diff --git a/agent/ChangeLog b/agent/ChangeLog index f8156bc37..783089e6b 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,2939 +1,2941 @@ 2011-03-02 Ben Kibbey (wk) * command.c (cmd_clear_passphrase): Add option --mode=normal. + (cmd_keyinfo): Add option --data. + (do_one_keyinfo): Return CACHED status. Add arg DATA. 2011-02-07 Werner Koch * pksign.c (do_encode_dsa): Enforce multipe of 8 bits only for DSA. 2011-02-03 Werner Koch * protect.c (protect_info): Support ECC algos. * pksign.c (do_encode_dsa): Map public key algo number. Extend DSA size check for ECDSA. * gpg-agent.c: Include cipher.h. (map_pk_openpgp_to_gcry): New. * findkey.c (key_parms_from_sexp): Support ECDH. * cvt-openpgp.c (get_keygrip): Support ECC algorithms. (convert_secret_key): Ditto. (do_unprotect): Ditto. 2011-02-02 Werner Koch * cvt-openpgp.c (convert_secret_key): Remove algo mapping. 2011-01-31 Werner Koch * cvt-openpgp.c (convert_to_openpgp): Adjust to reverted Libgcrypt ABI. * protect.c (protect_info): Adjust ECDSA and ECDH parameter names. Add "ecc". * findkey.c (key_parms_from_sexp): Ditto. 2011-01-19 Werner Koch * trustlist.c (read_one_trustfile): Also chop an CR. 2011-01-21 Werner Koch * pksign.c (do_encode_dsa): Compare MDLEN to bytes. * cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New. 2010-12-02 Werner Koch * gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL) [W32CE]: Set to 60 seconds. 2010-11-29 Werner Koch * cache.c (initialize_module_cache): Factor code out to ... (init_encryption): new. (new_data, agent_get_cache): Init encryption on on the fly. 2010-11-26 Werner Koch * gpg-agent.c (CHECK_OWN_SOCKET_INTERVAL): New. (handle_tick) [W32CE]: Don't check own socket. 2010-11-23 Werner Koch * Makefile.am (gpg_agent_LDFLAGS): Add extra_bin_ldflags. 2010-11-11 Werner Koch * agent.h (opt): Add field SIGUSR2_ENABLED. * gpg-agent.c (handle_connections): Set that flag. * call-scd.c (start_scd): Enable events depending on this flag. 2010-10-27 Werner Koch * gpg-agent.c (create_socket_name): Use TMPDIR. Change callers. 2010-10-26 Werner Koch * cache.c (agent_put_cache): Allow deletion even if TTL is passwd as 0. * genkey.c (agent_protect_and_store): Add arg PASSPHRASE_ADDR. * command.c (cmd_passwd): Add option --passwd-nonce. (struct server_local_s): Add LAST_CACHE_NONCE and LAST_PASSWD_NONCE. (clear_nonce_cache): New. (reset_notify): Clear the nonce cache. (start_command_handler): Ditto. 2010-10-25 Werner Koch * command.c (cmd_export_key): Free CACHE_NONCE. (cmd_passwd): Add option --cache-nonce. 2010-10-18 Werner Koch * call-pinentry.c (start_pinentry): Print name of pinentry on connect error. * call-scd.c (agent_card_pksign): Make sure to return an unsigned number. 2010-10-14 Werner Koch * command.c (cmd_genkey): Add option --no-protection. * genkey.c (agent_genkey): Add arg NO_PROTECTION. 2010-10-13 Werner Koch * call-pinentry.c (agent_get_passphrase): Support the close_button. * gpg-agent.c (create_server_socket): Switch back to stderr logging if we are not starting a agent. * command.c (cmd_passwd, cmd_export_key): Move mapping of GPG_ERR_FULLY_CANCELED to .. (leave_cmd): .. here. (option_handler): Add option agent-awareness. * protect-tool.c (get_passphrase): Take care of GPG_ERR_FULLY_CANCELED. * findkey.c (try_unprotect_cb): Ditto. (unprotect): Remove the fully_canceled hack. * call-pinentry.c (start_pinentry): Ditto. (agent_askpin): Ditto. * pkdecrypt.c (agent_pkdecrypt): Ditto * pksign.c (agent_pksign_do): Ditto. * genkey.c (agent_ask_new_passphrase): Remove arg CANCEL_ALL. 2010-10-06 Werner Koch * cvt-openpgp.c (convert_secret_key): Add missing break. 2010-10-05 Werner Koch * gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k won't kill out gpg-agent. 2010-09-30 Werner Koch * gpg-agent.c (agent_exit): Run cleanup. (cleanup): Run only once. * call-pinentry.c (close_button_status_cb): New. (agent_askpin): Add arg R_CANCEL_ALL. Change all callers. * genkey.c (agent_ask_new_passphrase): Ditto. * findkey.c (unprotect): Return GPG_ERR_FULLY_CANCELED if needed. * command.c (cmd_export_key): Add support for OpenPGP keys. * findkey.c (unprotect): Add optional arg R_PASSPHRASE. (agent_key_from_file): Ditto. Change all callers. * findkey.c (unprotect): Do not put the passphrase into the cache if it has been changed. * cvt-openpgp.c (convert_to_openpgp, apply_protection) (key_from_sexp): New. 2010-09-29 Werner Koch * cvt-openpgp.c (convert_openpgp): Rename to convert_from_openpgp. * command.c (has_option): Stop at "--". (has_option_name, option_value): Ditto. (skip_options): Skip initial spaces. 2010-09-24 Werner Koch * gpg-agent.c (main, reread_configuration): Always test whether the default configuration file has been created in the meantime. Fixes bug#1285. 2010-09-17 Werner Koch * command.c (cmd_havekey): Allow testing of several keygrips. 2010-09-15 Werner Koch * protect.c (calculate_mic): Take care of shared secret format. * agent.h (PROTECTED_SHARED_SECRET): New. 2010-09-02 Werner Koch * cache.c (new_data): Change arg and callers to use a string and explicity return an error code. We never used raw binary data and thus it is easier to use a string. Adjust callers. (initialize_module_cache, deinitialize_module_cache): New. (new_data): Encrypt the cached data. (struct cache_item_s): Remove field LOCKCOUNT. Change all users accordingly. (agent_unlock_cache_entry): Remove. (agent_get_cache): Return an allocated string and remove CACHE_ID. * genkey.c (agent_genkey): Remove cache marker stuff. * findkey.c (unprotect): Ditto. * cvt-openpgp.c (convert_openpgp): Ditto. * command.c (cmd_get_passphrase): Ditto. * gpg-agent.c (main, cleanup): Initialize and deinitialize the cache module. 2010-09-01 Werner Koch * call-pinentry.c (start_pinentry): Disable pinentry logging. * command.c (cmd_import_key, cmd_genkey, cmd_pksign): Add CACHE handling. * cvt-openpgp.c (convert_openpgp): Add arg CACHE_NONCE and try the cached nonce first. * genkey.c (agent_genkey): Add arg CACHE_NONCE. * cache.c (agent_get_cache): Require user and nonce cache modes to match the requested mode. (agent_put_cache): Ditto. * agent.h (CACHE_MODE_NONCE): New. * pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE. * findkey.c (agent_key_from_file): Ditto. (unprotect): Implement it. 2010-08-31 Werner Koch * pksign.c (do_encode_dsa): Fix sign problem. * findkey.c (agent_is_dsa_key): Adjust to actual usage. 2010-08-30 Werner Koch * protect.c (s2k_hash_passphrase): New public function. 2010-08-27 Werner Koch * command.c (cmd_import_key): Support OpenPGP keys. * cvt-openpgp.h, cvt-openpgp.c: New. Some of the code is based on code taken from g10/seckey-cert.c. 2010-08-26 Werner Koch * command-ssh.c (open_control_file): Use estream to create the file. * findkey.c (agent_write_private_key): Explicitly create file with mode 600. * gpg-agent.c (main): Ditto. * trustlist.c (agent_marktrusted): Explicitly create file with mode 640. 2010-08-16 Werner Koch * gpg-agent.c: Replace remaining printf by es_printf. 2010-08-11 Werner Koch * call-pinentry.c (agent_get_passphrase, agent_askpin): Fix setting of confidential flag. * call-scd.c (agent_card_scd): Pass assuan comment lines to the caller. (ASSUAN_CONVEY_COMMENTS): Provide replacement if needed. 2010-08-09 Werner Koch * Makefile.am (t_common_ldadd): Add NETLIBS for sake of the TCP logging. 2010-06-24 Werner Koch * genkey.c (check_passphrase_pattern): Use HANG option for gnupg_wait_progress. Fixes regression from 2010-06-09. 2010-06-21 Werner Koch * protect-tool.c (export_p12_file, import_p12_cert_cb) (import_p12_file, sexp_to_kparms, store_private_key): Remove unused code. 2010-06-18 Werner Koch * protect-tool.c (store_private_key, rsa_key_check): Remove. * command.c (cmd_export_key): New. 2010-06-15 Werner Koch * command.c (cmd_keywrap_key, cmd_import_key): New. * genkey.c (agent_genkey, agent_protect_and_store): Factor common code out to... (agent_ask_new_passphrase): .. new. * findkey.c (agent_write_private_key): Return GPG_ERR_EEXIST instead of GPG_ERR_GENERAL. 2010-06-14 Werner Koch * protect-tool.c: Remove commands --p12-import and --p12-export. * minip12.c, minip12.h: Move to ../sm. * Makefile.am (gpg_protect_tool_SOURCES): Remove them. * preset-passphrase.c: Remove unneeded minip12.h. * command.c (cmd_keywrap_key): New. * command.c (leave_cmd): New. (cmd_istrusted, cmd_listtrusted, cmd_marktrusted, cmd_pksign) (cmd_pkdecrypt, cmd_genkey, cmd_readkey, cmd_keyinfo) (cmd_get_passphrase, cmd_get_confirmation, cmd_learn) (cmd_passwd, cmd_preset_passphrase, cmd_getval, cmd_putval): Use it. 2010-05-12 Werner Koch * preset-passphrase.c (forget_passphrase): Actually implement this. Fixes bug#1198. 2010-05-11 Werner Koch * agent.h (opt): Add field USE_STANDARD_SOCKET. * gpg-agent.c (use_standard_socket): Remove. Use new option instead. * command.c (cmd_killagent, cmd_reloadagent): Provide command also for non-W32 platforms. (cmd_getinfo): New subcommands std_session_env and std_startup_env. 2010-05-03 Werner Koch * gpg-agent.c (check_own_socket_thread): Do not release SOCKNAME too early. 2010-04-30 Werner Koch * gpg-agent.c (main): Add command --use-standard-socket-p. 2010-04-26 Werner Koch * gpg-agent.c (create_server_socket) [W32]: Also check for EEXIST. 2010-04-19 Werner Koch * pksign.c (get_dsa_qbits, do_encode_dsa): New. (agent_pksign_do): Detect DSA keys and use do_encode_dsa. * findkey.c (agent_public_key_from_file): Factor some code out to .. (key_parms_from_sexp): New. (agent_is_dsa_key): New. * command.c (cmd_sethash): Clear digeest.RAW_VALUE. 2010-04-14 Werner Koch * Makefile.am (libexec_PROGRAMS) [W32CE]: Do not build gpg-preset-passphrase for now. (pwquery_libs) [W32CE]: Set to empty. * trustlist.c (read_one_trustfile): Use estream. 2010-04-13 Werner Koch * findkey.c (read_key_file): Use estream. (agent_write_private_key): Ditto. 2010-04-07 Werner Koch * gpg-agent.c (handle_connections) [W32]: Assume that PTh support the handle event. Use a dummy event for W32CE. (get_agent_scd_notify_event) [W32CE]: Do not build. * call-pinentry.c: Remove setenv.h. Include sysutils.h. (atfork_cb): s/setenv/gnupg_setenv/. * gpg-agent.c: Do not include setenv.h. (main): s/unsetenv/gnupg_unsetenv/. * protect.c (calibrate_get_time) [W32CE]: Use GetThreadTimes. 2010-04-06 Werner Koch * call-scd.c [!HAVE_SIGNAL_H]: Do not include signal.h. * findkey.c (agent_write_private_key): s/remove/gnupg_remove/. * command-ssh.c (search_control_file): Replace rewind by fseek and clearerr. * genkey.c (check_passphrase_pattern): Ditto. * gpg-agent.c [!HAVE_SIGNAL_H]: Do not include signal.h. (remove_socket): s/remove/gnupg_remove/. (create_private_keys_directory): Use gnupg_mkdir. 2010-03-11 Werner Koch * gpg-agent.c: Include "asshelp.h". (main): Remove assuan_set_assuan_log_prefix. Add assuan_set_log_cb. (handle_signal): Disable pth ctrl dumping. (parse_rereadable_options, main): Remove assuan_set_assuan_log_stream. * call-scd.c (start_scd): Remove assuan_set_log_stream. 2010-03-10 Werner Koch * Makefile.am (common_libs): Remove libjnlib.a. * trustlist.c, protect-tool.c, command-ssh.c: Remove estream.h. 2010-02-17 Werner Koch * call-pinentry.c (start_pinentry): Always free OPTSTR. Send default-xxx strings. 2010-01-26 Werner Koch * protect.c (do_encryption): Encode the s2kcount and no not use a static value of 96. 2009-12-21 Werner Koch * command.c (cmd_getinfo): Add sub-command s2k_count. 2009-12-14 Werner Koch * protect.c (agent_unprotect): Decode the S2K count here and take care of the new unencoded values. Add a lower limit sanity check. (hash_passphrase): Do not decode here. (get_standard_s2k_count, calibrate_s2k_count): New. (calibrate_get_time, calibrate_elapsed_time): New. (do_encryption): Use get_standard_s2k_count. 2009-12-08 Werner Koch * protect.c (agent_unprotect): Avoid compiler warning. 2009-12-08 Marcus Brinkmann * call-pinentry.c (start_pinentry): Convert posix fd to assuan fd. * call-scd.c (start_scd): Likewise. 2009-12-03 Werner Koch * gpg-agent.c (set_debug): Allow for numerical debug leveles. Print active debug flags. 2009-12-02 Werner Koch * trustlist.c (read_trustfiles): Store the pointer returned from shrinking the memory and not the orginal one. Fixes bug#1163. Reported by TAKAHASHI Tamotsu. Also return correct error after memory failure. 2009-11-27 Marcus Brinkmann * command.c (start_command_handler): Do not call assuan_set_log_stream anymore. * gpg-agent.c (main): But call assuan_set_assuan_log_stream here. 2009-11-25 Marcus Brinkmann * command.c (start_command_handler): Use assuan_fd_t and assuan_fdopen on fds. 2009-11-05 Marcus Brinkmann * call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not assuan_pipe_connect_ext. * command.c (start_command_handler): Change assuan_init_socket_server_ext into assuan_init_socket_server. * call-scd.c (start_scd): Update use of assuan_socket_connect and assuan_pipe_connect. * gpg-agent.c (check_own_socket_thread, check_for_running_agent): Update use of assuan_socket_connect. 2009-11-04 Werner Koch * command.c (register_commands): Add help arg to assuan_register_command. Convert all command comments to help strings. 2009-11-02 Marcus Brinkmann * command.c (reset_notify): Take LINE arg and return error. (register_commands): Use assuan_handler_t type. 2009-10-16 Marcus Brinkmann * gpg_agent_CFLAGS, gpg_agent_LDADD: Use libassuan instead of libassuan-pth. * gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL. (main): Call assuan_set_system_hooks and assuan_sock_init. Fix invocation of assuan_socket_connect. 2009-09-23 Werner Koch * command.c (register_commands) [HAVE_ASSUAN_SET_IO_MONITOR]: Remove cpp condition. (start_command_handler) [HAVE_ASSUAN_SET_IO_MONITOR]: Ditto. 2009-09-23 Marcus Brinkmann * gpg-agent.c (parse_rereadable_options): Don't set global assuan log file (there ain't one anymore). (main): Update to new API. (check_own_socket_pid_cb): Return gpg_error_t instead of int. (check_own_socket_thread, check_for_running_agent): Create assuan context before connecting to server. * command.c: Include "scdaemon.h" before because of GPG_ERR_SOURCE_DEFAULT check. (write_and_clear_outbuf): Use gpg_error_t instead of assuan_error_t. (cmd_geteventcounter, cmd_istrusted, cmd_listtrusted) (cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc) (cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey) (cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase) (cmd_get_confirmation, cmd_learn, cmd_passwd) (cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval) (cmd_updatestartuptty, cmd_killagent, cmd_reloadagent) (cmd_getinfo, option_handler): Return gpg_error_t instead of int. (post_cmd_notify): Change type of ERR to gpg_error_t from int. (io_monitor): Add hook argument. Use symbols for constants. (register_commands): Change return type of HANDLER to gpg_error_t. (start_command_handler): Allocate assuan context before starting server. * call-pinentry.c: Include "scdaemon.h" before because of GPG_ERR_SOURCE_DEFAULT check. (unlock_pinentry): Call assuan_release instead of assuan_disconnect. (getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int. (start_pinentry): Allocate assuan context before connecting to server. * call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb) (membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru) (pass_data_thru): Change return type to gpg_error_t. (start_scd): Allocate assuan context before connecting to server. 2009-09-04 Marcus Brinkmann * command.c (start_command_handler): Add comment about gap in implementation (in dead code), for future reference. 2009-08-11 Werner Koch * divert-scd.c (ask_for_card): I18n a prompt string. 2009-07-06 Werner Koch * agent.h: Include session-env.h. (opt): Replace most of the startup_xxx fields by a session_env_t. (struct server_control_s): Likewise. * gpg-agent.c (main): Rewrite setting of the startup fields. (handle_connections, main): Allocate SESSION_ENV. (agent_init_default_ctrl, agent_deinit_default_ctrl): Change accordingly. * command.c (option_handler): Ditto. (cmd_updatestartuptty): Change accordingly. Protect old values from out of core failures. * command-ssh.c (start_command_handler_ssh): Ditto. (start_command_handler_ssh): Replace strdup by xtrystrdup. * call-pinentry.c (atfork_cb): Pass new envrinmnet variables. (start_pinentry): Use session_env stuff. * protect-tool.c (main): Adjust call to gnupg_prepare_get_passphrase. 2009-06-24 Werner Koch * genkey.c (agent_protect_and_store): Return RC and not 0. * protect.c (do_encryption): Fix ignored error code from malloc. Reported by Fabian Keil. 2009-06-17 Werner Koch * call-pinentry.c (agent_get_confirmation): Add arg WITH_CANCEL. Change all callers. * trustlist.c (agent_marktrusted): Use WITH_CANCEL 2009-06-09 Werner Koch * learncard.c (send_cert_back): Ignore certain error codes. 2009-06-05 Werner Koch * protect-tool.c (store_private_key): Fix last change by appending a ".key". 2009-06-03 Werner Koch * protect-tool.c: Include estream.h. (store_private_key): Replace stdio streams by estream functions for a portable use of the "x" mode. * trustlist.c: Include estream.h. (agent_marktrusted): Replace stdio stream by estream functions. * protect-tool.c (store_private_key): Use bin2hex. 2009-06-02 Werner Koch * gpg-agent.c (main): Run pth_kill after fork. Fixes bug#1066. 2009-05-19 Werner Koch * gpg-agent.c (JNLIB_NEED_AFLOCAL): Define. (create_server_socket): Use SUN_LEN macro. 2009-05-15 Werner Koch Fix bug #1053. * agent.h (lookup_ttl_t): New. * findkey.c (unprotect): Add arg LOOKUP_TTL. (agent_key_from_file): Ditto. * pksign.c (agent_pksign_do): Ditto. * command-ssh.c (ttl_from_sshcontrol): New. (data_sign): Pass new function to agent_pksign_do. (search_control_file): Add new arg R_TTL. 2009-05-14 Werner Koch * command.c (cmd_get_passphrase): Add option --qualitybar. * call-pinentry.c (agent_askpin): Factor some code out to ... (setup_qualitybar): .. new. (agent_get_passphrase): Add arg WITH_QUALITYBAR and implement it. 2009-04-14 Marcus Brinkmann * call-pinentry.c (agent_get_confirmation): Try SETNOTOK command with pinentry. 2009-04-01 Werner Koch * protect-tool.c (pe_opt): New. (opts): Add option --agent-program. Use ARGPARSE macros. (get_new_passphrase): Remove. (get_passphrase): Use gpg-agent directly. Remove arg OPT_CHECK and change all callers. * Makefile.am (gpg_protect_tool_LDADD): Replace pwquery_libs by LIBASSUAN_LIBS. (gpg_protect_tool_CFLAGS): New. * command.c (percent_plus_unescape): Remove. (cmd_putval): Use percent_plus_unescape_inplace. * call-scd.c (unescape_status_string): Remove. (card_getattr_cb): Use percent_plus_unescape. * protect-tool.c (main): Use percent_plus_unescape from common/. (percent_plus_unescape, percent_plus_unescape_string): Remove. 