security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

2009-09-23 Marcus Brinkmann <marcus@g10code.de> 

* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
	Update to new API (2, 1.1.0).

agent/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-agent.c (parse_rereadable_options): Don't set global assuan
	log file (there ain't one anymore).
	(main): Update to new API.
	(check_own_socket_pid_cb): Return gpg_error_t instead of int.
	(check_own_socket_thread, check_for_running_agent): Create assuan
	context before connecting to server.
	* command.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(write_and_clear_outbuf): Use gpg_error_t instead of
	assuan_error_t.
	(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
	(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
	(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
	(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
	(cmd_get_confirmation, cmd_learn, cmd_passwd)
	(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
	(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
	(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
	(post_cmd_notify): Change type of ERR to gpg_error_t from int.
	(io_monitor): Add hook argument.  Use symbols for constants.
	(register_commands): Change return type of HANDLER to gpg_error_t.
	(start_command_handler): Allocate assuan context before starting
	server.
	* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
	of GPG_ERR_SOURCE_DEFAULT check.
	(unlock_pinentry): Call assuan_release instead of
	assuan_disconnect.
	(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
	(start_pinentry): Allocate assuan context before connecting to
	server.
	* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
	(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
	(pass_data_thru): Change return type to gpg_error_t.
	(start_scd): Allocate assuan context before connecting to server.

common/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Allocate assuan context before
	starting server.

g10/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
	(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
	(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
	int.
	* gpg.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(main): Update to new Assuan API.
	* server.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
	(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
	(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
	(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
	instead of int.
	(register_commands): Allocate assuan context before starting
	server.
	(gpg_server): Allocate assuan_context before starting server.

scd/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* command.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
	(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
	(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
	(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
	(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
	(cmd_killscd): Return gpg_error_t instead of int.
	(scd_command_handler): Allocate assuan context before starting server.
	* scdaemon.c (main): Update to new Assuan API.

sm/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpgsm.c (main): Update to new assuan API.
	* server.c: Include "gpgsm.h" before <assuan.h> due to check for
	GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
	(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
	(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
	(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
	(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
	(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
	(register_commands): Same for member HANDLER in table.
	(gpgsm_server): Allocate assuan context before starting server.
	* sm/call-dirmngr.c:
	* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
	setting LDAPSERVER.
	(start_dirmngr_ext): Allocate assuan context before starting
	server.
	(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
	(run_command_cb, run_command_inq_cb, run_command_status_cb):
	Return gpg_error_t instead of int.

tools/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
	(main): Update to new Assuan API.


Conflicts:

	ChangeLog
	agent/ChangeLog
	agent/command.c
	common/ChangeLog
	g10/ChangeLog
	scd/ChangeLog
	sm/ChangeLog
	sm/gpgsm.c
	tools/ChangeLog

Somehow this slipped through.  Really commit this time.

2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
	(main): Update to new Assuan API.


2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* configure.ac: Check for libassuan instead of libassuan-pth.

common/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
	of LIBASSUAN_PTH_CFLAGS.

scd/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* AM_CFLAGS, scdaemon_LDADD: Use libassuan instead of libassuan-pth.
	* scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks and assuan_sock_init.

g13/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* AM_CFLAGS, g13_LDADD: Use libassuan instead of libassuan-pth.
	* g13.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks.

agent/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* gpg_agent_CFLAGS, gpg_agent_LDADD: Use libassuan instead of
	libassuan-pth.
	* gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks and assuan_sock_init.
	Fix invocation of assuan_socket_connect.


Conflicts:

	ChangeLog
	agent/ChangeLog
	common/ChangeLog
	configure.ac
	g13/ChangeLog
	g13/Makefile.am
	g13/g13.c
	scd/ChangeLog

agent/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (reset_notify): Take LINE arg and return error.
	(register_commands): Use assuan_handler_t type.

common/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
	type to gpg_error_t.

g10/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (reset_notify, input_notify, output_notify): Update to
	new assuan interface.
	(register_commands): Use assuan_handler_t.

scd/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (reset_notify): Take LINE arg and return error.
	(register_commands): Use assuan_handler_t type.

sm/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (reset_notify, input_notify, output_notify): Update to
	new assuan interface.
	(register_commands): Use assuan_handler_t.
	* call-agent.c (membuf_data_cb, default_inq_cb)
	(inq_ciphertext_cb, scd_serialno_status_cb)
	(scd_keypairinfo_status_cb, istrusted_status_cb)
	(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.


Conflicts:

	agent/ChangeLog
	common/ChangeLog
	g10/ChangeLog
	g10/server.c
	g13/ChangeLog
	g13/server.c
	scd/ChangeLog
	sm/ChangeLog

Adjust for assuan_register_command change.


Conflicts:

	agent/ChangeLog
	g10/ChangeLog
	g13/ChangeLog
	g13/server.c
	scd/ChangeLog
	sm/ChangeLog

Add hack for the HELP command.


Conflicts:

	tools/ChangeLog

Add help strings for all commands.


Conflicts:

	agent/ChangeLog
	agent/command.c

Add help strings for all commands.


Conflicts:

	scd/ChangeLog

Add help strings for all commands


Conflicts:

	sm/ChangeLog

agent/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not
	assuan_pipe_connect_ext.
	* command.c (start_command_handler): Change
	assuan_init_socket_server_ext into assuan_init_socket_server.
	* call-scd.c (start_scd): Update use of assuan_socket_connect and
	assuan_pipe_connect.
	* gpg-agent.c (check_own_socket_thread, check_for_running_agent):
	Update use of assuan_socket_connect.

common/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Update use of
	assuan_socket_connect and assuan_pipe_connect.

scd/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (scd_command_handler): Call assuan_init_socket_server,
	not assuan_init_socket_server_ext.

sm/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* call-dirmngr.c (start_dirmngr_ext): Update use of
	assuan_pipe_connect and assuan_socket_connect.

tools/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (start_agent): Update use of
	assuan_socket_connect and assuan_pipe_connect.


Conflicts:

	agent/ChangeLog
	common/ChangeLog
	g13/ChangeLog
	g13/call-gpg.c
	scd/ChangeLog
	sm/ChangeLog
	tools/ChangeLog

agent/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (start_command_handler): Use assuan_fd_t and
	assuan_fdopen on fds.

scd/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (scd_command_handler): Use assuan_fd_t and
	assuan_fdopen on fds.

sm/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on
	fds.

g10/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds.


Conflicts:

	agent/ChangeLog
	g10/ChangeLog
	g13/server.c
	scd/ChangeLog
	sm/ChangeLog

2009-11-27  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (start_command_handler): Do not call
	assuan_set_log_stream anymore.
	* gpg-agent.c (main): But call assuan_set_assuan_log_stream here.


Conflicts:

	agent/ChangeLog
	agent/command.c

2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing
	argument in assuan_socket_connect invocation.
	* iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function
	declaration.


Conflicts:

	common/ChangeLog
	common/iobuf.c

common/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD.

agent/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* call-pinentry.c (start_pinentry): Convert posix fd to assuan fd.
	* call-scd.c (start_scd): Likewise.

sm/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd.

tools/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (main): Convert posix fd to assuan fd.


Conflicts:

	agent/ChangeLog
	common/ChangeLog
	g13/call-gpg.c
	sm/ChangeLog
	tools/ChangeLog
This commit is contained in:
Marcus Brinkmann 2010-02-12 15:15:34 +00:00
parent d6a28faafa
commit 203f54a634
28 changed files with 1434 additions and 984 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ChangeLog
View File

@ -1,3 +1,16 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-10-16:
* configure.ac: Check for libassuan instead of libassuan-pth.
2009-10-12 Werner Koch <wk@g10code.com>
From trunk 2009-09-23:
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
2009-12-21 Werner Koch <wk@g10code.com>
Release 2.0.14.

55
agent/ChangeLog
View File

@ -1,3 +1,58 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25,
2009-12-08:
* Makefile.am (gpg_agent_CFLAGS, gpg_agent_LDADD): Use libassuan
instead of libassuan-pth.
* gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
(main): Update to new API. Call assuan_set_system_hooks and
assuan_sock_init. Fix invocation of assuan_socket_connect.
Call assuan_set_assuan_log_stream here.
(parse_rereadable_options): Don't set global assuan log
file (there ain't one anymore).
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server. Update use of
assuan_socket_connect.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
Use assuan_handler_t type. Add NULL arg to assuan_register_command.
Add help arg to assuan_register_command. Convert all command
comments to help strings.
(start_command_handler): Allocate assuan context before starting
server. Change assuan_init_socket_server_ext into
assuan_init_socket_server. Use assuan_fd_t and assuan_fdopen on fds.
Do not call assuan_set_log_stream anymore.
(reset_notify): Take LINE arg and return error.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server. Call assuan_pipe_connect, notassuan_pipe_connect_ext.
Convert posix fd to assuan fd.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
Update use of assuan_socket_connect and assuan_pipe_connect.
Convert posix fd to assuan fd.
2010-01-26 Werner Koch <wk@g10code.com>
* protect.c (do_encryption): Encode the s2kcount and do not use a

4
agent/Makefile.am
View File

@ -62,9 +62,9 @@ gpg_agent_res_deps =
#endif
gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_PTH_CFLAGS) $(PTH_CFLAGS)
gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
gpg_agent_LDADD = $(commonpth_libs) \
$(LIBGCRYPT_LIBS) $(LIBASSUAN_PTH_LIBS) $(PTH_LIBS) \
$(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
$(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
gpg_agent_LDFLAGS = $(gpg_agent_res_ldflags)
gpg_agent_DEPENDENCIES = $(gpg_agent_res_deps)

