GPG_ERR_INV_CRL);
}
/* Create an hex encoded SHA-1 hash of the issuer DN to be
used as the key for the cache. */
issuer_hash = hashify_data (issuer, strlen (issuer));
/* Create an ENTRY. */
entry = xtrycalloc (1, sizeof *entry);
if (!entry)
{
err = gpg_error_from_syserror ();
goto leave;
}
entry->release_ptr = xtrymalloc (strlen (issuer_hash) + 1
+ strlen (issuer) + 1
+ strlen (url) + 1
+ strlen (checksum) + 1);
if (!entry->release_ptr)
{
err = gpg_error_from_syserror ();
xfree (entry);
entry = NULL;
goto leave;
}
entry->issuer_hash = entry->release_ptr;
entry->issuer = stpcpy (entry->issuer_hash, issuer_hash) + 1;
entry->url = stpcpy (entry->issuer, issuer) + 1;
entry->dbfile_hash = stpcpy (entry->url, url) + 1;
strcpy (entry->dbfile_hash, checksum);
gnupg_copy_time (entry->this_update, thisupdate);
gnupg_copy_time (entry->next_update, nextupdate);
gnupg_copy_time (entry->last_refresh, current_time);
entry->crl_number = get_crl_number (crl);
entry->authority_issuer = get_auth_key_id (crl, &entry->authority_serialno);
entry->invalid = invalidate_crl;
entry->user_trust_req = !!trust_anchor;
entry->check_trust_anchor = trust_anchor;
trust_anchor = NULL;
/* Check whether we already have an entry for this issuer and mark
it as deleted. We better use a loop, just in case duplicates got
somehow into the list. */
for (e = cache->entries; (e=find_entry (e, entry->issuer_hash)); e = e->next)
e->deleted = 1;
/* Rename the temporary DB to the real name. */
newfname = make_db_file_name (entry->issuer_hash);
if (opt.verbose)
log_info (_("creating cache file `%s'\n"), newfname);
#ifdef HAVE_W32_SYSTEM
- unlink (newfname);
+ gnupg_remove (newfname);
#endif
if (rename (fname, newfname))
{
err = gpg_error_from_syserror ();
log_error (_("problem renaming `%s' to `%s': %s\n"),
fname, newfname, gpg_strerror (err));
goto leave;
}
xfree (fname); fname = NULL; /*(let the cleanup code not try to remove it)*/
/* Link the new entry in. */
entry->next = cache->entries;
cache->entries = entry;
entry = NULL;
err = update_dir (cache);
if (err)
{
log_error (_("updating the DIR file failed - "
"cache entry will get lost with the next program start\n"));
err = 0; /* Keep on running. */
}
leave:
release_one_cache_entry (entry);
if (fd_cdb != -1)
close (fd_cdb);
if (fname)
{
gnupg_remove (fname);
xfree (fname);
}
xfree (newfname);
ksba_crl_release (crl);
xfree (issuer);
xfree (issuer_hash);
xfree (checksum);
xfree (trust_anchor);
return err ? err : err2;
}
/* Print one cached entry E in a human readable format to stream
FP. Return 0 on success. */
static gpg_error_t
list_one_crl_entry (crl_cache_t cache, crl_cache_entry_t e, estream_t fp)
{
struct cdb_find cdbfp;
struct cdb *cdb;
int rc;
int warn = 0;
const unsigned char *s;
es_fputs ("--------------------------------------------------------\n", fp );
es_fprintf (fp, _("Begin CRL dump (retrieved via %s)\n"), e->url );
es_fprintf (fp, " Issuer:\t%s\n", e->issuer );
es_fprintf (fp, " Issuer Hash:\t%s\n", e->issuer_hash );
es_fprintf (fp, " This Update:\t%s\n", e->this_update );
es_fprintf (fp, " Next Update:\t%s\n", e->next_update );
es_fprintf (fp, " CRL Number :\t%s\n", e->crl_number? e->crl_number: "none");
es_fprintf (fp, " AuthKeyId :\t%s\n",
e->authority_serialno? e->authority_serialno:"none");
if (e->authority_serialno && e->authority_issuer)
{
es_fputs (" \t", fp);
for (s=e->authority_issuer; *s; s++)
if (*s == '\x01')
es_fputs ("\n \t", fp);
else
es_putc (*s, fp);
es_putc ('\n', fp);
}
es_fprintf (fp, " Trust Check:\t%s\n",
!e->user_trust_req? "[system]" :
e->check_trust_anchor? e->check_trust_anchor:"[missing]");
if ((e->invalid & 1))
es_fprintf (fp, _(" ERROR: The CRL will not be used "
"because it was still too old after an update!\n"));
if ((e->invalid & 2))
es_fprintf (fp, _(" ERROR: The CRL will not be used "
"due to an unknown critical extension!\n"));
if ((e->invalid & ~3))
es_fprintf (fp, _(" ERROR: The CRL will not be used\n"));
cdb = lock_db_file (cache, e);
if (!cdb)
return gpg_error (GPG_ERR_GENERAL);
if (!e->dbfile_checked)
es_fprintf (fp, _(" ERROR: This cached CRL may has been tampered with!\n"));
es_putc ('\n', fp);
rc = cdb_findinit (&cdbfp, cdb, NULL, 0);
while (!rc && (rc=cdb_findnext (&cdbfp)) > 0 )
{
unsigned char keyrecord[256];
unsigned char record[16];
int reason;
int any = 0;
cdbi_t n;
cdbi_t i;
rc = 0;
n = cdb_datalen (cdb);
if (n != 16)
{
log_error (_(" WARNING: invalid cache record length\n"));
warn = 1;
continue;
}
if (cdb_read (cdb, record, n, cdb_datapos (cdb)))
{
log_error (_("problem reading cache record: %s\n"),
strerror (errno));
warn = 1;
continue;
}
n = cdb_keylen (cdb);
if (n > sizeof keyrecord)
n = sizeof keyrecord;
if (cdb_read (cdb, keyrecord, n, cdb_keypos (cdb)))
{
log_error (_("problem reading cache key: %s\n"), strerror (errno));
warn = 1;
continue;
}
reason = *record;
es_fputs (" ", fp);
for (i = 0; i < n; i++)
es_fprintf (fp, "%02X", keyrecord[i]);
es_fputs (":\t reasons( ", fp);
if (reason & KSBA_CRLREASON_UNSPECIFIED)
es_fputs( "unspecified ", fp ), any = 1;
if (reason & KSBA_CRLREASON_KEY_COMPROMISE )
es_fputs( "key_compromise ", fp ), any = 1;
if (reason & KSBA_CRLREASON_CA_COMPROMISE )
es_fputs( "ca_compromise ", fp ), any = 1;
if (reason & KSBA_CRLREASON_AFFILIATION_CHANGED )
es_fputs( "affiliation_changed ", fp ), any = 1;
if (reason & KSBA_CRLREASON_SUPERSEDED )
es_fputs( "superseeded", fp ), any = 1;
if (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION )
es_fputs( "cessation_of_operation", fp ), any = 1;
if (reason & KSBA_CRLREASON_CERTIFICATE_HOLD )
es_fputs( "certificate_hold", fp ), any = 1;
if (reason && !any)
es_fputs( "other", fp );
es_fprintf (fp, ") rdate: %.15s\n", record+1);
}
if (rc)
log_error (_("error reading cache entry from db: %s\n"), strerror (rc));
unlock_db_file (cache, e);
es_fprintf (fp, _("End CRL dump\n") );
es_putc ('\n', fp);
return (rc||warn)? gpg_error (GPG_ERR_GENERAL) : 0;
}
/* Print the contents of the CRL CACHE in a human readable format to
stream FP. */
gpg_error_t
crl_cache_list (estream_t fp)
{
crl_cache_t cache = get_current_cache ();
crl_cache_entry_t entry;
gpg_error_t err = 0;
for (entry = cache->entries;
entry && !entry->deleted && !err;
entry = entry->next )
err = list_one_crl_entry (cache, entry, fp);
return err;
}
/* Load the CRL containing the file named FILENAME into our CRL cache. */
gpg_error_t
crl_cache_load (ctrl_t ctrl, const char *filename)
{
gpg_error_t err;
estream_t fp;
ksba_reader_t reader;
fp = es_fopen (filename, "r");
if (!fp)
{
err = gpg_error_from_errno (errno);
log_error (_("can't open `%s': %s\n"), filename, strerror (errno));
return err;
}
err = create_estream_ksba_reader (&reader, fp);
if (!err)
{
err = crl_cache_insert (ctrl, filename, reader);
ksba_reader_release (reader);
}
es_fclose (fp);
return err;
}
/* Locate the corresponding CRL for the certificate CERT, read and
verify the CRL and store it in the cache. */
gpg_error_t
crl_cache_reload_crl (ctrl_t ctrl, ksba_cert_t cert)
{
gpg_error_t err;
ksba_reader_t reader = NULL;
char *issuer = NULL;
ksba_name_t distpoint = NULL;
ksba_name_t issuername = NULL;
char *distpoint_uri = NULL;
char *issuername_uri = NULL;
int any_dist_point = 0;
int seq;
/* Loop over all distribution points, get the CRLs and put them into
the cache. */
if (opt.verbose)
log_info ("checking distribution points\n");
seq = 0;
while ( !(err = ksba_cert_get_crl_dist_point (cert, seq++,
&distpoint,
&issuername, NULL )))
{
int name_seq;
gpg_error_t last_err = 0;
if (!distpoint && !issuername)
{
if (opt.verbose)
log_info ("no issuer name and no distribution point\n");
break; /* Not allowed; i.e. an invalid certificate. We give
up here and hope that the default method returns a
suitable CRL. */
}
xfree (issuername_uri); issuername_uri = NULL;
/* Get the URIs. We do this in a loop to iterate over all names
in the crlDP. */
for (name_seq=0; ksba_name_enum (distpoint, name_seq); name_seq++)
{
xfree (distpoint_uri); distpoint_uri = NULL;
distpoint_uri = ksba_name_get_uri (distpoint, name_seq);
if (!distpoint_uri)
continue;
if (!strncmp (distpoint_uri, "ldap:", 5)
|| !strncmp (distpoint_uri, "ldaps:", 6))
{
if (opt.ignore_ldap_dp)
continue;
}
else if (!strncmp (distpoint_uri, "http:", 5)
|| !strncmp (distpoint_uri, "https:", 6))
{
if (opt.ignore_http_dp)
continue;
}
else
continue; /* Skip unknown schemes. */
any_dist_point = 1;
if (opt.verbose)
log_info ("fetching CRL from `%s'\n", distpoint_uri);
err = crl_fetch (ctrl, distpoint_uri, &reader);
if (err)
{
log_error (_("crl_fetch via DP failed: %s\n"),
gpg_strerror (err));
last_err = err;
continue; /* with the next name. */
}
if (opt.verbose)
log_info ("inserting CRL (reader %p)\n", reader);
err = crl_cache_insert (ctrl, distpoint_uri, reader);
if (err)
{
log_error (_("crl_cache_insert via DP failed: %s\n"),
gpg_strerror (err));
last_err = err;
continue; /* with the next name. */
}
last_err = 0;
break; /* Ready. */
}
if (last_err)
{
err = last_err;
goto leave;
}
ksba_name_release (distpoint); distpoint = NULL;
/* We don't do anything with issuername_uri yet but we keep the
code for documentation. */
issuername_uri = ksba_name_get_uri (issuername, 0);
ksba_name_release (issuername); issuername = NULL;
}
if (gpg_err_code (err) == GPG_ERR_EOF)
err = 0;
/* If we did not found any distpoint, try something reasonable. */
if (!any_dist_point )
{
if (opt.verbose)
log_info ("no distribution point - trying issuer name\n");
if (reader)
{
crl_close_reader (reader);
reader = NULL;
}
issuer = ksba_cert_get_issuer (cert, 0);
if (!issuer)
{
log_error ("oops: issuer missing in certificate\n");
err = gpg_error (GPG_ERR_INV_CERT_OBJ);
goto leave;
}
if (opt.verbose)
log_info ("fetching CRL from default location\n");
err = crl_fetch_default (ctrl, issuer, &reader);
if (err)
{
log_error ("crl_fetch via issuer failed: %s\n",
gpg_strerror (err));
goto leave;
}
if (opt.verbose)
log_info ("inserting CRL (reader %p)\n", reader);
err = crl_cache_insert (ctrl, "default location(s)", reader);
if (err)
{
log_error (_("crl_cache_insert via issuer failed: %s\n"),
gpg_strerror (err));
goto leave;
}
}
leave:
if (reader)
crl_close_reader (reader);
xfree (distpoint_uri);
xfree (issuername_uri);
ksba_name_release (distpoint);
ksba_name_release (issuername);
ksba_free (issuer);
return err;
}
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 7aafc48ce..771a58642 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1,1829 +1,1838 @@
/* dirmngr.c - LDAP access
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
* Copyright (C) 2003, 2004, 2006, 2007, 2008, 2010 g10 Code GmbH
*
* This file is part of DirMngr.
*
* DirMngr is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* DirMngr is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <time.h>
#include <fcntl.h>
#ifndef HAVE_W32_SYSTEM
#include <sys/socket.h>
#include <sys/un.h>
#endif
#include <sys/stat.h>
#include <unistd.h>
#ifdef HAVE_SIGNAL_H
# include <signal.h>
#endif
#include <pth.h>
#define JNLIB_NEED_LOG_LOGV
#define JNLIB_NEED_AFLOCAL
#include "dirmngr.h"
#include <assuan.h>
#include "certcache.h"
#include "crlcache.h"
#include "crlfetch.h"
#include "misc.h"
#include "ldapserver.h"
#include "asshelp.h"
#include "ldap-wrapper.h"
/* The plain Windows version uses the windows service system. For
example to start the service you may use "sc start dirmngr".