2009-03-27 Werner Koch * learncard.c (agent_handle_learn): Add new certtype 111. 2009-03-26 Werner Koch * agent.h (MAX_DIGEST_LEN): Change to 64. * command.c (cmd_sethash): Allow digest length of 48 and 64. (cmd_sethash): Allow more hash algos. * trustlist.c (reformat_name): New. (agent_marktrusted): Use a reformatted name. Reload the table before the update and always reload it at the end. (agent_istrusted): Check early for the disabled flag. 2009-03-25 Werner Koch * pkdecrypt.c (agent_pkdecrypt): Return a specific error message if the key is not available. * gpg-agent.c (main): Print a started message to show the real pid. 2009-03-20 Werner Koch * learncard.c (struct kpinfo_cp_parm_s): Add field CTRL. (struct certinfo_cb_parm_s): Ditto. (agent_handle_learn): Set CTRL field. (kpinfo_cb, certinfo_cb): Send progress status. * agent.h (agent_write_status): Flag with GNUPG_GCC_A_SENTINEL. 2009-03-19 Werner Koch * trustlist.c (struct trustitem_s): Add field DISABLED. (read_one_trustfile): Parse the '!' flag. (agent_istrusted, agent_listtrusted): Check flag. (agent_istrusted): Add arg R_DISABLED. Change all callers. (agent_marktrusted): Do not ask if flagged as disabled. Reverse the order of the questions. Store the disabled flag. * gpg-agent.c (main): Save signal mask and open fds. Restore mask and close all fds prior to the exec. Fixes bug#1013. 2009-03-17 Werner Koch * command.c (cmd_get_passphrase): Break repeat loop on error. Show error message. (cmd_getinfo): Add subcommand "cmd_has_option". (command_has_option): New. 2009-03-17 Daiki Ueno * command.c (option_value): New function. (cmd_get_passphrase): Accept new option --repeat, which makes gpg-agent to ask passphrase several times. 2009-03-06 Werner Koch * command.c (cmd_keyinfo): New command. (register_commands): Register it. (agent_write_status): Make sure not to print LR or CR. * divert-scd.c (ask_for_card): Factor shadow info parsing out to ... * protect.c (parse_shadow_info): New. * findkey.c (agent_key_from_file): Use make_canon_sexp. (agent_write_private_key, unprotect, read_key_file) (agent_key_available): Use bin2hex. (agent_key_info_from_file): New. (read_key_file): Log no error message for ENOENT. 2009-03-05 Werner Koch * divert-scd.c (getpin_cb): Support flag 'P'. Change max_digits from 8 to 16. Append a message about keypads. * findkey.c (unprotect): Change max digits to 16. 2009-03-02 Werner Koch * command.c (cmd_getinfo): Add subcommand "scd_running". * call-scd.c (agent_scd_check_running): New. * gpg-agent.c: Add missing option strings for "--batch" and "--homedir". Reported by Petr Uzel. * protect-tool.c (import_p12_file): Take care of canceled passphrase entry. Fixes bug#1003. (export_p12_file): Ditto. 2008-12-17 Werner Koch * gpg-agent.c (handle_connections): Set action of all pth event handled signals to SIG_IGN. Use a different pth_sigmask strategy. 2008-12-10 Werner Koch * command.c (cmd_get_passphrase): Implement option --no-ask. 2008-12-09 Werner Koch * gpg-agent.c (main): Call i18n_init before init_common_subsystems. * preset-passphrase.c (main): Ditto. * protect-tool.c (main): Ditto. * command.c (cmd_preset_passphrase): Allow an arbitrary string for the cache id. 2008-12-08 Werner Koch * gpg-agent.c (handle_connections): Sync the ticker to the next full second. This is bug#871. 2008-12-05 Werner Koch * minip12.c (decrypt_block): Fix const modified of CHARSETS. * learncard.c (sinfo_cb_parm_s): Remove superflous semicolon. Reported by Stoyan Angelov. 2008-11-18 Werner Koch * gpg-agent.c (make_libversion): New. (my_strusage): Print libgcrypt version 2008-11-11 Werner Koch * call-scd.c (membuf_data_cb): Change return type to assuan_error_t to avoid warnings with newer libassuan versions. 2008-11-04 Werner Koch * command.c (cmd_killagent): Stop the agent immediately. (start_command_handler): Take care of GPG_ERR_EOF. 2008-10-29 Werner Koch * gpg-agent.c (main): Move USE_STANDARD_SOCKET to the outer scope. (create_socket_name): Remove arg USE_STANDARD_SOCKET. Change all callers. (create_server_socket): Remove IS_STANDARD_NAME and replace it by USE_STANDARD_SOCKET. Change all callers. (check_own_socket_running): New. (check_own_socket, check_own_socket_thread): New. (handle_tick): Check server socket once a minute. (handle_connections): Remove the extra pth_wait in the shutdown case. 2008-10-20 Werner Koch * command.c (cmd_geteventcounter): Mark unused arg. (cmd_listtrusted, cmd_pksign, cmd_pkdecrypt, cmd_genkey): Ditto. (cmd_updatestartuptty, post_cmd_notify): Ditto. * command-ssh.c (add_control_entry) (ssh_handler_request_identities, ssh_handler_remove_identity) (ssh_handler_remove_all_identities, ssh_handler_lock) (ssh_handler_unlock): Ditto. * call-pinentry.c (pinentry_active_p, popup_message_thread) (agent_popup_message_stop): Ditto. * findkey.c (agent_public_key_from_file): Ditto. * genkey.c (check_passphrase_pattern): Ditto. * call-scd.c (atfork_cb): Ditto. * protect-tool.c (import_p12_cert_cb): Ditto. * t-protect.c (main): Ditto. 2008-10-17 Werner Koch * call-scd.c (start_scd) [W32]: Use snprintf again because we now always use the estream variant. 2008-10-15 Werner Koch * call-scd.c (start_scd): Enable assuan loggging if requested. (agent_scd_check_aliveness) [W32]: Fix use of GetExitCodeProcess. 2008-10-14 Werner Koch * gpg-agent.c (get_agent_scd_notify_event): Need to use a manual reset event. 2008-09-29 Werner Koch * agent.h (GCRY_MD_USER): Rename to GCRY_MODULE_ID_USER. (GCRY_MD_USER_TLS_MD5SHA1): Rename to MD_USER_TLS_MD5SHA1 and change all users. 2008-09-25 Werner Koch * divert-scd.c (getpin_cb): Support a Reset Code style PINs.. 2008-09-03 Werner Koch * command.c (parse_keygrip): Use hex2bin. (cmd_preset_passphrase): Decode the passphrase. Reported by Kiss Gabor. Fixes #679 again. * preset-passphrase.c (make_hexstring): Remove. (preset_passphrase): Use bin2hex. 2008-05-27 Werner Koch * trustlist.c (insert_colons): Fix stupidly wrong allocation size computation. 2008-05-26 Werner Koch * gpg-agent.c (main): Re-initialize default assuan log stream if a log file is used. * trustlist.c (agent_marktrusted): Use xtryasprintf and xfree. * gpg-agent.c (main, agent_deinit_default_ctrl): Always use xfree because our asprintf is mapped to an xmalloc style function in util.h. Replace xstrdup by xtrystrdup. * w32main.c (build_argv): Ditto. * preset-passphrase.c (preset_passphrase): Ditto. * divert-scd.c (ask_for_card): Ditto. * command.c (option_handler): Ditto. * command-ssh.c (ssh_handler_request_identities): Ditto. * call-pinentry.c (start_pinentry): Ditto. * gpg-agent.c (start_connection_thread) (start_connection_thread_ssh): Use pth_thread_id for useful output under W32. (pth_thread_id) [!PTH_HAVE_PTH_THREAD_ID]: New. 2008-03-17 Werner Koch * agent.h (agent_inq_pinentry_launched): New prototype. * call-pinentry.c: Include sys/types.h and signal.h. 2008-02-14 Werner Koch * command.c (agent_inq_pinentry_launched): New. (option_handler): Add option allow-pinentry-notify. * call-pinentry.c (getinfo_pid_cb): New. (start_pinentry): Ask for the PID and notify the client. 2008-01-15 Marcus Brinkmann * call-pinentry.c (start_pinentry): Start pinentry in detached mode. 2007-12-04 Werner Koch * call-pinentry.c (agent_askpin): Use gnupg_get_help_string. 2007-12-03 Werner Koch * gpg-agent.c (main): s/standard_socket/use_standard_socket/ for clarity. (create_server_socket): New arg IS_SSH to avoid testing with assuan commands. 2007-11-20 Werner Koch * gpg-agent.c (get_agent_scd_notify_event): New. (handle_signal): Factor SIGUSR2 code out to: (agent_sigusr2_action): .. New. (agent_sighup_action): Print info message here and not in handle_signal. (handle_connections) [PTH_EVENT_HANDLE]: Call agent_sigusr2_action. * call-scd.c (agent_scd_check_aliveness) [W32]: Implemented. (start_scd) [W32]: Send event-signal option. 2007-11-19 Werner Koch * call-pinentry.c (agent_askpin): Set the tooltip for the quality bar. 2007-11-15 Werner Koch * agent.h (struct server_control_s): Add XAUTHORITY and PINENTRY_USER_DATA. * gpg-agent.c: New option --xauthority. (main, agent_init_default_ctrl) (agent_deinit_default_ctrl): Implemented * command.c (cmd_updatestartuptty): Ditto. * command-ssh.c (start_command_handler_ssh): Ditto. * call-pinentry.c (atfork_cb): Set the environment. (start_pinentry): Pass CTRL as arg to atfork_cb. 2007-11-14 Werner Koch * call-scd.c (start_scd) [W32]: Take care of fflush peculiarities. 2007-11-07 Werner Koch * agent.h: Remove errors.h. 2007-10-24 Werner Koch * genkey.c (check_passphrase_constraints): Changed the wording of the warning messages. 2007-10-19 Werner Koch * protect-tool.c (get_passphrase): Use new utf8 switch fucntions. 2007-10-15 Daiki Ueno (wk) * command-ssh.c (reenter_compare_cb): New function; imported from genkey.c. (ssh_identity_register): Ask initial passphrase twice. 2007-10-02 Werner Koch * command.c (cmd_getinfo): Add "pid" subcommand. 2007-10-01 Werner Koch * agent.h (struct server_control_s): Remove unused CONNECTION_FD. * gpg-agent.c: Remove w32-afunix.h. Include mkdtemp.h. (socket_nonce, socket_nonce_ssh): New. (create_server_socket): Use assuan socket wrappers. Remove W32 specific stuff. Save the server nonce. (check_nonce): New. (start_connection_thread, start_connection_thread_ssh): Call it. (handle_connections): Change args to gnupg_fd_t. * command.c (start_command_handler): Change LISTEN_FD to gnupg_fd_t. * command-ssh.c (start_command_handler_ssh): Ditto. 2007-09-18 Werner Koch * agent.h (struct pin_entry_info_s): Add element WITH_QUALITYBAR. * genkey.c (check_passphrase_constraints): New arg SILENT. Changed all callers. (agent_protect_and_store, agent_genkey): Enable qualitybar. * call-pinentry.c (agent_askpin): Send that option. (unescape_passphrase_string): New. (inq_quality): New. (estimate_passphrase_quality): New. 2007-09-14 Marcus Brinkmann * call-pinentry.c (agent_popup_message_stop): Implement kill for Windows. 2007-08-28 Werner Koch * gpg-agent.c (main): Add option --faked-system-time. * protect-tool.c (read_and_unprotect): Print the protected-at date. * agent.h (struct server_control_s): Add member IN_PASSWD. * command.c (cmd_passwd): Set it. * findkey.c (try_unprotect_cb): Use it. * protect.c (do_encryption): Replace asprintf by xtryasprint. (agent_protect): Create the protected-at item. (agent_unprotect): Add optional arg PROTECTED_AT. (merge_lists): Add args CUTOFF and CUTLEN. (agent_unprotect): Use them. * findkey.c (try_unprotect_cb): Add code to test for expired keys. (unprotect): Allow changing the passphrase. 2007-08-27 Werner Koch * gpg-agent.c: Add options --min-passphrase-nonalpha, --check-passphrase-pattern and --enforce-passphrase-constraints. (MIN_PASSPHRASE_NONALPHA): Init nonalpha option to 1. (main): Declare options for gpgconf. * agent.h (struct): Add members MIN_PASSPHRASE_NONALPHA, ENFORCE_PASSPHRASE_CONSTRAINTS and CHECK_PASSPHRASE_PATTERN. * genkey.c (nonalpha_charcount): New. (check_passphrase_pattern): New. (check_passphrase_constraints): Implement. Factor some code out... (take_this_one_anyway, take_this_one_anyway2): .. New. * call-pinentry.c (agent_show_message): New. (agent_askpin): We better reset the pin buffer before asking. * trustlist.c (insert_colons): New. (agent_marktrusted): Pretty print the fpr. 2007-08-22 Werner Koch * findkey.c (O_BINARY): Make sure it is defined. (agent_write_private_key): Use O_BINARY * protect-tool.c (import_p12_file): Add hack to allow importing of gnupg 2.0.4 generated files. 2007-08-06 Werner Koch * trustlist.c (read_one_trustfile): Add flag "cm". (agent_istrusted): Ditto. 2007-08-02 Werner Koch * gpg-agent.c: Include gc-opt-flags.h and remove their definition here. 2007-07-13 Werner Koch * genkey.c (check_passphrase_constraints): Require a confirmation for an empty passphrase. (agent_genkey, agent_protect_and_store): No need to repeat an empty passphrase. 2007-07-05 Werner Koch * call-scd.c (struct inq_needpin_s): New. (inq_needpin): Pass unknown inquiries up. 2007-07-04 Werner Koch * gpg-agent.c (TIMERTICK_INTERVAL): New. (fixed_gcry_pth_init, main): Kludge to fix Pth initialization. 2007-07-03 Werner Koch * gpg-agent.c (handle_connections): Do not use FD_SETSIZE for select but compute the correct number. 2007-07-02 Werner Koch * command.c (cmd_reloadagent) [W32]: New. (register_commands) [W32]: New command RELOADAGENT. * Makefile.am (gpg_agent_SOURCES): Remove w32main.c and w32main.h. (gpg_agent_res_ldflags): Remove icon file as we don't have a proper icon yet. * gpg-agent.c (main): do not include w32main.h. Remove all calls to w32main.c. (agent_sighup_action): New. (handle_signal): Use it. 2007-06-26 Werner Koch * gpg-agent.c (create_directories) [W32]: Made it work. 2007-06-21 Werner Koch * agent.h (ctrl_t): Remove. It is now declared in ../common/util.h. * gpg-agent.c (check_for_running_agent): New arg SILENT. Changed all callers. (create_server_socket): If the standard socket is in use check whether a agent is running and avoid starting another one. 2007-06-18 Marcus Brinkmann * gpg-agent.c (main): Percent escape pathname in --gpgconf-list output. 2007-06-18 Werner Koch * w32main.c (build_argv): New. (WinMain): Use it. * command.c (cmd_killagent) [W32]: New. (cmd_getinfo): New. * gpg-agent.c (get_agent_ssh_socket_name): New. (no_force_standard_socket) New. (create_server_socket): Use it. * Makefile.am (gpg_agent_res_ldflags): Pass windows option to ld. 2007-06-14 Werner Koch * protect-tool.c (main): Setup default socket name for simple-pwquery. (MAP_SPWQ_ERROR_IMPL): New. Use map_spwq_error for spqw related error codes. * preset-passphrase.c (main): Setup default socket name for simple-pwquery. (map_spwq_error): Remove. (MAP_SPWQ_ERROR_IMPL): New. * call-pinentry.c (start_pinentry): Use gnupg_module_name. * call-scd.c (start_scd): Ditto. 2007-06-12 Werner Koch * taskbar.c: New. * trustlist.c (read_one_trustfile): Replace GNUPG_SYSCONFDIR by a function call. (read_trustfiles): Ditto. * gpg-agent.c (main): Replace some calls by init_common_subsystems. * preset-passphrase.c (main): Ditto. * protect-tool.c (main): Ditto. 2007-06-11 Werner Koch * Makefile.am (common_libs): Use libcommonstd macro. (commonpth_libs): Use libcommonpth macro. * protect-tool.c (main) [W32]: Call pth_init. * preset-passphrase.c (main) [W32]: Replace the explicit Winsocket init by a call to pth_init. * trustlist.c (initialize_module_trustlist): New. * gpg-agent.c (main): Call it. * call-pinentry.c (initialize_module_query): Rename to initialize_module_call_pinentry. * minip12.c: Remove iconv.h. Add utf8conf.h. Changed all iconv calss to use these jnlib wrappers. 2007-06-06 Werner Koch * minip12.c (enum): Rename CONTEXT to ASNCONTEXT as winnt.h defines such a symbol to access the process context. * call-pinentry.c (dump_mutex_state) [W32]: Handle the W32Pth case. * call-scd.c (dump_mutex_state): Ditto. * protect-tool.c (i18n_init): Remove. * preset-passphrase.c (i18n_init): Remove. * gpg-agent.c (i18n_init): Remove. 2007-05-19 Marcus Brinkmann * protect-tool.c (get_passphrase): Free ORIG_CODESET on error. 2007-05-14 Werner Koch * protect.c (make_shadow_info): Replace sprintf by smklen. 2007-04-20 Werner Koch * gpg-agent.c (my_gcry_logger, my_gcry_outofcore_handler): Removed. (main): Call the setup_libgcrypt_logging helper. * protect-tool.c (my_gcry_logger): Removed. (main): Call the setup_libgcrypt_logging helper. 2007-04-03 Werner Koch * trustlist.c (read_trustfiles): Take a missing trustlist as an empty one. 2007-03-20 Werner Koch * protect-tool.c: New option --p12-charset. * minip12.c (p12_build): Implement it. 2007-03-19 Werner Koch * minip12.c: Include iconv.h. (decrypt_block): New. (parse_bag_encrypted_data, parse_bag_data): Use it here. (bag_data_p, bag_decrypted_data_p): New helpers. 2007-03-06 Werner Koch * gpg-agent.c (main) : Add entries for all ttl options. 2007-02-20 Werner Koch * call-pinentry.c (start_pinentry): Fix for OS X to allow loading of the bundle. Tested by Benjamin Donnachie. 2007-02-14 Werner Koch * gpg-agent.c: New option --pinentry-touch-file. (get_agent_socket_name): New. * agent.h (opt): Add pinentry_touch_file. * call-pinentry.c (start_pinentry): Send new option to the pinentry. 2007-01-31 Moritz Schulte (wk) * command-ssh.c (stream_read_string): Initialize LENGTH to zero. (start_command_handler_ssh): Use es_fgetc/es_ungetc to check if EOF has been reached before trying to process another request. 2007-01-31 Werner Koch * command-ssh.c (start_command_handler_ssh): * Makefile.am (t_common_ldadd): Add LIBICONV. 2007-01-25 Werner Koch * genkey.c (check_passphrase_constraints): Get ngettext call right and use UTF-8 aware strlen. * protect-tool.c (get_passphrase): New arg OPT_CHECK. (get_new_passphrase): Enable OPT_CHECK on the first call. * command.c (cmd_get_passphrase): Implement option --check. 2007-01-24 Werner Koch * gpg-agent.c (MIN_PASSPHRASE_LEN): New (parse_rereadable_options): New option --min-passphrase-len. * genkey.c (check_passphrase_constraints): New. (agent_genkey, agent_protect_and_store): Call new function. Fix memory leak. * call-pinentry.c (agent_askpin): Allow translation of the displayed error message. (agent_popup_message_start): Remove arg CANCEL_BTN. (popup_message_thread): Use --one-button option. * command.c (cmd_passwd): Now that we don't distinguish between assuan and regular error codes we can jump to the end on error. 2006-12-07 David Shaw * Makefile.am: Link to iconv for jnlib dependency. 2006-11-20 Werner Koch * call-pinentry.c (agent_popup_message_stop): Use SIGKILL. * call-scd.c (inq_needpin): Implement POPUPKEYPADPROMPT and DISMISSKEYPADPROMPT. 