27
agent/call-pinentry.c
View File

@ -32,9 +32,9 @@
# include <signal.h>
#endif
#include <pth.h>
#include <assuan.h>
#include "agent.h"
#include <assuan.h>
#include "setenv.h"
#include "i18n.h"
@ -158,7 +158,7 @@ unlock_pinentry (int rc)
if (!rc)
rc = gpg_error (GPG_ERR_INTERNAL);
}
assuan_disconnect (ctx);
assuan_release (ctx);
return rc;
}
@ -196,7 +196,7 @@ atfork_cb (void *opaque, int where)
}
static int
static gpg_error_t
getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
{
unsigned long *pid = opaque;
@ -304,21 +304,30 @@ start_pinentry (ctrl_t ctrl)
if (!opt.running_detached)
{
if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd ();
no_close_list[i++] = fileno (stderr);
no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
}
no_close_list[i] = -1;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
return rc;
}
/* Connect to the pinentry and perform initial handshaking. Note
that atfork is used to change the environment for pinentry. We
start the server in detached mode to suppress the console window
under Windows. */
rc = assuan_pipe_connect_ext (&ctx, opt.pinentry_program, argv,
no_close_list, atfork_cb, ctrl, 128);
rc = assuan_pipe_connect (ctx, opt.pinentry_program, argv,
no_close_list, atfork_cb, ctrl,
ASSUAN_PIPE_CONNECT_DETACHED);
if (rc)
{
log_error ("can't connect to the PIN entry module: %s\n",
gpg_strerror (rc));
assuan_release (ctx);
return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
}
entry_ctx = ctx;
@ -463,7 +472,7 @@ pinentry_active_p (ctrl_t ctrl, int waitseconds)
}
static int
static gpg_error_t
getpin_cb (void *opaque, const void *buffer, size_t length)
{
struct entry_parm_s *parm = opaque;
@ -553,7 +562,7 @@ estimate_passphrase_quality (const char *pw)
/* Handle the QUALITY inquiry. */
static int
static gpg_error_t
inq_quality (void *opaque, const char *line)
{
assuan_context_t ctx = opaque;

46
agent/call-scd.c
View File

@ -108,8 +108,8 @@ static int primary_scd_ctx_reusable;
/* Local prototypes. */
static assuan_error_t membuf_data_cb (void *opaque,
const void *buffer, size_t length);
static gpg_error_t membuf_data_cb (void *opaque,
const void *buffer, size_t length);
@ -209,7 +209,7 @@ start_scd (ctrl_t ctrl)
{
gpg_error_t err = 0;
const char *pgmname;
assuan_context_t ctx;
assuan_context_t ctx = NULL;
const char *argv[3];
int no_close_list[3];
int i;
@ -268,9 +268,17 @@ start_scd (ctrl_t ctrl)
goto leave;
}
rc = assuan_new (&ctx);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
err = rc;
goto leave;
}
if (socket_name)
{
rc = assuan_socket_connect (&ctx, socket_name, 0);
rc = assuan_socket_connect (ctx, socket_name, 0, 0);
if (rc)
{
log_error ("can't connect to socket `%s': %s\n",
@ -325,16 +333,16 @@ start_scd (ctrl_t ctrl)
if (!opt.running_detached)
{
if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd ();
no_close_list[i++] = fileno (stderr);
no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
}
no_close_list[i] = -1;
/* Connect to the pinentry and perform initial handshaking. Use
detached flag (128) so that under W32 SCDAEMON does not show up a
new window. */
rc = assuan_pipe_connect_ext (&ctx, opt.scdaemon_program, argv,
no_close_list, atfork_cb, NULL, 128);
rc = assuan_pipe_connect (ctx, opt.scdaemon_program, argv,
no_close_list, atfork_cb, NULL, 128);
if (rc)
{
log_error ("can't connect to the SCdaemon: %s\n",
@ -399,6 +407,8 @@ start_scd (ctrl_t ctrl)
if (err)
{
unlock_scd (ctrl, err);
if (ctx)
assuan_release (ctx);
}
else
{
@ -477,14 +487,14 @@ agent_scd_check_aliveness (void)
struct scd_local_s *sl;
assuan_set_flag (primary_scd_ctx, ASSUAN_NO_WAITPID, 1);
assuan_disconnect (primary_scd_ctx);
assuan_release (primary_scd_ctx);
for (sl=scd_local_list; sl; sl = sl->next_local)
{
if (sl->ctx)
{
if (sl->ctx != primary_scd_ctx)
assuan_disconnect (sl->ctx);
assuan_release (sl->ctx);
sl->ctx = NULL;
}
}
@ -534,7 +544,7 @@ agent_reset_scd (ctrl_t ctrl)
primary_scd_ctx_reusable = 1;
}
else
assuan_disconnect (ctrl->scd_local->ctx);
assuan_release (ctrl->scd_local->ctx);
ctrl->scd_local->ctx = NULL;
}
@ -563,7 +573,7 @@ agent_reset_scd (ctrl_t ctrl)
static int
static gpg_error_t
learn_status_cb (void *opaque, const char *line)
{
struct learn_parm_s *parm = opaque;
@ -626,7 +636,7 @@ agent_card_learn (ctrl_t ctrl,
static int
static gpg_error_t
get_serialno_cb (void *opaque, const char *line)
{
char **serialno = opaque;
@ -684,7 +694,7 @@ agent_card_serialno (ctrl_t ctrl, char **r_serialno)
static assuan_error_t
static gpg_error_t
membuf_data_cb (void *opaque, const void *buffer, size_t length)
{
membuf_t *data = opaque;
@ -695,7 +705,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
}
/* Handle the NEEDPIN inquiry. */
static int
static gpg_error_t
inq_needpin (void *opaque, const char *line)
{
struct inq_needpin_s *parm = opaque;
@ -991,7 +1001,7 @@ struct card_getattr_parm_s {
};
/* Callback function for agent_card_getattr. */
static assuan_error_t
static gpg_error_t
card_getattr_cb (void *opaque, const char *line)
{
struct card_getattr_parm_s *parm = opaque;
@ -1067,7 +1077,7 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
static int
static gpg_error_t
pass_status_thru (void *opaque, const char *line)
{
assuan_context_t ctx = opaque;
@ -1087,7 +1097,7 @@ pass_status_thru (void *opaque, const char *line)
return 0;
}
static int
static gpg_error_t
pass_data_thru (void *opaque, const void *buffer, size_t length)
{
assuan_context_t ctx = opaque;