WindowsCE does not support this; the service system over there is
based on a single process with all services being DLLs - we can't
support this easily. */
#if defined(HAVE_W32_SYSTEM) && !defined(HAVE_W32CE_SYSTEM)
# define USE_W32_SERVICE 1
#endif
enum cmd_and_opt_values {
aNull = 0,
oCsh = 'c',
oQuiet = 'q',
oSh = 's',
oVerbose = 'v',
oNoVerbose = 500,
aServer,
aDaemon,
aService,
aListCRLs,
aLoadCRL,
aFetchCRL,
aShutdown,
aFlush,
aGPGConfList,
aGPGConfTest,
oOptions,
oDebug,
oDebugAll,
oDebugWait,
oDebugLevel,
oNoGreeting,
oNoOptions,
oHomedir,
oNoDetach,
oLogFile,
oBatch,
oDisableHTTP,
oDisableLDAP,
oIgnoreLDAPDP,
oIgnoreHTTPDP,
oIgnoreOCSPSvcUrl,
oHonorHTTPProxy,
oHTTPProxy,
oLDAPProxy,
oOnlyLDAPProxy,
oLDAPFile,
oLDAPTimeout,
oLDAPAddServers,
oOCSPResponder,
oOCSPSigner,
oOCSPMaxClockSkew,
oOCSPMaxPeriod,
oOCSPCurrentPeriod,
oMaxReplies,
oFakedSystemTime,
oForce,
oAllowOCSP,
oSocketName,
oLDAPWrapperProgram,
oHTTPWrapperProgram,
oIgnoreCertExtension,
aTest
};
static ARGPARSE_OPTS opts[] = {
ARGPARSE_group (300, N_("@Commands:\n ")),
ARGPARSE_c (aServer, "server", N_("run in server mode (foreground)") ),
ARGPARSE_c (aDaemon, "daemon", N_("run in daemon mode (background)") ),
#ifdef USE_W32_SERVICE
ARGPARSE_c (aService, "service", N_("run as windows service (background)")),
#endif
ARGPARSE_c (aListCRLs, "list-crls", N_("list the contents of the CRL cache")),
ARGPARSE_c (aLoadCRL, "load-crl", N_("|FILE|load CRL from FILE into cache")),
ARGPARSE_c (aFetchCRL, "fetch-crl", N_("|URL|fetch a CRL from URL")),
ARGPARSE_c (aShutdown, "shutdown", N_("shutdown the dirmngr")),
ARGPARSE_c (aFlush, "flush", N_("flush the cache")),
ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
ARGPARSE_group (301, N_("@\nOptions:\n ")),
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")),
ARGPARSE_s_n (oSh, "sh", N_("sh-style command output")),
ARGPARSE_s_n (oCsh, "csh", N_("csh-style command output")),
ARGPARSE_s_s (oOptions, "options", N_("|FILE|read options from FILE")),
ARGPARSE_s_s (oDebugLevel, "debug-level",
N_("|LEVEL|set the debugging level to LEVEL")),
ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
ARGPARSE_s_s (oLogFile, "log-file",
N_("|FILE|write server mode logs to FILE")),
ARGPARSE_s_n (oBatch, "batch", N_("run without asking a user")),
ARGPARSE_s_n (oForce, "force", N_("force loading of outdated CRLs")),
ARGPARSE_s_n (oAllowOCSP, "allow-ocsp", N_("allow sending OCSP requests")),
ARGPARSE_s_n (oDisableHTTP, "disable-http", N_("inhibit the use of HTTP")),
ARGPARSE_s_n (oDisableLDAP, "disable-ldap", N_("inhibit the use of LDAP")),
ARGPARSE_s_n (oIgnoreHTTPDP,"ignore-http-dp",
N_("ignore HTTP CRL distribution points")),
ARGPARSE_s_n (oIgnoreLDAPDP,"ignore-ldap-dp",
N_("ignore LDAP CRL distribution points")),
ARGPARSE_s_n (oIgnoreOCSPSvcUrl, "ignore-ocsp-service-url",
N_("ignore certificate contained OCSP service URLs")),
ARGPARSE_s_s (oHTTPProxy, "http-proxy",
N_("|URL|redirect all HTTP requests to URL")),
ARGPARSE_s_s (oLDAPProxy, "ldap-proxy",
N_("|HOST|use HOST for LDAP queries")),
ARGPARSE_s_n (oOnlyLDAPProxy, "only-ldap-proxy",
N_("do not use fallback hosts with --ldap-proxy")),
ARGPARSE_s_s (oLDAPFile, "ldapserverlist-file",
N_("|FILE|read LDAP server list from FILE")),
ARGPARSE_s_n (oLDAPAddServers, "add-servers",
N_("add new servers discovered in CRL distribution"
" points to serverlist")),
ARGPARSE_s_i (oLDAPTimeout, "ldaptimeout",
N_("|N|set LDAP timeout to N seconds")),
ARGPARSE_s_s (oOCSPResponder, "ocsp-responder",
N_("|URL|use OCSP responder at URL")),
ARGPARSE_s_s (oOCSPSigner, "ocsp-signer",
N_("|FPR|OCSP response signed by FPR")),
ARGPARSE_s_i (oOCSPMaxClockSkew, "ocsp-max-clock-skew", "@"),
ARGPARSE_s_i (oOCSPMaxPeriod, "ocsp-max-period", "@"),
ARGPARSE_s_i (oOCSPCurrentPeriod, "ocsp-current-period", "@"),
ARGPARSE_s_i (oMaxReplies, "max-replies",
N_("|N|do not return more than N items in one query")),
ARGPARSE_s_s (oSocketName, "socket-name", N_("|FILE|listen on socket FILE")),
ARGPARSE_s_u (oFakedSystemTime, "faked-system-time", "@"), /*(epoch time)*/
ARGPARSE_p_u (oDebug, "debug", "@"),
ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_s (oLDAPWrapperProgram, "ldap-wrapper-program", "@"),
ARGPARSE_s_s (oHTTPWrapperProgram, "http-wrapper-program", "@"),
ARGPARSE_s_n (oHonorHTTPProxy, "honor-http-proxy", "@"),
ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"),
ARGPARSE_group (302,N_("@\n(See the \"info\" manual for a complete listing "
"of all commands and options)\n")),
ARGPARSE_end ()
};
#define DEFAULT_MAX_REPLIES 10
#define DEFAULT_LDAP_TIMEOUT 100 /* arbitrary large timeout */
/* For the cleanup handler we need to keep track of the socket's name. */
static const char *socket_name;
/* We need to keep track of the server's nonces (these are dummies for
POSIX systems). */
static assuan_sock_nonce_t socket_nonce;
/* Only if this flag has been set we will remove the socket file. */
static int cleanup_socket;
/* Keep track of the current log file so that we can avoid updating
the log file after a SIGHUP if it didn't changed. Malloced. */
static char *current_logfile;
/* Helper to implement --debug-level. */
static const char *debug_level;
/* Flag indicating that a shutdown has been requested. */
static volatile int shutdown_pending;
/* Counter for the active connections. */
static int active_connections;
/* The timer tick used for housekeeping stuff. For Windows we use a
longer period as the SetWaitableTimer seems to signal earlier than
the 2 seconds. */
#ifdef HAVE_W32_SYSTEM
#define TIMERTICK_INTERVAL (4)
#else
#define TIMERTICK_INTERVAL (2) /* Seconds. */
#endif
/* This union is used to avoid compiler warnings in case a pointer is
64 bit and an int 32 bit. We store an integer in a pointer and get
it back later (pth_key_getdata et al.). */
union int_and_ptr_u
{
int aint;
assuan_fd_t afd;
void *aptr;
};
/* The key used to store the current file descriptor in the thread
local storage. We use this in conjunction with the
log_set_pid_suffix_cb feature.. */
#ifndef HAVE_W32_SYSTEM
static int my_tlskey_current_fd;
#endif
/* Prototypes. */
static void cleanup (void);
static ldap_server_t parse_ldapserver_file (const char* filename);
static fingerprint_list_t parse_ocsp_signer (const char *string);
static void handle_connections (assuan_fd_t listen_fd);
/* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL;
static int fixed_gcry_pth_init (void)
{
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
}
static const char *
my_strusage( int level )
{
const char *p;
switch ( level )
{
case 11: p = "dirmngr (GnuPG)";
break;
case 13: p = VERSION; break;
case 17: p = PRINTABLE_OS_NAME; break;
/* TRANSLATORS: @EMAIL@ will get replaced by the actual bug
reporting address. This is so that we can change the
reporting address without breaking the translations. */
case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
case 49: p = PACKAGE_BUGREPORT; break;
case 1:
case 40: p = _("Usage: dirmngr [options] (-h for help)");
break;
case 41: p = _("Syntax: dirmngr [options] [command [args]]\n"
"LDAP and OCSP access for GnuPG\n");
break;
default: p = NULL;
}
return p;
}
/* Callback from libksba to hash a provided buffer. Our current
implementation does only allow SHA-1 for hashing. This may be
extended by mapping the name, testing for algorithm availibility
and adjust the length checks accordingly. */
static gpg_error_t
my_ksba_hash_buffer (void *arg, const char *oid,
const void *buffer, size_t length, size_t resultsize,
unsigned char *result, size_t *resultlen)
{
(void)arg;
if (oid && strcmp (oid, "1.3.14.3.2.26"))
return gpg_error (GPG_ERR_NOT_SUPPORTED);
if (resultsize < 20)
return gpg_error (GPG_ERR_BUFFER_TOO_SHORT);
gcry_md_hash_buffer (2, result, buffer, length);
*resultlen = 20;
return 0;
}
/* Setup the debugging. With a LEVEL of NULL only the active debug
flags are propagated to the subsystems. With LEVEL set, a specific
set of debug flags is set; thus overriding all flags already
set. */
static void
set_debug (void)
{
int numok = (debug_level && digitp (debug_level));
int numlvl = numok? atoi (debug_level) : 0;
if (!debug_level)
;
else if (!strcmp (debug_level, "none") || (numok && numlvl < 1))
opt.debug = 0;
else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2))
opt.debug = DBG_ASSUAN_VALUE;
else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5))
opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE);
else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8))
opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE
|DBG_CACHE_VALUE|DBG_CRYPTO_VALUE);
else if (!strcmp (debug_level, "guru") || numok)
{
opt.debug = ~0;
/* Unless the "guru" string has been used we don't want to allow
hashing debugging. The rationale is that people tend to
select the highest debug value and would then clutter their
disk with debug files which may reveal confidential data. */
if (numok)
opt.debug &= ~(DBG_HASHING_VALUE);
}
else
{
log_error (_("invalid debug-level `%s' given\n"), debug_level);
log_info (_("valid debug levels are: %s\n"),
"none, basic, advanced, expert, guru");
opt.debug = 0; /* Reset debugging, so that prior debug
statements won't have an undesired effect. */
}
if (opt.debug && !opt.verbose)
{
opt.verbose = 1;
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
}
if (opt.debug && opt.quiet)
opt.quiet = 0;
if (opt.debug & DBG_CRYPTO_VALUE )
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
}
static void
wrong_args (const char *text)
{
es_fputs (_("usage: dirmngr [options] "), es_stderr);
es_fputs (text, es_stderr);
es_putc ('\n', es_stderr);
dirmngr_exit (2);
}
/* Helper to stop the reaper thread for the ldap wrapper. */
static void
shutdown_reaper (void)
{
ldap_wrapper_wait_connections ();
}
/* Handle options which are allowed to be reset after program start.