2006-11-15 Werner Koch * protect.c (make_shadow_info): Cast printf arg to unsigned int. * minip12.c (parse_bag_encrypted_data): Ditto. (parse_bag_data, p12_parse): Ditto. * command-ssh.c (ssh_identity_register): Changed buffer_n to size_t. * agent.h (struct server_control_s): New field thread_startup. * command.c (start_command_handler): Moved CTRL init code to .. * gpg-agent.c (start_connection_thread): .. here. (agent_deinit_default_ctrl): New. (agent_init_default_ctrl): Made static. (handle_connections): Allocate CTRL and pass it pth_spawn. * command-ssh.c (start_command_handler_ssh): Moved CTRL init code to .. * gpg-agent.c (start_connection_thread_ssh): .. here. 2006-11-14 Werner Koch * command.c (bump_key_eventcounter): New. (bump_card_eventcounter): New. (cmd_geteventcounter): New command. * gpg-agent.c (handle_signal): Call bump_card_eventcounter. * findkey.c (agent_write_private_key): Call bump_key_eventcounter. * trustlist.c (agent_reload_trustlist): Ditto. * command.c (post_cmd_notify, io_monitor): New. (register_commands, start_command_handler): Register them. 2006-11-09 Werner Koch * gpg-agent.c (main): In detached mode connect standard descriptors to /dev/null. * trustlist.c (read_trustfiles): Make sure not to pass a zero size to realloc as the C standards says that this behaves like free. 2006-11-06 Werner Koch * protect-tool.c (my_strusage): Fixed typo. 2006-10-23 Werner Koch * gpg-agent.c (main): New command --gpgconf-test. * minip12.c (parse_bag_encrypted_data, parse_bag_data): Allow for a salt of 20 bytes. 2006-10-20 Werner Koch * Makefile.am (t_common_ldadd): Use GPG_ERROR_LIBS instead -o just -l 2006-10-19 Werner Koch * findkey.c (unprotect): Use it to avoid unnecessary calls to agent_askpin. * call-pinentry.c (pinentry_active_p): New. 2006-10-17 Werner Koch * Makefile.am (gpg_agent_LDADD): Link to libcommonpth. (gpg_agent_CFLAGS): New. This allows to only link this with Pth. 2006-10-16 Werner Koch * call-pinentry.c (agent_get_confirmation): Map Cancel code here too. * trustlist.c (agent_marktrusted): Return Cancel instead of Not_Confirmed for the first question. 2006-10-12 Werner Koch * protect-tool.c (get_passphrase): Fix if !HAVE_LANGINFO_CODESET. 2006-10-06 Werner Koch * Makefile.am (AM_CFLAGS): Use PTH version of libassuan. (gpg_agent_LDADD): Ditto. * divert-scd.c (divert_pksign): Use PKAUTH for the TLS algo. 2006-10-05 Werner Koch * command.c (has_option_name): New. (cmd_sethash): New --hash option. * pksign.c (do_encode_raw_pkcs1): New. (agent_pksign_do): Use it here for the TLS algo. * agent.h (GCRY_MD_USER_TLS_MD5SHA1): New. * divert-scd.c (pksign): Add case for tls-md5sha1. * divert-scd.c (encode_md_for_card): Check that the algo is valid. 2006-10-04 Werner Koch * call-pinentry.c (agent_get_passphrase): Changed to return the unencoded passphrase. (agent_askpin, agent_get_passphrase, agent_get_confirmation): Need to map the cancel error. * command.c (send_back_passphrase): New. (cmd_get_passphrase): Use it here. Also implement --data option. (skip_options): New. 2006-09-26 Werner Koch * learncard.c (agent_handle_learn): Send back the keypair information. 2006-09-25 Werner Koch * trustlist.c (read_one_trustfile): Allow extra flags. (struct trustitem_s): Replaced KEYFLAGS by a FLAGS struct. Changed all code to use this. (agent_istrusted): New arg CTRL. Changed all callers. Send back flags. * command.c (agent_write_status): New. 2006-09-20 Werner Koch * Makefile.am: Changes to allow parallel make runs. 2006-09-15 Werner Koch * trustlist.c: Entirely rewritten. (agent_trustlist_housekeeping): Removed and removed all calls. 2006-09-14 Werner Koch Replaced all call gpg_error_from_errno(errno) by gpg_error_from_syserror(). * call-pinentry.c (start_pinentry): Replaced pipe_connect2 by pipe_connect_ext. * call-scd.c (start_scd): Ditto. * command.c (start_command_handler): Replaced init_connected_socket_server by init_socket_server_ext. 2006-09-13 Werner Koch * preset-passphrase.c (main) [W32]: Check for WSAStartup error. 2006-09-08 Werner Koch * call-scd.c: Add signal.h as we are referencing SIGUSR2. 2006-09-06 Marcus Brinkmann * Makefile.am (AM_CFLAGS): Add $(GPG_ERR_CFLAGS). (gpg_agent_LDADD): Replace -lgpg-error with $(GPG_ERROR_LIBS). 2006-09-06 Werner Koch * query.c: Renamed to .. * call-pinentry.c: .. this. * agent.h (out_of_core): Removed. (CTRL): Removed and changed everywhere to ctrl_t. Replaced all Assuan error codes by libgpg-error codes. Removed all map_to_assuan_status and map_assuan_err. * gpg-agent.c (main): Call assuan_set_assuan_err_source to have Assuan switch to gpg-error codes. * command.c (set_error): Adjusted. 2006-09-04 Werner Koch * command.c (percent_plus_unescape): New. (cmd_get_val, cmd_putval): New. 2006-08-29 Werner Koch * command-ssh.c (stream_read_mpi): Sanity check for early detecting of too large keys. * gpg-agent.c (my_gcry_outofcore_handler): New. (main): Register it. (main): No allocate 32k secure memory (was 16k). 2006-07-31 Werner Koch * preset-passphrase.c (make_hexstring): For consistency use xtrymalloc and changed caller to use xfree. Fixed function comment. 2006-07-29 Marcus Brinkmann * preset-passphrase.c (preset_passphrase): Do not strip off last character of passphrase. (make_hexstring): New function. * command.c (cmd_preset_passphrase): Use parse_hexstring to syntax check passphrase argument. Truncate passphrase at delimiter. 2006-07-24 Werner Koch * minip12.c (build_key_bag): New args SHA1HASH and KEYIDSTR. Append bag Attributes if these args are given. (build_cert_sequence): ditto. (p12_build): Calculate certificate hash and pass to build functions. 2006-07-21 Werner Koch * minip12.c (oid_pkcs_12_keyBag): New. (parse_bag_encrypted_data): New arg R_RESULT. Support keybags and return the key object. (p12_parse): Take new arg into account. Free RESULT on error. 2006-06-26 Werner Koch * gpg-agent.c (handle_signal): Print info for SIGUSR2 only in verbose mode. 2006-06-22 Werner Koch * command-ssh.c (make_cstring): Use memcpy instead of strncpy. (ssh_receive_mpint_list, sexp_key_extract, data_sign): Use xtrycalloc instead of xtrymalloc followed by memset. 2006-06-20 Werner Koch * minip12.c (create_final): New arg PW. Add code to calculate the MAC. 2006-06-09 Marcus Brinkmann * Makefile.am (gpg_agent_LDADD): Add $(NETLIBS). (gpg_protect_tool_LDADD): Likewise. (gpg_preset_passphrase_LDADD): Likewise. 2006-04-09 Moritz Schulte * command-ssh.c (ssh_request_process): Removed FIXME mentioning a possible DoS attack. 2006-04-01 Moritz Schulte * command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20 instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL byte - KEY_GRIP_RAW is a raw binary string anyway. 2006-02-09 Werner Koch * call-scd.c (struct scd_local_s): New field next_local. (scd_local_list): New. (start_scd): Put new local into list. (agent_reset_scd): Remove it from the list. (agent_scd_check_aliveness): Here is the actual reason why we need all this stuff. (agent_reset_scd): Send the new command RESTART instead of RESET. 2005-12-16 Werner Koch * minip12.c (cram_octet_string): New (p12_parse): Use it for NDEFed bags. (parse_bag_data): Ditto. (string_to_key, set_key_iv, crypt_block): New arg SALTLEN. (p12_build): Use old value 8 for new arg. (parse_bag_encrypted_data, parse_bag_data): Allow for salts of 8 to 16 bytes. Add new arg R_CONSUMED. 2005-11-24 Werner Koch * minip12.c (p12_parse): Fixed for case that the key object comes prior to the certificate. 2005-10-19 Werner Koch * divert-scd.c (getpin_cb): Hack to use it for a keypad message. * call-scd.c (inq_needpin): Reworked to support the new KEYPADINFO. * query.c (start_pinentry): Keep track of the owner. (popup_message_thread, agent_popup_message_start) (agent_popup_message_stop, agent_reset_query): New. * command.c (start_command_handler): Make sure a popup window gets closed. 2005-10-08 Marcus Brinkmann * Makefile.am (gpg_protect_tool_LDADD): Add ../gl/libgnu.a. (gpg_preset_passphrase_LDADD, t_common_ldadd): Likewise. (gpg_agent_LDADD): Add ../gl/libgnu.a after ../common/libcommon.a. 2005-09-16 Werner Koch * minip12.c (build_key_sequence, build_cert_sequence): Fixed padding. 2005-09-15 Moritz Schulte * t-protect.c (test_agent_protect): Implemented. (main): Disable use of secure memory. 2005-09-09 Werner Koch * minip12.c (p12_build): Oops, array needs to be larger for the certificate. (build_cert_bag): Fixed yesterdays change. * command-ssh.c (card_key_available): Let the card handler decide whether the card is supported here. Also get a short serial number to return from the card handler. 2005-09-08 Werner Koch * minip12.c (build_cert_bag): Use a non constructed object. i.e. 0x80 and not 0xa0. 2005-08-16 Werner Koch * gpg-agent.c (main): Use a default file name for --write-env-file. 2005-07-25 Werner Koch * findkey.c (agent_public_key_from_file): Fixed array assignment. This was the cause for random segvs. 2005-06-29 Werner Koch * command-ssh.c (data_sign): Removed empty statement. 2005-06-21 Werner Koch * minip12.c (create_final): Cast size_t to ulong for printf. (build_key_bag, build_cert_bag, build_cert_sequence): Ditto. 2005-06-16 Werner Koch * protect-tool.c (make_advanced): Makde RESULT a plain char. * call-scd.c (unescape_status_string): Need to cast unsigned char* for strcpy. (agent_card_pksign): Made arg R_BUF an unsigned char**. * divert-scd.c (divert_pksign): Made SIGVAL unsigned char*. (encode_md_for_card): Initialize R_VAL and R_LEN. * genkey.c (store_key): Made BUF unsigned. * protect.c (do_encryption): Ditto. (do_encryption): Made arg PROTBEGIN unsigned. Initialize RESULT and RESULTLEN even on error. (merge_lists): Need to cast unsigned char * for strcpy. Initialize RESULTand RESULTLEN even on error. (agent_unprotect): Likewise for strtoul. (make_shadow_info): Made P and INFO plain char. (agent_shadow_key): Made P plain char. 2005-06-15 Werner Koch * query.c (agent_get_passphrase): Made HEXSTRING a char*. * command-ssh.c (ssh_key_grip): Made arg BUFFER unsigned. (ssh_key_grip): Simplified. (data_sign): Initialize variables with the definition. (ssh_convert_key_to_blob): Make sure that BLOB and BLOB_SIZE are set to NULL on error. Cool, gcc-4 detects uninitialized stuff beyond function boundaries; well it can't know that we do error proper error handling so that this was not a real error. (file_to_buffer): Likewise for BUFFER and BUFFER_N. (data_sign): Likewise for SIG and SIG_N. (stream_read_byte): Set B to a value even on error. * command.c (cmd_genkey): Changed VALUE to char. (cmd_readkey): Cast arg for gcry_sexp_sprint. * agent.h (struct server_control_s): Made KEYGRIP unsigned. 2005-06-13 Werner Koch * command-ssh.c (start_command_handler_ssh): Reset the SCD. 2005-06-09 Werner Koch * gpg-agent.c (create_socket_name): New option --max-cache-ttl-ssh. * cache.c (housekeeping): Use it. (agent_put_cache): Use a switch to get the default ttl so that it is easier to add more cases. 2005-06-06 Werner Koch * gpg-agent.c: New option --default-cache-ttl-ssh. * agent.h (cache_mode_t): New. * pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the ARG IGNORE_CACHE. Changed all callers. (agent_pksign): Ditto. * findkey.c (agent_key_from_file): Ditto. Canged all callers. (unprotect): Ditto. * command-ssh.c (data_sign): Use CACHE_MODE_SSH. * cache.c (agent_get_cache): New arg CACHE_MODE. (agent_put_cache): Ditto. Store it in the cache. * query.c (agent_query_dump_state, dump_mutex_state): New. (unlock_pinentry): Reset the global context before releasing the mutex. * gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1. * call-scd.c (agent_scd_check_aliveness): Always do a waitpid and add a timeout to the locking. 2005-06-03 Werner Koch * command.c (cmd_updatestartuptty): New. * gpg-agent.c: New option --write-env-file. * gpg-agent.c (handle_connections): Make sure that the signals we are handling are not blocked.Block signals while creating new threads. 2005-06-02 Werner Koch * call-scd.c (agent_scd_dump_state, dump_mutex_state): New. * gpg-agent.c (handle_signal): Print it on SIGUSR1. (handle_connections): Include the file descriptor into the threadnames. 2005-06-01 Werner Koch * gpg-agent.c: Include setenv.h. 2005-05-31 Werner Koch * agent.h (out_of_core): s/__inline__/inine. Noted by Ray Link. 2005-05-25 Werner Koch * gpg-agent.c (main): Do not unset the DISPLAY when we are continuing as child. 2005-05-24 Werner Koch * call-scd.c (inq_needpin): Skip leading spaces in of PIN description. * divert-scd.c (getpin_cb): Enhanced to cope with description flags. * query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all callers. 2005-05-21 Werner Koch * call-scd.c (start_scd): Don't test for an alive scdaemon here. (agent_scd_check_aliveness): New. * gpg-agent.c (handle_tick): Test for an alive scdaemon. (handle_signal): Print thread info on SIGUSR1. 2005-05-20 Werner Koch * protect-tool.c: New option --canonical. (show_file): Implement it. * keyformat.txt: Define the created-at attribute for keys. 2005-05-18 Werner Koch * divert-scd.c (ask_for_card): Removed the card reset kludge. 2005-05-17 Werner Koch * call-scd.c (unlock_scd): Add new arg CTRL. Changed all callers. (start_scd): Reoworked to allow for additional connections. * agent.h (ctrl_t): Add local data for the SCdaemon. * command.c (start_command_handler): Release SERVER_LOCAL. * gpg-agent.c (create_server_socket): Use xmalloc. (main): Removed option --disable-pth a dummy. Removed non-pth code path. (cleanup_sh): Removed. Not needed anymore. 2005-05-05 Moritz Schulte * command-ssh.c (ssh_key_to_buffer): Rename to ... (ssh_key_to_protected_buffer): ... this; change callers. Improved documentation. Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used before. (ssh_handler_sign_request): Removed unusued variable P. 2005-04-20 Moritz Schulte * command-ssh.c (ssh_handler_request_identities): Removed debugging code (sleep call), which was commited unintenionally. 2005-04-20 Werner Koch * minip12.c (parse_bag_encrypted_data): Fix the unpadding hack. * gpg-agent.c: New option --disable-scdaemon. (handle_connections): Add time event to drive ... (handle_tick): New function. (main): Record the parent PID. Fixed segv when using ssh and a command. * call-scd.c (start_scd): Take care of this option. 2005-04-03 Moritz Schulte * command-ssh.c (ssh_request_spec): New member: secret_input. (REQUEST_SPEC_DEFINE): New argument: secret_input. (request_specs): Add secret_input flag. (request_spec_lookup): New function ... (ssh_request_process): ... use it here; depending on secret_input flag allocate secure or non-secure memory. 2005-03-02 Moritz Schulte * command-ssh.c (sexp_key_extract): Removed FIXME, since xtrymallos does set errno correctly by now. (sexp_extract_identifier): Remove const attribute from identifier. (ssh_handler_request_identities): Remove const attribute from key_type; removes ugly casts and FIXME. (sexp_key_extract): Remove const attribute from comment. (ssh_send_key_public): Remove const attribute from key_type/comment; removes ugly cast. (data_sign): Remove const attribute from identifier; removes ugly cast. (key_secret_to_public): Remove const attribute from comment; removes ugly cast. (ssh_handler_sign_request): Remove const attribute from p. (sexp_key_extract): Use make_cstring(). (ssh_key_extract_comment): Likewise. (ssh_key_to_buffer): Use secure memory for memory area to hold the key S-Expression. Added more comments. 2005-02-25 Werner Koch * findkey.c (modify_description): Keep invalid % escapes, so that %0A may pass through. * agent.h (server_control_s): New field USE_AUTH_CALL. * call-scd.c (agent_card_pksign): Make use of it. * command-ssh.c (data_sign): Set the flag. (ssh_send_key_public): New arg OVERRIDE_COMMENT. (card_key_available): Add new arg CARDSN. (ssh_handler_request_identities): Use the card s/n as comment. (sexp_key_extract): Use GCRYMPI_FMT_STD. (data_sign): Ditto. * learncard.c (make_shadow_info): Moved to .. * protect.c (make_shadow_info): .. here. Return NULL on malloc failure. Made global. * agent.h: Add prototype. 2005-02-24 Werner Koch * call-scd.c (unescape_status_string): New. Actual a copy of ../g10/call-agent.c (card_getattr_cb, agent_card_getattr): New. * command-ssh.c (card_key_available): New. (ssh_handler_request_identities): First see whether a card key is available. * gpg-agent.c (handle_connections): Need to check for events if select returns with -1. 2005-02-23 Werner Koch * command-ssh.c (get_passphrase): Removed. (ssh_identity_register): Partly rewritten. (open_control_file, search_control_file, add_control_entry): New. (ssh_handler_request_identities): Return only files listed in our control file. * findkey.c (unprotect): Check for allocation error. * agent.h (opt): Add fields to record the startup terminal settings. * gpg-agent.c (main): Record them and do not force keep display with --enable-ssh-support. * command-ssh.c (start_command_handler_ssh): Use them here. * gpg-agent.c: Renamed option --ssh-support to --enable-ssh-support. * command.c (cmd_readkey): New. (register_commands): Register new command "READKEY". * command-ssh.c (ssh_request_process): Improved logging. * findkey.c (agent_write_private_key): Always use plain open. Don't depend on an umask for permissions. (agent_key_from_file): Factored file reading code out to .. (read_key_file): .. new function. (agent_public_key_from_file): New. 2005-02-22 Werner Koch * command-ssh.c (stream_read_string): Removed call to abort on memory error because the CVS version of libgcrypt makes sure that ERRNO gets always set on error even with a faulty user supplied function. 2005-02-19 Moritz Schulte * command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do not use elems_secret member of key_spec. (ssh_key_type_spec): Removed member: elems_secret. (ssh_key_types): Removed elems_secret data. (ssh_sexp_construct): Renamed to ... (sexp_key_construct): ... this; changed callers. (ssh_sexp_extract): Renamed to ... (sexp_key_extract): ... this; changed callers. (ssh_sexp_extract_key_type): Renamed to ... (sexp_extract_identifier): ... this; changed callers; use make_cstring(). Added more comments. 2005-02-18 Moritz Schulte * command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp template, clarified. (ssh_sexp_extract): Support shadowed-private-key-sexp; treat protected-private key and shadowed-private-key as public keys. (key_secret_to_public): Rewritten: simply use ssh_sexp_extract() and ssh_sexp_construct(). 