security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

Import fixes.

Browse Source 
new otion for watchgnupg
This commit is contained in:
Werner Koch 2010-10-06 11:29:10 +00:00
parent cc71376bce
commit 002b30e75c
10 changed files with 69 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
2010-10-06 Werner Koch <wk@g10code.com>
* configure.ac: Make --enable-standard-socket the default.
2010-10-04 Werner Koch <wk@g10code.com> 2010-10-04 Werner Koch <wk@g10code.com>
* configure.ac (GNUPG_CHECK_FAQPROG): Remove. * configure.ac (GNUPG_CHECK_FAQPROG): Remove.

4
NEWS
View File

@ -26,8 +26,8 @@ Noteworthy changes in version 2.1.x (under development)
* If the agent's --use-standard-socket option is active, all tools * If the agent's --use-standard-socket option is active, all tools
try to start and daemonize the agent on the fly. In the past this try to start and daemonize the agent on the fly. In the past this
was only supported on W32; on non-W32 systems the new configure was only supported on W32; on non-W32 systems the new configure
option --enable-standard-socket may now be used to use this feature option --disable-standard-socket may now be used to disable this
by default. new default.
* Dirmngr is now a part of this package. Dirmngr is now also * Dirmngr is now a part of this package. Dirmngr is now also
expected to run as a system service and the configuration expected to run as a system service and the configuration

4
agent/ChangeLog
View File

@ -1,3 +1,7 @@
2010-10-06 Werner Koch <wk@g10code.com>
* cvt-openpgp.c (convert_secret_key): Add missing break.
2010-10-05 Werner Koch <wk@g10code.com> 2010-10-05 Werner Koch <wk@g10code.com>
* gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k * gpg-agent.c (main): Don't set SSH_AGENT_PID so that ssh-agent -k

1
agent/cvt-openpgp.c
View File

@ -126,6 +126,7 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey)
"(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
skey[0], skey[1], skey[2], skey[3], skey[4], skey[0], skey[1], skey[2], skey[3], skey[4],
skey[5]); skey[5]);
break;
default: default:
err = gpg_error (GPG_ERR_PUBKEY_ALGO); err = gpg_error (GPG_ERR_PUBKEY_ALGO);

6
configure.ac
View File

@ -79,7 +79,7 @@ use_bzip2=yes
use_exec=yes use_exec=yes
disable_keyserver_path=no disable_keyserver_path=no
use_ccid_driver=yes use_ccid_driver=yes
use_standard_socket=no use_standard_socket=yes
try_ks_ldap=no try_ks_ldap=no
@ -657,8 +657,8 @@ fi
# #
AC_MSG_CHECKING([whether to use a standard socket by default]) AC_MSG_CHECKING([whether to use a standard socket by default])
AC_ARG_ENABLE(standard-socket, AC_ARG_ENABLE(standard-socket,
AC_HELP_STRING([--enable-standard-socket], AC_HELP_STRING([--disable-standard-socket],
[use a standard socket for the agent by default]), [don't use a standard socket by default]),
use_standard_socket=$enableval) use_standard_socket=$enableval)
tmp="" tmp=""
if test "$use_standard_socket" != yes; then if test "$use_standard_socket" != yes; then

17
doc/gpg-agent.texi
View File

@ -2,6 +2,11 @@
@c This is part of the GnuPG manual. @c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi. @c For copying conditions, see the file gnupg.texi.
@c Note that we use this texinfo file for all versions of GnuPG:
@c 2.0 and 2.1. The macro "gpgtwoone" controls parts which are only
@c valid for GnuPG 2.1 and later.
@node Invoking GPG-AGENT @node Invoking GPG-AGENT
@chapter Invoking GPG-AGENT @chapter Invoking GPG-AGENT
@cindex GPG-AGENT command options @cindex GPG-AGENT command options
@ -438,8 +443,16 @@ a random socket below a temporary directory. Tools connecting to
environment variable @var{GPG_AGENT_INFO} and then fall back to this environment variable @var{GPG_AGENT_INFO} and then fall back to this
socket. This option may not be used if the home directory is mounted on socket. This option may not be used if the home directory is mounted on
a remote file system which does not support special files like fifos or a remote file system which does not support special files like fifos or
sockets. Note, that @option{--use-standard-socket} is the default on sockets.
Windows systems. The default may be changed at build time. It is @ifset gpgtwoone
Note, that @option{--use-standard-socket} is the default on all
systems since GnuPG 2.1.
@end ifset
@ifclear gpgtwoone
Note, that @option{--use-standard-socket} is the default on
Windows systems.
@end ifclear
The default may be changed at build time. It is
possible to test at runtime whether the agent has been configured for possible to test at runtime whether the agent has been configured for
use with the standard socket by issuing the command @command{gpg-agent use with the standard socket by issuing the command @command{gpg-agent
--use-standard-socket-p} which returns success if the standard socket --use-standard-socket-p} which returns success if the standard socket

5
g10/ChangeLog
View File

@ -1,3 +1,8 @@
2010-10-06 Werner Koch <wk@g10code.com>
* import.c (transfer_secret_keys): Ignore missing key parameters.
Provide dummy IV. Ignore stub keys.
2010-10-01 Werner Koch <wk@g10code.com> 2010-10-01 Werner Koch <wk@g10code.com>
* export.c (do_export_stream): Rewrite to take the secret keys * export.c (do_export_stream): Rewrite to take the secret keys