Return true if the current option in PARGS could be handled and
false if not. As a special feature, passing a value of NULL for
PARGS, resets the options to the default. REREAD should be set
true if it is not the initial option parsing. */
static int
parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
{
if (!pargs)
{ /* Reset mode. */
opt.quiet = 0;
opt.verbose = 0;
opt.debug = 0;
opt.ldap_wrapper_program = NULL;
opt.disable_http = 0;
opt.disable_ldap = 0;
opt.honor_http_proxy = 0;
opt.http_proxy = NULL;
opt.ldap_proxy = NULL;
opt.only_ldap_proxy = 0;
opt.ignore_http_dp = 0;
opt.ignore_ldap_dp = 0;
opt.ignore_ocsp_service_url = 0;
opt.allow_ocsp = 0;
opt.ocsp_responder = NULL;
opt.ocsp_max_clock_skew = 10 * 60; /* 10 minutes. */
opt.ocsp_max_period = 90 * 86400; /* 90 days. */
opt.ocsp_current_period = 3 * 60 * 60; /* 3 hours. */
opt.max_replies = DEFAULT_MAX_REPLIES;
while (opt.ocsp_signer)
{
fingerprint_list_t tmp = opt.ocsp_signer->next;
xfree (opt.ocsp_signer);
opt.ocsp_signer = tmp;
}
FREE_STRLIST (opt.ignored_cert_extensions);
return 1;
}
switch (pargs->r_opt)
{
case oQuiet: opt.quiet = 1; break;
case oVerbose: opt.verbose++; break;
case oDebug: opt.debug |= pargs->r.ret_ulong; break;
case oDebugAll: opt.debug = ~0; break;
case oDebugLevel: debug_level = pargs->r.ret_str; break;
case oLogFile:
if (!reread)
return 0; /* Not handled. */
if (!current_logfile || !pargs->r.ret_str
|| strcmp (current_logfile, pargs->r.ret_str))
{
log_set_file (pargs->r.ret_str);
xfree (current_logfile);
current_logfile = xtrystrdup (pargs->r.ret_str);
}
break;
case oLDAPWrapperProgram:
opt.ldap_wrapper_program = pargs->r.ret_str;
break;
case oHTTPWrapperProgram:
opt.http_wrapper_program = pargs->r.ret_str;
break;
case oDisableHTTP: opt.disable_http = 1; break;
case oDisableLDAP: opt.disable_ldap = 1; break;
case oHonorHTTPProxy: opt.honor_http_proxy = 1; break;
case oHTTPProxy: opt.http_proxy = pargs->r.ret_str; break;
case oLDAPProxy: opt.ldap_proxy = pargs->r.ret_str; break;
case oOnlyLDAPProxy: opt.only_ldap_proxy = 1; break;
case oIgnoreHTTPDP: opt.ignore_http_dp = 1; break;
case oIgnoreLDAPDP: opt.ignore_ldap_dp = 1; break;
case oIgnoreOCSPSvcUrl: opt.ignore_ocsp_service_url = 1; break;
case oAllowOCSP: opt.allow_ocsp = 1; break;
case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
case oOCSPSigner:
opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str);
break;
case oOCSPMaxClockSkew: opt.ocsp_max_clock_skew = pargs->r.ret_int; break;
case oOCSPMaxPeriod: opt.ocsp_max_period = pargs->r.ret_int; break;
case oOCSPCurrentPeriod: opt.ocsp_current_period = pargs->r.ret_int; break;
case oMaxReplies: opt.max_replies = pargs->r.ret_int; break;
case oIgnoreCertExtension:
add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str);
break;
default:
return 0; /* Not handled. */
}
return 1; /* Handled. */
}
#ifdef USE_W32_SERVICE
/* The global status of our service. */
SERVICE_STATUS_HANDLE service_handle;
SERVICE_STATUS service_status;
DWORD WINAPI
w32_service_control (DWORD control, DWORD event_type, LPVOID event_data,
LPVOID context)
{
/* event_type and event_data are not used here. */
switch (control)
{
case SERVICE_CONTROL_SHUTDOWN:
/* For shutdown we will try to force termination. */
service_status.dwCurrentState = SERVICE_STOP_PENDING;
SetServiceStatus (service_handle, &service_status);
shutdown_pending = 3;
break;
case SERVICE_CONTROL_STOP:
service_status.dwCurrentState = SERVICE_STOP_PENDING;
SetServiceStatus (service_handle, &service_status);
shutdown_pending = 1;
break;
default:
break;
}
return 0;
}
#endif /*USE_W32_SERVICE*/
#ifndef HAVE_W32_SYSTEM
static int
pid_suffix_callback (unsigned long *r_suffix)
{
union int_and_ptr_u value;
value.aptr = pth_key_getdata (my_tlskey_current_fd);
*r_suffix = value.aint;
return (*r_suffix != -1); /* Use decimal representation. */
}
#endif /*!HAVE_W32_SYSTEM*/
#ifdef USE_W32_SERVICE
# define main real_main
#endif
int
main (int argc, char **argv)
{
#ifdef USE_W32_SERVICE
# undef main
#endif
enum cmd_and_opt_values cmd = 0;
ARGPARSE_ARGS pargs;
int orig_argc;
char **orig_argv;
FILE *configfp = NULL;
char *configname = NULL;
const char *shell;
unsigned configlineno;
int parse_debug = 0;
int default_config =1;
int greeting = 0;
int nogreeting = 0;
int nodetach = 0;
int csh_style = 0;
char *logfile = NULL;
char *ldapfile = NULL;
int debug_wait = 0;
int rc;
int homedir_seen = 0;
struct assuan_malloc_hooks malloc_hooks;
#ifdef USE_W32_SERVICE
/* The option will be set by main() below if we should run as a
system daemon. */
if (opt.system_service)
{
service_handle
= RegisterServiceCtrlHandlerEx ("DirMngr",
&w32_service_control, NULL /*FIXME*/);
if (service_handle == 0)
log_error ("failed to register service control handler: ec=%d",
(int) GetLastError ());
service_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
service_status.dwCurrentState = SERVICE_START_PENDING;
service_status.dwControlsAccepted
= SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN;
service_status.dwWin32ExitCode = NO_ERROR;
service_status.dwServiceSpecificExitCode = NO_ERROR;
service_status.dwCheckPoint = 0;
service_status.dwWaitHint = 10000; /* 10 seconds timeout. */
SetServiceStatus (service_handle, &service_status);
}
#endif /*USE_W32_SERVICE*/
set_strusage (my_strusage);
log_set_prefix ("dirmngr", 1|4);
/* Make sure that our subsystems are ready. */
i18n_init ();
init_common_subsystems (&argc, &argv);
/* Libgcrypt requires us to register the threading model first.
Note that this will also do the pth_init. */
gcry_threads_pth.init = fixed_gcry_pth_init;
rc = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (rc)
{
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
gpg_strerror (rc));
}
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
/* Check that the libraries are suitable. Do it here because
the option parsing may need services of the libraries. */
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
if (!ksba_check_version (NEED_KSBA_VERSION) )
log_fatal( _("%s is too old (need %s, have %s)\n"), "libksba",
NEED_KSBA_VERSION, ksba_check_version (NULL) );
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
ksba_set_hash_buffer_function (my_ksba_hash_buffer, NULL);
/* Init Assuan. */
malloc_hooks.malloc = gcry_malloc;
malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_set_system_hooks (ASSUAN_SYSTEM_PTH);
assuan_sock_init ();
setup_libassuan_logging (&opt.debug);
setup_libgcrypt_logging ();
/* Setup defaults. */
shell = getenv ("SHELL");
if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
csh_style = 1;
opt.homedir = default_homedir ();
/* Now with Pth running we can set the logging callback. Our
windows implementation does not yet feature the Pth TLS
functions. */
#ifndef HAVE_W32_SYSTEM
if (pth_key_create (&my_tlskey_current_fd, NULL))
if (pth_key_setdata (my_tlskey_current_fd, NULL))
log_set_pid_suffix_cb (pid_suffix_callback);
#endif /*!HAVE_W32_SYSTEM*/
/* Reset rereadable options to default values. */
parse_rereadable_options (NULL, 0);
/* LDAP defaults. */
opt.add_new_ldapservers = 0;
opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
/* Other defaults. */
socket_name = dirmngr_socket_name ();
/* Check whether we have a config file given on the commandline */
orig_argc = argc;
orig_argv = argv;
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags= 1|(1<<6); /* do not remove the args, ignore version */
while (arg_parse( &pargs, opts))
{
if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll)
parse_debug++;
else if (pargs.r_opt == oOptions)
{ /* Yes there is one, so we do not try the default one, but
read the option file when it is encountered at the
commandline */
default_config = 0;
}
else if (pargs.r_opt == oNoOptions)
default_config = 0; /* --no-options */
else if (pargs.r_opt == oHomedir)
{
opt.homedir = pargs.r.ret_str;
homedir_seen = 1;
}
else if (pargs.r_opt == aDaemon)
opt.system_daemon = 1;
else if (pargs.r_opt == aService)
{
/* Redundant. The main function takes care of it. */
opt.system_service = 1;
opt.system_daemon = 1;
}
#ifdef HAVE_W32_SYSTEM
else if (pargs.r_opt == aGPGConfList || pargs.r_opt == aGPGConfTest)
/* We set this so we switch to the system configuration
directory below. This is a crutch to solve the problem
that the user configuration is never used on Windows. Also
see below at aGPGConfList. */
opt.system_daemon = 1;
#endif
}
/* If --daemon has been given on the command line but not --homedir,
we switch to /etc/dirmngr as default home directory. Note, that
this also overrides the GNUPGHOME environment variable. */
if (opt.system_daemon && !homedir_seen)
{
opt.homedir = gnupg_sysconfdir ();
opt.homedir_data = gnupg_datadir ();
opt.homedir_cache = gnupg_cachedir ();
}
if (default_config)
configname = make_filename (opt.homedir, "dirmngr.conf", NULL );
argc = orig_argc;
argv = orig_argv;
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags= 1; /* do not remove the args */
next_pass:
if (configname)
{
configlineno = 0;
configfp = fopen (configname, "r");
if (!configfp)
{
if (default_config)
{
if( parse_debug )
log_info (_("NOTE: no default option file `%s'\n"),
configname );
}
else
{
log_error (_("option file `%s': %s\n"),
configname, strerror(errno) );
exit(2);
}
xfree (configname);
configname = NULL;
}
if (parse_debug && configname )
log_info (_("reading options from `%s'\n"), configname );
default_config = 0;
}
while (optfile_parse( configfp, configname, &configlineno, &pargs, opts) )
{
if (parse_rereadable_options (&pargs, 0))
continue; /* Already handled */
switch (pargs.r_opt)
{
case aServer:
case aDaemon:
case aService:
case aShutdown:
case aFlush:
case aListCRLs:
case aLoadCRL:
case aFetchCRL:
case aGPGConfList:
case aGPGConfTest:
cmd = pargs.r_opt;
break;
case oQuiet: opt.quiet = 1; break;
case oVerbose: opt.verbose++; break;
case oBatch: opt.batch=1; break;
case oDebug: opt.debug |= pargs.r.ret_ulong; break;
case oDebugAll: opt.debug = ~0; break;
case oDebugLevel: debug_level = pargs.r.ret_str; break;
case oDebugWait: debug_wait = pargs.r.ret_int; break;
case oOptions:
/* Config files may not be nested (silently ignore them) */
if (!configfp)
{
xfree(configname);
configname = xstrdup(pargs.r.ret_str);
goto next_pass;
}
break;
case oNoGreeting: nogreeting = 1; break;
case oNoVerbose: opt.verbose = 0; break;
case oNoOptions: break; /* no-options */
case oHomedir: /* Ignore this option here. */; break;
case oNoDetach: nodetach = 1; break;
case oLogFile: logfile = pargs.r.ret_str; break;
case oCsh: csh_style = 1; break;
case oSh: csh_style = 0; break;
case oLDAPFile: ldapfile = pargs.r.ret_str; break;
case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
case oLDAPTimeout:
opt.ldaptimeout = pargs.r.ret_int;
break;
case oFakedSystemTime:
gnupg_set_time ((time_t)pargs.r.ret_ulong, 0);
break;
case oForce: opt.force = 1; break;
case oSocketName: socket_name = pargs.r.ret_str; break;
default : pargs.err = configfp? 1:2; break;
}
}
if (configfp)
{
fclose (configfp);
configfp = NULL;
/* Keep a copy of the name so that it can be read on SIGHUP. */
opt.config_filename = configname;
configname = NULL;
goto next_pass;
}
xfree (configname);
configname = NULL;
if (log_get_errorcount(0))
exit(2);
if (nogreeting )
greeting = 0;
if (!opt.homedir_data)
opt.homedir_data = opt.homedir;
if (!opt.homedir_cache)
opt.homedir_cache = opt.homedir;
if (greeting)
{
es_fprintf (es_stderr, "%s %s; %s\n",
strusage(11), strusage(13), strusage(14) );
es_fprintf (es_stderr, "%s\n", strusage(15) );
}
#ifdef IS_DEVELOPMENT_VERSION
log_info ("NOTE: this is a development version!\n");
#endif
if (!access ("/etc/dirmngr", F_OK) && !strncmp (opt.homedir, "/etc/", 5))
log_info
("NOTE: DirMngr is now a proper part of GnuPG. The configuration and"
" other directory names changed. Please check that no other version"
" of dirmngr is still installed. To disable this warning, remove the"
" directory `/etc/dirmngr'.\n");
if (gnupg_faked_time_p ())
{
gnupg_isotime_t tbuf;
gnupg_get_isotime (tbuf);
log_info (_("WARNING: running with faked system time %s\n"), tbuf);
}
set_debug ();
/* Get LDAP server list from file. */
if (!ldapfile)
{
ldapfile = make_filename (opt.homedir,
opt.system_daemon?