2005-02-15 Werner Koch * findkey.c (modify_description): Don't increment OUT_LEN during the second pass. 2005-02-14 Moritz Schulte * command-ssh.c (es_read_byte): Renamed to ... (stream_es_read_byte): ... this; changed callers. (es_write_byte): Renamed to ... (stream_write_byte): ... this; changed callers. (es_read_uint32): Renamed to ... (stream_read_uint32): ... this; changed callers. (es_write_uint32): Renamed to ... (stream_write_uint32): ... this; changed callers. (es_read_data): Renamed to ... (stream_read_data): ... this; changed callers. (es_write_data): Renamed to ... (stream_write_data): ... this; changed callers. (es_read_string): Renamed to ... (stream_read_string): ... this; changed callers. (es_read_cstring): Renamed to ... (stream_read_cstring): ... this; changed callers. (es_write_string): Renamed to ... (stream_write_string): ... this; changed callers. (es_write_cstring): Renamed to ... (stream_write_cstring): ... this; changed callers. (es_read_mpi): Renamed to ... (stream_read_mpi): ... this; changed callers. (es_write_mpi): Renamed to ... (stream_write_mpi): ... this; changed callers. (es_copy): Renamed to ... (stream_copy): ... this; changed callers. (es_read_file): Renamed to ... (file_to_buffer): ... this; changed callers. (ssh_identity_register): Removed variable description_length; changed code to use asprintf for description. (stream_write_uint32): Do not filter out the last byte of shift expression. (uint32_construct): New macro ... (stream_read_uint32): ... use it; removed unnecessary cast. 2005-02-03 Werner Koch * agent.h (agent_exit): Add JNLIB_GCC_A_NR to indicate that this function won't return. * gpg-agent.c (check_for_running_agent): Initialize pid to a default value if not needed. * command-ssh.c: Removed stdint.h. s/byte_t/unsigned char/, s/uint32/u32/ becuase that is what we have always used in GnuPG. (ssh_request_specs): Moved to top of file. (ssh_key_types): Ditto. (make_cstring): Ditto. (data_sign): Don't use a variable for the passphrase prompt, make it translatable. (ssh_request_process): * findkey.c (modify_description): Renamed arguments for clarity, polished documentation. Make comment a C-string. Fixed case of DESCRIPTION being just "%". (agent_key_from_file): Make sure comment string to a C-string. * gpg-agent.c (create_socket_name): Cleanup the implemntation, use DIMof, agent_exit, removed superflous args and return the allocated string as value. Documented. Changed callers. (create_server_socket): Cleanups similar to above. Changed callers. (cleanup_do): Renamed to .. (remove_socket): .. this. Changed caller. (handle_connections): The signals are to be handled in the select and not in the accept. Test all FDs after returning from a select. Remove the event tests from the accept calls. The select already assured that the accept won't block. 2005-01-29 Moritz Schulte * command-ssh.c (ssh_handler_request_identities) (ssh_handler_sign_request, ssh_handler_add_identity) (ssh_handler_remove_identity, ssh_handler_remove_all_identities) (ssh_handler_lock, ssh_handler_unlock): Changed to return an error code instead of a boolean. (ssh_request_process): Changed to return a boolean instead of an error; adjust caller. (ssh_request_handle_t): Adjusted type. (ssh_request_spec): New member: identifier. (REQUEST_SPEC_DEFINE): New macro; use it for initialization of request_specs[]. (ssh_request_process): In debugging mode, log identifier of handler to execute. (start_command_handler_ssh): Moved most of the stream handling code ... (ssh_request_process): ... here. 2005-01-28 Moritz Schulte * command-ssh.c (ssh_handler_add_identity): Pass ctrl to ssh_identity_register(). (ssh_identity_register): New argument: ctrl; pass ctrl to get_passphrase(). (get_passphrase): Pass ctrl instead of NULL to agent_askpin(). (start_command_handler_ssh): Use agent_init_default_ctrl(); deallocate structure members, which might be dynamically allocated. (lifetime_default): Removed variable. (ssh_handler_add_identity): Fix ttl handling; renamed variable `death' to `ttl'. (ssh_identity_register): Fix key grip handling. 2005-01-26 Moritz Schulte * command-ssh.c (ssh_handler_sign_request): Confirm to agent protocol in case of failure. * command-ssh.c: New file. * Makefile.am (gpg_agent_SOURCES): New source file: command-ssh.c. * findkey.c (modify_description): New function. (agent_key_from_file): Support comment field in key s-expressions. * gpg-agent.c (enum cmd_and_opt_values): New item: oSSHSupport. (opts) New entry for oSSHSupport. New variable: socket_name_ssh. (cleanup_do): New function based on cleanup(). (cleanup): Use cleanup_do() for socket_name and socket_name_ssh. (main): New switch case for oSSHSupport. (main): Move socket name creation code to ... (create_socket_name): ... this new function. (main): Use create_socket_name() for creating socket names for socket_name and for socket_name_ssh in case ssh support is enabled. Move socket creation code to ... (create_server_socket): ... this new function. (main): Use create_server_socket() for creating sockets. In case standard_socket is set, do not only store a socket name in socket_name, but also in socket_name_ssh. Generate additional environment info strings for ssh support. Pass additional ssh socket argument to handle_connections. (start_connection_thread_ssh): New function. (handle_connections): Use select to multiplex between gpg-agent and ssh-agent protocol. * agent.h (struct opt): New member: ssh_support. (start_command_handler_ssh): Add prototype. 2005-01-04 Werner Koch * trustlist.c (agent_marktrusted): Use "Cancel" for the first confirmation and made the strings translatable. * cache.c (agent_put_cache): Fix the test for using the default TTL. 2004-12-21 Werner Koch * preset-passphrase.c (preset_passphrase): Handle --passphrase. * Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that pwquery may use stuff from jnlib. Conditionally add -lwsock2 (gpg_protect_tool_LDADD): Ditto. * preset-passphrase.c (main): Use default_homedir(). (main) [W32]: Initialize sockets. 2004-12-21 Marcus Brinkmann * Makefile.am (libexec_PROGRAMS): Add gpg-preset-passphrase. (gpg_preset_passphrase_SOURCES, gpg_preset_passphrase_LDADD): New targets. * agent.h (opt): New member allow_cache_passphrase. * cache.c (housekeeping): Check if R->ttl is not negative. (agent_put_cache): Allow ttl to be negative. * command.c (parse_hexstring): Allow something to follow the hexstring. (cmd_cache_passphrase): New function. (register_commands): Add it. * gpg-agent.c: Handle --allow-preset-passphrase. * preset-passphrase.c: New file. 2004-12-21 Werner Koch * gpg-agent.c (main): Use default_homedir(). * protect-tool.c (main): Ditto. 2004-12-20 Werner Koch * gpg-agent.c (main) [W32]: Now that Mutexes work we can remove the pth_init kludge. (main): Add new options --[no-]use-standard-socket. (check_for_running_agent): Check whether it is running on the standard socket. * call-scd.c (init_membuf, put_membuf, get_membuf): Removed. We now use the identical implementation from ../common/membuf.c. * pksign.c (agent_pksign): Changed arg OUTFP to OUTBUF and use membuf functions to return the value. * pkdecrypt.c (agent_pkdecrypt): Ditto. * genkey.c (agent_genkey): Ditto. * command.c (cmd_pksign, cmd_pkdecrypt, cmd_genkey): Replaced assuan_get_data_fp() by a the membuf scheme. (clear_outbuf, write_and_clear_outbuf): New. 2004-12-19 Werner Koch * query.c (initialize_module_query): New. * call-scd.c (initialize_module_call_scd): New. * gpg-agent.c (main): Call them. 2004-12-18 Werner Koch * gpg-agent.c (main): Remove special Pth initialize. * agent.h (map_assuan_err): Define in terms of map_assuan_err_with_source. 2004-12-17 Moritz Schulte * query.c: Undo change from 2004-12-05. 2004-12-15 Werner Koch * gpg-agent.c [W32]: Various hacks to make it work. * findkey.c (agent_write_private_key) [W32]: Adjust open call. * call-scd.c (start_scd) [W32]: Don't check whether the daemon didn't died. To hard to do under Windows. (start_scd) [W32]: Disable sending of the event signal option. * protect-tool.c (read_file, export_p12_file) [W32]: Use setmode to get stdout and stin into binary mode. 2004-12-05 Moritz Schulte * query.c (start_pinentry): Allow CTRL be NULL. 2004-10-22 Werner Koch * gpg-agent.c (parse_rereadable_options): Return "not handled" when the log file has not beend hadled. This is will let the main option processing continue. Fixed a bug introduced on 2004-09-4 resulting in logging to stderr until a HUP has been given. (main): Don't close the listen FD. 2004-09-30 Werner Koch * Makefile.am: Adjusted from gettext 1.14. 2004-09-29 Werner Koch * minip12.c (parse_bag_encrypted_data): Print error if a bad passphrase has been given. 2004-09-28 Werner Koch * protect.c (agent_unprotect): Fixed wiping of CLEARTEXT. Thanks to Moritz for pointing this out. 2004-09-25 Moritz Schulte * agent.h: Declare: agent_pksign_do. (struct server_control_s): New member: raw_value. * pksign.c (do_encode_md): New argument: raw_value; support generation of raw (non-pkcs1) data objects; adjust callers. (agent_pksign_do): New function, based on code ripped out from agent_pksign. (agent_pksign): Use agent_pksign_do. * command.c (start_command_handler): Set ctrl.digest.raw_value. 2004-09-09 Werner Koch * gpg-agent.c (check_for_running_agent): New. (main): The default action is now to check for an already running agent. (parse_rereadable_options): Set logfile only on reread. (main): Do not print the "is development version" note. 2004-08-20 Werner Koch * gpg-agent.c: New option --max-cache-ttl. Suggested by Alexander Belopolsky. * cache.c (housekeeping): Use it here instead of the hardwired default of 1 hour. * query.c (start_pinentry): Use a timeout for the pinentry lock. 2004-08-18 Werner Koch * protect-tool.c (get_passphrase): Make sure that the default prompts passed to gpg-agent are utf-8 encoded. Add new prompt values. (import_p12_file, import_p12_file, export_p12_file): Changed calls to get_passphrase so that better prompts are displayed. (get_new_passphrase): New. 2004-07-22 Werner Koch * trustlist.c (read_list): Allow colons in the fingerprint. (headerblurb): Rephrased. * gpg-agent.c (handle_connections): Increase the stack size ot 256k. 2004-06-20 Moritz Schulte * gpg-agent.c: Include (build fix for BSD). 2004-05-11 Werner Koch * gpg-agent.c (handle_signal): Reload the trustlist on SIGHUP. (start_connection_thread): Hack to simulate a ticker. * trustlist.c (agent_trustlist_housekeeping) (agent_reload_trustlist): New. Protected all global functions here with a simple counter which is sufficient for Pth. 2004-05-03 Werner Koch * gpg-agent.c: Remove help texts for options lile --lc-ctype. (main): New option --allow-mark-trusted. * trustlist.c (agent_marktrusted): Use it here. 2004-04-30 Werner Koch * protect-tool.c: New option --enable-status-msg. (store_private_key): Print status messages for imported keys. (read_and_unprotect): Ditto for bad passphrase. * gpg-agent.c (parse_rereadable_options): New arg REREAD. Allow changing oLogFile. (current_logfile): New. 2004-04-26 Werner Koch * call-scd.c (start_scd): Do not register an event signal if we are running as a pipe server. 2004-04-21 Werner Koch * call-scd.c (start_scd): Send event-signal option. Always check that the scdaemon is still running. * gpg-agent.c (handle_signal): Do not use SIGUSR{1,2} anymore for changing the verbosity. 2004-04-16 Werner Koch * gpg-agent.c (main): Tell the logging code that we are running detached. 2004-04-06 Werner Koch * gpg-agent.c (main): Use new libgcrypt thread library register scheme. 2004-03-23 Marcus Brinkmann * gpg-agent.c (main): For now, always print the default config file name for --gpgconf-list. 2004-03-17 Werner Koch * gpg-agent.c (main) : Fixed default value quoting. 2004-03-16 Werner Koch * gpg-agent.c (parse_rereadable_options): Use the new DEFAULT_CACHE_TTL macro. (main): Updated --gpgconf-list output. 2004-02-21 Werner Koch * command.c (cmd_passwd): Take acount of a key description. * genkey.c (reenter_compare_cb): Do not set the error text. (agent_protect_and_store, agent_genkey): Force a re-enter after a non-matching passphrase. * query.c (agent_askpin): Add new arg INITIAL_ERRTEXT; changed all callers. 2004-02-19 Werner Koch * protect-tool.c: New options --have-cert and --prompt. (export_p12_file): Read a certificate from STDIN and pass it to p12_build. Detect a keygrip and construct the filename in that case. Unprotcet a key if needed. Print error messages for key formats we can't handle. (release_passphrase): New. (get_passphrase): New arg PROMPTNO. Return the allocated string. Changed all callers. * minip12.c: Revamped the build part. (p12_build): New args CERT and CERTLEN. 2004-02-18 Werner Koch * protect-tool.c (main): Setup the used character set. * gpg-agent.c (main): Ditto. * gpg-agent.c (set_debug): New. New option --debug-level. (main): New option --gpgconf-list. 2004-02-17 Werner Koch * pksign.c (do_encode_md): Cleaned up by using gcry_sexp_build. * Makefile.am (gpg_protect_tool_SOURCES): Removed simple-pwquery.[ch], as we once moved it to ../common. 2004-02-13 Werner Koch * command.c (cmd_setkeydesc): New. (register_commands): Add command SETKEYDESC. (cmd_pksign, cmd_pkdecrypt): Use the key description. (reset_notify): Reset the description. * findkey.c (unprotect): Add arg DESC_TEXT. (agent_key_from_file): Ditto. * pksign.c (agent_pksign): Ditto. * pkdecrypt.c (agent_pkdecrypt): Ditto. Made CIPHERTEXT an unsigned char*. * protect-tool.c (main): New options --no-fail-on-exist, --homedir. (store_private_key): Use them here. 2004-02-12 Werner Koch * protect-tool.c (read_file, main): Allow reading from stdin. * Makefile.am: Include cmacros.am for common flags. (libexec_PROGRAMS): Put gpg-protect-tool there. 2004-02-10 Werner Koch * minip12.c (parse_bag_encrypted_data): Finished implementation. (p12_parse): Add callback args. * protect-tool.c (import_p12_cert_cb): New. (import_p12_file): Use it. 2004-02-06 Werner Koch * minip12.c (crypt_block): Add arg CIPHER_ALGO; changed all callers. (set_key_iv): Add arg KEYBYTES; changed caller. 2004-02-03 Werner Koch * findkey.c (agent_key_from_file): Extra paranoid wipe. * protect.c (agent_unprotect): Ditto. (merge_lists): Ditto. Add arg RESULTLEN. * pkdecrypt.c (agent_pkdecrypt): Don't show the secret key even in debug mode. * protect.c: Add DSA and Elgamal description. 2004-01-29 Werner Koch * agent.h (server_control_s): Add connection_fd field. * command.c (start_command_handler): Init it here. * gpg-agent.c (agent_init_default_ctrl): and here. * call-scd.c: Add the CTRL arg to all functions calling start_scd and pass it to start_scd. Changed all callers (start_scd): Keep track of the current active connection. (agent_reset_scd): New. * command.c (start_command_handler): Call it here. * learncard.c (agent_handle_learn): Add arg CTRL; changed caller. (send_cert_back): Ditto. 2004-01-28 Werner Koch * trustlist.c (agent_marktrusted): Check whether the trustlist is writable. 2004-01-27 Werner Koch * sexp-parse.h: Moved to ../common. 2004-01-24 Werner Koch * call-scd.c (atfork_cb): New. (start_scd): Make sure secmem gets cleared. * query.c (atfork_cb): New. (start_pinentry): Make sure secmem gets cleared. 2004-01-16 Werner Koch * findkey.c (agent_key_from_file): Now return an error code so that we have more detailed error messages in the upper layers. This fixes the handling of pinentry's cancel button. * pksign.c (agent_pksign): Changed accordingly. * pkdecrypt.c (agent_pkdecrypt): Ditto. * command.c (cmd_passwd): Ditto. 2003-12-16 Werner Koch * gpg-agent.c (main): Set the prefixes for assuan logging. 2003-12-15 Werner Koch * protect.c (do_encryption): Use gcry_create_nonce instad of the obsolete WEAK_RANDOM. 2003-11-20 Werner Koch * sexp-parse.h (snext): Don't use atoi_1 and digitp macros, so that this file is useful by other applications too. 2003-10-27 Werner Koch * command.c (cmd_get_confirmation): New command. 2003-08-20 Timo Schulz * pksign.c (do_encode_md): Allocate enough space. Cast md byte to unsigned char to prevent sign extension. 2003-08-14 Timo Schulz * pksign.c (do_encode_md): Due to the fact pkcs#1 padding is now in Libgcrypt, use the new interface. 2003-07-31 Werner Koch * Makefile.am (gpg_agent_LDADD): Added INTLLIBS. (gpg_protect_tool_SOURCES): Added simple-pwquery.[ch] 2003-07-27 Werner Koch Adjusted for gcry_mpi_print and gcry_mpi_scan API change. 2003-07-15 Werner Koch * simple-pwquery.c, simple-pwquery.h: Moved to ../common. * Makefile.am (gpg_protect_tool_LDADD): Add simple-pwquery.o. Removed it from xx_SOURCES. 2003-07-04 Werner Koch * gpg-agent.c (handle_connections): Kludge to allow use of Pth 1 and 2. 2003-06-30 Werner Koch * call-scd.c (learn_status_cb): Store the serialno in PARM. 2003-06-26 Werner Koch * call-scd.c (agent_card_serialno): Don't do a RESET anymore. 2003-06-25 Werner Koch * command.c (cmd_scd): New. * call-scd.c (agent_card_scd): New. * divert-scd.c (divert_generic_cmd): New * call-scd.c (agent_card_learn): New callback args SINFO. (learn_status_cb): Pass all other status lines to the sinfo callback. * learncard.c (release_sinfo, sinfo_cb): New. (agent_handle_learn): Pass the new cb to the learn function and pass the collected information back to the client's assuan connection. * gpg-agent.c (main): Moved pth_init before gcry_check_version. 2003-06-24 Werner Koch * gpg-agent.c (handle_connections): Adjusted for Pth 2.0 Adjusted for changes in the libgcrypt API. Some more fixes for the libgpg-error stuff. 2003-06-04 Werner Koch Renamed error codes from INVALID to INV and removed _ERROR suffixes. 2003-06-03 Werner Koch Changed all error codes in all files to the new libgpg-error scheme. * agent.h: Include gpg-error.h and errno.h * Makefile.am: Link with libgpg-error * query.c: assuan.h is now a system header. * genkey.c (agent_genkey): Fixed silly use of xmalloc by xtrymalloc. 2003-04-29 Werner Koch * command.c (register_commands): Adjusted for new Assuan semantics. * Makefile.am: Don't override LDFLAGS. 2002-12-04 Werner Koch * gpg-agent.c: New variable config_filename. (parse_rereadable_options): New. (main): Use it here. Add setting of default values, set config_filename. (reread_configuration): Filled with actual code. 2002-12-03 Werner Koch * protect-tool.c (read_key): Don't run make_canonical on a NULL buffer. * command.c (parse_hexstring): New. (cmd_sethash): Use it. (parse_keygrip): New. (cmd_havekey, cmd_sigkey): Use it. (cmd_passwd): New. * genkey.c (agent_protect_and_store): New. (store_key): Add arg FORCE. (agent_genkey): Pass false to this force of store_key. 2002-11-13 Werner Koch * gpg-agent.c (main): Switch all messages to utf-8. * simple-pwquery.c (agent_send_all_options): Use $GPG_TTY and stdin with ttyname. * cache.c (new_data): Uiih - /sizeof d/sizeof *d/. 2002-11-10 Werner Koch * command.c (option_handler): Fix keep_tty check. 