609
agent/command.c
View File

@ -34,10 +34,9 @@
#include <sys/stat.h>
#include <dirent.h>
#include <assuan.h>
#include "i18n.h"
#include "agent.h"
#include <assuan.h>
#include "i18n.h"
/* maximum allowed size of the inquired ciphertext */
#define MAXLEN_CIPHERTEXT 4096
@ -133,7 +132,7 @@ clear_outbuf (membuf_t *mb)
static gpg_error_t
write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb)
{
assuan_error_t ae;
gpg_error_t ae;
void *p;
size_t n;
@ -147,17 +146,20 @@ write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb)
}
static void
reset_notify (assuan_context_t ctx)
static gpg_error_t
reset_notify (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void) line;
memset (ctrl->keygrip, 0, 20);
ctrl->have_keygrip = 0;
ctrl->digest.valuelen = 0;
xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL;
return 0;
}
@ -262,7 +264,7 @@ static int
parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf)
{
int rc;
size_t n;
size_t n = 0;
rc = parse_hexstring (ctx, string, &n);
if (rc)
@ -341,20 +343,20 @@ agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid)
/* GETEVENTCOUNTER
Return a a status line named EVENTCOUNTER with the current values
of all event counters. The values are decimal numbers in the range
0 to UINT_MAX and wrapping around to 0. The actual values should
not be relied upon, they shall only be used to detect a change.
The currently defined counters are:
ANY - Incremented with any change of any of the other counters.
KEY - Incremented for added or removed private keys.
CARD - Incremented for changes of the card readers stati.
*/
static int
static const char hlp_geteventcounter[] =
"GETEVENTCOUNTER\n"
"\n"
"Return a a status line named EVENTCOUNTER with the current values\n"
"of all event counters. The values are decimal numbers in the range\n"
"0 to UINT_MAX and wrapping around to 0. The actual values should\n"
"not be relied upon, they shall only be used to detect a change.\n"
"\n"
"The currently defined counters are:\n"
"\n"
"ANY - Incremented with any change of any of the other counters.\n"
"KEY - Incremented for added or removed private keys.\n"
"CARD - Incremented for changes of the card readers stati.";
static gpg_error_t
cmd_geteventcounter (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -399,11 +401,12 @@ bump_card_eventcounter (void)
/* ISTRUSTED <hexstring_with_fingerprint>
Return OK when we have an entry with this fingerprint in our
trustlist */
static int
static const char hlp_istrusted[] =
"ISTRUSTED <hexstring_with_fingerprint>\n"
"\n"
"Return OK when we have an entry with this fingerprint in our\n"
"trustlist";
static gpg_error_t
cmd_istrusted (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -437,10 +440,12 @@ cmd_istrusted (assuan_context_t ctx, char *line)
}
}
/* LISTTRUSTED
List all entries from the trustlist */
static int
static const char hlp_listtrusted[] =
"LISTTRUSTED\n"
"\n"
"List all entries from the trustlist.";
static gpg_error_t
cmd_listtrusted (assuan_context_t ctx, char *line)
{
int rc;
@ -454,10 +459,11 @@ cmd_listtrusted (assuan_context_t ctx, char *line)
}
/* MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>
Store a new key in into the trustlist*/
static int
static const char hlp_martrusted[] =
"MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>\n"
"\n"
"Store a new key in into the trustlist.";
static gpg_error_t
cmd_marktrusted (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -498,10 +504,11 @@ cmd_marktrusted (assuan_context_t ctx, char *line)
/* HAVEKEY <hexstring_with_keygrip>
Return success when the secret key is available */
static int
static const char hlp_havekey[] =
"HAVEKEY <hexstring_with_keygrip>\n"
"\n"
"Return success when the secret key is available.";
static gpg_error_t
cmd_havekey (assuan_context_t ctx, char *line)
{
int rc;
@ -518,11 +525,12 @@ cmd_havekey (assuan_context_t ctx, char *line)
}
/* SIGKEY <hexstring_with_keygrip>
SETKEY <hexstring_with_keygrip>
Set the key used for a sign or decrypt operation */
static int
static const char hlp_sigkey[] =
"SIGKEY <hexstring_with_keygrip>\n"
"SETKEY <hexstring_with_keygrip>\n"
"\n"
"Set the key used for a sign or decrypt operation.";
static gpg_error_t
cmd_sigkey (assuan_context_t ctx, char *line)
{
int rc;
@ -536,21 +544,21 @@ cmd_sigkey (assuan_context_t ctx, char *line)
}
/* SETKEYDESC plus_percent_escaped_string
Set a description to be used for the next PKSIGN or PKDECRYPT
operation if this operation requires the entry of a passphrase. If
this command is not used a default text will be used. Note, that
this description implictly selects the label used for the entry
box; if the string contains the string PIN (which in general will
not be translated), "PIN" is used, otherwise the translation of
"passphrase" is used. The description string should not contain
blanks unless they are percent or '+' escaped.
The description is only valid for the next PKSIGN or PKDECRYPT
operation.
*/
static int
static const char hlp_setkeydesc[] =
"SETKEYDESC plus_percent_escaped_string\n"
"\n"
"Set a description to be used for the next PKSIGN or PKDECRYPT\n"
"operation if this operation requires the entry of a passphrase. If\n"
"this command is not used a default text will be used. Note, that\n"
"this description implictly selects the label used for the entry\n"
"box; if the string contains the string PIN (which in general will\n"
"not be translated), \"PIN\" is used, otherwise the translation of\n"
"\"passphrase\" is used. The description string should not contain\n"
"blanks unless they are percent or '+' escaped.\n"
"\n"
"The description is only valid for the next PKSIGN or PKDECRYPT\n"
"operation.";
static gpg_error_t
cmd_setkeydesc (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -580,11 +588,12 @@ cmd_setkeydesc (assuan_context_t ctx, char *line)
}
/* SETHASH --hash=<name>|<algonumber> <hexstring>
The client can use this command to tell the server about the data
(which usually is a hash) to be signed. */
static int
static const char hlp_sethash[] =
"SETHASH --hash=<name>|<algonumber> <hexstring>\n"
"\n"
"The client can use this command to tell the server about the data\n"
"(which usually is a hash) to be signed.";
static gpg_error_t
cmd_sethash (assuan_context_t ctx, char *line)
{
int rc;
@ -635,6 +644,7 @@ cmd_sethash (assuan_context_t ctx, char *line)
ctrl->digest.algo = algo;
/* Parse the hash value. */
n = 0;
rc = parse_hexstring (ctx, line, &n);
if (rc)
return rc;
@ -658,11 +668,12 @@ cmd_sethash (assuan_context_t ctx, char *line)
}
/* PKSIGN <options>
Perform the actual sign operation. Neither input nor output are
sensitive to eavesdropping. */
static int
static const char hlp_pksign[] =
"PKSIGN [options]\n"
"\n"
"Perform the actual sign operation. Neither input nor output are\n"
"sensitive to eavesdropping.";
static gpg_error_t
cmd_pksign (assuan_context_t ctx, char *line)
{
int rc;
@ -692,11 +703,13 @@ cmd_pksign (assuan_context_t ctx, char *line)
return rc;
}
/* PKDECRYPT <options>
Perform the actual decrypt operation. Input is not
sensitive to eavesdropping */
static int
static const char hlp_pkdecrypt[] =
"PKDECRYPT <options>\n"
"\n"
"Perform the actual decrypt operation. Input is not\n"
"sensitive to eavesdropping.";
static gpg_error_t
cmd_pkdecrypt (assuan_context_t ctx, char *line)
{
int rc;
@ -730,21 +743,21 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
}
/* GENKEY
Generate a new key, store the secret part and return the public
part. Here is an example transaction:
C: GENKEY
S: INQUIRE KEYPARAM
C: D (genkey (rsa (nbits 1024)))
C: END
S: D (public-key
S: D (rsa (n 326487324683264) (e 10001)))
S OK key created
*/
static int
static const char hlp_genkey[] =
"GENKEY\n"
"\n"
"Generate a new key, store the secret part and return the public\n"
"part. Here is an example transaction:\n"
"\n"
" C: GENKEY\n"
" S: INQUIRE KEYPARAM\n"
" C: D (genkey (rsa (nbits 1024)))\n"
" C: END\n"
" S: D (public-key\n"
" S: D (rsa (n 326487324683264) (e 10001)))\n"
" S: OK key created\n"
"\n";
static gpg_error_t
cmd_genkey (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -776,10 +789,11 @@ cmd_genkey (assuan_context_t ctx, char *line)
/* READKEY <hexstring_with_keygrip>
Return the public key for the given keygrip. */
static int
static const char hlp_readkey[] =
"READKEY <hexstring_with_keygrip>\n"
"\n"
"Return the public key for the given keygrip.";
static gpg_error_t
cmd_readkey (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -819,32 +833,32 @@ cmd_readkey (assuan_context_t ctx, char *line)
/* KEYINFO [--list] <keygrip>
Return information about the key specified by the KEYGRIP. If the
key is not available GPG_ERR_NOT_FOUND is returned. If the option
--list is given the keygrip is ignored and information about all
available keys are returned. The information is returned as a
status line with this format:
KEYINFO <keygrip> <type> <serialno> <idstr>
KEYGRIP is the keygrip.
TYPE is describes the type of the key:
'D' - Regular key stored on disk,
'T' - Key is stored on a smartcard (token).
'-' - Unknown type.
SERIALNO is an ASCII string with the serial number of the
smartcard. If the serial number is not known a single
dash '-' is used instead.
IDSTR is the IDSTR used to distinguish keys on a smartcard. If it
is not known a dash is used instead.
More information may be added in the future.
*/
static const char hlp_keyinfo[] =
"KEYINFO [--list] <keygrip>\n"
"\n"
"Return information about the key specified by the KEYGRIP. If the\n"
"key is not available GPG_ERR_NOT_FOUND is returned. If the option\n"
"--list is given the keygrip is ignored and information about all\n"
"available keys are returned. The information is returned as a\n"
"status line with this format:\n"
"\n"
" KEYINFO <keygrip> <type> <serialno> <idstr>\n"
"\n"
"KEYGRIP is the keygrip.\n"
"\n"
"TYPE is describes the type of the key:\n"
" 'D' - Regular key stored on disk,\n"
" 'T' - Key is stored on a smartcard (token).\n"
" '-' - Unknown type.\n"
"\n"
"SERIALNO is an ASCII string with the serial number of the\n"
" smartcard. If the serial number is not known a single\n"
" dash '-' is used instead.\n"
"\n"
"IDSTR is the IDSTR used to distinguish keys on a smartcard. If it\n"
" is not known a dash is used instead.\n"
"\n"
"More information may be added in the future.";
static gpg_error_t
do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip)
{
@ -892,7 +906,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip)
}
static int
static gpg_error_t
cmd_keyinfo (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -986,35 +1000,34 @@ send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw)
}
/* GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]
[--qualitybar] <cache_id>
[<error_message> <prompt> <description>]
This function is usually used to ask for a passphrase to be used
for conventional encryption, but may also be used by programs which
need specal handling of passphrases. This command uses a syntax
which helps clients to use the agent with minimum effort. The
agent either returns with an error or with a OK followed by the hex
encoded passphrase. Note that the length of the strings is
implicitly limited by the maximum length of a command.
If the option "--data" is used the passphrase is returned by usual
data lines and not on the okay line.
If the option "--check" is used the passphrase constraints checks as
implemented by gpg-agent are applied. A check is not done if the
passphrase has been found in the cache.
If the option "--no-ask" is used and the passphrase is not in the
cache the user will not be asked to enter a passphrase but the error
code GPG_ERR_NO_DATA is returned.
If the option "--qualitybar" is used a visual indication of the
entered passphrase quality is shown. (Unless no minimum passphrase
length has been configured.)
*/
static int
static const char hlp_get_passphrase[] =
"GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]\n"
" [--qualitybar] <cache_id>\n"
" [<error_message> <prompt> <description>]\n"
"\n"
"This function is usually used to ask for a passphrase to be used\n"
"for conventional encryption, but may also be used by programs which\n"
"need specal handling of passphrases. This command uses a syntax\n"
"which helps clients to use the agent with minimum effort. The\n"
"agent either returns with an error or with a OK followed by the hex\n"
"encoded passphrase. Note that the length of the strings is\n"
"implicitly limited by the maximum length of a command.\n"
"\n"
"If the option \"--data\" is used the passphrase is returned by usual\n"
"data lines and not on the okay line.\n"
"\n"
"If the option \"--check\" is used the passphrase constraints checks as\n"
"implemented by gpg-agent are applied. A check is not done if the\n"
"passphrase has been found in the cache.\n"
"\n"
"If the option \"--no-ask\" is used and the passphrase is not in the\n"
"cache the user will not be asked to enter a passphrase but the error\n"
"code GPG_ERR_NO_DATA is returned. \n"
"\n"
"If the option \"--qualitybar\" is used a visual indication of the\n"
"entered passphrase quality is shown. (Unless no minimum passphrase\n"
"length has been configured.)";
static gpg_error_t
cmd_get_passphrase (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1161,13 +1174,12 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
}
/* CLEAR_PASSPHRASE <cache_id>
may be used to invalidate the cache entry for a passphrase. The
function returns with OK even when there is no cached passphrase.
*/
static int
static const char hlp_clear_passphrase[] =
"CLEAR_PASSPHRASE <cache_id>\n"
"\n"
"may be used to invalidate the cache entry for a passphrase. The\n"
"function returns with OK even when there is no cached passphrase.";
static gpg_error_t
cmd_clear_passphrase (assuan_context_t ctx, char *line)
{
char *cacheid = NULL;
@ -1188,19 +1200,18 @@ cmd_clear_passphrase (assuan_context_t ctx, char *line)
}
/* GET_CONFIRMATION <description>
This command may be used to ask for a simple confirmation.
DESCRIPTION is displayed along with a Okay and Cancel button. This
command uses a syntax which helps clients to use the agent with
minimum effort. The agent either returns with an error or with a
OK. Note, that the length of DESCRIPTION is implicitly limited by