"ldapservers.conf":"dirmngr_ldapservers.conf",
NULL);
opt.ldapservers = parse_ldapserver_file (ldapfile);
xfree (ldapfile);
}
else
opt.ldapservers = parse_ldapserver_file (ldapfile);
#ifndef HAVE_W32_SYSTEM
/* We need to ignore the PIPE signal because the we might log to a
socket and that code handles EPIPE properly. The ldap wrapper
also requires us to ignore this silly signal. Assuan would set
this signal to ignore anyway.*/
signal (SIGPIPE, SIG_IGN);
#endif
/* Ready. Now to our duties. */
if (!cmd && opt.system_service)
cmd = aDaemon;
else if (!cmd)
cmd = aServer;
rc = 0;
if (cmd == aServer)
{
if (argc)
wrong_args ("--server");
if (logfile)
{
log_set_file (logfile);
log_set_prefix (NULL, 2|4);
}
if (debug_wait)
{
log_debug ("waiting for debugger - my pid is %u .....\n",
(unsigned int)getpid());
gnupg_sleep (debug_wait);
log_debug ("... okay\n");
}
ldap_wrapper_launch_thread ();
cert_cache_init ();
crl_cache_init ();
start_command_handler (ASSUAN_INVALID_FD);
shutdown_reaper ();
}
else if (cmd == aDaemon)
{
assuan_fd_t fd;
pid_t pid;
int len;
struct sockaddr_un serv_addr;
if (argc)
wrong_args ("--daemon");
/* Now start with logging to a file if this is desired. */
if (logfile)
{
log_set_file (logfile);
log_set_prefix (NULL, (JNLIB_LOG_WITH_PREFIX
|JNLIB_LOG_WITH_TIME
|JNLIB_LOG_WITH_PID));
current_logfile = xstrdup (logfile);
}
#ifndef HAVE_W32_SYSTEM
if (strchr (socket_name, ':'))
{
log_error (_("colons are not allowed in the socket name\n"));
dirmngr_exit (1);
}
#endif
if (strlen (socket_name)+1 >= sizeof serv_addr.sun_path )
{
log_error (_("name of socket too long\n"));
dirmngr_exit (1);
}
fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);
if (fd == ASSUAN_INVALID_FD)
{
log_error (_("can't create socket: %s\n"), strerror (errno));
cleanup ();
dirmngr_exit (1);
}
memset (&serv_addr, 0, sizeof serv_addr);
serv_addr.sun_family = AF_UNIX;
strcpy (serv_addr.sun_path, socket_name);
len = SUN_LEN (&serv_addr);
rc = assuan_sock_bind (fd, (struct sockaddr*) &serv_addr, len);
if (rc == -1
&& (errno == EADDRINUSE
#ifdef HAVE_W32_SYSTEM
|| errno == EEXIST
#endif
))
{
/* Fixme: We should test whether a dirmngr is already running. */
gnupg_remove (socket_name);
rc = assuan_sock_bind (fd, (struct sockaddr*) &serv_addr, len);
}
if (rc != -1
&& (rc = assuan_sock_get_nonce ((struct sockaddr*) &serv_addr, len, &socket_nonce)))
log_error (_("error getting nonce for the socket\n"));
if (rc == -1)
{
log_error (_("error binding socket to `%s': %s\n"),
serv_addr.sun_path, gpg_strerror (gpg_error_from_errno (errno)));
assuan_sock_close (fd);
dirmngr_exit (1);
}
cleanup_socket = 1;
if (listen (FD2INT (fd), 5) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));
assuan_sock_close (fd);
dirmngr_exit (1);
}
if (opt.verbose)
log_info (_("listening on socket `%s'\n"), socket_name );
es_fflush (NULL);
#ifdef HAVE_W32_SYSTEM
pid = getpid ();
printf ("set DIRMNGR_INFO=%s;%lu;1\n", socket_name, (ulong) pid);
#else
pid = pth_fork ();
if (pid == (pid_t)-1)
{
log_fatal (_("fork failed: %s\n"), strerror (errno) );
dirmngr_exit (1);
}
if (pid)
{ /* We are the parent */
char *infostr;
/* Don't let cleanup() remove the socket - the child is
responsible for doing that. */
cleanup_socket = 0;
close (fd);
/* Create the info string: <name>:<pid>:<protocol_version> */
if (asprintf (&infostr, "DIRMNGR_INFO=%s:%lu:1",
socket_name, (ulong)pid ) < 0)
{
log_error (_("out of core\n"));
kill (pid, SIGTERM);
dirmngr_exit (1);
}
/* Print the environment string, so that the caller can use
shell's eval to set it */
if (csh_style)
{
*strchr (infostr, '=') = ' ';
printf ( "setenv %s\n", infostr);
}
else
{
printf ( "%s; export DIRMNGR_INFO;\n", infostr);
}
free (infostr);
exit (0);
/*NEVER REACHED*/
} /* end parent */
/*
This is the child
*/
/* Detach from tty and put process into a new session */
if (!nodetach )
{
int i;
unsigned int oldflags;
/* Close stdin, stdout and stderr unless it is the log stream */
for (i=0; i <= 2; i++)
{
if (!log_test_fd (i) && i != fd )
close (i);
}
if (setsid() == -1)
{
log_error (_("setsid() failed: %s\n"), strerror(errno) );
dirmngr_exit (1);
}
log_get_prefix (&oldflags);
log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED);
opt.running_detached = 1;
if (chdir("/"))
{
log_error (_("chdir to / failed: %s\n"), strerror (errno));
dirmngr_exit (1);
}
}
#endif
ldap_wrapper_launch_thread ();
cert_cache_init ();
crl_cache_init ();
#ifdef USE_W32_SERVICE
if (opt.system_service)
{
service_status.dwCurrentState = SERVICE_RUNNING;
SetServiceStatus (service_handle, &service_status);
}
#endif
handle_connections (fd);
assuan_sock_close (fd);
shutdown_reaper ();
#ifdef USE_W32_SERVICE
if (opt.system_service)
{
service_status.dwCurrentState = SERVICE_STOPPED;
SetServiceStatus (service_handle, &service_status);
}
#endif
}
else if (cmd == aListCRLs)
{
/* Just list the CRL cache and exit. */
if (argc)
wrong_args ("--list-crls");
ldap_wrapper_launch_thread ();
crl_cache_init ();
crl_cache_list (es_stdout);
}
else if (cmd == aLoadCRL)
{
struct server_control_s ctrlbuf;
memset (&ctrlbuf, 0, sizeof ctrlbuf);
dirmngr_init_default_ctrl (&ctrlbuf);
ldap_wrapper_launch_thread ();
cert_cache_init ();
crl_cache_init ();
if (!argc)
rc = crl_cache_load (&ctrlbuf, NULL);
else
{
for (; !rc && argc; argc--, argv++)
rc = crl_cache_load (&ctrlbuf, *argv);
}
}
else if (cmd == aFetchCRL)
{
ksba_reader_t reader;
struct server_control_s ctrlbuf;
if (argc != 1)
wrong_args ("--fetch-crl URL");
memset (&ctrlbuf, 0, sizeof ctrlbuf);
dirmngr_init_default_ctrl (&ctrlbuf);
ldap_wrapper_launch_thread ();
cert_cache_init ();
crl_cache_init ();
rc = crl_fetch (&ctrlbuf, argv[0], &reader);
if (rc)
log_error (_("fetching CRL from `%s' failed: %s\n"),
argv[0], gpg_strerror (rc));
else
{
rc = crl_cache_insert (&ctrlbuf, argv[0], reader);
if (rc)
log_error (_("processing CRL from `%s' failed: %s\n"),
argv[0], gpg_strerror (rc));
crl_close_reader (reader);
}
}
else if (cmd == aFlush)
{
/* Delete cache and exit. */
if (argc)
wrong_args ("--flush");
rc = crl_cache_flush();
}
else if (cmd == aGPGConfTest)
dirmngr_exit (0);
else if (cmd == aGPGConfList)
{
unsigned long flags = 0;
char *filename;
char *filename_esc;
/* List options and default values in the GPG Conf format. */
/* The following list is taken from gnupg/tools/gpgconf-comp.c. */
/* Option flags. YOU MUST NOT CHANGE THE NUMBERS OF THE EXISTING
FLAGS, AS THEY ARE PART OF THE EXTERNAL INTERFACE. */
#define GC_OPT_FLAG_NONE 0UL
/* The DEFAULT flag for an option indicates that the option has a
default value. */
#define GC_OPT_FLAG_DEFAULT (1UL << 4)
/* The DEF_DESC flag for an option indicates that the option has a
default, which is described by the value of the default field. */
#define GC_OPT_FLAG_DEF_DESC (1UL << 5)
/* The NO_ARG_DESC flag for an option indicates that the argument has
a default, which is described by the value of the ARGDEF field. */
#define GC_OPT_FLAG_NO_ARG_DESC (1UL << 6)
#define GC_OPT_FLAG_NO_CHANGE (1UL <<7)
#ifdef HAVE_W32_SYSTEM
/* On Windows systems, dirmngr always runs as system daemon, and
the per-user configuration is never used. So we short-cut
everything to use the global system configuration of dirmngr
above, and here we set the no change flag to make these
read-only. */
flags |= GC_OPT_FLAG_NO_CHANGE;
#endif
/* First the configuration file. This is not an option, but it
is vital information for GPG Conf. */
if (!opt.config_filename)
opt.config_filename = make_filename (opt.homedir,
"dirmngr.conf", NULL );
filename = percent_escape (opt.config_filename, NULL);
printf ("gpgconf-dirmngr.conf:%lu:\"%s\n",
GC_OPT_FLAG_DEFAULT, filename);
xfree (filename);
printf ("verbose:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("quiet:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("debug-level:%lu:\"none\n", flags | GC_OPT_FLAG_DEFAULT);
printf ("log-file:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("force:%lu:\n", flags | GC_OPT_FLAG_NONE);
/* --csh and --sh are mutually exclusive, something we can not
express in GPG Conf. --options is only usable from the
command line, really. --debug-all interacts with --debug,
and having both of them is thus problematic. --no-detach is
also only usable on the command line. --batch is unused. */
filename = make_filename (opt.homedir,
opt.system_daemon?
"ldapservers.conf":"dirmngr_ldapservers.conf",
NULL);
filename_esc = percent_escape (filename, NULL);
printf ("ldapserverlist-file:%lu:\"%s\n", flags | GC_OPT_FLAG_DEFAULT,
filename_esc);
xfree (filename_esc);
xfree (filename);
printf ("ldaptimeout:%lu:%u\n",
flags | GC_OPT_FLAG_DEFAULT, DEFAULT_LDAP_TIMEOUT);
printf ("max-replies:%lu:%u\n",
flags | GC_OPT_FLAG_DEFAULT, DEFAULT_MAX_REPLIES);
printf ("allow-ocsp:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("ocsp-responder:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("ocsp-signer:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("faked-system-time:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("no-greeting:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("disable-http:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("disable-ldap:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("honor-http-proxy:%lu\n", flags | GC_OPT_FLAG_NONE);
printf ("http-proxy:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("ldap-proxy:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("only-ldap-proxy:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("ignore-ldap-dp:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("ignore-http-dp:%lu:\n", flags | GC_OPT_FLAG_NONE);
printf ("ignore-ocsp-service-url:%lu:\n", flags | GC_OPT_FLAG_NONE);
/* Note: The next one is to fix a typo in gpgconf - should be
removed eventually. */
printf ("ignore-ocsp-servic-url:%lu:\n", flags | GC_OPT_FLAG_NONE);
}
cleanup ();
return !!rc;
}
#ifdef USE_W32_SERVICE
int
main (int argc, char *argv[])
{
int i;
/* Find out if we run in daemon mode or on the command line. */
for (i = 1; i < argc; i++)
if (!strcmp (argv[i], "--service"))
{
opt.system_service = 1;
opt.system_daemon = 1;
break;
}
if (!opt.system_service)
return real_main (argc, argv);
else
{
SERVICE_TABLE_ENTRY DispatchTable [] =
{
/* Ignore warning. */
{ "DirMngr", &real_main },
{ NULL, NULL }
};
if (!StartServiceCtrlDispatcher (DispatchTable))
return 1;
return 0;
}
}
#endif /*USE_W32_SERVICE*/
static void
cleanup (void)
{
crl_cache_deinit ();
cert_cache_deinit (1);
ldapserver_list_free (opt.ldapservers);
opt.ldapservers = NULL;
if (cleanup_socket)
{
cleanup_socket = 0;
if (socket_name && *socket_name)
gnupg_remove (socket_name);
}
}
void
dirmngr_exit (int rc)
{
cleanup ();
exit (rc);
}
void
dirmngr_init_default_ctrl (ctrl_t ctrl)
{
(void)ctrl;
/* Nothing for now. */
}
/* Create a list of LDAP servers from the file FILENAME. Returns the
list or NULL in case of errors.
The format fo such a file is line oriented where empty lines and
lines starting with a hash mark are ignored. All other lines are
assumed to be colon seprated with these fields:
1. field: Hostname
2. field: Portnumber
3. field: Username
4. field: Password
5. field: Base DN
*/
static ldap_server_t
parse_ldapserver_file (const char* filename)
{
char buffer[1024];
char *p;
ldap_server_t server, serverstart, *serverend;
int c;
unsigned int lineno = 0;
estream_t fp;
fp = es_fopen (filename, "r");
if (!fp)
{
log_error (_("error opening `%s': %s\n"), filename, strerror (errno));
return NULL;
}
serverstart = NULL;
serverend = &serverstart;
while (es_fgets (buffer, sizeof buffer, fp))
{
lineno++;
if (!*buffer || buffer[strlen(buffer)-1] != '\n')
{
if (*buffer && es_feof (fp))
; /* Last line not terminated - continue. */
else
{
log_error (_("%s:%u: line too long - skipped\n"),
filename, lineno);
while ( (c=es_fgetc (fp)) != EOF && c != '\n')
; /* Skip until end of line. */
continue;
}
}
/* Skip empty and comment lines.*/
for (p=buffer; spacep (p); p++)
;
if (!*p || *p == '\n' || *p == '#')
continue;
/* Parse the colon separated fields. */
server = ldapserver_parse_one (buffer, filename, lineno);
if (server)
{
*serverend = server;
serverend = &server->next;
}
}
if (es_ferror (fp))
log_error (_("error reading `%s': %s\n"), filename, strerror (errno));
es_fclose (fp);
return serverstart;
}
static fingerprint_list_t
parse_ocsp_signer (const char *string)
{
gpg_error_t err;
char *fname;
estream_t fp;
char line[256];
char *p;
fingerprint_list_t list, *list_tail, item;
unsigned int lnr = 0;
int c, i, j;
int errflag = 0;
/* Check whether this is not a filename and treat it as a direct
fingerprint specification. */
if (!strpbrk (string, "/.~\\"))
{
item = xcalloc (1, sizeof *item);
for (i=j=0; (string[i] == ':' || hexdigitp (string+i)) && j < 40; i++)
if ( string[i] != ':' )
item->hexfpr[j++] = string[i] >= 'a'? (string[i] & 0xdf): string[i];
item->hexfpr[j] = 0;
if (j != 40 || !(spacep (string+i) || !string[i]))
{
log_error (_("%s:%u: invalid fingerprint detected\n"),
"--ocsp-signer", 0);
xfree (item);
return NULL;
}
return item;
}
/* Well, it is a filename. */
if (*string == '/' || (*string == '~' && string[1] == '/'))
fname = make_filename (string, NULL);
else
{
if (string[0] == '.' && string[1] == '/' )
string += 2;
fname = make_filename (opt.homedir, string, NULL);
}
fp = es_fopen (fname, "r");
if (!fp)
{
err = gpg_error_from_syserror ();
log_error (_("can't open `%s': %s\n"), fname, gpg_strerror (err));
xfree (fname);
return NULL;
}
list = NULL;
list_tail = &list;
for (;;)
{
if (!es_fgets (line, DIM(line)-1, fp) )
{
if (!es_feof (fp))
{
err = gpg_error_from_syserror ();
log_error (_("%s:%u: read error: %s\n"),
fname, lnr, gpg_strerror (err));
errflag = 1;
}
es_fclose (fp);
if (errflag)
{
while (list)
{
fingerprint_list_t tmp = list->next;
xfree (list);
list = tmp;
}
}
xfree (fname);
return list; /* Ready. */
}
lnr++;
if (!*line || line[strlen(line)-1] != '\n')
{
/* Eat until end of line. */
while ( (c=es_getc (fp)) != EOF && c != '\n')
;
err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG
/* */: GPG_ERR_INCOMPLETE_LINE);
log_error (_("%s:%u: read error: %s\n"),
fname, lnr, gpg_strerror (err));
errflag = 1;
continue;
}
/* Allow for empty lines and spaces */
for (p=line; spacep (p); p++)
;
if (!*p || *p == '\n' || *p == '#')
continue;
item = xcalloc (1, sizeof *item);
*list_tail = item;
list_tail = &item->next;
for (i=j=0; (p[i] == ':' || hexdigitp (p+i)) && j < 40; i++)
if ( p[i] != ':' )
item->hexfpr[j++] = p[i] >= 'a'? (p[i] & 0xdf): p[i];
item->hexfpr[j] = 0;
if (j != 40 || !(spacep (p+i) || p[i] == '\n'))
{
log_error (_("%s:%u: invalid fingerprint detected\n"), fname, lnr);
errflag = 1;
}
i++;
while (spacep (p+i))
i++;
if (p[i] && p[i] != '\n')
log_info (_("%s:%u: garbage at end of line ignored\n"), fname, lnr);
}
/*NOTREACHED*/
}
/*
Stuff used in daemon mode.