2002-11-06 Werner Koch * gpg-agent.c (main): Make sure we have a default ttyname. * command.c (option_handler): Check opt.keep_tty here * query.c (start_pinentry): but not anymore here. 2002-11-05 Werner Koch * agent.h (opt,server_control_s): Move display and lc_ variables to the control struct so that they are per connection. * gpg-agent.c (agent_init_default_ctrl): New. (main): Assign those command line options to new default_* variables. Reset DISPLAY in server mode so that tehre is no implicit default. * command.c (start_command_handler): Initialize and deinitialize the control values. (option_handler): Work on the ctrl values and not on the opt. * query.c (start_pinentry): New argument CTRL to set the display connection specific. Changed all callers to pass this value. (agent_askpin,agent_get_passphrase,agent_get_confirmation): Add CTRL arg and pass it ot start_pinentry. * command.c (cmd_get_passphrase): Pass CTRL argument. * trustlist.c (agent_marktrusted): Add CTRL argument * command.c (cmd_marktrusted): Pass CTRL argument * divert-scd.c (ask_for_card): Add CTRL arg. (divert_pksign,divert_pkdecrypt): Ditto. Changed caller. (getpin_cb): Use OPAQUE to pass the CTRL variable. Changed both users. * findkey.c (unprotect): Add CTRL arg. (agent_key_from_file): Ditto. * query.c (unlock_pinentry): Disconnect the pinentry so that we start a new one for each request. This is required to support clients with different environments (e.g. X magic cookies). 2002-09-05 Neal H. Walfield * gpg-agent.c (main) [USE_GNU_PTH]: No need to call assuan_set_io_func as assuan is smart. 2002-09-25 Werner Koch * gpg-agent.c (handle_signal): Flush cache on SIGHUP. * cache.c (agent_flush_cache): New. * gpg-agent.c, agent.h: Add --keep-display and --keep-tty. * query.c (start_pinentry): Implement them. The option passing needs more thoughts. 2002-09-09 Werner Koch * gpg-agent.c (create_private_keys_directory) (create_directories): New. (main): Try to create a home directory. 2002-09-04 Neal H. Walfield * gpg-agent.c (main): Use sigaction, not signal. 2002-09-03 Neal H. Walfield * findkey.c: Include . (agent_write_private_key): Prefer POSIX compatibity, open and fdopen, over the simplicity of GNU extensions, fopen(file, "x"). 2002-08-22 Werner Koch * query.c (agent_askpin): Provide the default desc text depending on the pininfo. Do the basic PIN verification only when min_digits is set. 2002-08-21 Werner Koch * query.c (agent_askpin): Hack to show the right default prompt. (agent_get_passphrase): Ditto. * trans.c: Removed and replaced all usages with standard _() * divert-scd.c (getpin_cb): Pass a more descritive text to the pinentry. * Makefile.am: Renamed the binary protect-tool to gpg-protect-tool. * protect-tool.c: Removed the note about internal use only. * gpg-agent.c (main): New option --daemon so that the program is not accidently started in the background. 2002-08-16 Werner Koch * call-scd.c (learn_status_cb): Handle CERTINFO status. (agent_card_learn): Add args for certinfo cb. * learncard.c (release_certinfo,certinfo_cb): New. (send_cert_back): New. With factored out code from .. (agent_handle_learn): here. Return certinfo stuff. 2002-07-26 Werner Koch * gpg-agent.c (main): New option --ignore-cache-for-signing. * command.c (option_handler): New server option use-cache-for-signing defaulting to true. (cmd_pksign): handle global and per session option. * findkey.c (agent_key_from_file, unprotect): New arg ignore_cache. Changed all callers. * pksign.c (agent_pksign): Likewise. 2002-06-29 Werner Koch * query.c (start_pinentry): Use GNUPG_DERAULT_PINENTRY. * call-scd.c (start_scd): Use GNUPG_DEFAULT_SCDAEMON. 2002-06-28 Werner Koch * protect-tool.c (export_p12_file): New. (main): New command --p12-export. * minip12.c (create_final,p12_build,compute_tag_length): New. (store_tag_length): New. 2002-06-27 Werner Koch * minip12.c (crypt_block): Renamed from decrypt_block, add arg to allow encryption. * Makefile.am (pkglib_PROGRAMS): Put protect-tool there. * findkey.c (agent_write_private_key,agent_key_from_file) (agent_key_available): Use GNUPG_PRIVATE_KEYS_DIR constant. * gpg-agent.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. * protect-tool.c (store_private_key): New. (import_p12_file): Store the new file if requested. (main): New options --force and --store. * gpg-agent.c (main): Set a global flag when running detached. * query.c (start_pinentry): Pass the list of FD to keep in the child when not running detached. * call-scd.c (start_scd): Ditto. 2002-06-26 Werner Koch * command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted) (cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_get_passphrase) (cmd_learn): Print an error message for a failed operation. * simple-pwquery.c, simple-pwquery.h: New. * protect-tool. (get_passphrase): New, used to get a passphrase from the agent if none was given on the command line. 2002-06-25 Werner Koch * protect-tool.c (rsa_key_check): New. (import_p12_file): New. (main): New command --p12-import. * minip12.c, minip12.h: New. 2002-06-24 Werner Koch * protect-tool.c (read_file): New. (read_key): Factored most code out to read_file. 2002-06-17 Werner Koch * agent.h: Add a callback function to the pin_entry_info structure. * query.c (agent_askpin): Use the callback to check for a correct PIN. Removed the start_err_text argument because it is not anymore needed; changed callers. * findkey.c (unprotect): Replace our own check loop by a callback. (try_unprotect_cb): New. * genkey.c (reenter_compare_cb): New. (agent_genkey): Use this callback here. Fixed setting of the pi2 variable and a segv in case of an empty PIN. * divert-scd.c (getpin_cb): Removed some unused stuff and explained what we still have to change. 2002-06-12 Werner Koch * gpg-agent.c (main): New option --disable-pth. 2002-06-11 Werner Koch * protect-tool.c: Add command --show-keygrip (show_keygrip): New. 2002-05-23 Werner Koch * call-scd.c: Seirialized all scdaeom access when using Pth. * cache.c: Made the cache Pth-thread-safe. (agent_unlock_cache_entry): New. * findkey.c (unprotect): Unlock the returned cache value. * command.c (cmd_get_passphrase): Ditto. * gpg-agent.c (main): Register pth_read/write with Assuan. 2002-05-22 Werner Koch * query.c: Serialized all pinentry access when using Pth. * gpg-agent.c (handle_signal,start_connection_thread) (handle_connections): New (main): Use the new Pth stuff to allow concurrent connections. * command.c (start_command_handler): Add new arg FD so that the fucntion can also be used for an already connected socket. * Makefile.am: Link with Pth. 2002-05-14 Werner Koch * cache.c (housekeeping, agent_put_cache): Use our time() wrapper. 2002-04-26 Werner Koch * cache.c (agent_put_cache): Reinitialize the creation time and the ttl when reusing a slot. * call-scd.c (start_scd): Print debug messages only with debug flags set. * query.c (start_pinentry): Ditto. 2002-04-25 Marcus Brinkmann * agent.h (agent_get_confirmation): Replace paramter prompt with two parameters ok and cancel. * query.c (agent_get_confirmation): Likewise. Implement this. * trustlist.c (agent_marktrusted): Fix invocation of agent_get_confirmation. * divert-scd.c (ask_for_card): Likewise. 2002-04-24 Marcus Brinkmann * agent.h (struct opt): Add members display, ttyname, ttytype, lc_ctype, and lc_messages. * gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname, oTTYtype, oLCctype, and LCmessages. (main): Handle these options. * command.c (option_handler): New function. (register_commands): Register option handler. * query.c (start_pinentry): Pass the various display and tty options to the pinentry. 2002-04-05 Werner Koch * protect-tool.c (show_file): New. Used as default action. 2002-03-28 Werner Koch * divert-scd.c (encode_md_for_card): Don't do the pkcs-1 padding, the scdaemon should take care of it. (ask_for_card): Hack to not display the trailing zero. 2002-03-11 Werner Koch * learncard.c (kpinfo_cb): Remove the content restrictions from the keyID. 2002-03-06 Werner Koch * learncard.c: New. * divert-scd.c (ask_for_card): The serial number is binary so convert it to hex here. * findkey.c (agent_write_private_key): New. * genkey.c (store_key): And use it here. * pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done. * divert-scd.c (divert_pkdecrypt): Changed interface and implemented it. 2002-03-05 Werner Koch * call-scd.c (inq_needpin): New. (agent_card_pksign): Add getpin_cb args. (agent_card_pkdecrypt): New. 2002-03-04 Werner Koch * pksign.c (agent_pksign): Changed how the diversion is done. * divert-scd.c (divert_pksign): Changed interface and implemented it. (encode_md_for_card): New. * call-scd.c (agent_card_pksign): New. 2002-02-28 Werner Koch * pksign.c (agent_pksign): Detect whether a Smartcard is to be used and divert the operation in this case. * pkdecrypt.c (agent_pkdecrypt): Likewise * findkey.c (agent_key_from_file): Add optional arg shadow_info and have it return information about a shadowed key. * protect.c (agent_get_shadow_info): New. * protect.c (snext,sskip,smatch): Moved to * sexp-parse.h: New file. * divert-scd.c: New. 2002-02-27 Werner Koch * protect.c (agent_shadow_key): New. * command.c (cmd_learn): New command LEARN. * gpg-agent.c: New option --scdaemon-program. * call-scd.c (start_scd): New. Based on query.c * query.c: Add 2 more arguments to all uses of assuan_transact. 2002-02-18 Werner Koch * findkey.c (unprotect): Show an error message for a bad passphrase. * command.c (cmd_marktrusted): Implemented. * trustlist.c (agent_marktrusted): New. (open_list): Add APPEND arg. * query.c (agent_get_confirmation): New. 2002-02-06 Werner Koch * cache.c (housekeeping): Fixed linking in the remove case. 2002-02-01 Werner Koch * gpg-agent.c: New option --default-cache-ttl. * cache.c (agent_put_cache): Use it. * cache.c: Add a few debug outputs. * protect.c (agent_private_key_type): New. * agent.h: Add PRIVATE_KEY_ enums. * findkey.c (agent_key_from_file): Use it to decide whether we have to unprotect a key. (unprotect): Cache the passphrase. * findkey.c (agent_key_from_file,agent_key_available): The key files do now require a ".key" suffix to make a script's life easier. * genkey.c (store_key): Ditto. 2002-01-31 Werner Koch * genkey.c (store_key): Protect the key. (agent_genkey): Ask for the passphrase. * findkey.c (unprotect): Actually unprotect the key. * query.c (agent_askpin): Add an optional start_err_text. 2002-01-30 Werner Koch * protect.c: New. (hash_passphrase): Based on the GnuPG 1.0.6 version. * protect-tool.c: New 2002-01-29 Werner Koch * findkey.c (agent_key_available): New. * command.c (cmd_havekey): New. (register_commands): And register new command. 2002-01-20 Werner Koch * command.c (cmd_get_passphrase): Remove the plus signs. * query.c (start_pinentry): Send no-grab option to pinentry * gpg-agent.c (main): Move variable grab as no_grab to agent.h. 2002-01-19 Werner Koch * gpg-agent.c (main): Disable core dumps. * cache.c: New. * command.c (cmd_get_passphrase): Use the cache. (cmd_clear_passphrase): Ditto. * gpg-agent.c: Removed unused cruft and implement the socket based server. (my_strusage): Take bug report address from configure.ac. * command.c (start_command_handler): Add an argument to start as regular server. (start_command_handler): Enable Assuan logging. 2002-01-15 Werner Koch * trustlist.c: New. * command.c (cmd_istrusted, cmd_listtrusted, cmd_marktrusted): New. 2002-01-07 Werner Koch * genkey.c: Store the secret part and return the public part. 2002-01-03 Werner Koch * command.c (cmd_get_passphrase): New. (cmd_clear_passphrase): New. * query.c (agent_get_passphrase): New. 2002-01-02 Werner Koch * genkey.c: New. * command.c (cmd_genkey): New. * command.c (rc_to_assuan_status): Removed and changed all callers to use map_to_assuan_status. 2001-12-19 Werner Koch * keyformat.txt: New. 2001-12-19 Marcus Brinkmann * query.c (start_pinentry): Add new argument to assuan_pipe_connect. 2001-12-18 Werner Koch * Makefile.am: Use LIBGCRYPT macros 2001-12-14 Werner Koch * gpg-agent.c (main): New option --batch. New option --debug-wait n, so that it is possible to attach gdb when used in server mode. * query.c (agent_askpin): Don't ask in batch mode. * command.c: Removed the conversion macros as they are now in ../common/util.h. 2001-12-14 Marcus Brinkmann * query.c (LINELENGTH): Removed. (agent_askpin): Use ASSUAN_LINELENGTH, not LINELENGTH. 2001-11-19 Werner Koch * gpg-agent.c: Removed all GUI code, removed code for old protocol. New code to use the Assuan protocol as a server and also to communicate with a new ask-passphrase utility. 2000-11-22 Werner Koch * gpg-agent.c (main): csh support by Dan Winship, new options --sh and --csh and set default by consulting $SHELL. Mon Aug 21 17:59:17 CEST 2000 Werner Koch * gpg-agent.c (passphrase_dialog): Cleanup the window and added the user supplied text to the window. (main): Fixed segv in gtk_init when used without a command to start. * gpg-agent.c: --flush option. (req_flush): New. (req_clear_passphrase): Implemented. Fri Aug 18 14:27:14 CEST 2000 Werner Koch * gpg-agent.c: New. * Makefile.am: New. Copyright 2001, 2002, 2003, 2004, 2005, - 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/agent/command.c b/agent/command.c index b6f5cfb0f..79b9b9731 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1,2618 +1,2625 @@ /* command.c - gpg-agent command handler * Copyright (C) 2001, 2002, 2003, 2004, 2005, * 2006, 2008, 2009, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ /* FIXME: we should not use the default assuan buffering but setup some buffering in secure mempory to protect session keys etc. */ #include #include #include #include #include #include #include #include #include #include #include #include "agent.h" #include #include "i18n.h" #include "cvt-openpgp.h" /* Maximum allowed size of the inquired ciphertext. */ #define MAXLEN_CIPHERTEXT 4096 /* Maximum allowed size of the key parameters. */ #define MAXLEN_KEYPARAM 1024 /* Maximum allowed size of key data as used in inquiries (bytes). */ #define MAXLEN_KEYDATA 4096 /* The size of the import/export KEK key (in bytes). */ #define KEYWRAP_KEYSIZE (128/8) #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) #if MAX_DIGEST_LEN < 20 #error MAX_DIGEST_LEN shorter than keygrip #endif /* Data used to associate an Assuan context with local server data */ struct server_local_s { assuan_context_t assuan_ctx; int message_fd; int use_cache_for_signing; char *keydesc; /* Allocated description for the next key operation. */ int pause_io_logging; /* Used to suppress I/O logging during a command */ int stopme; /* If set to true the agent will be terminated after the end of this session. */ int allow_pinentry_notify; /* Set if pinentry notifications should be done. */ void *import_key; /* Malloced KEK for the import_key command. */ void *export_key; /* Malloced KEK for the export_key command. */ int allow_fully_canceled; /* Client is aware of GPG_ERR_FULLY_CANCELED. */ char *last_cache_nonce; /* Last CACHE_NOCNE sent as status (malloced). */ char *last_passwd_nonce; /* Last PASSWD_NOCNE sent as status (malloced). */ }; /* An entry for the getval/putval commands. */ struct putval_item_s { struct putval_item_s *next; size_t off; /* Offset to the value into DATA. */ size_t len; /* Length of the value. */ char d[1]; /* Key | Nul | value. */ }; /* A list of key value pairs fpr the getval/putval commands. */ static struct putval_item_s *putval_list; /* To help polling clients, we keep track of the number of certain events. This structure keeps those counters. The counters are integers and there should be no problem if they are overflowing as callers need to check only whether a counter changed. The actual values are not meaningful. */ struct { /* Incremented if any of the other counters below changed. */ unsigned int any; /* Incremented if a key is added or removed from the internal privat key database. */ unsigned int key; /* Incremented if a change of the card readers stati has been detected. */ unsigned int card; } eventcounter; /* Local prototypes. */ static int command_has_option (const char *cmd, const char *cmdopt); /* Release the memory buffer MB but first wipe out the used memory. */ static void clear_outbuf (membuf_t *mb) { void *p; size_t n; p = get_membuf (mb, &n); if (p) { memset (p, 0, n); xfree (p); } } /* Write the content of memory buffer MB as assuan data to CTX and wipe the buffer out afterwards. */ static gpg_error_t write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb) { gpg_error_t ae; void *p; size_t n; p = get_membuf (mb, &n); if (!p) return out_of_core (); ae = assuan_send_data (ctx, p, n); memset (p, 0, n); xfree (p); return ae; } static void clear_nonce_cache (ctrl_t ctrl) { if (ctrl->server_local->last_cache_nonce) { agent_put_cache (ctrl->server_local->last_cache_nonce, CACHE_MODE_NONCE, NULL, 0); xfree (ctrl->server_local->last_cache_nonce); ctrl->server_local->last_cache_nonce = NULL; } if (ctrl->server_local->last_passwd_nonce) { agent_put_cache (ctrl->server_local->last_passwd_nonce, CACHE_MODE_NONCE, NULL, 0); xfree (ctrl->server_local->last_passwd_nonce); ctrl->server_local->last_passwd_nonce = NULL; } } static gpg_error_t reset_notify (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); (void) line; memset (ctrl->keygrip, 0, 20); ctrl->have_keygrip = 0; ctrl->digest.valuelen = 0; xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; clear_nonce_cache (ctrl); return 0; } /* Skip over options. Blanks after the options are also removed. */ static char * skip_options (const char *line) { while (spacep (line)) line++; while ( *line == '-' && line[1] == '-' ) { while (*line && !spacep (line)) line++; while (spacep (line)) line++; } return (char*)line; } /* Check whether the option NAME appears in LINE */ static int has_option (const char *line, const char *name) { const char *s; int n = strlen (name); s = strstr (line, name); if (s && s >= skip_options (line)) return 0; return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); } /* Same as has_option but does only test for the name of the option and ignores an argument, i.e. with NAME being "--hash" it would return true for "--hash" as well as for "--hash=foo". */ static int has_option_name (const char *line, const char *name) { const char *s; int n = strlen (name); s = strstr (line, name); if (s && s >= skip_options (line)) return 