18
g10/import.c
View File

@ -1122,8 +1122,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
if (!err) if (!err)
err = gcry_cipher_setkey (cipherhd, kek, keklen); err = gcry_cipher_setkey (cipherhd, kek, keklen);
if (err) if (err)
goto leave; goto leave; xfree (kek);
xfree (kek);
kek = NULL; kek = NULL;
main_pk = NULL; main_pk = NULL;
@ -1143,6 +1142,11 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
stats->count++; stats->count++;
stats->secret_read++; stats->secret_read++;
/* For now we ignore the stub keys becuase we don't have real
support for them in gpg-agent. */
if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
continue;
/* Convert our internal secret key object into an S-expression. */ /* Convert our internal secret key object into an S-expression. */
nskey = pubkey_get_nskey (pk->pubkey_algo); nskey = pubkey_get_nskey (pk->pubkey_algo);
if (!nskey || nskey > PUBKEY_MAX_NSKEY) if (!nskey || nskey > PUBKEY_MAX_NSKEY)
@ -1156,7 +1160,9 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
put_membuf_str (&mbuf, "(skey"); put_membuf_str (&mbuf, "(skey");
for (i=j=0; i < nskey; i++) for (i=j=0; i < nskey; i++)
{ {
if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE)) if (!pk->pkey[i])
; /* Protected keys only have NPKEY+1 elements. */
else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
{ {
put_membuf_str (&mbuf, " e %b"); put_membuf_str (&mbuf, " e %b");
format_args_buf_ptr[i] = gcry_mpi_get_opaque (pk->pkey[i], &n); format_args_buf_ptr[i] = gcry_mpi_get_opaque (pk->pkey[i], &n);
@ -1190,6 +1196,9 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
{ {
char countbuf[35]; char countbuf[35];
/* Note that the IVLEN may be zero if we are working on a
dummy key. We can't express that in an S-expression and
thus we send dummy data for the IV. */
snprintf (countbuf, sizeof countbuf, "%lu", snprintf (countbuf, sizeof countbuf, "%lu",
(unsigned long)ski->s2k.count); (unsigned long)ski->s2k.count);
err = gcry_sexp_build err = gcry_sexp_build
@ -1197,7 +1206,8 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
" (protection %s %s %b %d %s %b %s)\n", " (protection %s %s %b %d %s %b %s)\n",
ski->sha1chk? "sha1":"sum", ski->sha1chk? "sha1":"sum",
openpgp_cipher_algo_name (ski->algo), openpgp_cipher_algo_name (ski->algo),
(int)ski->ivlen, ski->iv, ski->ivlen? (int)ski->ivlen:1,
ski->ivlen? ski->iv: (const unsigned char*)"X",
ski->s2k.mode, ski->s2k.mode,
openpgp_md_algo_name (ski->s2k.hash_algo), openpgp_md_algo_name (ski->s2k.hash_algo),
(int)sizeof (ski->s2k.salt), ski->s2k.salt, (int)sizeof (ski->s2k.salt), ski->s2k.salt,

4
tools/ChangeLog
View File

@ -1,3 +1,7 @@
2010-10-06 Werner Koch <wk@g10code.com>
* watchgnupg.c (print_version): Add option --time-only.
2010-10-05 Werner Koch <wk@g10code.com> 2010-10-05 Werner Koch <wk@g10code.com>
* watchgnupg.c (main): Support TCP and local socket listening. * watchgnupg.c (main): Support TCP and local socket listening.

13
tools/watchgnupg.c
View File

@ -52,7 +52,7 @@
static int verbose; static int verbose;
static int time_only;
static void static void
die (const char *format, ...) die (const char *format, ...)
@ -136,6 +136,11 @@ print_fd_and_time (int fd)
time_t atime = time (NULL); time_t atime = time (NULL);
tp = localtime (&atime); tp = localtime (&atime);
if (time_only)
printf ("%3d - %02d:%02d:%02d ",
fd,
tp->tm_hour, tp->tm_min, tp->tm_sec );
else
printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ", printf ("%3d - %04d-%02d-%02d %02d:%02d:%02d ",
fd, fd,
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
@ -262,6 +267,7 @@ print_version (int with_help)
" --tcp listen on a TCP port and optionally on a local socket\n" " --tcp listen on a TCP port and optionally on a local socket\n"
" --force delete an already existing socket file\n" " --force delete an already existing socket file\n"
" --verbose enable extra informational output\n" " --verbose enable extra informational output\n"
" --time-only print only the time; not a full timestamp\n"
" --version print version of the program and exit\n" " --version print version of the program and exit\n"
" --help display this help and exit\n" " --help display this help and exit\n"
BUGREPORT_LINE, stdout ); BUGREPORT_LINE, stdout );
@ -306,6 +312,11 @@ main (int argc, char **argv)
verbose = 1; verbose = 1;
argc--; argv++; argc--; argv++;
} }
else if (!strcmp (*argv, "--time-only"))
{
time_only = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--force")) else if (!strcmp (*argv, "--force"))
{ {
force = 1; force = 1;