*/
/* Reread parts of the configuration. Note, that this function is
obviously not thread-safe and should only be called from the PTH
signal handler.
Fixme: Due to the way the argument parsing works, we create a
memory leak here for all string type arguments. There is currently
no clean way to tell whether the memory for the argument has been
allocated or points into the process' original arguments. Unless
we have a mechanism to tell this, we need to live on with this. */
static void
reread_configuration (void)
{
ARGPARSE_ARGS pargs;
FILE *fp;
unsigned int configlineno = 0;
int dummy;
if (!opt.config_filename)
return; /* No config file. */
fp = fopen (opt.config_filename, "r");
if (!fp)
{
log_error (_("option file `%s': %s\n"),
opt.config_filename, strerror(errno) );
return;
}
parse_rereadable_options (NULL, 1); /* Start from the default values. */
memset (&pargs, 0, sizeof pargs);
dummy = 0;
pargs.argc = &dummy;
pargs.flags = 1; /* do not remove the args */
while (optfile_parse (fp, opt.config_filename, &configlineno, &pargs, opts) )
{
if (pargs.r_opt < -1)
pargs.err = 1; /* Print a warning. */
else /* Try to parse this option - ignore unchangeable ones. */
parse_rereadable_options (&pargs, 1);
}
fclose (fp);
set_debug ();
}
+/* A global function which allows us to trigger the reload stuff from
+ other places. */
+void
+dirmngr_sighup_action (void)
+{
+ log_info (_("SIGHUP received - "
+ "re-reading configuration and flushing caches\n"));
+ reread_configuration ();
+ cert_cache_deinit (0);
+ crl_cache_deinit ();
+ cert_cache_init ();
+ crl_cache_init ();
+}
+
+
/* The signal handler. */
static void
handle_signal (int signo)
{
switch (signo)
{
#ifndef HAVE_W32_SYSTEM
case SIGHUP:
- log_info (_("SIGHUP received - "
- "re-reading configuration and flushing caches\n"));
- reread_configuration ();
- cert_cache_deinit (0);
- crl_cache_deinit ();
- cert_cache_init ();
- crl_cache_init ();
+ dirmngr_sighup_action ();
break;
case SIGUSR1:
cert_cache_print_stats ();
break;
case SIGUSR2:
log_info (_("SIGUSR2 received - no action defined\n"));
break;
case SIGTERM:
if (!shutdown_pending)
log_info (_("SIGTERM received - shutting down ...\n"));
else
log_info (_("SIGTERM received - still %d active connections\n"),
active_connections);
shutdown_pending++;
if (shutdown_pending > 2)
{
log_info (_("shutdown forced\n"));
log_info ("%s %s stopped\n", strusage(11), strusage(13) );
cleanup ();
dirmngr_exit (0);
}
break;
case SIGINT:
log_info (_("SIGINT received - immediate shutdown\n"));
log_info( "%s %s stopped\n", strusage(11), strusage(13));
cleanup ();
dirmngr_exit (0);
break;
#endif
default:
log_info (_("signal %d received - no action defined\n"), signo);
}
}
/* This is the worker for the ticker. It is called every few seconds
and may only do fast operations. */
static void
handle_tick (void)
{
/* Nothing real to do right now. Actually we need the timeout only
for W32 where we don't use signals and need a way for the loop to
check for the shutdown flag. */
#ifdef HAVE_W32_SYSTEM
if (shutdown_pending)
log_info (_("SIGTERM received - shutting down ...\n"));
if (shutdown_pending > 2)
{
log_info (_("shutdown forced\n"));
log_info ("%s %s stopped\n", strusage(11), strusage(13) );
cleanup ();
dirmngr_exit (0);
}
#endif /*HAVE_W32_SYSTEM*/
}
/* Check the nonce on a new connection. This is a NOP unless we we
are using our Unix domain socket emulation under Windows. */
static int
check_nonce (assuan_fd_t fd, assuan_sock_nonce_t *nonce)
{
if (assuan_sock_check_nonce (fd, nonce))
{
log_info (_("error reading nonce on fd %d: %s\n"),
FD2INT (fd), strerror (errno));
assuan_sock_close (fd);
return -1;
}
else
return 0;
}
/* Helper to call a connection's main fucntion. */
static void *
start_connection_thread (void *arg)
{
union int_and_ptr_u argval;
assuan_fd_t fd;
argval.aptr = arg;
fd = argval.afd;
if (check_nonce (fd, &socket_nonce))
return NULL;
#ifndef HAVE_W32_SYSTEM
pth_key_setdata (my_tlskey_current_fd, argval.aptr);
#endif
active_connections++;
if (opt.verbose)
log_info (_("handler for fd %d started\n"), FD2INT (fd));
start_command_handler (fd);
if (opt.verbose)
log_info (_("handler for fd %d terminated\n"), FD2INT (fd));
active_connections--;
#ifndef HAVE_W32_SYSTEM
argval.afd = ASSUAN_INVALID_FD;
pth_key_setdata (my_tlskey_current_fd, argval.aptr);
#endif
return NULL;
}
/* Main loop in daemon mode. */
static void
handle_connections (assuan_fd_t listen_fd)
{
pth_attr_t tattr;
pth_event_t ev, time_ev;
sigset_t sigs, oldsigs;
int signo;
struct sockaddr_un paddr;
socklen_t plen = sizeof( paddr );
assuan_fd_t fd;
tattr = pth_attr_new();
pth_attr_set (tattr, PTH_ATTR_JOINABLE, 0);
pth_attr_set (tattr, PTH_ATTR_STACK_SIZE, 1024*1024);
pth_attr_set (tattr, PTH_ATTR_NAME, "dirmngr");
#ifndef HAVE_W32_SYSTEM /* FIXME */
sigemptyset (&sigs );
sigaddset (&sigs, SIGHUP);
sigaddset (&sigs, SIGUSR1);
sigaddset (&sigs, SIGUSR2);
sigaddset (&sigs, SIGINT);
sigaddset (&sigs, SIGTERM);
ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
#else
sigs = 0;
ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);
#endif
time_ev = NULL;
for (;;)
{
if (shutdown_pending)
{
if (!active_connections)
break; /* ready */
/* Do not accept anymore connections but wait for existing
connections to terminate. */
signo = 0;
pth_wait (ev);
if (pth_event_occurred (ev) && signo)
handle_signal (signo);
continue;
}
if (!time_ev)
time_ev = pth_event (PTH_EVENT_TIME,
pth_timeout (TIMERTICK_INTERVAL, 0));
if (time_ev)
pth_event_concat (ev, time_ev, NULL);
fd = (assuan_fd_t) pth_accept_ev (FD2INT (listen_fd), (struct sockaddr *)&paddr, &plen, ev);
if (time_ev)
pth_event_isolate (time_ev);
if (fd == ASSUAN_INVALID_FD)
{
if (pth_event_occurred (ev)
|| (time_ev && pth_event_occurred (time_ev)) )
{
if (pth_event_occurred (ev))
handle_signal (signo);
if (time_ev && pth_event_occurred (time_ev))
{
pth_event_free (time_ev, PTH_FREE_ALL);
time_ev = NULL;
handle_tick ();
}
continue;
}
log_error (_("accept failed: %s - waiting 1s\n"), strerror (errno));
pth_sleep (1);
continue;
}
if (pth_event_occurred (ev))
{
handle_signal (signo);
}
if (time_ev && pth_event_occurred (time_ev))
{
pth_event_free (time_ev, PTH_FREE_ALL);
time_ev = NULL;
handle_tick ();
}
/* We now might create a new thread and because we don't want
any signals (as we are handling them here) to be delivered to
a new thread we need to block those signals. */
pth_sigmask (SIG_BLOCK, &sigs, &oldsigs);
/* Create thread to handle this connection. */
{
union int_and_ptr_u argval;
argval.afd = fd;
if (!pth_spawn (tattr, start_connection_thread, argval.aptr))
{
log_error (_("error spawning connection handler: %s\n"),
strerror (errno) );
assuan_sock_close (fd);
}
}
/* Restore the signal mask. */
pth_sigmask (SIG_SETMASK, &oldsigs, NULL);
}
pth_event_free (ev, PTH_FREE_ALL);
if (time_ev)
pth_event_free (time_ev, PTH_FREE_ALL);
pth_attr_destroy (tattr);
cleanup ();
log_info ("%s %s stopped\n", strusage(11), strusage(13));
}
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 67f2122d9..01478a64f 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -1,185 +1,186 @@
/* dirmngr.h - Common definitions for the dirmngr
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
* Copyright (C) 2004 g10 Code GmbH
*
* This file is part of DirMngr.
*
* DirMngr is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* DirMngr is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef DIRMNGR_H
#define DIRMNGR_H
#include "./dirmngr-err.h"
#define map_assuan_err(a) \
map_assuan_err_with_source (GPG_ERR_SOURCE_DEFAULT, (a))
#include <errno.h>
#include <gcrypt.h>
#include <ksba.h>
#include "../common/util.h"
#include "../common/membuf.h"
#include "../common/sysutils.h" /* (gnupg_fd_t) */
#include "../common/i18n.h"
/* This objects keeps information about a particular LDAP server and
is used as item of a single linked list of servers. */
struct ldap_server_s
{
struct ldap_server_s* next;
char *host;
int port;
char *user;
char *pass;
char *base;
};
typedef struct ldap_server_s *ldap_server_t;
/* A list of fingerprints. */
struct fingerprint_list_s;
typedef struct fingerprint_list_s *fingerprint_list_t;
struct fingerprint_list_s
{
fingerprint_list_t next;
char hexfpr[20+20+1];
};
/* A large struct named "opt" to keep global flags. */
struct
{
unsigned int debug; /* debug flags (DBG_foo_VALUE) */
int verbose; /* verbosity level */
int quiet; /* be as quiet as possible */
int dry_run; /* don't change any persistent data */
int batch; /* batch mode */
const char *homedir; /* Configuration directory name */
const char *homedir_data; /* Ditto for data files (/usr/share/dirmngr). */
const char *homedir_cache; /* Ditto for cache files (/var/cache/dirmngr). */
char *config_filename; /* Name of a config file, which will be
reread on a HUP if it is not NULL. */
char *ldap_wrapper_program; /* Override value for the LDAP wrapper
program. */
char *http_wrapper_program; /* Override value for the HTTP wrapper
program. */
int system_service; /* We are running as W32 service (implies daemon). */
int system_daemon; /* We are running in system daemon mode. */
int running_detached; /* We are running in detached mode. */
int force; /* Force loading outdated CRLs. */
int disable_http; /* Do not use HTTP at all. */
int disable_ldap; /* Do not use LDAP at all. */
int honor_http_proxy; /* Honor the http_proxy env variable. */
const char *http_proxy; /* Use given HTTP proxy. */
const char *ldap_proxy; /* Use given LDAP proxy. */
int only_ldap_proxy; /* Only use the LDAP proxy; no fallback. */
int ignore_http_dp; /* Ignore HTTP CRL distribution points. */
int ignore_ldap_dp; /* Ignore LDAP CRL distribution points. */
int ignore_ocsp_service_url; /* Ignore OCSP service URLs as given in
the certificate. */
/* A list of certificate extension OIDs which are ignored so that
one can claim that a critical extension has been handled. One
OID per string. */
strlist_t ignored_cert_extensions;
int allow_ocsp; /* Allow using OCSP. */
int max_replies;
unsigned int ldaptimeout;
ldap_server_t ldapservers;
int add_new_ldapservers;
const char *ocsp_responder; /* Standard OCSP responder's URL. */
fingerprint_list_t ocsp_signer; /* The list of fingerprints with allowed
standard OCSP signer certificates. */
unsigned int ocsp_max_clock_skew; /* Allowed seconds of clocks skew. */
unsigned int ocsp_max_period; /* Seconds a response is at maximum
considered valid after thisUpdate. */
unsigned int ocsp_current_period; /* Seconds a response is considered
current after nextUpdate. */
} opt;
#define DBG_X509_VALUE 1 /* debug x.509 parsing */
#define DBG_LOOKUP_VALUE 2 /* debug lookup details */
#define DBG_CRYPTO_VALUE 4 /* debug low level crypto */
#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
#define DBG_CACHE_VALUE 64 /* debug the caching */
#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
#define DBG_HASHING_VALUE 512 /* debug hashing operations */
#define DBG_ASSUAN_VALUE 1024 /* debug assuan communication */
#define DBG_X509 (opt.debug & DBG_X509_VALUE)
#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE)
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
#define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE)
#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
/* A simple list of certificate references. */
struct cert_ref_s
{
struct cert_ref_s *next;
unsigned char fpr[20];
};
typedef struct cert_ref_s *cert_ref_t;
/* Forward references; access only through server.c. */
struct server_local_s;
/* Connection control structure. */
struct server_control_s
{
int refcount; /* Count additional references to this object. */
int no_server; /* We are not running under server control. */
int status_fd; /* Only for non-server mode. */
struct server_local_s *server_local;
int force_crl_refresh; /* Always load a fresh CRL. */
int check_revocations_nest_level; /* Internal to check_revovations. */
cert_ref_t ocsp_certs; /* Certificates from the current OCSP
response. */
int audit_events; /* Send audit events to client. */
};
/*-- dirmngr.c --*/
void dirmngr_exit( int ); /* Wrapper for exit() */
void dirmngr_init_default_ctrl (ctrl_t ctrl);
+void dirmngr_sighup_action (void);
/*-- server.c --*/
ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl);
ksba_cert_t get_cert_local (ctrl_t ctrl, const char *issuer);
ksba_cert_t get_issuing_cert_local (ctrl_t ctrl, const char *issuer);
ksba_cert_t get_cert_local_ski (ctrl_t ctrl,
const char *name, ksba_sexp_t keyid);
gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr);
void start_command_handler (gnupg_fd_t fd);
gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...);
gpg_error_t dirmngr_tick (ctrl_t ctrl);
#endif /*DIRMNGR_H*/
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 584cae743..1293dbe77 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -1,1635 +1,1713 @@
/* dirmngr.c - LDAP access
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
* Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009 g10 Code GmbH
*
* This file is part of DirMngr.