0; return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n) || s[n] == '=')); } /* Return a pointer to the argument of the option with NAME. If such an option is not given, it returns NULL. */ static char * option_value (const char *line, const char *name) { char *s; int n = strlen (name); s = strstr (line, name); if (s && s >= skip_options (line)) return NULL; if (s && (s == line || spacep (s-1)) && s[n] && (spacep (s+n) || s[n] == '=')) { s += n + 1; s += strspn (s, " "); if (*s && !spacep(s)) return s; } return NULL; } /* Replace all '+' by a blank. */ static void plus_to_blank (char *s) { for (; *s; s++) { if (*s == '+') *s = ' '; } } /* Parse a hex string. Return an Assuan error code or 0 on success and the length of the parsed string in LEN. */ static int parse_hexstring (assuan_context_t ctx, const char *string, size_t *len) { const char *p; size_t n; /* parse the hash value */ for (p=string, n=0; hexdigitp (p); p++, n++) ; if (*p != ' ' && *p != '\t' && *p) return set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring"); if ((n&1)) return set_error (GPG_ERR_ASS_PARAMETER, "odd number of digits"); *len = n; return 0; } /* Parse the keygrip in STRING into the provided buffer BUF. BUF must provide space for 20 bytes. BUF is not changed if the function returns an error. */ static int parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf) { int rc; size_t n = 0; rc = parse_hexstring (ctx, string, &n); if (rc) return rc; n /= 2; if (n != 20) return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of keygrip"); if (hex2bin (string, buf, 20) < 0) return set_error (GPG_ERR_BUG, "hex2bin"); return 0; } /* Write an assuan status line. */ gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...) { gpg_error_t err = 0; va_list arg_ptr; const char *text; assuan_context_t ctx = ctrl->server_local->assuan_ctx; char buf[950], *p; size_t n; va_start (arg_ptr, keyword); p = buf; n = 0; while ( (text = va_arg (arg_ptr, const char *)) ) { if (n) { *p++ = ' '; n++; } for ( ; *text && n < DIM (buf)-3; n++, text++) { if (*text == '\n') { *p++ = '\\'; *p++ = 'n'; } else if (*text == '\r') { *p++ = '\\'; *p++ = 'r'; } else *p++ = *text; } } *p = 0; err = assuan_write_status (ctx, keyword, buf); va_end (arg_ptr); return err; } /* Helper to notify the client about a launched Pinentry. Because that might disturb some older clients, this is only done if enabled via an option. Returns an gpg error code. */ gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid) { char line[100]; if (!ctrl || !ctrl->server_local || !ctrl->server_local->allow_pinentry_notify) return 0; snprintf (line, DIM(line)-1, "PINENTRY_LAUNCHED %lu", pid); return assuan_inquire (ctrl->server_local->assuan_ctx, line, NULL, NULL, 0); } /* Helper to print a message while leaving a command. */ static gpg_error_t leave_cmd (assuan_context_t ctx, gpg_error_t err) { if (err) { const char *name = assuan_get_command_name (ctx); if (!name) name = "?"; /* Not all users of gpg-agent know about the fully canceled error code; map it back if needed. */ if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) { ctrl_t ctrl = assuan_get_pointer (ctx); if (!ctrl->server_local->allow_fully_canceled) err = gpg_err_make (gpg_err_source (err), GPG_ERR_CANCELED); } /* Most code from common/ does not know the error source, thus we fix this here. */ if (gpg_err_source (err) == GPG_ERR_SOURCE_UNKNOWN) err = gpg_err_make (GPG_ERR_SOURCE_DEFAULT, gpg_err_code (err)); if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT) log_error ("command '%s' failed: %s\n", name, gpg_strerror (err)); else log_error ("command '%s' failed: %s <%s>\n", name, gpg_strerror (err), gpg_strsource (err)); } return err; } static const char hlp_geteventcounter[] = "GETEVENTCOUNTER\n" "\n" "Return a a status line named EVENTCOUNTER with the current values\n" "of all event counters. The values are decimal numbers in the range\n" "0 to UINT_MAX and wrapping around to 0. The actual values should\n" "not be relied upon, they shall only be used to detect a change.\n" "\n" "The currently defined counters are:\n" "\n" "ANY - Incremented with any change of any of the other counters.\n" "KEY - Incremented for added or removed private keys.\n" "CARD - Incremented for changes of the card readers stati."; static gpg_error_t cmd_geteventcounter (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); char any_counter[25]; char key_counter[25]; char card_counter[25]; (void)line; snprintf (any_counter, sizeof any_counter, "%u", eventcounter.any); snprintf (key_counter, sizeof key_counter, "%u", eventcounter.key); snprintf (card_counter, sizeof card_counter, "%u", eventcounter.card); return agent_write_status (ctrl, "EVENTCOUNTER", any_counter, key_counter, card_counter, NULL); } /* This function should be called once for all key removals or additions. This function is assured not to do any context switches. */ void bump_key_eventcounter (void) { eventcounter.key++; eventcounter.any++; } /* This function should be called for all card reader status changes. This function is assured not to do any context switches. */ void bump_card_eventcounter (void) { eventcounter.card++; eventcounter.any++; } static const char hlp_istrusted[] = "ISTRUSTED \n" "\n" "Return OK when we have an entry with this fingerprint in our\n" "trustlist"; static gpg_error_t cmd_istrusted (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc, n, i; char *p; char fpr[41]; /* Parse the fingerprint value. */ for (p=line,n=0; hexdigitp (p); p++, n++) ; if (*p || !(n == 40 || n == 32)) return set_error (GPG_ERR_ASS_PARAMETER, "invalid fingerprint"); i = 0; if (n==32) { strcpy (fpr, "00000000"); i += 8; } for (p=line; i < 40; p++, i++) fpr[i] = *p >= 'a'? (*p & 0xdf): *p; fpr[i] = 0; rc = agent_istrusted (ctrl, fpr, NULL); if (!rc || gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED) return rc; else if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF ) return gpg_error (GPG_ERR_NOT_TRUSTED); else return leave_cmd (ctx, rc); } static const char hlp_listtrusted[] = "LISTTRUSTED\n" "\n" "List all entries from the trustlist."; static gpg_error_t cmd_listtrusted (assuan_context_t ctx, char *line) { int rc; (void)line; rc = agent_listtrusted (ctx); return leave_cmd (ctx, rc); } static const char hlp_martrusted[] = "MARKTRUSTED \n" "\n" "Store a new key in into the trustlist."; static gpg_error_t cmd_marktrusted (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc, n, i; char *p; char fpr[41]; int flag; /* parse the fingerprint value */ for (p=line,n=0; hexdigitp (p); p++, n++) ; if (!spacep (p) || !(n == 40 || n == 32)) return set_error (GPG_ERR_ASS_PARAMETER, "invalid fingerprint"); i = 0; if (n==32) { strcpy (fpr, "00000000"); i += 8; } for (p=line; i < 40; p++, i++) fpr[i] = *p >= 'a'? (*p & 0xdf): *p; fpr[i] = 0; while (spacep (p)) p++; flag = *p++; if ( (flag != 'S' && flag != 'P') || !spacep (p) ) return set_error (GPG_ERR_ASS_PARAMETER, "invalid flag - must be P or S"); while (spacep (p)) p++; rc = agent_marktrusted (ctrl, p, fpr, flag); return leave_cmd (ctx, rc); } static const char hlp_havekey[] = "HAVEKEY \n" "\n" "Return success if at least one of the secret keys with the given\n" "keygrips is available."; static gpg_error_t cmd_havekey (assuan_context_t ctx, char *line) { gpg_error_t err; unsigned char buf[20]; do { err = parse_keygrip (ctx, line, buf); if (err) return err; if (!agent_key_available (buf)) return 0; /* Found. */ while (*line && *line != ' ' && *line != '\t') line++; while (*line == ' ' || *line == '\t') line++; } while (*line); /* No leave_cmd() here because errors are expected and would clutter the log. */ return gpg_error (GPG_ERR_NO_SECKEY); } static const char hlp_sigkey[] = "SIGKEY \n" "SETKEY \n" "\n" "Set the key used for a sign or decrypt operation."; static gpg_error_t cmd_sigkey (assuan_context_t ctx, char *line) { int rc; ctrl_t ctrl = assuan_get_pointer (ctx); rc = parse_keygrip (ctx, line, ctrl->keygrip); if (rc) return rc; ctrl->have_keygrip = 1; return 0; } static const char hlp_setkeydesc[] = "SETKEYDESC plus_percent_escaped_string\n" "\n" "Set a description to be used for the next PKSIGN, PKDECRYPT, IMPORT_KEY\n" "or EXPORT_KEY operation if this operation requires a passphrase. If\n" "this command is not used a default text will be used. Note, that\n" "this description implictly selects the label used for the entry\n" "box; if the string contains the string PIN (which in general will\n" "not be translated), \"PIN\" is used, otherwise the translation of\n" "\"passphrase\" is used. The description string should not contain\n" "blanks unless they are percent or '+' escaped.\n" "\n" "The description is only valid for the next PKSIGN, PKDECRYPT,\n" "IMPORT_KEY or EXPORT_KEY operation."; static gpg_error_t cmd_setkeydesc (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); char *desc, *p; for (p=line; *p == ' '; p++) ; desc = p; p = strchr (desc, ' '); if (p) *p = 0; /* We ignore any garbage; we might late use it for other args. */ if (!desc || !*desc) return set_error (GPG_ERR_ASS_PARAMETER, "no description given"); /* Note, that we only need to replace the + characters and should leave the other escaping in place because the escaped string is send verbatim to the pinentry which does the unescaping (but not the + replacing) */ plus_to_blank (desc); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = xtrystrdup (desc); if (!ctrl->server_local->keydesc) return out_of_core (); return 0; } static const char hlp_sethash[] = "SETHASH (--hash=)|() \n" "\n" "The client can use this command to tell the server about the data\n" "(which usually is a hash) to be signed."; static gpg_error_t cmd_sethash (assuan_context_t ctx, char *line) { int rc; size_t n; char *p; ctrl_t ctrl = assuan_get_pointer (ctx); unsigned char *buf; char *endp; int algo; /* Parse the alternative hash options which may be used instead of the algo number. */ if (has_option_name (line, "--hash")) { if (has_option (line, "--hash=sha1")) algo = GCRY_MD_SHA1; else if (has_option (line, "--hash=sha224")) algo = GCRY_MD_SHA224; else if (has_option (line, "--hash=sha256")) algo = GCRY_MD_SHA256; else if (has_option (line, "--hash=sha384")) algo = GCRY_MD_SHA384; else if (has_option (line, "--hash=sha512")) algo = GCRY_MD_SHA512; else if (has_option (line, "--hash=rmd160")) algo = GCRY_MD_RMD160; else if (has_option (line, "--hash=md5")) algo = GCRY_MD_MD5; else if (has_option (line, "--hash=tls-md5sha1")) algo = MD_USER_TLS_MD5SHA1; else return set_error (GPG_ERR_ASS_PARAMETER, "invalid hash algorithm"); } else algo = 0; line = skip_options (line); if (!algo) { /* No hash option has been given: require an algo number instead */ algo = (int)strtoul (line, &endp, 10); for (line = endp; *line == ' ' || *line == '\t'; line++) ; if (!algo || gcry_md_test_algo (algo)) return set_error (GPG_ERR_UNSUPPORTED_ALGORITHM, NULL); } ctrl->digest.algo = algo; ctrl->digest.raw_value = 0; /* Parse the hash value. */ n = 0; rc = parse_hexstring (ctx, line, &n); if (rc) return rc; n /= 2; if (algo == MD_USER_TLS_MD5SHA1 && n == 36) ; else if (n != 16 && n != 20 && n != 24 && n != 28 && n != 32 && n != 48 && n != 64) return set_error (GPG_ERR_ASS_PARAMETER, "unsupported length of hash"); if (n > MAX_DIGEST_LEN) return set_error (GPG_ERR_ASS_PARAMETER, "hash value to long"); buf = ctrl->digest.value; ctrl->digest.valuelen = n; for (p=line, n=0; n < ctrl->digest.valuelen; p += 2, n++) buf[n] = xtoi_2 (p); for (; n < ctrl->digest.valuelen; n++) buf[n] = 0; return 0; } static const char hlp_pksign[] = "PKSIGN [] []\n" "\n" "Perform the actual sign operation. Neither input nor output are\n" "sensitive to eavesdropping."; static gpg_error_t cmd_pksign (assuan_context_t ctx, char *line) { int rc; cache_mode_t cache_mode = CACHE_MODE_NORMAL; ctrl_t ctrl = assuan_get_pointer (ctx); membuf_t outbuf; char *cache_nonce = NULL; char *p; line = skip_options (line); p = line; for (p=line; *p && *p != ' ' && *p != '\t'; p++) ; *p = '\0'; if (*line) cache_nonce = xtrystrdup (line); if (opt.ignore_cache_for_signing) cache_mode = CACHE_MODE_IGNORE; else if (!ctrl->server_local->use_cache_for_signing) cache_mode = CACHE_MODE_IGNORE; init_membuf (&outbuf, 512); rc = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc, &outbuf, cache_mode); if (rc) clear_outbuf (&outbuf); else rc = write_and_clear_outbuf (ctx, &outbuf); xfree (cache_nonce); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; return leave_cmd (ctx, rc); } static const char hlp_pkdecrypt[] = "PKDECRYPT []\n" "\n" "Perform the actual decrypt operation. Input is not\n" "sensitive to eavesdropping."; static gpg_error_t cmd_pkdecrypt (assuan_context_t ctx, char *line) { int rc; ctrl_t ctrl = assuan_get_pointer (ctx); unsigned char *value; size_t valuelen; membuf_t outbuf; (void)line; /* First inquire the data to decrypt */ rc = assuan_inquire (ctx, "CIPHERTEXT", &value, &valuelen, MAXLEN_CIPHERTEXT); if (rc) return rc; init_membuf (&outbuf, 512); rc = agent_pkdecrypt (ctrl, ctrl->server_local->keydesc, value, valuelen, &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); else rc = write_and_clear_outbuf (ctx, &outbuf); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; return leave_cmd (ctx, rc); } static const char hlp_genkey[] = "GENKEY [--no-protection] []\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" "\n" " C: GENKEY\n" " S: INQUIRE KEYPARAM\n" " C: D (genkey (rsa (nbits 1024)))\n" " C: END\n" " S: D (public-key\n" " S: D (rsa (n 326487324683264) (e 10001)))\n" " S: OK key created\n" "\n"; static gpg_error_t cmd_genkey (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; int no_protection; unsigned char *value; size_t valuelen; membuf_t outbuf; char *cache_nonce = NULL; char *p; no_protection = has_option (line, "--no-protection"); line = skip_options (line); p = line; for (p=line; *p && *p != ' ' && *p != '\t'; p++) ; *p = '\0'; if (*line) cache_nonce = xtrystrdup (line); /* First inquire the parameters */ rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM); if (rc) return rc; init_membuf (&outbuf, 512); rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, no_protection, &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); else rc = write_and_clear_outbuf (ctx, &outbuf); xfree (cache_nonce); return leave_cmd (ctx, rc); } static const char hlp_readkey[] = "READKEY \n" "\n" "Return the public key for the given keygrip."; static gpg_error_t cmd_readkey (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; unsigned char grip[20]; gcry_sexp_t s_pkey = NULL; rc = parse_keygrip (ctx, line, grip); if (rc) return rc; /* Return immediately as this is already an Assuan error code.*/ rc = agent_public_key_from_file (ctrl, grip, &s_pkey); if (!rc) { size_t len; unsigned char *buf; len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); assert (len); buf = xtrymalloc (len); if (!buf) rc = gpg_error_from_syserror (); else { len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, buf, len); assert (len); rc = assuan_send_data (ctx, buf, len); xfree (buf); } gcry_sexp_release (s_pkey); } return leave_cmd (ctx, rc); } static const char hlp_keyinfo[] = "KEYINFO [--list] [--data] \n" "\n" "Return information about the key specified by the KEYGRIP. If the\n" "key is not available GPG_ERR_NOT_FOUND is returned. If the option\n" "--list is given the keygrip is ignored and information about all\n" "available keys are returned. The information is returned as a\n" "status line unless --data was specified, with this format:\n" "\n" " KEYINFO \n" "\n" "KEYGRIP is the keygrip.\n" "\n" "TYPE is describes the type of the key:\n" " 'D' - Regular key stored on disk,\n" " 'T' - Key is stored on a smartcard (token),\n" " '-' - Unknown type.\n" "\n" "SERIALNO is an ASCII string with the serial number of the\n" " smartcard. If the serial number is not known a single\n" " dash '-' is used instead.\n" "\n" "IDSTR is the IDSTR used to distinguish keys on a smartcard. If it\n" " is not known a dash is used instead.\n" "\n" - "CACHED is 1 if the key was found in the key cache. If not, a '-'\n" - "is used instead.\n" + "CACHED is 1 if the passphrase for the key was found in the key cache.\n" + " If not, a '-' is used instead.\n" "\n" "More information may be added in the future."; static gpg_error_t do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, - int data) + int data) { gpg_error_t err; char hexgrip[40+1]; int keytype; unsigned char *shadow_info = NULL; char *serialno = NULL; char *idstr = NULL; const char *keytypestr; - char *cached; + const char *cached; char *pw; err = agent_key_info_from_file (ctrl, grip, &keytype, &shadow_info); if (err) goto leave; /* Reformat the grip so that we use uppercase as good style. */ bin2hex (grip, 20, hexgrip); if (keytype == PRIVATE_KEY_CLEAR || keytype == PRIVATE_KEY_PROTECTED) keytypestr = "D"; else if (keytype == PRIVATE_KEY_SHADOWED) keytypestr = "T"; else keytypestr = "-"; + /* Here we have a little race by doing the cache check separately + from the retrieval function. Given that the cache flag is only a + hint, it should not really matter. */ pw = agent_get_cache (hexgrip, CACHE_MODE_NORMAL); cached = pw ? "1" : "-"; xfree (pw); if (shadow_info) { err = parse_shadow_info (shadow_info, &serialno, &idstr); if (err) goto leave; } if (!data) err = agent_write_status (ctrl, "KEYINFO", hexgrip, keytypestr, serialno? serialno : "-", idstr? idstr : "-", cached, NULL); - else { - char *string = xtryasprintf ("%s %s %s %s %s\n", hexgrip, keytypestr, - serialno? serialno : "-", idstr? idstr : "-", cached); - - if (!string) - err = gpg_error_from_syserror (); + else + { + char *string; - err = assuan_send_data(ctx, string, strlen(string)); - xfree(string); - } + string = xtryasprintf ("%s %s %s %s %s\n", + hexgrip, keytypestr, + serialno? serialno : "-", + idstr? idstr : "-", cached); + if (!string) + err = gpg_error_from_syserror (); + else + err = assuan_send_data (ctx, string, strlen(string)); + xfree (string); + } leave: xfree (shadow_info); xfree (serialno); xfree (idstr); return err; } static gpg_error_t cmd_keyinfo (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int err; unsigned char grip[20]; DIR *dir = NULL; int list_mode; int opt_data; list_mode = has_option (line, "--list"); opt_data = has_option (line, "--data"); line = skip_options (line); if (list_mode) { char *dirname; struct dirent *dir_entry; char hexgrip[41]; dirname = make_filename_try (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, NULL); if (!dirname) { err = gpg_error_from_syserror (); goto leave; } dir = opendir (dirname); if (!dir) { err = gpg_error_from_syserror (); xfree (dirname); goto leave; } xfree (dirname); while ( (dir_entry = readdir (dir)) ) { if (strlen (dir_entry->d_name) != 44 || strcmp (dir_entry->d_name + 40, ".key")) continue; strncpy (hexgrip, dir_entry->d_name, 40); hexgrip[40] = 0; if ( hex2bin (hexgrip, grip, 20) < 0 ) continue; /* Bad hex string. */ err = do_one_keyinfo (ctrl, grip, ctx, opt_data); if (err) goto leave; } err = 0; } else { err = parse_keygrip (ctx, line, grip); if (err) goto leave; err = do_one_keyinfo (ctrl, grip, ctx, opt_data); } leave: if (dir) closedir (dir); if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND) leave_cmd (ctx, err); return err; } static int send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw) { size_t n; int rc; assuan_begin_confidential (ctx); n = strlen (pw); if (via_data) rc = assuan_send_data (ctx, pw, n); else { char *p = xtrymalloc_secure (n*2+1); if (!p) rc = gpg_error_from_syserror (); else { bin2hex (pw, n, p); rc = assuan_set_okay_line (ctx, p); xfree (p); } } return rc; } static const char hlp_get_passphrase[] = "GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]\n" " [--qualitybar] \n" " [ ]\n" "\n" "This function is usually used to ask for a passphrase to be used\n" "for conventional encryption, but may also be used by programs which\n" "need specal handling of passphrases. This command uses a syntax\n" "which helps clients to use the agent with minimum effort. The\n" "agent either returns with an error or with a OK followed by the hex\n" "encoded passphrase. Note that the length of the strings is\n" "implicitly limited by the maximum length of a command.