the maximum length of a command. DESCRIPTION should not contain
any spaces, those must be encoded either percent escaped or simply
as '+'.
*/
static int
static const char hlp_get_confirmation[] =
"GET_CONFIRMATION <description>\n"
"\n"
"This command may be used to ask for a simple confirmation.\n"
"DESCRIPTION is displayed along with a Okay and Cancel button. This\n"
"command uses a syntax which helps clients to use the agent with\n"
"minimum effort. The agent either returns with an error or with a\n"
"OK. Note, that the length of DESCRIPTION is implicitly limited by\n"
"the maximum length of a command. DESCRIPTION should not contain\n"
"any spaces, those must be encoded either percent escaped or simply\n"
"as '+'.";
static gpg_error_t
cmd_get_confirmation (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1237,11 +1248,12 @@ cmd_get_confirmation (assuan_context_t ctx, char *line)
/* LEARN [--send]
Learn something about the currently inserted smartcard. With
--send the new certificates are send back. */
static int
static const char hlp_learn[] =
"LEARN [--send]\n"
"\n"
"Learn something about the currently inserted smartcard. With\n"
"--send the new certificates are send back.";
static gpg_error_t
cmd_learn (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1255,10 +1267,11 @@ cmd_learn (assuan_context_t ctx, char *line)
/* PASSWD <hexstring_with_keygrip>
Change the passphrase/PIN for the key identified by keygrip in LINE. */
static int
static const char hlp_passwd[] =
"PASSWD <hexstring_with_keygrip>\n"
"\n"
"Change the passphrase/PIN for the key identified by keygrip in LINE.";
static gpg_error_t
cmd_passwd (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1297,14 +1310,16 @@ cmd_passwd (assuan_context_t ctx, char *line)
return rc;
}
/* PRESET_PASSPHRASE <string_or_keygrip> <timeout> <hexstring>
Set the cached passphrase/PIN for the key identified by the keygrip
to passwd for the given time, where -1 means infinite and 0 means
the default (currently only a timeout of -1 is allowed, which means
to never expire it). If passwd is not provided, ask for it via the
pinentry module. */
static int
static const char hlp_preset_passphrase[] =
"PRESET_PASSPHRASE <string_or_keygrip> <timeout> <hexstring>\n"
"\n"
"Set the cached passphrase/PIN for the key identified by the keygrip\n"
"to passwd for the given time, where -1 means infinite and 0 means\n"
"the default (currently only a timeout of -1 is allowed, which means\n"
"to never expire it). If passwd is not provided, ask for it via the\n"
"pinentry module.";
static gpg_error_t
cmd_preset_passphrase (assuan_context_t ctx, char *line)
{
int rc;
@ -1336,6 +1351,7 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
line++;
/* Syntax check the hexstring. */
len = 0;
rc = parse_hexstring (ctx, line, &len);
if (rc)
return rc;
@ -1362,12 +1378,14 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
return rc;
}
/* SCD <commands to pass to the scdaemon>
This is a general quote command to redirect everything to the
SCDAEMON. */
static int
static const char hlp_scd[] =
"SCD <commands to pass to the scdaemon>\n"
" \n"
"This is a general quote command to redirect everything to the\n"
"SCdaemon.";
static gpg_error_t
cmd_scd (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1380,12 +1398,12 @@ cmd_scd (assuan_context_t ctx, char *line)
/* GETVAL <key>
Return the value for KEY from the special environment as created by
PUTVAL.
*/
static int
static const char hlp_getval[] =
"GETVAL <key>\n"
"\n"
"Return the value for KEY from the special environment as created by\n"
"PUTVAL.";
static gpg_error_t
cmd_getval (assuan_context_t ctx, char *line)
{
int rc = 0;
@ -1424,25 +1442,25 @@ cmd_getval (assuan_context_t ctx, char *line)
}
/* PUTVAL <key> [<percent_escaped_value>]
The gpg-agent maintains a kind of environment which may be used to
store key/value pairs in it, so that they can be retrieved later.
This may be used by helper daemons to daemonize themself on
invocation and register them with gpg-agent. Callers of the
daemon's service may now first try connect to get the information
for that service from gpg-agent through the GETVAL command and then
try to connect to that daemon. Only if that fails they may start
an own instance of the service daemon.
KEY is an an arbitrary symbol with the same syntax rules as keys
for shell environment variables. PERCENT_ESCAPED_VALUE is the
corresponsing value; they should be similar to the values of
envronment variables but gpg-agent does not enforce any
restrictions. If that value is not given any value under that KEY
is removed from this special environment.
*/
static int
static const char hlp_putval[] =
"PUTVAL <key> [<percent_escaped_value>]\n"
"\n"
"The gpg-agent maintains a kind of environment which may be used to\n"
"store key/value pairs in it, so that they can be retrieved later.\n"
"This may be used by helper daemons to daemonize themself on\n"
"invocation and register them with gpg-agent. Callers of the\n"
"daemon's service may now first try connect to get the information\n"
"for that service from gpg-agent through the GETVAL command and then\n"
"try to connect to that daemon. Only if that fails they may start\n"
"an own instance of the service daemon. \n"
"\n"
"KEY is an an arbitrary symbol with the same syntax rules as keys\n"
"for shell environment variables. PERCENT_ESCAPED_VALUE is the\n"
"corresponsing value; they should be similar to the values of\n"
"envronment variables but gpg-agent does not enforce any\n"
"restrictions. If that value is not given any value under that KEY\n"
"is removed from this special environment.";
static gpg_error_t
cmd_putval (assuan_context_t ctx, char *line)
{
int rc = 0;
@ -1511,13 +1529,14 @@ cmd_putval (assuan_context_t ctx, char *line)
/* UPDATESTARTUPTTY
Set startup TTY and X DISPLAY variables to the values of this
session. This command is useful to pull future pinentries to
another screen. It is only required because there is no way in the
ssh-agent protocol to convey this information. */
static int
static const char hlp_updatestartuptty[] =
"UPDATESTARTUPTTY\n"
"\n"
"Set startup TTY and X11 DISPLAY variables to the values of this\n"
"session. This command is useful to pull future pinentries to\n"
"another screen. It is only required because there is no way in the\n"
"ssh-agent protocol to convey this information.";
static gpg_error_t
cmd_updatestartuptty (assuan_context_t ctx, char *line)
{
static const char *names[] =
@ -1572,11 +1591,12 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line)
#ifdef HAVE_W32_SYSTEM
/* KILLAGENT
Under Windows we start the agent on the fly. Thus it also make
sense to allow a client to stop the agent. */
static int
static const char hlp_killagent[] =
"KILLAGENT\n"
"\n"
"Under Windows we start the agent on the fly. Thus it also make\n"
"sense to allow a client to stop the agent.";
static gpg_error_t
cmd_killagent (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1587,11 +1607,13 @@ cmd_killagent (assuan_context_t ctx, char *line)
return gpg_error (GPG_ERR_EOF);
}
/* RELOADAGENT
As signals are inconvenient under Windows, we provide this command
to allow reloading of the configuration. */
static int
static const char hlp_reloadagent[] =
"RELOADAGENT\n"
"\n"
"As signals are inconvenient under Windows, we provide this command\n"
"to allow reloading of the configuration.";
static gpg_error_t
cmd_reloadagent (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -1604,21 +1626,20 @@ cmd_reloadagent (assuan_context_t ctx, char *line)
/* GETINFO <what>
Multipurpose function to return a variety of information.
Supported values for WHAT are:
version - Return the version of the program.
pid - Return the process id of the server.
socket_name - Return the name of the socket.
ssh_socket_name - Return the name of the ssh socket.
scd_running - Return OK if the SCdaemon is already running.
s2k_count - Return the calibrated S2K count.
cmd_has_option CMD OPT
- Returns OK if the command CMD implements the option OPT.
*/
static int
static const char hlp_getinfo[] =
"GETINFO <what>\n"
"\n"
"Multipurpose function to return a variety of information.\n"
"Supported values for WHAT are:\n"
"\n"
" version - Return the version of the program.\n"
" pid - Return the process id of the server.\n"
" socket_name - Return the name of the socket.\n"
" ssh_socket_name - Return the name of the ssh socket.\n"
" scd_running - Return OK if the SCdaemon is already running.\n"
" cmd_has_option\n"
" - Returns OK if the command CMD implements the option OPT.";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
int rc = 0;
@ -1703,7 +1724,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
static int
static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1773,7 +1794,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
/* Called by libassuan after all commands. ERR is the error from the
last assuan operation and not the one returned from the command. */
static void
post_cmd_notify (assuan_context_t ctx, int err)
post_cmd_notify (assuan_context_t ctx, gpg_error_t err)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1789,15 +1810,17 @@ post_cmd_notify (assuan_context_t ctx, int err)
that the debug output won't get cluttered by this primitive
command. */
static unsigned int
io_monitor (assuan_context_t ctx, int direction,
io_monitor (assuan_context_t ctx, void *hook, int direction,
const char *line, size_t linelen)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void) hook;
/* Note that we only check for the uppercase name. This allows to
see the logging for debugging if using a non-upercase command
name. */
if (ctx && !direction
if (ctx && direction == ASSUAN_IO_FROM_PEER
&& linelen >= 15
&& !strncmp (line, "GETEVENTCOUNTER", 15)
&& (linelen == 15 || spacep (line+15)))
@ -1805,7 +1828,7 @@ io_monitor (assuan_context_t ctx, int direction,
ctrl->server_local->pause_io_logging = 1;
}
return ctrl->server_local->pause_io_logging? 1:0;
return ctrl->server_local->pause_io_logging? ASSUAN_IO_MONITOR_NOLOG : 0;
}
@ -1829,46 +1852,48 @@ register_commands (assuan_context_t ctx)
{
static struct {
const char *name;
int (*handler)(assuan_context_t, char *line);
assuan_handler_t handler;
const char * const help;
} table[] = {
{ "GETEVENTCOUNTER",cmd_geteventcounter },
{ "ISTRUSTED", cmd_istrusted },
{ "HAVEKEY", cmd_havekey },
{ "KEYINFO", cmd_keyinfo },
{ "SIGKEY", cmd_sigkey },
{ "SETKEY", cmd_sigkey },
{ "SETKEYDESC", cmd_setkeydesc },
{ "SETHASH", cmd_sethash },
{ "PKSIGN", cmd_pksign },
{ "PKDECRYPT", cmd_pkdecrypt },
{ "GENKEY", cmd_genkey },
{ "READKEY", cmd_readkey },
{ "GET_PASSPHRASE", cmd_get_passphrase },
{ "PRESET_PASSPHRASE", cmd_preset_passphrase },
{ "CLEAR_PASSPHRASE", cmd_clear_passphrase },
{ "GET_CONFIRMATION", cmd_get_confirmation },
{ "LISTTRUSTED", cmd_listtrusted },
{ "MARKTRUSTED", cmd_marktrusted },
{ "LEARN", cmd_learn },
{ "PASSWD", cmd_passwd },
{ "GETEVENTCOUNTER",cmd_geteventcounter, hlp_geteventcounter },
{ "ISTRUSTED", cmd_istrusted, hlp_istrusted },
{ "HAVEKEY", cmd_havekey, hlp_havekey },
{ "KEYINFO", cmd_keyinfo, hlp_keyinfo },
{ "SIGKEY", cmd_sigkey, hlp_sigkey },
{ "SETKEY", cmd_sigkey, hlp_sigkey },
{ "SETKEYDESC", cmd_setkeydesc,hlp_setkeydesc },
{ "SETHASH", cmd_sethash, hlp_sethash },
{ "PKSIGN", cmd_pksign, hlp_pksign },
{ "PKDECRYPT", cmd_pkdecrypt, hlp_pkdecrypt },
{ "GENKEY", cmd_genkey, hlp_genkey },
{ "READKEY", cmd_readkey, hlp_readkey },
{ "GET_PASSPHRASE", cmd_get_passphrase, hlp_get_passphrase },
{ "PRESET_PASSPHRASE", cmd_preset_passphrase, hlp_preset_passphrase },
{ "CLEAR_PASSPHRASE", cmd_clear_passphrase, hlp_clear_passphrase },
{ "GET_CONFIRMATION", cmd_get_confirmation, hlp_get_confirmation },
{ "LISTTRUSTED", cmd_listtrusted, hlp_listtrusted },
{ "MARKTRUSTED", cmd_marktrusted, hlp_martrusted },
{ "LEARN", cmd_learn, hlp_learn },
{ "PASSWD", cmd_passwd, hlp_passwd },
{ "INPUT", NULL },
{ "OUTPUT", NULL },
{ "SCD", cmd_scd },
{ "GETVAL", cmd_getval },
{ "PUTVAL", cmd_putval },
{ "UPDATESTARTUPTTY", cmd_updatestartuptty },
{ "SCD", cmd_scd, hlp_scd },
{ "GETVAL", cmd_getval, hlp_getval },
{ "PUTVAL", cmd_putval, hlp_putval },
{ "UPDATESTARTUPTTY", cmd_updatestartuptty, hlp_updatestartuptty },
#ifdef HAVE_W32_SYSTEM
{ "KILLAGENT", cmd_killagent },
{ "RELOADAGENT", cmd_reloadagent },
{ "KILLAGENT", cmd_killagent, hlp_killagent },
{ "RELOADAGENT", cmd_reloadagent,hlp_reloadagent },
#endif
{ "GETINFO", cmd_getinfo },
{ "GETINFO", cmd_getinfo, hlp_getinfo },
{ NULL }
};
int i, rc;
for (i=0; table[i].name; i++)
{
rc = assuan_register_command (ctx, table[i].name, table[i].handler);
rc = assuan_register_command (ctx, table[i].name, table[i].handler,
table[i].help);
if (rc)
return rc;
}
@ -1889,25 +1914,32 @@ void
start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
{
int rc;
assuan_context_t ctx;
assuan_context_t ctx = NULL;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("failed to allocate assuan context: %s\n", gpg_strerror (rc));
agent_exit (2);
}
if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD)
{
int filedes[2];
assuan_fd_t filedes[2];
filedes[0] = 0;
filedes[1] = 1;
rc = assuan_init_pipe_server (&ctx, filedes);
filedes[0] = assuan_fdopen (0);
filedes[1] = assuan_fdopen (1);
rc = assuan_init_pipe_server (ctx, filedes);
}
else if (listen_fd != GNUPG_INVALID_FD)
{
rc = assuan_init_socket_server_ext (&ctx, listen_fd, 0);
rc = assuan_init_socket_server (ctx, listen_fd, 0);
/* FIXME: Need to call assuan_sock_set_nonce for Windows. But
this branch is currently not used. */
}
else
{
rc = assuan_init_socket_server_ext (&ctx, fd, 2);
rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED);
}
if (rc)
{
@ -1930,11 +1962,8 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
ctrl->server_local->use_cache_for_signing = 1;
ctrl->digest.raw_value = 0;
if (DBG_ASSUAN)
assuan_set_log_stream (ctx, log_get_stream ());
#ifdef HAVE_ASSUAN_SET_IO_MONITOR
assuan_set_io_monitor (ctx, io_monitor);
assuan_set_io_monitor (ctx, io_monitor, NULL);
#endif
for (;;)
@ -1965,7 +1994,7 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
agent_reset_query (ctrl);
/* Cleanup. */
assuan_deinit_server (ctx);
assuan_release (ctx);
#ifdef HAVE_W32_SYSTEM
if (ctrl->server_local->stopme)
agent_exit (0);