*
* DirMngr is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* DirMngr is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>
#include <assert.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
#define JNLIB_NEED_LOG_LOGV
#include "dirmngr.h"
#include <assuan.h>
#include "crlcache.h"
#include "crlfetch.h"
#include "ldapserver.h"
#include "ocsp.h"
#include "certcache.h"
#include "validate.h"
#include "misc.h"
#include "ldap-wrapper.h"
/* To avoid DoS attacks we limit the size of a certificate to
something reasonable. */
#define MAX_CERT_LENGTH (8*1024)
#define PARM_ERROR(t) assuan_set_error (ctx, \
gpg_error (GPG_ERR_ASS_PARAMETER), (t))
#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
/* Control structure per connection. */
struct server_local_s
{
/* Data used to associate an Assuan context with local server data */
assuan_context_t assuan_ctx;
/* Per-session LDAP serfver. */
ldap_server_t ldapservers;
+
+ /* If this flag is set to true this dirmngr process will be
+ terminated after the end of this session. */
+ int stopme;
};
/* Cookie definition for assuan data line output. */
static ssize_t data_line_cookie_write (void *cookie,
const void *buffer, size_t size);
static int data_line_cookie_close (void *cookie);
static es_cookie_io_functions_t data_line_cookie_functions =
{
NULL,
data_line_cookie_write,
NULL,
data_line_cookie_close
};
/* Accessor for the local ldapservers variable. */
ldap_server_t
get_ldapservers_from_ctrl (ctrl_t ctrl)
{
if (ctrl && ctrl->server_local)
return ctrl->server_local->ldapservers;
else
return NULL;
}
/* Helper to print a message while leaving a command. */
static gpg_error_t
leave_cmd (assuan_context_t ctx, gpg_error_t err)
{
if (err)
{
const char *name = assuan_get_command_name (ctx);
if (!name)
name = "?";
if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
log_error ("command '%s' failed: %s\n", name,
gpg_strerror (err));
else
log_error ("command '%s' failed: %s <%s>\n", name,
gpg_strerror (err), gpg_strsource (err));
}
return err;
}
/* A write handler used by es_fopencookie to write assuan data
lines. */
static ssize_t
data_line_cookie_write (void *cookie, const void *buffer, size_t size)
{
assuan_context_t ctx = cookie;
if (assuan_send_data (ctx, buffer, size))
{
gpg_err_set_errno (EIO);
return -1;
}
return size;
}
static int
data_line_cookie_close (void *cookie)
{
assuan_context_t ctx = cookie;
if (assuan_send_data (ctx, NULL, 0))
{
gpg_err_set_errno (EIO);
return -1;
}
return 0;
}
/* Copy the % and + escaped string S into the buffer D and replace the
escape sequences. Note, that it is sufficient to allocate the
target string D as long as the source string S, i.e.: strlen(s)+1.
NOte further that If S contains an escaped binary nul the resulting
string D will contain the 0 as well as all other characters but it
will be impossible to know whether this is the original EOS or a
copied Nul. */
static void
strcpy_escaped_plus (char *d, const unsigned char *s)
{
while (*s)
{
if (*s == '%' && s[1] && s[2])
{
s++;
*d++ = xtoi_2 ( s);
s += 2;
}
else if (*s == '+')
*d++ = ' ', s++;
else
*d++ = *s++;
}
*d = 0;
}
/* Check whether the option NAME appears in LINE */
static int
has_option (const char *line, const char *name)
{
const char *s;
int n = strlen (name);
s = strstr (line, name);
return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
}
/* Same as has_option but only considers options at the begin of the
line. This is useful for commands which allow arbitrary strings on
the line. */
static int
has_leading_option (const char *line, const char *name)
{
const char *s;
int n;
if (name[0] != '-' || name[1] != '-' || !name[2] || spacep (name+2))
return 0;
n = strlen (name);
while ( *line == '-' && line[1] == '-' )
{
s = line;
while (*line && !spacep (line))
line++;
if (n == (line - s) && !strncmp (s, name, n))
return 1;
while (spacep (line))
line++;
}
return 0;
}
/* Same as has_option but does only test for the name of the option
and ignores an argument, i.e. with NAME being "--hash" it would
return a pointer for "--hash" as well as for "--hash=foo". If
thhere is no such option NULL is returned. The pointer returned
points right behind the option name, this may be an equal sign, Nul
or a space. */
/* static const char * */
/* has_option_name (const char *line, const char *name) */
/* { */
/* const char *s; */
/* int n = strlen (name); */
/* s = strstr (line, name); */
/* return (s && (s == line || spacep (s-1)) */
/* && (!s[n] || spacep (s+n) || s[n] == '=')) ? (s+n) : NULL; */
/* } */
/* Skip over options. It is assumed that leading spaces have been
removed (this is the case for lines passed to a handler from
assuan). Blanks after the options are also removed. */
static char *
skip_options (char *line)
{
while ( *line == '-' && line[1] == '-' )
{
while (*line && !spacep (line))
line++;
while (spacep (line))
line++;
}
return line;
}
/* Common code for get_cert_local and get_issuer_cert_local. */
static ksba_cert_t
do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
{
unsigned char *value;
size_t valuelen;
int rc;
char *buf;
ksba_cert_t cert;
if (name)
{
buf = xmalloc ( strlen (command) + 1 + strlen(name) + 1);
strcpy (stpcpy (stpcpy (buf, command), " "), name);
}
else
buf = xstrdup (command);
rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
&value, &valuelen, MAX_CERT_LENGTH);
xfree (buf);
if (rc)
{
log_error (_("assuan_inquire(%s) failed: %s\n"),
command, gpg_strerror (rc));
return NULL;
}
if (!valuelen)
{
xfree (value);
return NULL;
}
rc = ksba_cert_new (&cert);
if (!rc)
{
rc = ksba_cert_init_from_mem (cert, value, valuelen);
if (rc)
{
ksba_cert_release (cert);
cert = NULL;
}
}
xfree (value);
return cert;
}
/* Ask back to return a certificate for name, given as a regular
gpgsm certificate indentificates (e.g. fingerprint or one of the
other methods). Alternatively, NULL may be used for NAME to
return the current target certificate. Either return the certificate
in a KSBA object or NULL if it is not available.
*/
ksba_cert_t
get_cert_local (ctrl_t ctrl, const char *name)
{
if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
{
if (opt.debug)
log_debug ("get_cert_local called w/o context\n");
return NULL;
}
return do_get_cert_local (ctrl, name, "SENDCERT");
}
/* Ask back to return the issuing certificate for name, given as a
regular gpgsm certificate indentificates (e.g. fingerprint or one
of the other methods). Alternatively, NULL may be used for NAME to
return thecurrent target certificate. Either return the certificate
in a KSBA object or NULL if it is not available.
*/
ksba_cert_t
get_issuing_cert_local (ctrl_t ctrl, const char *name)
{
if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
{
if (opt.debug)
log_debug ("get_issuing_cert_local called w/o context\n");
return NULL;
}
return do_get_cert_local (ctrl, name, "SENDISSUERCERT");
}
/* Ask back to return a certificate with subject NAME and a
subjectKeyIdentifier of KEYID. */
ksba_cert_t
get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
{
unsigned char *value;
size_t valuelen;
int rc;
char *buf;
ksba_cert_t cert;
char *hexkeyid;
if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx)
{
if (opt.debug)
log_debug ("get_cert_local_ski called w/o context\n");
return NULL;
}
if (!name || !keyid)
{
log_debug ("get_cert_local_ski called with insufficient arguments\n");
return NULL;
}
hexkeyid = serial_hex (keyid);
if (!hexkeyid)
{
log_debug ("serial_hex() failed\n");
return NULL;
}
buf = xtrymalloc (15 + strlen (hexkeyid) + 2 + strlen(name) + 1);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexkeyid);
return NULL;
}
strcpy (stpcpy (stpcpy (stpcpy (buf, "SENDCERT_SKI "), hexkeyid)," /"),name);
xfree (hexkeyid);
rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
&value, &valuelen, MAX_CERT_LENGTH);
xfree (buf);
if (rc)
{
log_error (_("assuan_inquire(%s) failed: %s\n"), "SENDCERT_SKI",
gpg_strerror (rc));
return NULL;
}
if (!valuelen)
{
xfree (value);
return NULL;
}
rc = ksba_cert_new (&cert);
if (!rc)
{
rc = ksba_cert_init_from_mem (cert, value, valuelen);
if (rc)
{
ksba_cert_release (cert);
cert = NULL;
}
}
xfree (value);
return cert;
}
/* Ask the client via an inquiry to check the istrusted status of the
certificate specified by the hexified fingerprint HEXFPR. Returns
0 if the certificate is trusted by the client or an error code. */
gpg_error_t
get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr)
{
unsigned char *value;
size_t valuelen;
int rc;
char request[100];
if (!ctrl || !ctrl->server_local || !ctrl->server_local->assuan_ctx
|| !hexfpr)
return gpg_error (GPG_ERR_INV_ARG);
snprintf (request, sizeof request, "ISTRUSTED %s", hexfpr);
rc = assuan_inquire (ctrl->server_local->assuan_ctx, request,
&value, &valuelen, 100);
if (rc)
{
log_error (_("assuan_inquire(%s) failed: %s\n"),
request, gpg_strerror (rc));
return rc;
}
/* The expected data is: "1" or "1 cruft" (not a C-string). */
if (valuelen && *value == '1' && (valuelen == 1 || spacep (value+1)))
rc = 0;
else
rc = gpg_error (GPG_ERR_NOT_TRUSTED);
xfree (value);
return rc;
}
/* Ask the client to return the certificate associated with the
current command. This is sometimes needed because the client usually
sends us just the cert ID, assuming that the request can be
satisfied from the cache, where the cert ID is used as key. */
static int
inquire_cert_and_load_crl (assuan_context_t ctx)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
unsigned char *value = NULL;
size_t valuelen;
ksba_cert_t cert = NULL;
err = assuan_inquire( ctx, "SENDCERT", &value, &valuelen, 0);
if (err)
return err;
/* { */
/* FILE *fp = fopen ("foo.der", "r"); */
/* value = xmalloc (2000); */
/* valuelen = fread (value, 1, 2000, fp); */
/* fclose (fp); */
/* } */
if (!valuelen) /* No data returned; return a comprehensible error. */
return gpg_error (GPG_ERR_MISSING_CERT);
err = ksba_cert_new (&cert);
if (err)
goto leave;
err = ksba_cert_init_from_mem (cert, value, valuelen);
if(err)
goto leave;
xfree (value); value = NULL;
err = crl_cache_reload_crl (ctrl, cert);
leave:
ksba_cert_release (cert);
xfree (value);
return err;
}
/* Handle OPTION commands. */
static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
if (!strcmp (key, "force-crl-refresh"))
{
int i = *value? atoi (value) : 0;
ctrl->force_crl_refresh = i;
}
else if (!strcmp (key, "audit-events"))
{
int i = *value? atoi (value) : 0;
ctrl->audit_events = i;
}
else
return gpg_error (GPG_ERR_UNKNOWN_OPTION);
return 0;
}
static const char hlp_ldapserver[] =
"LDAPSERVER <data>\n"
"\n"
"Add a new LDAP server to the list of configured LDAP servers.\n"
"DATA is in the same format as expected in the configure file.";
static gpg_error_t
cmd_ldapserver (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
ldap_server_t server;
ldap_server_t *last_next_p;
while (spacep (line))
line++;
if (*line == '\0')
return leave_cmd (ctx, PARM_ERROR (_("ldapserver missing")));
server = ldapserver_parse_one (line, "", 0);
if (! server)
return leave_cmd (ctx, gpg_error (GPG_ERR_INV_ARG));
last_next_p = &ctrl->server_local->ldapservers;
while (*last_next_p)
last_next_p = &(*last_next_p)->next;
*last_next_p = server;
return leave_cmd (ctx, 0);
}
static const char hlp_isvalid[] =
"ISVALID [--only-ocsp] [--force-default-responder]"
" <certificate_id>|<certificate_fpr>\n"
"\n"
"This command checks whether the certificate identified by the\n"
"certificate_id is valid. This is done by consulting CRLs or\n"
"whatever has been configured. Note, that the returned error codes\n"
"are from gpg-error.h. The command may callback using the inquire\n"
"function. See the manual for details.\n"
"\n"
"The CERTIFICATE_ID is a hex encoded string consisting of two parts,\n"
"delimited by a single dot. The first part is the SHA-1 hash of the\n"
"issuer name and the second part the serial number.\n"
"\n"
"Alternatively the certificate's fingerprint may be given in which\n"
"case an OCSP request is done before consulting the CRL.\n"
"\n"
"If the option --only-ocsp is given, no fallback to a CRL check will\n"
"be used.\n"
"\n"
"If the option --force-default-responder is given, only the default\n"
"OCSP responder will be used and any other methods of obtaining an\n"
"OCSP responder URL won't be used.";
static gpg_error_t
cmd_isvalid (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
char *issuerhash, *serialno;
gpg_error_t err;
int did_inquire = 0;
int ocsp_mode = 0;
int only_ocsp;
int force_default_responder;
only_ocsp = has_option (line, "--only-ocsp");
force_default_responder = has_option (line, "--force-default-responder");
line = skip_options (line);
issuerhash = xstrdup (line); /* We need to work on a copy of the
line because that same Assuan
context may be used for an inquiry.