\n" "\n" "If the option \"--data\" is used the passphrase is returned by usual\n" "data lines and not on the okay line.\n" "\n" "If the option \"--check\" is used the passphrase constraints checks as\n" "implemented by gpg-agent are applied. A check is not done if the\n" "passphrase has been found in the cache.\n" "\n" "If the option \"--no-ask\" is used and the passphrase is not in the\n" "cache the user will not be asked to enter a passphrase but the error\n" "code GPG_ERR_NO_DATA is returned. \n" "\n" "If the option \"--qualitybar\" is used a visual indication of the\n" "entered passphrase quality is shown. (Unless no minimum passphrase\n" "length has been configured.)"; static gpg_error_t cmd_get_passphrase (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *pw; char *response; char *cacheid = NULL, *desc = NULL, *prompt = NULL, *errtext = NULL; const char *desc2 = _("Please re-enter this passphrase"); char *p; int opt_data, opt_check, opt_no_ask, opt_qualbar; int opt_repeat = 0; char *repeat_errtext = NULL; opt_data = has_option (line, "--data"); opt_check = has_option (line, "--check"); opt_no_ask = has_option (line, "--no-ask"); if (has_option_name (line, "--repeat")) { p = option_value (line, "--repeat"); if (p) opt_repeat = atoi (p); else opt_repeat = 1; } opt_qualbar = has_option (line, "--qualitybar"); line = skip_options (line); cacheid = line; p = strchr (cacheid, ' '); if (p) { *p++ = 0; while (*p == ' ') p++; errtext = p; p = strchr (errtext, ' '); if (p) { *p++ = 0; while (*p == ' ') p++; prompt = p; p = strchr (prompt, ' '); if (p) { *p++ = 0; while (*p == ' ') p++; desc = p; p = strchr (desc, ' '); if (p) *p = 0; /* Ignore trailing garbage. */ } } } if (!cacheid || !*cacheid || strlen (cacheid) > 50) return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID"); if (!desc) return set_error (GPG_ERR_ASS_PARAMETER, "no description given"); if (!strcmp (cacheid, "X")) cacheid = NULL; if (!strcmp (errtext, "X")) errtext = NULL; if (!strcmp (prompt, "X")) prompt = NULL; if (!strcmp (desc, "X")) desc = NULL; pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL) : NULL; if (pw) { rc = send_back_passphrase (ctx, opt_data, pw); xfree (pw); } else if (opt_no_ask) rc = gpg_error (GPG_ERR_NO_DATA); else { /* Note, that we only need to replace the + characters and should leave the other escaping in place because the escaped string is send verbatim to the pinentry which does the unescaping (but not the + replacing) */ if (errtext) plus_to_blank (errtext); if (prompt) plus_to_blank (prompt); if (desc) plus_to_blank (desc); next_try: rc = agent_get_passphrase (ctrl, &response, desc, prompt, repeat_errtext? repeat_errtext:errtext, opt_qualbar); xfree (repeat_errtext); repeat_errtext = NULL; if (!rc) { int i; if (opt_check && check_passphrase_constraints (ctrl, response, 0)) { xfree (response); goto next_try; } for (i = 0; i < opt_repeat; i++) { char *response2; rc = agent_get_passphrase (ctrl, &response2, desc2, prompt, errtext, 0); if (rc) break; if (strcmp (response2, response)) { xfree (response2); xfree (response); repeat_errtext = try_percent_escape (_("does not match - try again"), NULL); if (!repeat_errtext) { rc = gpg_error_from_syserror (); break; } goto next_try; } xfree (response2); } if (!rc) { if (cacheid) agent_put_cache (cacheid, CACHE_MODE_USER, response, 0); rc = send_back_passphrase (ctx, opt_data, response); } xfree (response); } } return leave_cmd (ctx, rc); } static const char hlp_clear_passphrase[] = "CLEAR_PASSPHRASE [--mode=normal] \n" "\n" "may be used to invalidate the cache entry for a passphrase. The\n" "function returns with OK even when there is no cached passphrase.\n" "The --mode=normal option is used to clear an entry for a cacheid\n" "added by the agent.\n"; static gpg_error_t cmd_clear_passphrase (assuan_context_t ctx, char *line) { char *cacheid = NULL; char *p; int opt_normal; opt_normal = has_option (line, "--mode=normal"); line = skip_options (line); /* parse the stuff */ for (p=line; *p == ' '; p++) ; cacheid = p; p = strchr (cacheid, ' '); if (p) *p = 0; /* ignore garbage */ if (!cacheid || !*cacheid || strlen (cacheid) > 50) return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID"); agent_put_cache (cacheid, opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER, NULL, 0); return 0; } static const char hlp_get_confirmation[] = "GET_CONFIRMATION \n" "\n" "This command may be used to ask for a simple confirmation.\n" "DESCRIPTION is displayed along with a Okay and Cancel button. This\n" "command uses a syntax which helps clients to use the agent with\n" "minimum effort. The agent either returns with an error or with a\n" "OK. Note, that the length of DESCRIPTION is implicitly limited by\n" "the maximum length of a command. DESCRIPTION should not contain\n" "any spaces, those must be encoded either percent escaped or simply\n" "as '+'."; static gpg_error_t cmd_get_confirmation (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *desc = NULL; char *p; /* parse the stuff */ for (p=line; *p == ' '; p++) ; desc = p; p = strchr (desc, ' '); if (p) *p = 0; /* We ignore any garbage -may be later used for other args. */ if (!desc || !*desc) return set_error (GPG_ERR_ASS_PARAMETER, "no description given"); if (!strcmp (desc, "X")) desc = NULL; /* Note, that we only need to replace the + characters and should leave the other escaping in place because the escaped string is send verbatim to the pinentry which does the unescaping (but not the + replacing) */ if (desc) plus_to_blank (desc); rc = agent_get_confirmation (ctrl, desc, NULL, NULL, 0); return leave_cmd (ctx, rc); } static const char hlp_learn[] = "LEARN [--send]\n" "\n" "Learn something about the currently inserted smartcard. With\n" "--send the new certificates are send back."; static gpg_error_t cmd_learn (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; rc = agent_handle_learn (ctrl, has_option (line, "--send")? ctx : NULL); return leave_cmd (ctx, rc); } static const char hlp_passwd[] = "PASSWD [--cache-nonce=] [--passwd-nonce=] \n" "\n" "Change the passphrase/PIN for the key identified by keygrip in LINE."; static gpg_error_t cmd_passwd (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; int c; char *cache_nonce = NULL; char *passwd_nonce = NULL; unsigned char grip[20]; gcry_sexp_t s_skey = NULL; unsigned char *shadow_info = NULL; char *passphrase = NULL; char *pend; cache_nonce = option_value (line, "--cache-nonce"); if (cache_nonce) { for (pend = cache_nonce; *pend && !spacep (pend); pend++) ; c = *pend; *pend = '\0'; cache_nonce = xtrystrdup (cache_nonce); *pend = c; if (!cache_nonce) { err = gpg_error_from_syserror (); goto leave; } } passwd_nonce = option_value (line, "--passwd-nonce"); if (passwd_nonce) { for (pend = passwd_nonce; *pend && !spacep (pend); pend++) ; c = *pend; *pend = '\0'; passwd_nonce = xtrystrdup (passwd_nonce); *pend = c; if (!passwd_nonce) { err = gpg_error_from_syserror (); goto leave; } } line = skip_options (line); err = parse_keygrip (ctx, line, grip); if (err) goto leave; ctrl->in_passwd++; err = agent_key_from_file (ctrl, cache_nonce, ctrl->server_local->keydesc, grip, &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey, &passphrase); if (err) ; else if (!s_skey) { log_error ("changing a smartcard PIN is not yet supported\n"); err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); } else { char *newpass = NULL; if (passwd_nonce) newpass = agent_get_cache (passwd_nonce, CACHE_MODE_NONCE); err = agent_protect_and_store (ctrl, s_skey, &newpass); if (!err && passphrase) { /* A passphrase existed on the old key and the change was successful. Return a nonce for that old passphrase to let the caller try to unprotect the other subkeys with the same key. */ if (!cache_nonce) { char buf[12]; gcry_create_nonce (buf, 12); cache_nonce = bin2hex (buf, 12, NULL); } if (cache_nonce && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 120 /*seconds*/)) { assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); xfree (ctrl->server_local->last_cache_nonce); ctrl->server_local->last_cache_nonce = cache_nonce; cache_nonce = NULL; } if (newpass) { /* If we have a new passphrase (which might be empty) we store it under a passwd nonce so that the caller may send that nonce again to use it for another key. */ if (!passwd_nonce) { char buf[12]; gcry_create_nonce (buf, 12); passwd_nonce = bin2hex (buf, 12, NULL); } if (passwd_nonce && !agent_put_cache (passwd_nonce, CACHE_MODE_NONCE, newpass, 120 /*seconds*/)) { assuan_write_status (ctx, "PASSWD_NONCE", passwd_nonce); xfree (ctrl->server_local->last_passwd_nonce); ctrl->server_local->last_passwd_nonce = passwd_nonce; passwd_nonce = NULL; } } } xfree (newpass); } ctrl->in_passwd--; xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; leave: xfree (passphrase); gcry_sexp_release (s_skey); xfree (shadow_info); xfree (cache_nonce); return leave_cmd (ctx, err); } static const char hlp_preset_passphrase[] = "PRESET_PASSPHRASE \n" "\n" "Set the cached passphrase/PIN for the key identified by the keygrip\n" "to passwd for the given time, where -1 means infinite and 0 means\n" "the default (currently only a timeout of -1 is allowed, which means\n" "to never expire it). If passwd is not provided, ask for it via the\n" "pinentry module."; static gpg_error_t cmd_preset_passphrase (assuan_context_t ctx, char *line) { int rc; char *grip_clear = NULL; char *passphrase = NULL; int ttl; size_t len; if (!opt.allow_preset_passphrase) return set_error (GPG_ERR_NOT_SUPPORTED, "no --allow-preset-passphrase"); grip_clear = line; while (*line && (*line != ' ' && *line != '\t')) line++; if (!*line) return gpg_error (GPG_ERR_MISSING_VALUE); *line = '\0'; line++; while (*line && (*line == ' ' || *line == '\t')) line++; /* Currently, only infinite timeouts are allowed. */ ttl = -1; if (line[0] != '-' || line[1] != '1') return gpg_error (GPG_ERR_NOT_IMPLEMENTED); line++; line++; while (!(*line != ' ' && *line != '\t')) line++; /* Syntax check the hexstring. */ len = 0; rc = parse_hexstring (ctx, line, &len); if (rc) return rc; line[len] = '\0'; /* If there is a passphrase, use it. Currently, a passphrase is required. */ if (*line) { /* Do in-place conversion. */ passphrase = line; if (!hex2str (passphrase, passphrase, strlen (passphrase)+1, NULL)) rc = set_error (GPG_ERR_ASS_PARAMETER, "invalid hexstring"); } else rc = set_error (GPG_ERR_NOT_IMPLEMENTED, "passphrase is required"); if (!rc) rc = agent_put_cache (grip_clear, CACHE_MODE_ANY, passphrase, ttl); return leave_cmd (ctx, rc); } static const char hlp_scd[] = "SCD \n" " \n" "This is a general quote command to redirect everything to the\n" "SCdaemon."; static gpg_error_t cmd_scd (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; rc = divert_generic_cmd (ctrl, line, ctx); return rc; } static const char hlp_keywrap_key[] = "KEYWRAP_KEY [--clear] \n" "\n" "Return a key to wrap another key. For now the key is returned\n" "verbatim and and thus makes not much sense because an eavesdropper on\n" "the gpg-agent connection will see the key as well as the wrapped key.\n" "However, this function may either be equipped with a public key\n" "mechanism or not used at all if the key is a pre-shared key. In any\n" "case wrapping the import and export of keys is a requirement for\n" "certain cryptographic validations and thus useful. The key persists\n" "a RESET command but may be cleared using the option --clear.\n" "\n" "Supported modes are:\n" " --import - Return a key to import a key into gpg-agent\n" " --export - Return a key to export a key from gpg-agent"; static gpg_error_t cmd_keywrap_key (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; int clearopt = has_option (line, "--clear"); assuan_begin_confidential (ctx); if (has_option (line, "--import")) { xfree (ctrl->server_local->import_key); if (clearopt) ctrl->server_local->import_key = NULL; else if (!(ctrl->server_local->import_key = gcry_random_bytes (KEYWRAP_KEYSIZE, GCRY_STRONG_RANDOM))) err = gpg_error_from_syserror (); else err = assuan_send_data (ctx, ctrl->server_local->import_key, KEYWRAP_KEYSIZE); } else if (has_option (line, "--export")) { xfree (ctrl->server_local->export_key); if (clearopt) ctrl->server_local->export_key = NULL; else if (!(ctrl->server_local->export_key = gcry_random_bytes (KEYWRAP_KEYSIZE, GCRY_STRONG_RANDOM))) err = gpg_error_from_syserror (); else err = assuan_send_data (ctx, ctrl->server_local->export_key, KEYWRAP_KEYSIZE); } else err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for MODE"); assuan_end_confidential (ctx); return leave_cmd (ctx, err); } static const char hlp_import_key[] = "IMPORT_KEY []\n" "\n" "Import a secret key into the key store. The key is expected to be\n" "encrypted using the current session's key wrapping key (cf. command\n" "KEYWRAP_KEY) using the AESWRAP-128 algorithm. This function takes\n" "no arguments but uses the inquiry \"KEYDATA\" to ask for the actual\n" "key data. The unwrapped key must be a canonical S-expression."; static gpg_error_t cmd_import_key (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; unsigned char *wrappedkey = NULL; size_t wrappedkeylen; gcry_cipher_hd_t cipherhd = NULL; unsigned char *key = NULL; size_t keylen, realkeylen; char *passphrase = NULL; unsigned char *finalkey = NULL; size_t finalkeylen; unsigned char grip[20]; gcry_sexp_t openpgp_sexp = NULL; char *cache_nonce = NULL; char *p; if (!ctrl->server_local->import_key) { err = gpg_error (GPG_ERR_MISSING_KEY); goto leave; } p = line; for (p=line; *p && *p != ' ' && *p != '\t'; p++) ; *p = '\0'; if (*line) cache_nonce = xtrystrdup (line); assuan_begin_confidential (ctx); err = assuan_inquire (ctx, "KEYDATA", &wrappedkey, &wrappedkeylen, MAXLEN_KEYDATA); assuan_end_confidential (ctx); if (err) goto leave; if (wrappedkeylen < 24) { err = gpg_error (GPG_ERR_INV_LENGTH); goto leave; } keylen = wrappedkeylen - 8; key = xtrymalloc_secure (keylen); if (!key) { err = gpg_error_from_syserror (); goto leave; } err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_AESWRAP, 0); if (err) goto leave; err = gcry_cipher_setkey (cipherhd, ctrl->server_local->import_key, KEYWRAP_KEYSIZE); if (err) goto leave; err = gcry_cipher_decrypt (cipherhd, key, keylen, wrappedkey, wrappedkeylen); if (err) goto leave; gcry_cipher_close (cipherhd); cipherhd = NULL; xfree (wrappedkey); wrappedkey = NULL; realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err); if (!realkeylen) goto leave; /* Invalid canonical encoded S-expression. */ err = keygrip_from_canon_sexp (key, realkeylen, grip); if (err) { /* This might be due to an unsupported S-expression format. Check whether this is openpgp-private-key and trigger that import code. */ if (!gcry_sexp_sscan (&openpgp_sexp, NULL, key, realkeylen)) { const char *tag; size_t taglen; tag = gcry_sexp_nth_data (openpgp_sexp, 0, &taglen); if (tag && taglen == 19 && !memcmp (tag, "openpgp-private-key", 19)) ; else { gcry_sexp_release (openpgp_sexp); openpgp_sexp = NULL; } } if (!openpgp_sexp) goto leave; /* Note that ERR is still set. */ } if (openpgp_sexp) { /* In most cases the key is encrypted and thus the conversion function from the OpenPGP format to our internal format will ask for a passphrase. That passphrase will be returned and used to protect the key using the same code as for regular key import. */ err = convert_from_openpgp (ctrl, openpgp_sexp, grip, ctrl->server_local->keydesc, cache_nonce, &key, &passphrase); if (err) goto leave; realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err); if (!realkeylen) goto leave; /* Invalid canonical encoded S-expression. */ if (passphrase) { if (!cache_nonce) { char buf[12]; gcry_create_nonce (buf, 12); cache_nonce = bin2hex (buf, 12, NULL); } if (cache_nonce && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 120 /*seconds*/)) assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); } } else { if (!agent_key_available (grip)) err = gpg_error (GPG_ERR_EEXIST); else err = agent_ask_new_passphrase (ctrl, _("Please enter the passphrase to protect the " "imported object within the GnuPG system."), &passphrase); if (err) goto leave; } if (passphrase) { err = agent_protect (key, passphrase, &finalkey, &finalkeylen); if (!err) err = agent_write_private_key (grip, finalkey, finalkeylen, 0); } else err = agent_write_private_key (grip, key, realkeylen, 0); leave: gcry_sexp_release (openpgp_sexp); xfree (finalkey); xfree (passphrase); xfree (key); gcry_cipher_close (cipherhd); xfree (wrappedkey); xfree (cache_nonce); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; return leave_cmd (ctx, err); } static const char hlp_export_key[] = "EXPORT_KEY [--cache-nonce=] [--openpgp] \n" "\n" "Export a secret key from the key store. The key will be encrypted\n" "using the current session's key wrapping key (cf. command KEYWRAP_KEY)\n" "using the AESWRAP-128 algorithm. The caller needs to retrieve that key\n" "prior to using this command. The function takes the keygrip as argument.