* gpgsm.c: Add option --enable-crl-checks.

* call-agent.c (start_agent): Implemented socket based access. * call-dirmngr.c (start_dirmngr): Ditto.
2002-01-21 12:03:38 +00:00 · 2002-01-21 12:03:38 +00:00 · 1146232890
parent e610a0aa21
commit 1146232890
4 changed files with 105 additions and 45 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,10 @@
+2002-01-21  Werner Koch  <wk@gnupg.org>
+
+	* gpgsm.c: Add option --enable-crl-checks.
+
+	* call-agent.c (start_agent): Implemented socket based access.
+	* call-dirmngr.c (start_dirmngr): Ditto.
+
 2002-01-20  Werner Koch  <wk@gnupg.org>

 	* server.c (option_handler): New.
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -35,6 +35,7 @@


 static ASSUAN_CONTEXT agent_ctx = NULL;
+static int force_pipe_server = 0;

 struct cipher_parm_s {
  ASSUAN_CONTEXT ctx;
@ -126,17 +127,17 @@ start_agent (void)
 {
  int rc;
  char *infostr, *p;
+  ASSUAN_CONTEXT ctx;

  if (agent_ctx)
    return 0; /* fixme: We need a context for each thread or serialize
                 the access to the agent (which is suitable given that
                 the agent is not MT */

-  infostr = getenv ("GPG_AGENT_INFO");
+  infostr = force_pipe_server? NULL : getenv ("GPG_AGENT_INFO");
  if (!infostr)
    {
      const char *pgmname;
-      ASSUAN_CONTEXT ctx;
      const char *argv[3];

      log_info (_("no running gpg-agent - starting one\n"));
@ -160,28 +161,52 @@ start_agent (void)

      /* connect to the agent and perform initial handshaking */
      rc = assuan_pipe_connect (&ctx, opt.agent_program, (char**)argv, 0);
-      if (rc)
-        {
-          log_error ("can't connect to the agent: %s\n", assuan_strerror (rc));
-          return seterr (No_Agent);
-        }
-      agent_ctx = ctx;
    }
  else
    {
+      int prot;
+      int pid;
+
      infostr = xstrdup (infostr);
-      if ( !(p = strchr (infostr, ':')) || p == infostr
-           /* || (p-infostr)+1 >= sizeof client_addr.sun_path */)
+      if ( !(p = strchr (infostr, ':')) || p == infostr)
        {
          log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
          xfree (infostr);
-          return seterr (General_Error);
+          force_pipe_server = 1;
+          return start_agent ();
+        }
+      *p++ = 0;
+      pid = atoi (p);
+      while (*p && *p != ':')
+        p++;
+      prot = *p? atoi (p+1) : 0;
+      if (prot != 1)
+        {
+          log_error (_("gpg-agent protocol version %d is not supported\n"),
+                     prot);
+          xfree (infostr);
+          force_pipe_server = 1;
+          return start_agent ();
+        }
+
+      rc = assuan_socket_connect (&ctx, infostr, pid);
+      xfree (infostr);
+      if (rc == ASSUAN_Connect_Failed)
+        {
+          log_error (_("can't connect to the agent - trying fall back\n"));
+          force_pipe_server = 1;
+          return start_agent ();
        }
-      *p = 0;
-      log_error (_("socket based agent communication not yet implemented\n"));
-      return seterr (Not_Implemented);
    }

+
+  if (rc)
+    {
+      log_error ("can't connect to the agent: %s\n", assuan_strerror (rc));
+      return seterr (No_Agent);
+    }
+  agent_ctx = ctx;
+
  if (DBG_AGENT)
    log_debug ("connection to agent established\n");
  return 0;
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@ -34,6 +34,7 @@
 #include "i18n.h"

 static ASSUAN_CONTEXT dirmngr_ctx = NULL;
+static int force_pipe_server = 0;

 struct inq_certificate_parm_s {
  ASSUAN_CONTEXT ctx;
@ -57,17 +58,16 @@ start_dirmngr (void)
 {
  int rc;
  char *infostr, *p;
+  ASSUAN_CONTEXT ctx;

  if (dirmngr_ctx)
    return 0; /* fixme: We need a context for each thread or serialize
-                 the access to the agent (which is suitable given that
-                 the agent is not MT */
+                 the access to the dirmngr */