That is because Assuan reuses its
line buffer.
*/
serialno = strchr (issuerhash, '.');
if (serialno)
*serialno++ = 0;
else
{
char *endp = strchr (issuerhash, ' ');
if (endp)
*endp = 0;
if (strlen (issuerhash) != 40)
{
xfree (issuerhash);
return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID")));
}
ocsp_mode = 1;
}
again:
if (ocsp_mode)
{
/* Note, that we ignore the given issuer hash and instead rely
on the current certificate semantics used with this
command. */
if (!opt.allow_ocsp)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
else
err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder);
/* Fixme: If we got no ocsp response and --only-ocsp is not used
we should fall back to CRL mode. Thus we need to clear
OCSP_MODE, get the issuerhash and the serialno from the
current certificate and jump to again. */
}
else if (only_ocsp)
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
else
{
switch (crl_cache_isvalid (ctrl,
issuerhash, serialno,
ctrl->force_crl_refresh))
{
case CRL_CACHE_VALID:
err = 0;
break;
case CRL_CACHE_INVALID:
err = gpg_error (GPG_ERR_CERT_REVOKED);
break;
case CRL_CACHE_DONTKNOW:
if (did_inquire)
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
else if (!(err = inquire_cert_and_load_crl (ctx)))
{
did_inquire = 1;
goto again;
}
break;
case CRL_CACHE_CANTUSE:
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
break;
default:
log_fatal ("crl_cache_isvalid returned invalid code\n");
}
}
xfree (issuerhash);
return leave_cmd (ctx, err);
}
/* If the line contains a SHA-1 fingerprint as the first argument,
return the FPR vuffer on success. The function checks that the
fingerprint consists of valid characters and prints and error
message if it does not and returns NULL. Fingerprints are
considered optional and thus no explicit error is returned. NULL is
also returned if there is no fingerprint at all available.
FPR must be a caller provided buffer of at least 20 bytes.
Note that colons within the fingerprint are allowed to separate 2
hex digits; this allows for easier cutting and pasting using the
usual fingerprint rendering.
*/
static unsigned char *
get_fingerprint_from_line (const char *line, unsigned char *fpr)
{
const char *s;
int i;
for (s=line, i=0; *s && *s != ' '; s++ )
{
if ( hexdigitp (s) && hexdigitp (s+1) )
{
if ( i >= 20 )
return NULL; /* Fingerprint too long. */
fpr[i++] = xtoi_2 (s);
s++;
}
else if ( *s != ':' )
return NULL; /* Invalid. */
}
if ( i != 20 )
return NULL; /* Fingerprint to short. */
return fpr;
}
static const char hlp_checkcrl[] =
"CHECKCRL [<fingerprint>]\n"
"\n"
"Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
"entire X.509 certificate blob) is valid or not by consulting the\n"
"CRL responsible for this certificate. If the fingerprint has not\n"
"been given or the certificate is not known, the function \n"
"inquires the certificate using an\n"
"\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
"request (which should match FINGERPRINT) as a binary blob.\n"
"Processing then takes place without further interaction; in\n"
"particular dirmngr tries to locate other required certificate by\n"
"its own mechanism which includes a local certificate store as well\n"
"as a list of trusted root certificates.\n"
"\n"
"The return value is the usual gpg-error code or 0 for ducesss;\n"
"i.e. the certificate validity has been confirmed by a valid CRL.";
static gpg_error_t
cmd_checkcrl (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
unsigned char fprbuffer[20], *fpr;
ksba_cert_t cert;
fpr = get_fingerprint_from_line (line, fprbuffer);
cert = fpr? get_cert_byfpr (fpr) : NULL;
if (!cert)
{
/* We do not have this certificate yet or the fingerprint has
not been given. Inquire it from the client. */
unsigned char *value = NULL;
size_t valuelen;
err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
&value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
else
{
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert, value, valuelen);
}
xfree (value);
if(err)
goto leave;
}
assert (cert);
err = crl_cache_cert_isvalid (ctrl, cert, ctrl->force_crl_refresh);
if (gpg_err_code (err) == GPG_ERR_NO_CRL_KNOWN)
{
err = crl_cache_reload_crl (ctrl, cert);
if (!err)
err = crl_cache_cert_isvalid (ctrl, cert, 0);
}
leave:
ksba_cert_release (cert);
return leave_cmd (ctx, err);
}
static const char hlp_checkocsp[] =
"CHECKOCSP [--force-default-responder] [<fingerprint>]\n"
"\n"
"Check whether the certificate with FINGERPRINT (SHA-1 hash of the\n"
"entire X.509 certificate blob) is valid or not by asking an OCSP\n"
"responder responsible for this certificate. The optional\n"
"fingerprint may be used for a quick check in case an OCSP check has\n"
"been done for this certificate recently (we always cache OCSP\n"
"responses for a couple of minutes). If the fingerprint has not been\n"
"given or there is no cached result, the function inquires the\n"
"certificate using an\n"
"\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
"request (which should match FINGERPRINT) as a binary blob.\n"
"Processing then takes place without further interaction; in\n"
"particular dirmngr tries to locate other required certificates by\n"
"its own mechanism which includes a local certificate store as well\n"
"as a list of trusted root certifciates.\n"
"\n"
"If the option --force-default-responder is given, only the default\n"
"OCSP responder will be used and any other methods of obtaining an\n"
"OCSP responder URL won't be used.\n"
"\n"
"The return value is the usual gpg-error code or 0 for ducesss;\n"
"i.e. the certificate validity has been confirmed by a valid CRL.";
static gpg_error_t
cmd_checkocsp (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
unsigned char fprbuffer[20], *fpr;
ksba_cert_t cert;
int force_default_responder;
force_default_responder = has_option (line, "--force-default-responder");
line = skip_options (line);
fpr = get_fingerprint_from_line (line, fprbuffer);
cert = fpr? get_cert_byfpr (fpr) : NULL;
if (!cert)
{
/* We do not have this certificate yet or the fingerprint has
not been given. Inquire it from the client. */
unsigned char *value = NULL;
size_t valuelen;
err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
&value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
else
{
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert, value, valuelen);
}
xfree (value);
if(err)
goto leave;
}
assert (cert);
if (!opt.allow_ocsp)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
else
err = ocsp_isvalid (ctrl, cert, NULL, force_default_responder);
leave:
ksba_cert_release (cert);
return leave_cmd (ctx, err);
}
static int
lookup_cert_by_url (assuan_context_t ctx, const char *url)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
unsigned char *value = NULL;
size_t valuelen;
/* Fetch single certificate given it's URL. */
err = fetch_cert_by_url (ctrl, url, &value, &valuelen);
if (err)
{
log_error (_("fetch_cert_by_url failed: %s\n"), gpg_strerror (err));
goto leave;
}
/* Send the data, flush the buffer and then send an END. */
err = assuan_send_data (ctx, value, valuelen);
if (!err)
err = assuan_send_data (ctx, NULL, 0);
if (!err)
err = assuan_write_line (ctx, "END");
if (err)
{
log_error (_("error sending data: %s\n"), gpg_strerror (err));
goto leave;
}
leave:
return err;
}
/* Send the certificate, flush the buffer and then send an END. */
static gpg_error_t
return_one_cert (void *opaque, ksba_cert_t cert)
{
assuan_context_t ctx = opaque;
gpg_error_t err;
const unsigned char *der;
size_t derlen;
der = ksba_cert_get_image (cert, &derlen);
if (!der)
err = gpg_error (GPG_ERR_INV_CERT_OBJ);
else
{
err = assuan_send_data (ctx, der, derlen);
if (!err)
err = assuan_send_data (ctx, NULL, 0);
if (!err)
err = assuan_write_line (ctx, "END");
}
if (err)
log_error (_("error sending data: %s\n"), gpg_strerror (err));
return err;
}
/* Lookup certificates from the internal cache or using the ldap
servers. */
static int
lookup_cert_by_pattern (assuan_context_t ctx, char *line,
int single, int cache_only)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
char *p;
strlist_t sl, list = NULL;
int truncated = 0, truncation_forced = 0;
int count = 0;
int local_count = 0;
unsigned char *value = NULL;
size_t valuelen;
struct ldapserver_iter ldapserver_iter;
cert_fetch_context_t fetch_context;
int any_no_data = 0;
/* Break the line down into an STRLIST */
for (p=line; *p; line = p)
{
while (*p && *p != ' ')
p++;
if (*p)
*p++ = 0;
if (*line)
{
sl = xtrymalloc (sizeof *sl + strlen (line));
if (!sl)
{
err = gpg_error_from_errno (errno);
goto leave;
}
memset (sl, 0, sizeof *sl);
strcpy_escaped_plus (sl->d, line);
sl->next = list;
list = sl;
}
}
/* First look through the internal cache. The certifcates retruned
here are not counted towards the truncation limit. */
if (single && !cache_only)
; /* Do not read from the local cache in this case. */
else
{
for (sl=list; sl; sl = sl->next)
{
err = get_certs_bypattern (sl->d, return_one_cert, ctx);
if (!err)
local_count++;
if (!err && single)
goto ready;
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
{
err = 0;
if (cache_only)
any_no_data = 1;
}
else if (gpg_err_code (err) == GPG_ERR_INV_NAME && !cache_only)
{
/* No real fault because the internal pattern lookup
can't yet cope with all types of pattern. */
err = 0;
}
if (err)
goto ready;
}
}
/* Loop over all configured servers unless we want only the
certificates from the cache. */
for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
!cache_only && !ldapserver_iter_end_p (&ldapserver_iter)
&& ldapserver_iter.server->host && !truncation_forced;
ldapserver_iter_next (&ldapserver_iter))
{
ldap_server_t ldapserver = ldapserver_iter.server;
if (DBG_LOOKUP)
log_debug ("cmd_lookup: trying %s:%d base=%s\n",
ldapserver->host, ldapserver->port,
ldapserver->base?ldapserver->base : "[default]");
/* Fetch certificates matching pattern */
err = start_cert_fetch (ctrl, &fetch_context, list, ldapserver);
if ( gpg_err_code (err) == GPG_ERR_NO_DATA )
{
if (DBG_LOOKUP)
log_debug ("cmd_lookup: no data\n");
err = 0;
any_no_data = 1;
continue;
}
if (err)
{
log_error (_("start_cert_fetch failed: %s\n"), gpg_strerror (err));
goto leave;
}
/* Fetch the certificates for this query. */
while (!truncation_forced)
{
xfree (value); value = NULL;
err = fetch_next_cert (fetch_context, &value, &valuelen);
if (gpg_err_code (err) == GPG_ERR_NO_DATA )
{
err = 0;
any_no_data = 1;
break; /* Ready. */
}
if (gpg_err_code (err) == GPG_ERR_TRUNCATED)
{
truncated = 1;
err = 0;
break; /* Ready. */
}
if (gpg_err_code (err) == GPG_ERR_EOF)
{
err = 0;
break; /* Ready. */
}
if (!err && !value)
{
err = gpg_error (GPG_ERR_BUG);
goto leave;
}
if (err)
{
log_error (_("fetch_next_cert failed: %s\n"),
gpg_strerror (err));
end_cert_fetch (fetch_context);
goto leave;
}
if (DBG_LOOKUP)
log_debug ("cmd_lookup: returning one cert%s\n",
truncated? " (truncated)":"");
/* Send the data, flush the buffer and then send an END line
as a certificate delimiter. */
err = assuan_send_data (ctx, value, valuelen);
if (!err)
err = assuan_send_data (ctx, NULL, 0);
if (!err)
err = assuan_write_line (ctx, "END");
if (err)
{
log_error (_("error sending data: %s\n"), gpg_strerror (err));
end_cert_fetch (fetch_context);
goto leave;
}
if (++count >= opt.max_replies )
{
truncation_forced = 1;
log_info (_("max_replies %d exceeded\n"), opt.max_replies );
}
if (single)
break;
}
end_cert_fetch (fetch_context);
}
ready:
if (truncated || truncation_forced)
{
char str[50];
sprintf (str, "%d", count);
assuan_write_status (ctx, "TRUNCATED", str);
}
if (!err && !count && !local_count && any_no_data)
err = gpg_error (GPG_ERR_NO_DATA);
leave:
free_strlist (list);
return err;
}
static const char hlp_lookup[] =
"LOOKUP [--url] [--single] [--cache-only] <pattern>\n"
"\n"
"Lookup certificates matching PATTERN. With --url the pattern is\n"
"expected to be one URL.\n"
"\n"
"If --url is not given: To allow for multiple patterns (which are ORed)\n"
"quoting is required: Spaces are translated to \"+\" or \"%20\";\n"
"obviously this requires that the usual escape quoting rules are applied.\n"
"\n"
"If --url is given no special escaping is required because URLs are\n"
"already escaped this way.\n"
"\n"
"If --single is given the first and only the first match will be\n"
"returned. If --cache-only is _not_ given, no local query will be\n"
"done.\n"
"\n"
"If --cache-only is given no external lookup is done so that only\n"
"certificates from the cache may get returned.";
static gpg_error_t
cmd_lookup (assuan_context_t ctx, char *line)