\n"; static gpg_error_t cmd_export_key (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; unsigned char grip[20]; gcry_sexp_t s_skey = NULL; unsigned char *key = NULL; size_t keylen; gcry_cipher_hd_t cipherhd = NULL; unsigned char *wrappedkey = NULL; size_t wrappedkeylen; int openpgp; char *cache_nonce; char *passphrase = NULL; openpgp = has_option (line, "--openpgp"); cache_nonce = option_value (line, "--cache-nonce"); if (cache_nonce) { for (; *line && !spacep (line); line++) ; if (*line) *line++ = '\0'; cache_nonce = xtrystrdup (cache_nonce); if (!cache_nonce) { err = gpg_error_from_syserror (); goto leave; } } line = skip_options (line); if (!ctrl->server_local->export_key) { err = gpg_error (GPG_ERR_MISSING_KEY); goto leave; } err = parse_keygrip (ctx, line, grip); if (err) goto leave; if (agent_key_available (grip)) { err = gpg_error (GPG_ERR_NO_SECKEY); goto leave; } /* Get the key from the file. With the openpgp flag we also ask for the passphrase so that we can use it to re-encrypt it. */ err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, NULL, CACHE_MODE_IGNORE, NULL, &s_skey, openpgp ? &passphrase : NULL); if (err) goto leave; if (!s_skey) { /* Key is on a smartcard. Actually we should not see this here because we do not pass a shadow_info variable to the above function, thus it will return this error directly. */ err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); goto leave; } if (openpgp) { /* The openpgp option changes the key format into the OpenPGP key transfer format. The result is already a padded canonical S-expression. */ if (!passphrase) { err = agent_ask_new_passphrase (ctrl, _("This key (or subkey) is not protected with a passphrase." " Please enter a new passphrase to export it."), &passphrase); if (err) goto leave; } err = convert_to_openpgp (ctrl, s_skey, passphrase, &key, &keylen); } else { /* Convert into a canonical S-expression and wrap that. */ err = make_canon_sexp_pad (s_skey, 1, &key, &keylen); } if (err) goto leave; gcry_sexp_release (s_skey); s_skey = NULL; err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_AESWRAP, 0); if (err) goto leave; err = gcry_cipher_setkey (cipherhd, ctrl->server_local->export_key, KEYWRAP_KEYSIZE); if (err) goto leave; wrappedkeylen = keylen + 8; wrappedkey = xtrymalloc (wrappedkeylen); if (!wrappedkey) { err = gpg_error_from_syserror (); goto leave; } err = gcry_cipher_encrypt (cipherhd, wrappedkey, wrappedkeylen, key, keylen); if (err) goto leave; xfree (key); key = NULL; gcry_cipher_close (cipherhd); cipherhd = NULL; assuan_begin_confidential (ctx); err = assuan_send_data (ctx, wrappedkey, wrappedkeylen); assuan_end_confidential (ctx); leave: xfree (cache_nonce); xfree (passphrase); xfree (wrappedkey); gcry_cipher_close (cipherhd); xfree (key); gcry_sexp_release (s_skey); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; return leave_cmd (ctx, err); } static const char hlp_getval[] = "GETVAL \n" "\n" "Return the value for KEY from the special environment as created by\n" "PUTVAL."; static gpg_error_t cmd_getval (assuan_context_t ctx, char *line) { int rc = 0; char *key = NULL; char *p; struct putval_item_s *vl; for (p=line; *p == ' '; p++) ; key = p; p = strchr (key, ' '); if (p) { *p++ = 0; for (; *p == ' '; p++) ; if (*p) return set_error (GPG_ERR_ASS_PARAMETER, "too many arguments"); } if (!key || !*key) return set_error (GPG_ERR_ASS_PARAMETER, "no key given"); for (vl=putval_list; vl; vl = vl->next) if ( !strcmp (vl->d, key) ) break; if (vl) /* Got an entry. */ rc = assuan_send_data (ctx, vl->d+vl->off, vl->len); else return gpg_error (GPG_ERR_NO_DATA); return leave_cmd (ctx, rc); } static const char hlp_putval[] = "PUTVAL []\n" "\n" "The gpg-agent maintains a kind of environment which may be used to\n" "store key/value pairs in it, so that they can be retrieved later.\n" "This may be used by helper daemons to daemonize themself on\n" "invocation and register them with gpg-agent. Callers of the\n" "daemon's service may now first try connect to get the information\n" "for that service from gpg-agent through the GETVAL command and then\n" "try to connect to that daemon. Only if that fails they may start\n" "an own instance of the service daemon. \n" "\n" "KEY is an an arbitrary symbol with the same syntax rules as keys\n" "for shell environment variables. PERCENT_ESCAPED_VALUE is the\n" "corresponsing value; they should be similar to the values of\n" "envronment variables but gpg-agent does not enforce any\n" "restrictions. If that value is not given any value under that KEY\n" "is removed from this special environment."; static gpg_error_t cmd_putval (assuan_context_t ctx, char *line) { int rc = 0; char *key = NULL; char *value = NULL; size_t valuelen = 0; char *p; struct putval_item_s *vl, *vlprev; for (p=line; *p == ' '; p++) ; key = p; p = strchr (key, ' '); if (p) { *p++ = 0; for (; *p == ' '; p++) ; if (*p) { value = p; p = strchr (value, ' '); if (p) *p = 0; valuelen = percent_plus_unescape_inplace (value, 0); } } if (!key || !*key) return set_error (GPG_ERR_ASS_PARAMETER, "no key given"); for (vl=putval_list,vlprev=NULL; vl; vlprev=vl, vl = vl->next) if ( !strcmp (vl->d, key) ) break; if (vl) /* Delete old entry. */ { if (vlprev) vlprev->next = vl->next; else putval_list = vl->next; xfree (vl); } if (valuelen) /* Add entry. */ { vl = xtrymalloc (sizeof *vl + strlen (key) + valuelen); if (!vl) rc = gpg_error_from_syserror (); else { vl->len = valuelen; vl->off = strlen (key) + 1; strcpy (vl->d, key); memcpy (vl->d + vl->off, value, valuelen); vl->next = putval_list; putval_list = vl; } } return leave_cmd (ctx, rc); } static const char hlp_updatestartuptty[] = "UPDATESTARTUPTTY\n" "\n" "Set startup TTY and X11 DISPLAY variables to the values of this\n" "session. This command is useful to pull future pinentries to\n" "another screen. It is only required because there is no way in the\n" "ssh-agent protocol to convey this information."; static gpg_error_t cmd_updatestartuptty (assuan_context_t ctx, char *line) { static const char *names[] = { "GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL }; ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; session_env_t se; int idx; char *lc_ctype = NULL; char *lc_messages = NULL; (void)line; se = session_env_new (); if (!se) err = gpg_error_from_syserror (); for (idx=0; !err && names[idx]; idx++) { const char *value = session_env_getenv (ctrl->session_env, names[idx]); if (value) err = session_env_setenv (se, names[idx], value); } if (!err && ctrl->lc_ctype) if (!(lc_ctype = xtrystrdup (ctrl->lc_ctype))) err = gpg_error_from_syserror (); if (!err && ctrl->lc_messages) if (!(lc_messages = xtrystrdup (ctrl->lc_messages))) err = gpg_error_from_syserror (); if (err) { session_env_release (se); xfree (lc_ctype); xfree (lc_messages); } else { session_env_release (opt.startup_env); opt.startup_env = se; xfree (opt.startup_lc_ctype); opt.startup_lc_ctype = lc_ctype; xfree (opt.startup_lc_messages); opt.startup_lc_messages = lc_messages; } return err; } static const char hlp_killagent[] = "KILLAGENT\n" "\n" "If the agent has been started using a standard socket\n" "we allow a client to stop the agent."; static gpg_error_t cmd_killagent (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); (void)line; if (!opt.use_standard_socket) return set_error (GPG_ERR_NOT_SUPPORTED, "no --use-standard-socket"); ctrl->server_local->stopme = 1; return gpg_error (GPG_ERR_EOF); } static const char hlp_reloadagent[] = "RELOADAGENT\n" "\n" "This command is an alternative to SIGHUP\n" "to reload the configuration."; static gpg_error_t cmd_reloadagent (assuan_context_t ctx, char *line) { (void)ctx; (void)line; agent_sighup_action (); return 0; } static const char hlp_getinfo[] = "GETINFO \n" "\n" "Multipurpose function to return a variety of information.\n" "Supported values for WHAT are:\n" "\n" " version - Return the version of the program.\n" " pid - Return the process id of the server.\n" " socket_name - Return the name of the socket.\n" " ssh_socket_name - Return the name of the ssh socket.\n" " scd_running - Return OK if the SCdaemon is already running.\n" " s2k_count - Return the calibrated S2K count.\n" " std_session_env - List the standard session environment.\n" " std_startup_env - List the standard startup environment.\n" " cmd_has_option\n" " - Returns OK if the command CMD implements the option OPT\n."; static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc = 0; if (!strcmp (line, "version")) { const char *s = VERSION; rc = assuan_send_data (ctx, s, strlen (s)); } else if (!strcmp (line, "pid")) { char numbuf[50]; snprintf (numbuf, sizeof numbuf, "%lu", (unsigned long)getpid ()); rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); } else if (!strcmp (line, "socket_name")) { const char *s = get_agent_socket_name (); if (s) rc = assuan_send_data (ctx, s, strlen (s)); else rc = gpg_error (GPG_ERR_NO_DATA); } else if (!strcmp (line, "ssh_socket_name")) { const char *s = get_agent_ssh_socket_name (); if (s) rc = assuan_send_data (ctx, s, strlen (s)); else rc = gpg_error (GPG_ERR_NO_DATA); } else if (!strcmp (line, "scd_running")) { rc = agent_scd_check_running ()? 0 : gpg_error (GPG_ERR_GENERAL); } else if (!strcmp (line, "s2k_count")) { char numbuf[50]; snprintf (numbuf, sizeof numbuf, "%lu", get_standard_s2k_count ()); rc = assuan_send_data (ctx, numbuf, strlen (numbuf)); } else if (!strcmp (line, "std_session_env") || !strcmp (line, "std_startup_env")) { int iterator; const char *name, *value; char *string; iterator = 0; while ((name = session_env_list_stdenvnames (&iterator, NULL))) { value = session_env_getenv_or_default (line[5] == 't'? opt.startup_env:ctrl->session_env, name, NULL); if (value) { string = xtryasprintf ("%s=%s", name, value); if (!string) rc = gpg_error_from_syserror (); else { rc = assuan_send_data (ctx, string, strlen (string)+1); if (!rc) rc = assuan_send_data (ctx, NULL, 0); } if (rc) break; } } } else if (!strncmp (line, "cmd_has_option", 14) && (line[14] == ' ' || line[14] == '\t' || !line[14])) { char *cmd, *cmdopt; line += 14; while (*line == ' ' || *line == '\t') line++; if (!*line) rc = gpg_error (GPG_ERR_MISSING_VALUE); else { cmd = line; while (*line && (*line != ' ' && *line != '\t')) line++; if (!*line) rc = gpg_error (GPG_ERR_MISSING_VALUE); else { *line++ = 0; while (*line == ' ' || *line == '\t') line++; if (!*line) rc = gpg_error (GPG_ERR_MISSING_VALUE); else { cmdopt = line; if (!command_has_option (cmd, cmdopt)) rc = gpg_error (GPG_ERR_GENERAL); } } } } else rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); return rc; } static gpg_error_t option_handler (assuan_context_t ctx, const char *key, const char *value) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err = 0; if (!strcmp (key, "agent-awareness")) { /* The value is a version string telling us of which agent version the caller is aware of. */ ctrl->server_local->allow_fully_canceled = gnupg_compare_version (value, "2.1.0"); } else if (!strcmp (key, "putenv")) { /* Change the session's environment to be used for the Pinentry. Valid values are: Delete envvar NAME = Set envvar NAME to the empty string = Set envvar NAME to VALUE */ err = session_env_putenv (ctrl->session_env, value); } else if (!strcmp (key, "display")) { err = session_env_setenv (ctrl->session_env, "DISPLAY", value); } else if (!strcmp (key, "ttyname")) { if (!opt.keep_tty) err = session_env_setenv (ctrl->session_env, "GPG_TTY", value); } else if (!strcmp (key, "ttytype")) { if (!opt.keep_tty) err = session_env_setenv (ctrl->session_env, "TERM", value); } else if (!strcmp (key, "lc-ctype")) { if (ctrl->lc_ctype) xfree (ctrl->lc_ctype); ctrl->lc_ctype = xtrystrdup (value); if (!ctrl->lc_ctype) return out_of_core (); } else if (!strcmp (key, "lc-messages")) { if (ctrl->lc_messages) xfree (ctrl->lc_messages); ctrl->lc_messages = xtrystrdup (value); if (!ctrl->lc_messages) return out_of_core (); } else if (!strcmp (key, "xauthority")) { err = session_env_setenv (ctrl->session_env, "XAUTHORITY", value); } else if (!strcmp (key, "pinentry-user-data")) { err = session_env_setenv (ctrl->session_env, "PINENTRY_USER_DATA", value); } else if (!strcmp (key, "use-cache-for-signing")) ctrl->server_local->use_cache_for_signing = *value? atoi (value) : 0; else if (!strcmp (key, "allow-pinentry-notify")) ctrl->server_local->allow_pinentry_notify = 1; else err = gpg_error (GPG_ERR_UNKNOWN_OPTION); return err; } /* Called by libassuan after all commands. ERR is the error from the last assuan operation and not the one returned from the command. */ static void post_cmd_notify (assuan_context_t ctx, gpg_error_t err) { ctrl_t ctrl = assuan_get_pointer (ctx); (void)err; /* Switch off any I/O monitor controlled logging pausing. */ ctrl->server_local->pause_io_logging = 0; } /* This function is called by libassuan for all I/O. We use it here to disable logging for the GETEVENTCOUNTER commands. This is so that the debug output won't get cluttered by this primitive command. */ static unsigned int io_monitor (assuan_context_t ctx, void *hook, int direction, const char *line, size_t linelen) { ctrl_t ctrl = assuan_get_pointer (ctx); (void) hook; /* Note that we only check for the uppercase name. This allows to see the logging for debugging if using a non-upercase command name. */ if (ctx && direction == ASSUAN_IO_FROM_PEER && linelen >= 15 && !strncmp (line, "GETEVENTCOUNTER", 15) && (linelen == 15 || spacep (line+15))) { ctrl->server_local->pause_io_logging = 1; } return ctrl->server_local->pause_io_logging? ASSUAN_IO_MONITOR_NOLOG : 0; } /* Return true if the command CMD implements the option OPT. */ static int command_has_option (const char *cmd, const char *cmdopt) { if (!strcmp (cmd, "GET_PASSPHRASE")) { if (!strcmp (cmdopt, "repeat")) return 1; } return 0; } /* Tell the assuan library about our commands */ static int register_commands (assuan_context_t ctx) { static struct { const char *name; assuan_handler_t handler; const char * const help; } table[] = { { "GETEVENTCOUNTER",cmd_geteventcounter, hlp_geteventcounter }, { "ISTRUSTED", cmd_istrusted, hlp_istrusted }, { "HAVEKEY", cmd_havekey, hlp_havekey }, { "KEYINFO", cmd_keyinfo, hlp_keyinfo }, { "SIGKEY", cmd_sigkey, hlp_sigkey }, { "SETKEY", cmd_sigkey, hlp_sigkey }, { "SETKEYDESC", cmd_setkeydesc,hlp_setkeydesc }, { "SETHASH", cmd_sethash, hlp_sethash }, { "PKSIGN", cmd_pksign, hlp_pksign }, { "PKDECRYPT", cmd_pkdecrypt, hlp_pkdecrypt }, { "GENKEY", cmd_genkey, hlp_genkey }, { "READKEY", cmd_readkey, hlp_readkey }, { "GET_PASSPHRASE", cmd_get_passphrase, hlp_get_passphrase }, { "PRESET_PASSPHRASE", cmd_preset_passphrase, hlp_preset_passphrase }, { "CLEAR_PASSPHRASE", cmd_clear_passphrase, hlp_clear_passphrase }, { "GET_CONFIRMATION", cmd_get_confirmation, hlp_get_confirmation }, { "LISTTRUSTED", cmd_listtrusted, hlp_listtrusted }, { "MARKTRUSTED", cmd_marktrusted, hlp_martrusted }, { "LEARN", cmd_learn, hlp_learn }, { "PASSWD", cmd_passwd, hlp_passwd }, { "INPUT", NULL }, { "OUTPUT", NULL }, { "SCD", cmd_scd, hlp_scd }, { "KEYWRAP_KEY", cmd_keywrap_key, hlp_keywrap_key }, { "IMPORT_KEY", cmd_import_key, hlp_import_key }, { "EXPORT_KEY", cmd_export_key, hlp_export_key }, { "GETVAL", cmd_getval, hlp_getval }, { "PUTVAL", cmd_putval, hlp_putval }, { "UPDATESTARTUPTTY", cmd_updatestartuptty, hlp_updatestartuptty }, { "KILLAGENT", cmd_killagent, hlp_killagent }, { "RELOADAGENT", cmd_reloadagent,hlp_reloadagent }, { "GETINFO", cmd_getinfo, hlp_getinfo }, { NULL } }; int i, rc; for (i=0; table[i].name; i++) { rc = assuan_register_command (ctx, table[i].name, table[i].handler, table[i].help); if (rc) return rc; } assuan_register_post_cmd_notify (ctx, post_cmd_notify); assuan_register_reset_notify (ctx, reset_notify); assuan_register_option_handler (ctx, option_handler); return 0; } /* Startup the server. If LISTEN_FD and FD is given as -1, this is a simple piper server, otherwise it is a regular server. CTRL is the control structure for this connection; it has only the basic intialization. */ void start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) { int rc; assuan_context_t ctx = NULL; rc = assuan_new (&ctx); if (rc) { log_error ("failed to allocate assuan context: %s\n", gpg_strerror (rc)); agent_exit (2); } if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD) { assuan_fd_t filedes[2]; filedes[0] = assuan_fdopen (0); filedes[1] = assuan_fdopen (1); rc = assuan_init_pipe_server (ctx, filedes); } else if (listen_fd != GNUPG_INVALID_FD) { rc = assuan_init_socket_server (ctx, listen_fd, 0); /* FIXME: Need to call assuan_sock_set_nonce for Windows. But this branch is currently not used. */ } else { rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED); } if (rc) { log_error ("failed to initialize the server: %s\n", gpg_strerror(rc)); agent_exit (2); } rc = register_commands (ctx); if (rc) { log_error ("failed to register commands with Assuan: %s\n", gpg_strerror(rc)); agent_exit (2); } assuan_set_pointer (ctx, ctrl); ctrl->server_local = xcalloc (1, sizeof *ctrl->server_local); ctrl->server_local->assuan_ctx = ctx; ctrl->server_local->message_fd = -1; ctrl->server_local->use_cache_for_signing = 1; ctrl->digest.raw_value = 0; assuan_set_io_monitor (ctx, io_monitor, NULL); for (;;) { rc = assuan_accept (ctx); if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1) { break; } else if (rc) { log_info ("Assuan accept problem: %s\n", gpg_strerror (rc)); break; } rc = assuan_process (ctx); if (rc) { log_info ("Assuan processing failed: %s\n", gpg_strerror (rc)); continue; } } /* Reset the nonce caches. */ clear_nonce_cache (ctrl); /* Reset the SCD if needed. */ agent_reset_scd (ctrl); /* Reset the pinentry (in case of popup messages). */ agent_reset_query (ctrl); /* Cleanup. */ assuan_release (ctx); xfree (ctrl->server_local->keydesc); xfree (ctrl->server_local->import_key); xfree (ctrl->server_local->export_key); if (ctrl->server_local->stopme) agent_exit (0); xfree (ctrl->server_local); ctrl->server_local = NULL; }