49
agent/gpg-agent.c
View File

@ -50,7 +50,6 @@
#include "gc-opt-flags.h"
#include "exechelp.h"
enum cmd_and_opt_values
{ aNull = 0,
oCsh = 'c',
@ -276,6 +275,8 @@ static void check_own_socket (void);
static int check_for_running_agent (int silent, int mode);
/* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL;
static int fixed_gcry_pth_init (void)
{
@ -493,7 +494,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|| strcmp (current_logfile, pargs->r.ret_str))
{
log_set_file (pargs->r.ret_str);
assuan_set_assuan_log_stream (log_get_stream ());
if (DBG_ASSUAN)
assuan_set_assuan_log_stream (log_get_stream ());
xfree (current_logfile);
current_logfile = xtrystrdup (pargs->r.ret_str);
}
@ -567,7 +569,7 @@ main (int argc, char **argv )
int gpgconf_list = 0;
gpg_error_t err;
const char *env_file_name = NULL;
struct assuan_malloc_hooks malloc_hooks;
/* Before we do anything else we save the list of currently open
file descriptors and the signal mask. This info is required to
@ -610,10 +612,14 @@ main (int argc, char **argv )
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
}
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
assuan_set_assuan_log_stream (log_get_stream ());
malloc_hooks.malloc = gcry_malloc;
malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_set_system_hooks (ASSUAN_SYSTEM_PTH);
assuan_sock_init ();
setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
@ -939,8 +945,9 @@ main (int argc, char **argv )
|JNLIB_LOG_WITH_TIME
|JNLIB_LOG_WITH_PID));
current_logfile = xstrdup (logfile);
assuan_set_assuan_log_stream (log_get_stream ());
}
if (DBG_ASSUAN)
assuan_set_assuan_log_stream (log_get_stream ());
/* Make sure that we have a default ttyname. */
if (!default_ttyname && ttyname (1))
@ -2070,7 +2077,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)
/* Helper for check_own_socket. */
static int
static gpg_error_t
check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
{
membuf_t *mb = opaque;
@ -2087,14 +2094,21 @@ check_own_socket_thread (void *arg)
{
int rc;
char *sockname = arg;
assuan_context_t ctx;
assuan_context_t ctx = NULL;
membuf_t mb;
char *buffer;
check_own_socket_running++;
rc = assuan_socket_connect (&ctx, sockname, (pid_t)(-1));
rc = assuan_new (&ctx);
xfree (sockname);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
goto leave;
}
rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
if (rc)
{
log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
@ -2121,9 +2135,10 @@ check_own_socket_thread (void *arg)
log_error ("socket is still served by this server\n");
xfree (buffer);
assuan_disconnect (ctx);
leave:
if (ctx)
assuan_release (ctx);
if (rc)
{
/* We may not remove the socket as it is now in use by another
@ -2181,7 +2196,7 @@ check_for_running_agent (int silent, int mode)
{
int rc;
char *infostr, *p;
assuan_context_t ctx;
assuan_context_t ctx = NULL;
int prot, pid;
if (!mode)
@ -2229,8 +2244,9 @@ check_for_running_agent (int silent, int mode)
pid = (pid_t)(-1);
}
rc = assuan_socket_connect (&ctx, infostr, pid);
rc = assuan_new (&ctx);
if (! rc)
rc = assuan_socket_connect (ctx, infostr, pid, 0);
xfree (infostr);
if (rc)
{
@ -2239,12 +2255,15 @@ check_for_running_agent (int silent, int mode)
if (!mode && !silent)
log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
if (ctx)
assuan_release (ctx);
return -1;
}
if (!opt.quiet && !silent)
log_info ("gpg-agent running and available\n");
assuan_disconnect (ctx);
assuan_release (ctx);
return 0;
}

23
common/ChangeLog
View File

@ -1,3 +1,26 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-10-16, 2009-11-02, 2009-11-05:
* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
of LIBASSUAN_PTH_CFLAGS.
* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
type to gpg_error_t.
* asshelp.c (start_new_gpg_agent): Update use of
assuan_socket_connect and assuan_pipe_connect. Convert posix FD
to assuan FD.
[HAVE_W32_SYSTEM]: Add missing argument in assuan_socket_connect
invocation.
* iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function
declaration.
2009-10-13 Werner Koch <wk@g10code.com>
From trunk 2009-09-23:
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
2009-12-21 Marcus Brinkmann <marcus@g10code.de> (wk)
* Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No

2
common/Makefile.am
View File

@ -87,7 +87,7 @@ libcommonpth_a_SOURCES = $(common_sources)
if USE_DNS_SRV
libcommonpth_a_SOURCES += srv.c
endif
libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_PTH_CFLAGS) $(PTH_CFLAGS)
libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
libsimple_pwquery_a_SOURCES = \
simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h