-  infostr = getenv ("DIRMNGR_INFO");
+  infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO");
  if (!infostr)
    {
      const char *pgmname;
-      ASSUAN_CONTEXT ctx;
      const char *argv[3];

      log_info (_("no running dirmngr - starting one\n"));
@ -91,28 +91,51 @@ start_dirmngr (void)

      /* connect to the agent and perform initial handshaking */
      rc = assuan_pipe_connect (&ctx, opt.dirmngr_program, (char**)argv, 0);
-      if (rc)
-        {
-          log_error ("can't connect to the dirmngr: %s\n", assuan_strerror (rc));
-          return seterr (No_Dirmngr);
-        }
-      dirmngr_ctx = ctx;
    }
  else
    {
+      int prot;
+      int pid;
+
      infostr = xstrdup (infostr);
-      if ( !(p = strchr (infostr, ':')) || p == infostr
-           /* || (p-infostr)+1 >= sizeof client_addr.sun_path */)
+      if ( !(p = strchr (infostr, ':')) || p == infostr)
        {
          log_error (_("malformed DIRMNGR_INFO environment variable\n"));
          xfree (infostr);
-          return seterr (General_Error);
+          force_pipe_server = 1;
+          return start_dirmngr ();
+        }
+      *p++ = 0;
+      pid = atoi (p);
+      while (*p && *p != ':')
+        p++;
+      prot = *p? atoi (p+1) : 0;
+      if (prot != 1)
+        {
+          log_error (_("dirmngr protocol version %d is not supported\n"),
+                     prot);
+          xfree (infostr);
+          force_pipe_server = 1;
+          return start_dirmngr ();
+        }
+
+      rc = assuan_socket_connect (&ctx, infostr, pid);
+      xfree (infostr);
+      if (rc == ASSUAN_Connect_Failed)
+        {
+          log_error (_("can't connect to the dirmngr - trying fall back\n"));
+          force_pipe_server = 1;
+          return start_dirmngr ();
        }
-      *p = 0;
-      log_error (_("socket based dirmngr communication not yet implemented\n"));
-      return seterr (Not_Implemented);
    }

+  if (rc)
+    {
+      log_error ("can't connect to the dirmngr: %s\n", assuan_strerror (rc));
+      return seterr (No_Dirmngr);
+    }
+  dirmngr_ctx = ctx;
+
  if (DBG_AGENT)
    log_debug ("connection to dirmngr established\n");
  return 0;
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -36,24 +36,24 @@

 enum cmd_and_opt_values {
  aNull = 0,
-  oArmor	  = 'a',
+  oArmor        = 'a',
  aDetachedSign = 'b',
-  aSym	  = 'c',
-  aDecrypt	  = 'd',
-  aEncr	  = 'e',
+  aSym	        = 'c',
+  aDecrypt	= 'd',
+  aEncr	        = 'e',
  oInteractive  = 'i',
-  oKOption	  = 'k',
-  oDryRun	  = 'n',
-  oOutput	  = 'o',
-  oQuiet	  = 'q',
-  oRecipient	  = 'r',
-  aSign	  = 's',
+  oKOption	= 'k',
+  oDryRun	= 'n',
+  oOutput	= 'o',
+  oQuiet	= 'q',
+  oRecipient	= 'r',
+  aSign	        = 's',
  oTextmodeShort= 't',
-  oUser	  = 'u',
-  oVerbose	  = 'v',
-  oCompress	  = 'z',
-  oNotation	  = 'N',
-  oBatch	  = 500,
+  oUser	        = 'u',
+  oVerbose	= 'v',
+  oCompress	= 'z',
+  oNotation	= 'N',
+  oBatch	= 500,
  aClearsign,
  aStore,
  aKeygen,
@ -96,6 +96,7 @@ enum cmd_and_opt_values {
  oNoArmor,

  oDisableCRLChecks,
+  oEnableCRLChecks,

  oTextmode,
  oFingerprint,
@ -226,6 +227,7 @@ static ARGPARSE_OPTS opts[] = {


    { oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")},
+    { oEnableCRLChecks, "enable-crl-checks", 0, "@"},


 #if 0
@ -736,6 +738,9 @@ main ( int argc, char **argv)
        case oDisableCRLChecks:
          opt.no_crl_check = 1;
          break;
+        case oEnableCRLChecks:
+          opt.no_crl_check = 0;
+          break;
          

        case oOutput: opt.outfile = pargs.r.ret_str; break;