{
gpg_error_t err;
int lookup_url, single, cache_only;
lookup_url = has_leading_option (line, "--url");
single = has_leading_option (line, "--single");
cache_only = has_leading_option (line, "--cache-only");
line = skip_options (line);
if (lookup_url && cache_only)
err = gpg_error (GPG_ERR_NOT_FOUND);
else if (lookup_url && single)
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
else if (lookup_url)
err = lookup_cert_by_url (ctx, line);
else
err = lookup_cert_by_pattern (ctx, line, single, cache_only);
return leave_cmd (ctx, err);
}
static const char hlp_loadcrl[] =
"LOADCRL [--url] <filename|url>\n"
"\n"
"Load the CRL in the file with name FILENAME into our cache. Note\n"
"that FILENAME should be given with an absolute path because\n"
"Dirmngrs cwd is not known. With --url the CRL is directly loaded\n"
"from the given URL.\n"
"\n"
"This command is usually used by gpgsm using the invocation \"gpgsm\n"
"--call-dirmngr loadcrl <filename>\". A direct invocation of Dirmngr\n"
"is not useful because gpgsm might need to callback gpgsm to ask for\n"
"the CA's certificate.";
static gpg_error_t
cmd_loadcrl (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
int use_url = has_leading_option (line, "--url");
line = skip_options (line);
if (use_url)
{
ksba_reader_t reader;
err = crl_fetch (ctrl, line, &reader);
if (err)
log_error (_("fetching CRL from `%s' failed: %s\n"),
line, gpg_strerror (err));
else
{
err = crl_cache_insert (ctrl, line, reader);
if (err)
log_error (_("processing CRL from `%s' failed: %s\n"),
line, gpg_strerror (err));
crl_close_reader (reader);
}
}
else
{
char *buf;
buf = xtrymalloc (strlen (line)+1);
if (!buf)
err = gpg_error_from_syserror ();
else
{
strcpy_escaped_plus (buf, line);
err = crl_cache_load (ctrl, buf);
xfree (buf);
}
}
return leave_cmd (ctx, err);
}
static const char hlp_listcrls[] =
"LISTCRLS\n"
"\n"
"List the content of all CRLs in a readable format. This command is\n"
"usually used by gpgsm using the invocation \"gpgsm --call-dirmngr\n"
"listcrls\". It may also be used directly using \"dirmngr\n"
"--list-crls\".";
static gpg_error_t
cmd_listcrls (assuan_context_t ctx, char *line)
{
gpg_error_t err;
estream_t fp;
(void)line;
fp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!fp)
err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
else
{
err = crl_cache_list (fp);
es_fclose (fp);
}
return leave_cmd (ctx, err);
}
static const char hlp_cachecert[] =
"CACHECERT\n"
"\n"
"Put a certificate into the internal cache. This command might be\n"
"useful if a client knows in advance certificates required for a\n"
- "test and wnats to make sure they get added to the internal cache.\n"
+ "test and wants to make sure they get added to the internal cache.\n"
"It is also helpful for debugging. To get the actual certificate,\n"
"this command immediately inquires it using\n"
"\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
"request as a binary blob.";
static gpg_error_t
cmd_cachecert (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
ksba_cert_t cert = NULL;
unsigned char *value = NULL;
size_t valuelen;
(void)line;
err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
&value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
else
{
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert, value, valuelen);
}
xfree (value);
if(err)
goto leave;
err = cache_cert (cert);
leave:
ksba_cert_release (cert);
return leave_cmd (ctx, err);
}
static const char hlp_validate[] =
"VALIDATE\n"
"\n"
"Validate a certificate using the certificate validation function\n"
"used internally by dirmngr. This command is only useful for\n"
"debugging. To get the actual certificate, this command immediately\n"
"inquires it using\n"
"\n"
" INQUIRE TARGETCERT\n"
"\n"
"and the caller is expected to return the certificate for the\n"
"request as a binary blob.";
static gpg_error_t
cmd_validate (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
ksba_cert_t cert = NULL;
unsigned char *value = NULL;
size_t valuelen;
(void)line;
err = assuan_inquire (ctrl->server_local->assuan_ctx, "TARGETCERT",
&value, &valuelen, MAX_CERT_LENGTH);
if (err)
{
log_error (_("assuan_inquire failed: %s\n"), gpg_strerror (err));
goto leave;
}
if (!valuelen) /* No data returned; return a comprehensible error. */
err = gpg_error (GPG_ERR_MISSING_CERT);
else
{
err = ksba_cert_new (&cert);
if (!err)
err = ksba_cert_init_from_mem (cert, value, valuelen);
}
xfree (value);
if(err)
goto leave;
/* If we have this certificate already in our cache, use the cached
version for validation because this will take care of any cached
results. */
{
unsigned char fpr[20];
ksba_cert_t tmpcert;
cert_compute_fpr (cert, fpr);
tmpcert = get_cert_byfpr (fpr);
if (tmpcert)
{
ksba_cert_release (cert);
cert = tmpcert;
}
}
err = validate_cert_chain (ctrl, cert, NULL, VALIDATE_MODE_CERT, NULL);
leave:
ksba_cert_release (cert);
return leave_cmd (ctx, err);
}
static const char hlp_getinfo[] =
"GETINFO <what>\n"
"\n"
"Multi purpose command to return certain information. \n"
"Supported values of WHAT are:\n"
"\n"
"version - Return the version of the program.\n"
"pid - Return the process id of the server.\n"
"\n"
"socket_name - Return the name of the socket.\n";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
gpg_error_t err;
if (!strcmp (line, "version"))
{
const char *s = VERSION;
err = assuan_send_data (ctx, s, strlen (s));
}
else if (!strcmp (line, "pid"))
{
char numbuf[50];
snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ());
err = assuan_send_data (ctx, numbuf, strlen (numbuf));
}
else if (!strcmp (line, "socket_name"))
{
const char *s = dirmngr_socket_name ();
if (s)
err = assuan_send_data (ctx, s, strlen (s));
else
err = gpg_error (GPG_ERR_NO_DATA);
}
else
err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
return leave_cmd (ctx, err);
}
+
+static const char hlp_killdirmngr[] =
+ "KILLDIRMNGR\n"
+ "\n"
+ "This command allows a user - given sufficient permissions -\n"
+ "to kill this dirmngr process.\n";
+static gpg_error_t
+cmd_killdirmngr (assuan_context_t ctx, char *line)
+{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
+
+ (void)line;
+
+ if (opt.system_daemon)
+ {
+ if (opt.system_service)
+ return set_error (GPG_ERR_NOT_SUPPORTED,
+ "can't do that whilst running as system service");
+#ifndef HAVE_W32_SYSTEM
+ {
+ gpg_err_code_t ec;
+ assuan_peercred_t cred;
+
+ ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
+ if (!ec && cred.uid)
+ ec = GPG_ERR_EPERM; /* Only root may terminate. */
+ if (ec)
+ return set_error (ec, "no permission to kill this process");
+ }
+#endif
+ }
+
+ ctrl->server_local->stopme = 1;
+ return gpg_error (GPG_ERR_EOF);
+}
+
+
+static const char hlp_reloaddirmngr[] =
+ "RELOADDIRMNGR\n"
+ "\n"
+ "This command is an alternative to SIGHUP\n"
+ "to reload the configuration.";
+static gpg_error_t
+cmd_reloaddirmngr (assuan_context_t ctx, char *line)
+{
+ (void)ctx;
+ (void)line;
+
+ if (opt.system_daemon)
+ {
+#ifndef HAVE_W32_SYSTEM
+ {
+ gpg_err_code_t ec;
+ assuan_peercred_t cred;
+
+ ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
+ if (!ec && cred.uid)
+ ec = GPG_ERR_EPERM; /* Only root may terminate. */
+ if (ec)
+ return set_error (ec, "no permission to reload this process");
+ }
+#endif
+ }
+
+ dirmngr_sighup_action ();
+ return 0;
+}
+
+
/* Tell the assuan library about our commands. */
static int
register_commands (assuan_context_t ctx)
{
static struct {
const char *name;
assuan_handler_t handler;
const char * const help;
} table[] = {
{ "LDAPSERVER", cmd_ldapserver, hlp_ldapserver },
{ "ISVALID", cmd_isvalid, hlp_isvalid },
{ "CHECKCRL", cmd_checkcrl, hlp_checkcrl },
{ "CHECKOCSP", cmd_checkocsp, hlp_checkocsp },
{ "LOOKUP", cmd_lookup, hlp_lookup },
{ "LOADCRL", cmd_loadcrl, hlp_loadcrl },
{ "LISTCRLS", cmd_listcrls, hlp_listcrls },
{ "CACHECERT", cmd_cachecert, hlp_cachecert },
{ "VALIDATE", cmd_validate, hlp_validate },
{ "GETINFO", cmd_getinfo, hlp_getinfo },
+ { "KILLDIRMNGR",cmd_killdirmngr,hlp_killdirmngr },
+ { "RELOADDIRMNGR",cmd_reloaddirmngr,hlp_reloaddirmngr },
{ NULL, NULL }
};
int i, j, rc;
for (i=j=0; table[i].name; i++)
{
rc = assuan_register_command (ctx, table[i].name, table[i].handler,
table[i].help);
if (rc)
return rc;
}
return 0;
}
static gpg_error_t
reset_notify (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void)line;
ldapserver_list_free (ctrl->server_local->ldapservers);
ctrl->server_local->ldapservers = NULL;
return 0;
}
/* Startup the server and run the main command loop. With FD = -1
used stdin/stdout. */
void
start_command_handler (assuan_fd_t fd)
{
static const char hello[] = "Dirmngr " VERSION " at your service";
static char *hello_line;
int rc;
assuan_context_t ctx;
ctrl_t ctrl;
ctrl = xtrycalloc (1, sizeof *ctrl);
if (ctrl)
ctrl->server_local = xtrycalloc (1, sizeof *ctrl->server_local);
if (!ctrl || !ctrl->server_local)
{
log_error (_("can't allocate control structure: %s\n"),
strerror (errno));
xfree (ctrl);
return;
}
dirmngr_init_default_ctrl (ctrl);
rc = assuan_new (&ctx);
if (rc)
{
log_error (_("failed to allocate assuan context: %s\n"),
gpg_strerror (rc));
dirmngr_exit (2);
}
if (fd == ASSUAN_INVALID_FD)
{
assuan_fd_t filedes[2];
filedes[0] = assuan_fdopen (0);
filedes[1] = assuan_fdopen (1);
rc = assuan_init_pipe_server (ctx, filedes);
}
else
{
rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED);
}
if (rc)
{
assuan_release (ctx);
log_error (_("failed to initialize the server: %s\n"),
gpg_strerror(rc));
dirmngr_exit (2);
}
rc = register_commands (ctx);
if (rc)
{
log_error (_("failed to the register commands with Assuan: %s\n"),
gpg_strerror(rc));
dirmngr_exit (2);
}
if (!hello_line)
{
size_t n;
const char *cfgname;
cfgname = opt.config_filename? opt.config_filename : "[none]";
n = (30 + strlen (opt.homedir) + strlen (cfgname)
+ strlen (hello) + 1);
hello_line = xmalloc (n+1);
snprintf (hello_line, n,
"Home: %s\n"
"Config: %s\n"
"%s",
opt.homedir,
cfgname,
hello);
hello_line[n] = 0;
}
ctrl->server_local->assuan_ctx = ctx;
assuan_set_pointer (ctx, ctrl);
assuan_set_hello_line (ctx, hello_line);
assuan_register_option_handler (ctx, option_handler);
assuan_register_reset_notify (ctx, reset_notify);
for (;;)
{
rc = assuan_accept (ctx);
if (rc == -1)
break;
if (rc)
{
log_info (_("Assuan accept problem: %s\n"), gpg_strerror (rc));
break;
}
#ifndef HAVE_W32_SYSTEM
if (opt.verbose)
{
assuan_peercred_t peercred;
if (!assuan_get_peercred (ctx, &peercred))
log_info ("connection from process %ld (%ld:%ld)\n",
(long)peercred->pid, (long)peercred->uid,
(long)peercred->gid);
}
#endif
rc = assuan_process (ctx);
if (rc)
{
log_info (_("Assuan processing failed: %s\n"), gpg_strerror (rc));
continue;
}
}
ldap_wrapper_connection_cleanup (ctrl);
ldapserver_list_free (ctrl->server_local->ldapservers);
ctrl->server_local->ldapservers = NULL;
ctrl->server_local->assuan_ctx = NULL;
assuan_release (ctx);
+ if (ctrl->server_local->stopme)
+ dirmngr_exit (0);
+
if (ctrl->refcount)
log_error ("oops: connection control structure still referenced (%d)\n",
ctrl->refcount);
else
{
release_ctrl_ocsp_certs (ctrl);
xfree (ctrl->server_local);
xfree (ctrl);
}
}
/* Send a status line back to the client. KEYWORD is the status
keyword, the optioal string argumenst are blank separated added to
the line, the last argument must be a NULL. */
gpg_error_t
dirmngr_status (ctrl_t ctrl, const char *keyword, ...)
{
gpg_error_t err = 0;
va_list arg_ptr;
const char *text;
va_start (arg_ptr, keyword);
if (ctrl->server_local)
{
assuan_context_t ctx = ctrl->server_local->assuan_ctx;
char buf[950], *p;
size_t n;
p = buf;
n = 0;
while ( (text = va_arg (arg_ptr, const char *)) )
{
if (n)
{
*p++ = ' ';
n++;
}
for ( ; *text && n < DIM (buf)-2; n++)
*p++ = *text++;
}
*p = 0;
err = assuan_write_status (ctx, keyword, buf);
}
va_end (arg_ptr);
return err;
}
/* Note, that we ignore CTRL for now but use the first connection to
send the progress info back. */
gpg_error_t
dirmngr_tick (ctrl_t ctrl)
{
static time_t next_tick = 0;
gpg_error_t err = 0;
time_t now = time (NULL);
if (!next_tick)
{
next_tick = now + 1;
}
else if ( now > next_tick )
{
if (ctrl)
{
err = dirmngr_status (ctrl, "PROGRESS", "tick", "? 0 0", NULL);
if (err)
{
/* Take this as in indication for a cancel request. */
err = gpg_error (GPG_ERR_CANCELED);
}
now = time (NULL);
}
next_tick = now + 1;
}
return err;
}

File Metadata

Mime Type
text/x-diff
Expires
Wed, Dec 24, 10:48 PM (1 d, 16 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
5e/2f/b67bfbd13426c52d15002bd4368d

Event Timeline