25
common/asshelp.c
View File

@ -183,6 +183,13 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
*r_ctx = NULL;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("error allocating assuan context: %s\n", gpg_strerror (rc));
return rc;
}
restart:
infostr = force_pipe_server? NULL : getenv ("GPG_AGENT_INFO");
if (!infostr || !*infostr)
@ -192,7 +199,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
/* First check whether we can connect at the standard
socket. */
sockname = make_filename (homedir, "S.gpg-agent", NULL);
rc = assuan_socket_connect (&ctx, sockname, 0);
rc = assuan_socket_connect (ctx, sockname, 0, 0);
if (rc)
{
@ -210,6 +217,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
log_error ("error flushing pending output: %s\n",
strerror (errno));
xfree (sockname);
assuan_release (ctx);
return tmperr;
}
@ -239,7 +247,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
/* Give the agent some time to prepare itself. */
gnupg_sleep (3);
/* Now try again to connect the agent. */
rc = assuan_socket_connect (&ctx, sockname, 0);
rc = assuan_socket_connect (ctx, sockname, 0, 0);
}
}
#else /*!HAVE_W32_SYSTEM*/
@ -260,13 +268,13 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
i=0;
if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd ();
no_close_list[i++] = fileno (stderr);
no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
no_close_list[i] = -1;
/* Connect to the agent and perform initial handshaking. */
rc = assuan_pipe_connect (&ctx, agent_program, argv,
no_close_list);
rc = assuan_pipe_connect (ctx, agent_program, argv,
no_close_list, NULL, NULL, 0);
}
#endif /*!HAVE_W32_SYSTEM*/
}
@ -299,7 +307,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
goto restart;
}
rc = assuan_socket_connect (&ctx, infostr, pid);
rc = assuan_socket_connect (ctx, infostr, pid, 0);
xfree (infostr);
if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED)
{
@ -312,6 +320,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
if (rc)
{
log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
assuan_release (ctx);
return gpg_error (GPG_ERR_NO_AGENT);
}
@ -326,7 +335,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
session_env);
if (rc)
{
assuan_disconnect (ctx);
assuan_release (ctx);
return rc;
}

4
common/get-passphrase.c
View File

@ -103,7 +103,7 @@ start_agent (void)
/* This is the default inquiry callback. It merely handles the
Pinentry notification. */
static int
static gpg_error_t
default_inq_cb (void *opaque, const char *line)
{
(void)opaque;
@ -120,7 +120,7 @@ default_inq_cb (void *opaque, const char *line)
}
static int
static gpg_error_t
membuf_data_cb (void *opaque, const void *buffer, size_t length)
{
membuf_t *data = opaque;

26
common/iobuf.c
View File

@ -1260,6 +1260,32 @@ iobuf_is_pipe_filename (const char *fname)
return check_special_filename (fname) != -1;
}
/* Either open the file specified by the file descriptor FD or - if FD
is -1, the file with name FNAME. As of now MODE is assumed to be
"rb" if FNAME is used. In contrast to iobuf_fdopen the file
descriptor FD will not be closed during an iobuf_close. */
iobuf_t
iobuf_open_fd_or_name (gnupg_fd_t fd, const char *fname, const char *mode)
{
iobuf_t a;
if (fd == -1)
a = iobuf_open (fname);
else
{
int fd2;
fd2 = dup (fd);
if (fd2 == -1)
a = NULL;
else
a = iobuf_fdopen (fd2, mode);
}
return a;
}
/****************
* Create a head iobuf for reading from a file
* returns: NULL if an error occures and sets errno

13
configure.ac
View File

@ -42,8 +42,8 @@ NEED_GPG_ERROR_VERSION=1.4
NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.4.0
NEED_LIBASSUAN_API=1
NEED_LIBASSUAN_VERSION=1.0.4
NEED_LIBASSUAN_API=2
NEED_LIBASSUAN_VERSION=1.1.0
NEED_KSBA_API=1
NEED_KSBA_VERSION=1.0.2
@ -614,11 +614,8 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
have_libassuan=yes,have_libassuan=no)
if test "$have_libassuan" = "yes"; then
have_libassuan=no
AM_PATH_LIBASSUAN_PTH("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
have_libassuan=yes,have_libassuan=no)
AM_CHECK_LIBASSUAN("$NEED_LIBASSUAN_API:1.0.1",
[AC_DEFINE(HAVE_ASSUAN_SET_IO_MONITOR, 1,
[Define to 1 if you have the `assuan_set_io_monitor' function.])],)
AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
have_libassuan=yes,have_libassuan=no)
AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version",
[version of the libbassuan library])
fi
@ -1409,7 +1406,7 @@ if test "$have_libassuan" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
*** You need libassuan with Pth support to build this program.
*** You need libassuan to build this program.
*** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).

28
g10/ChangeLog
View File

@ -1,3 +1,31 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-09-23, 2009-11-02, 2009-11-25:
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(reset_notify, input_notify, output_notify): Update to
new assuan interface.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server. Use assuan_handler_t. Add NULL arg to
assuan_register_command.
(gpg_server): Allocate assuan_context before starting server.
Use assuan_fd_t and assuan_fdopen on fds.
2010-02-02 Werner Koch <wk@g10code.com>
* card-util.c (card_edit): Change prompt to "gpg/card".

20
g10/call-agent.c
View File

@ -29,9 +29,9 @@
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
#include <assuan.h>
#include "gpg.h"
#include <assuan.h>
#include "util.h"
#include "membuf.h"
#include "options.h"
@ -77,7 +77,7 @@ struct genkey_parm_s
};
static int learn_status_cb (void *opaque, const char *line);
static gpg_error_t learn_status_cb (void *opaque, const char *line);
@ -230,7 +230,7 @@ store_serialno (const char *line)
/* This is a dummy data line callback. */
static int
static gpg_error_t
dummy_data_cb (void *opaque, const void *buffer, size_t length)
{
(void)opaque;
@ -240,7 +240,7 @@ dummy_data_cb (void *opaque, const void *buffer, size_t length)
}
/* A simple callback used to return the serialnumber of a card. */
static int
static gpg_error_t
get_serialno_cb (void *opaque, const char *line)
{
char **serialno = opaque;
@ -274,7 +274,7 @@ get_serialno_cb (void *opaque, const char *line)
/* This is the default inquiry callback. It mainly handles the
Pinentry notifications. */
static int
static gpg_error_t
default_inq_cb (void *opaque, const char *line)
{
(void)opaque;
@ -312,7 +312,7 @@ agent_release_card_info (struct agent_card_info_s *info)
info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
}
static int
static gpg_error_t
learn_status_cb (void *opaque, const char *line)
{
struct agent_card_info_s *parm = opaque;
@ -597,7 +597,7 @@ agent_scd_setattr (const char *name,
/* Handle a CERTDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the END
command. */
static int
static gpg_error_t
inq_writecert_parms (void *opaque, const char *line)
{
int rc;
@ -645,7 +645,7 @@ agent_scd_writecert (const char *certidstr,
/* Handle a KEYDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */
static int
static gpg_error_t
inq_writekey_parms (void *opaque, const char *line)
{
int rc;
@ -695,7 +695,7 @@ agent_scd_writekey (int keyno, const char *serialno,
/* Status callback for the SCD GENKEY command. */
static int
static gpg_error_t
scd_genkey_cb (void *opaque, const char *line)
{
struct agent_card_genkey_s *parm = opaque;
@ -882,7 +882,7 @@ select_openpgp (const char *serialno)
static int
static gpg_error_t
membuf_data_cb (void *opaque, const void *buffer, size_t length)
{
membuf_t *data = opaque;

10
g10/gpg.c
View File

@ -30,13 +30,13 @@
#include <sys/stat.h> /* for stat() */
#endif
#include <fcntl.h>
#include <assuan.h>
#ifdef HAVE_W32_SYSTEM
#include <windows.h>
#endif
#define INCLUDED_BY_MAIN_MODULE 1
#include "gpg.h"
#include <assuan.h>
#include "packet.h"
#include "../common/iobuf.h"
#include "util.h"
@ -1917,6 +1917,7 @@ main (int argc, char **argv)
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0;
int require_secmem=0,got_secmem=0;
struct assuan_malloc_hooks malloc_hooks;
#ifdef __riscos__
opt.lock_once = 1;
@ -2066,8 +2067,11 @@ main (int argc, char **argv)
/* Okay, we are now working under our real uid */
/* malloc hooks go here ... */
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT);
malloc_hooks.malloc = gcry_malloc;
malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
/* Try for a version specific config file first */

73
g10/server.c
View File

@ -26,9 +26,9 @@
#include <ctype.h>
#include <unistd.h>
#include <assuan.h>
#include "gpg.h"
#include <assuan.h>
#include "util.h"
#include "i18n.h"
#include "options.h"
@ -64,7 +64,7 @@ close_message_fd (ctrl_t ctrl)
/* Called by libassuan for Assuan options. See the Assuan manual for
details. */
static int
static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
/* ctrl_t ctrl = assuan_get_pointer (ctx); */
@ -106,20 +106,23 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
/* Called by libassuan for RESET commands. */
static void
reset_notify (assuan_context_t ctx)
static gpg_error_t
reset_notify (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void)line;
close_message_fd (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
return 0;
}
/* Called by libassuan for INPUT commands. */
static void
input_notify (assuan_context_t ctx, const char *line)
static gpg_error_t
input_notify (assuan_context_t ctx, char *line)
{
/* ctrl_t ctrl = assuan_get_pointer (ctx); */
@ -135,12 +138,13 @@ input_notify (assuan_context_t ctx, const char *line)
{
/* FIXME (autodetect encoding) */
}
return 0;
}
/* Called by libassuan for OUTPUT commands. */
static void
output_notify (assuan_context_t ctx, const char *line)
static gpg_error_t
output_notify (assuan_context_t ctx, char *line)
{
/* ctrl_t ctrl = assuan_get_pointer (ctx); */
@ -152,6 +156,7 @@ output_notify (assuan_context_t ctx, const char *line)
{
/* FIXME */
}
return 0;
}
@ -168,7 +173,7 @@ output_notify (assuan_context_t ctx, const char *line)
encrypt at all if not all recipients are valid, the client has to
take care of this. All RECIPIENT commands are cumulative until a
RESET or an successful ENCRYPT command. */
static int
static gpg_error_t
cmd_recipient (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -193,7 +198,7 @@ cmd_recipient (assuan_context_t ctx, char *line)
Note that this command returns an INV_RECP status which is a bit
strange, but they are very similar. */
static int
static gpg_error_t
cmd_signer (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -216,7 +221,7 @@ cmd_signer (assuan_context_t ctx, char *line)
This command should in general not fail, as all necessary checks
have been done while setting the recipients. The input and output
pipes are closed. */
static int
static gpg_error_t
cmd_encrypt (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -230,7 +235,7 @@ cmd_encrypt (assuan_context_t ctx, char *line)
This performs the decrypt operation after doing some checks on the
internal state (e.g. that only needed data has been set). */
static int
static gpg_error_t
cmd_decrypt (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -249,7 +254,7 @@ cmd_decrypt (assuan_context_t ctx, char *line)
If the signature is a detached one, the server will inquire about
the signed material and the client must provide it.
*/
static int
static gpg_error_t
cmd_verify (assuan_context_t ctx, char *line)
{
int rc;
@ -296,7 +301,7 @@ cmd_verify (assuan_context_t ctx, char *line)
Sign the data set with the INPUT command and write it to the sink
set by OUTPUT. With "--detached" specified, a detached signature
is created. */
static int
static gpg_error_t
cmd_sign (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -310,7 +315,7 @@ cmd_sign (assuan_context_t ctx, char *line)
Import keys as read from the input-fd, return status message for
each imported one. The import checks the validity of the key. */
static int
static gpg_error_t
cmd_import (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -330,7 +335,7 @@ cmd_import (assuan_context_t ctx, char *line)
Recall that in general the output format is set with the OUTPUT
command.
*/
static int
static gpg_error_t
cmd_export (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -344,7 +349,7 @@ cmd_export (assuan_context_t ctx, char *line)
Fixme
*/
static int
static gpg_error_t
cmd_delkeys (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -358,7 +363,7 @@ cmd_delkeys (assuan_context_t ctx, char *line)
Set the file descriptor to read a message which is used with
detached signatures. */
static int
static gpg_error_t
cmd_message (assuan_context_t ctx, char *line)
{
int rc;
@ -381,7 +386,7 @@ cmd_message (assuan_context_t ctx, char *line)
fixme
*/
static int
static gpg_error_t
do_listkeys (assuan_context_t ctx, char *line, int mode)
{
(void)ctx;
@ -392,14 +397,14 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
}
static int
static gpg_error_t
cmd_listkeys (assuan_context_t ctx, char *line)
{
return do_listkeys (ctx, line, 3);
}
static int
static gpg_error_t
cmd_listsecretkeys (assuan_context_t ctx, char *line)
{
return do_listkeys (ctx, line, 2);
@ -412,7 +417,7 @@ cmd_listsecretkeys (assuan_context_t ctx, char *line)
Read the parameters in native format from the input fd and create a
new OpenPGP key.
*/
static int
static gpg_error_t
cmd_genkey (assuan_context_t ctx, char *line)
{
(void)ctx;
@ -430,7 +435,7 @@ cmd_genkey (assuan_context_t ctx, char *line)
pid - Return the process id of the server.
*/
static int
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
int rc;
@ -461,7 +466,7 @@ register_commands (assuan_context_t ctx)
static struct
{
const char *name;
int (*handler)(assuan_context_t, char *line);
assuan_handler_t handler;
} table[] = {
{ "RECIPIENT", cmd_recipient },
{ "SIGNER", cmd_signer },
@ -485,7 +490,7 @@ register_commands (assuan_context_t ctx)
for (i=0; table[i].name; i++)
{
rc = assuan_register_command (ctx, table[i].name, table[i].handler);
rc = assuan_register_command (ctx, table[i].name, table[i].handler, NULL);
if (rc)
return rc;
}
@ -502,16 +507,24 @@ gpg_server (ctrl_t ctrl)
{
int rc;
int filedes[2];
assuan_context_t ctx;
assuan_context_t ctx = NULL;
static const char hello[] = ("GNU Privacy Guard's OpenPGP server "
VERSION " ready");
/* We use a pipe based server so that we can work from scripts.
assuan_init_pipe_server will automagically detect when we are
called with a socketpair and ignore FILEDES in this case. */
filedes[0] = 0;
filedes[1] = 1;
rc = assuan_init_pipe_server (&ctx, filedes);
filedes[0] = assuan_fdopen (0);
filedes[1] = assuan_fdopen (1);
rc = assuan_new (&ctx);
if (rc)
{
log_error ("failed to allocate the assuan context: %s\n",
gpg_strerror (rc));
goto leave;
}
rc = assuan_init_pipe_server (ctx, filedes);
if (rc)
{
log_error ("failed to initialize the server: %s\n", gpg_strerror (rc));
@ -590,7 +603,7 @@ gpg_server (ctrl_t ctrl)
leave:
xfree (ctrl->server_local);
ctrl->server_local = NULL;
assuan_deinit_server (ctx);
assuan_release (ctx);
return rc;
}

26
scd/ChangeLog
View File

@ -1,3 +1,29 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-09-23, 2009-10-16, 2009-11-02, 2009-11-04, 2009-11-05,
2009-11-25:
* Makefile.am (AM_CFLAGS, scdaemon_LDADD): Use libassuan instead
of libassuan-pth.
* scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
(main): Update to new Assuan API. Call assuan_set_system_hooks
and assuan_sock_init.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
Call assuan_init_socket_server, not assuan_init_socket_server_ext.
Use assuan_fd_t and assuan_fdopen on fds.
(reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
Add NULL arg to assuan_register_command. Add help arg to
assuan_register_command. Add help strings to all commands.
2009-12-03 Werner Koch <wk@g10code.com>
* scdaemon.c (set_debug): Allow for numerical debug levels. Print

6
scd/Makefile.am
View File

@ -27,7 +27,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
include $(top_srcdir)/am/cmacros.am
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
$(KSBA_CFLAGS) $(LIBASSUAN_PTH_CFLAGS) $(PTH_CFLAGS)
$(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c
@ -42,7 +42,7 @@ scdaemon_SOURCES = \
scdaemon_LDADD = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_PTH_LIBS) $(PTH_LIBS) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
$(LIBUSB_LIBS) $(GPG_ERROR_LIBS) \
$(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV)
@ -60,7 +60,7 @@ scdaemon_LDADD = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a \
#sc_copykeys_LDADD = \
# ../jnlib/libjnlib.a ../common/libcommon.a \
# ../common/libsimple-pwquery.a \
# $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_PTH_LIBS) $(PTH_LIBS) \
# $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
# $(LIBUSB_LIBS) \
# -lgpg-error @LIBINTL@ @DL_LIBS@
#

757
scd/command.c
View File

@ -30,9 +30,8 @@
# include <pth.h>
#endif
#include <assuan.h>
#include "scdaemon.h"
#include <assuan.h>
#include <ksba.h>
#include "app-common.h"
#include "apdu.h" /* Required for apdu_*_reader (). */
@ -339,16 +338,19 @@ do_reset (ctrl_t ctrl, int send_reset)
}
static void
reset_notify (assuan_context_t ctx)
static gpg_error_t
reset_notify (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void) line;
do_reset (ctrl, 1);
return 0;
}
static int
static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -401,7 +403,7 @@ get_reader_slot (void)
/* If the card has not yet been opened, do it. Note that this
function returns an Assuan error, so don't map the error a second
time. */
static assuan_error_t
static gpg_error_t
open_card (ctrl_t ctrl, const char *apptype)
{
gpg_error_t err;
@ -464,26 +466,26 @@ open_card (ctrl_t ctrl, const char *apptype)
}
/* SERIALNO [APPTYPE]
Return the serial number of the card using a status reponse. This
function should be used to check for the presence of a card.
If APPTYPE is given, an application of that type is selected and an
error is returned if the application is not supported or available.
The default is to auto-select the application using a hardwired
preference system. Note, that a future extension to this function
may allow to specify a list and order of applications to try.
This function is special in that it can be used to reset the card.
Most other functions will return an error when a card change has
been detected and the use of this function is therefore required.
Background: We want to keep the client clear of handling card
changes between operations; i.e. the client can assume that all
operations are done on the same card unless he calls this function.
*/
static int
static const char hlp_serialno[] =
"SERIALNO [<apptype>]\n"
"\n"
"Return the serial number of the card using a status reponse. This\n"
"function should be used to check for the presence of a card.\n"
"\n"
"If APPTYPE is given, an application of that type is selected and an\n"
"error is returned if the application is not supported or available.\n"
"The default is to auto-select the application using a hardwired\n"
"preference system. Note, that a future extension to this function\n"
"may allow to specify a list and order of applications to try.\n"
"\n"
"This function is special in that it can be used to reset the card.\n"
"Most other functions will return an error when a card change has\n"
"been detected and the use of this function is therefore required.\n"
"\n"
"Background: We want to keep the client clear of handling card\n"
"changes between operations; i.e. the client can assume that all\n"
"operations are done on the same card unless he calls this function.";
static gpg_error_t
cmd_serialno (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -519,78 +521,76 @@ cmd_serialno (assuan_context_t ctx, char *line)
}
/* LEARN [--force] [--keypairinfo]
Learn all useful information of the currently inserted card. When
used without the force options, the command might do an INQUIRE
like this:
INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>
The client should just send an "END" if the processing should go on
or a "CANCEL" to force the function to terminate with a Cancel
error message.
With the option --keypairinfo only KEYPARIINFO lstatus lines are
returned.
The response of this command is a list of status lines formatted as
this:
S APPTYPE <apptype>
This returns the type of the application, currently the strings:
P15 = PKCS-15 structure used
DINSIG = DIN SIG
OPENPGP = OpenPGP card
NKS = NetKey card
are implemented. These strings are aliases for the AID
S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>
If there is no certificate yet stored on the card a single "X" is
returned as the keygrip. In addition to the keypair info, information
about all certificates stored on the card is also returned:
S CERTINFO <certtype> <hexstring_with_id>
Where CERTTYPE is a number indicating the type of certificate:
0 := Unknown
100 := Regular X.509 cert
101 := Trusted X.509 cert
102 := Useful X.509 cert
110 := Root CA cert in a special format (e.g. DINSIG)
111 := Root CA cert as standard X509 cert.
For certain cards, more information will be returned:
S KEY-FPR <no> <hexstring>
For OpenPGP cards this returns the stored fingerprints of the
keys. This can be used check whether a key is available on the
card. NO may be 1, 2 or 3.
S CA-FPR <no> <hexstring>
Similar to above, these are the fingerprints of keys assumed to be
ultimately trusted.
S DISP-NAME <name_of_card_holder>
The name of the card holder as stored on the card; percent
escaping takes place, spaces are encoded as '+'
S PUBKEY-URL <url>
The URL to be used for locating the entire public key.
Note, that this function may even be used on a locked card.
*/
static int
static const char hlp_learn[] =
"LEARN [--force] [--keypairinfo]\n"
"\n"
"Learn all useful information of the currently inserted card. When\n"
"used without the force options, the command might do an INQUIRE\n"
"like this:\n"
"\n"
" INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>\n"
"\n"
"The client should just send an \"END\" if the processing should go on\n"
"or a \"CANCEL\" to force the function to terminate with a Cancel\n"
"error message.\n"
"\n"
"With the option --keypairinfo only KEYPARIINFO lstatus lines are\n"
"returned.\n"
"\n"
"The response of this command is a list of status lines formatted as\n"
"this:\n"
"\n"
" S APPTYPE <apptype>\n"
"\n"
"This returns the type of the application, currently the strings:\n"
"\n"
" P15 = PKCS-15 structure used\n"
" DINSIG = DIN SIG\n"
" OPENPGP = OpenPGP card\n"
" NKS = NetKey card\n"
"\n"
"are implemented. These strings are aliases for the AID\n"
"\n"
" S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>\n"
"\n"
"If there is no certificate yet stored on the card a single 'X' is\n"
"returned as the keygrip. In addition to the keypair info, information\n"
"about all certificates stored on the card is also returned:\n"
"\n"
" S CERTINFO <certtype> <hexstring_with_id>\n"
"\n"
"Where CERTTYPE is a number indicating the type of certificate:\n"
" 0 := Unknown\n"
" 100 := Regular X.509 cert\n"
" 101 := Trusted X.509 cert\n"
" 102 := Useful X.509 cert\n"
" 110 := Root CA cert in a special format (e.g. DINSIG)\n"
" 111 := Root CA cert as standard X509 cert.\n"
"\n"
"For certain cards, more information will be returned:\n"
"\n"
" S KEY-FPR <no> <hexstring>\n"
"\n"
"For OpenPGP cards this returns the stored fingerprints of the\n"
"keys. This can be used check whether a key is available on the\n"
"card. NO may be 1, 2 or 3.\n"
"\n"
" S CA-FPR <no> <hexstring>\n"
"\n"
"Similar to above, these are the fingerprints of keys assumed to be\n"
"ultimately trusted.\n"
"\n"
" S DISP-NAME <name_of_card_holder>\n"
"\n"
"The name of the card holder as stored on the card; percent\n"
"escaping takes place, spaces are encoded as '+'\n"
"\n"
" S PUBKEY-URL <url>\n"
"\n"
"The URL to be used for locating the entire public key.\n"
" \n"
"Note, that this function may even be used on a locked card.";
static gpg_error_t
cmd_learn (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -658,11 +658,11 @@ cmd_learn (assuan_context_t ctx, char *line)
/* READCERT <hexified_certid>|<keyid>
Note, that this function may even be used on a locked card.
*/
static int
static const char hlp_readcert[] =
"READCERT <hexified_certid>|<keyid>\n"
"\n"
"Note, that this function may even be used on a locked card.";
static gpg_error_t
cmd_readcert (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -692,14 +692,14 @@ cmd_readcert (assuan_context_t ctx, char *line)
}
/* READKEY <keyid>
Return the public key for the given cert or key ID as an standard
S-Expression.
Note, that this function may even be used on a locked card.
*/
static int
static const char hlp_readkey[] =
"READKEY <keyid>\n"
"\n"
"Return the public key for the given cert or key ID as a standard\n"
"S-expression.\n"
"\n"
"Note, that this function may even be used on a locked card.";
static gpg_error_t
cmd_readkey (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -775,12 +775,11 @@ cmd_readkey (assuan_context_t ctx, char *line)
/* SETDATA <hexstring>
The client should use this command to tell us the data he want to
sign. */
static int
static const char hlp_setdata[] =
"SETDATA <hexstring> \n"
"\n"
"The client should use this command to tell us the data he want to sign.";
static gpg_error_t
cmd_setdata (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -873,12 +872,11 @@ pin_cb (void *opaque, const char *info, char **retstr)
}
/* PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>
The --hash option is optional; the default is SHA1.
*/
static int
static const char hlp_pksign[] =
"PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>\n"
"\n"
"The --hash option is optional; the default is SHA1.";
static gpg_error_t
cmd_pksign (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -945,10 +943,10 @@ cmd_pksign (assuan_context_t ctx, char *line)
return rc;
}
/* PKAUTH <hexified_id>
*/
static int
static const char hlp_pkauth[] =
"PKAUTH <hexified_id>";
static gpg_error_t
cmd_pkauth (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -995,10 +993,10 @@ cmd_pkauth (assuan_context_t ctx, char *line)
return rc;
}
/* PKDECRYPT <hexified_id>
*/
static int
static const char hlp_pkdecrypt[] =
"PKDECRYPT <hexified_id>";
static gpg_error_t
cmd_pkdecrypt (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1040,19 +1038,19 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
}
/* GETATTR <name>
This command is used to retrieve data from a smartcard. The
allowed names depend on the currently selected smartcard
application. NAME must be percent and '+' escaped. The value is
returned through status message, see the LEARN command for details.
However, the current implementation assumes that Name is not escaped;
this works as long as noone uses arbitrary escaping.
Note, that this function may even be used on a locked card.
*/
static int
static const char hlp_getattr[] =
"GETATTR <name>\n"
"\n"
"This command is used to retrieve data from a smartcard. The\n"
"allowed names depend on the currently selected smartcard\n"
"application. NAME must be percent and '+' escaped. The value is\n"
"returned through status message, see the LEARN command for details.\n"
"\n"
"However, the current implementation assumes that Name is not escaped;\n"
"this works as long as noone uses arbitrary escaping. \n"
"\n"
"Note, that this function may even be used on a locked card.";
static gpg_error_t
cmd_getattr (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1079,19 +1077,20 @@ cmd_getattr (assuan_context_t ctx, char *line)
}
/* SETATTR <name> <value>
This command is used to store data on a a smartcard. The allowed
names and values are depend on the currently selected smartcard
application. NAME and VALUE must be percent and '+' escaped.
However, the current implementation assumes that NAME is not
escaped; this works as long as noone uses arbitrary escaping.
A PIN will be requested for most NAMEs. See the corresponding
setattr function of the actually used application (app-*.c) for
details. */
static int
static const char hlp_setattr[] =
"SETATTR <name> <value> \n"
"\n"
"This command is used to store data on a a smartcard. The allowed\n"
"names and values are depend on the currently selected smartcard\n"
"application. NAME and VALUE must be percent and '+' escaped.\n"
"\n"
"However, the current implementation assumes that NAME is not\n"
"escaped; this works as long as noone uses arbitrary escaping.\n"
"\n"
"A PIN will be requested for most NAMEs. See the corresponding\n"
"setattr function of the actually used application (app-*.c) for\n"
"details.";
static gpg_error_t
cmd_setattr (assuan_context_t ctx, char *orig_line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1131,18 +1130,18 @@ cmd_setattr (assuan_context_t ctx, char *orig_line)
}
/* WRITECERT <hexified_certid>
This command is used to store a certifciate on a smartcard. The
allowed certids depend on the currently selected smartcard
application. The actual certifciate is requested using the inquiry
"CERTDATA" and needs to be provided in its raw (e.g. DER) form.
In almost all cases a a PIN will be requested. See the related
writecert function of the actually used application (app-*.c) for
details. */
static int
static const char hlp_writecert[] =
"WRITECERT <hexified_certid>\n"
"\n"
"This command is used to store a certifciate on a smartcard. The\n"
"allowed certids depend on the currently selected smartcard\n"
"application. The actual certifciate is requested using the inquiry\n"
"\"CERTDATA\" and needs to be provided in its raw (e.g. DER) form.\n"
"\n"
"In almost all cases a a PIN will be requested. See the related\n"
"writecert function of the actually used application (app-*.c) for\n"
"details.";
static gpg_error_t
cmd_writecert (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1193,21 +1192,21 @@ cmd_writecert (assuan_context_t ctx, char *line)
}
/* WRITEKEY [--force] <keyid>
This command is used to store a secret key on a a smartcard. The
allowed keyids depend on the currently selected smartcard
application. The actual keydata is requested using the inquiry
"KEYDATA" and need to be provided without any protection. With
--force set an existing key under this KEYID will get overwritten.
The keydata is expected to be the usual canonical encoded
S-expression.
A PIN will be requested for most NAMEs. See the corresponding
writekey function of the actually used application (app-*.c) for
details. */
static int
static const char hlp_writekey[] =
"WRITEKEY [--force] <keyid> \n"
"\n"
"This command is used to store a secret key on a a smartcard. The\n"
"allowed keyids depend on the currently selected smartcard\n"
"application. The actual keydata is requested using the inquiry\n"
"\"KEYDATA\" and need to be provided without any protection. With\n"
"--force set an existing key under this KEYID will get overwritten.\n"
"The keydata is expected to be the usual canonical encoded\n"
"S-expression.\n"
"\n"
"A PIN will be requested for most NAMEs. See the corresponding\n"
"writekey function of the actually used application (app-*.c) for\n"
"details.";
static gpg_error_t
cmd_writekey (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1260,30 +1259,28 @@ cmd_writekey (assuan_context_t ctx, char *line)
}
/* GENKEY [--force] [--timestamp=<isodate>] <no>
Generate a key on-card identified by NO, which is application
specific. Return values are application specific. For OpenPGP
cards 2 status lines are returned:
S KEY-FPR <hexstring>
S KEY-CREATED-AT <seconds_since_epoch>
S KEY-DATA [p|n] <hexdata>
--force is required to overwrite an already existing key. The
KEY-CREATED-AT is required for further processing because it is
part of the hashed key material for the fingerprint.
If --timestamp is given an OpenPGP key will be created using this
value. The value needs to be in ISO Format; e.g.
"--timestamp=20030316T120000" and after 1970-01-01 00:00:00.
The public part of the key can also later be retrieved using the
READKEY command.
*/
static int
static const char hlp_genkey[] =
"GENKEY [--force] [--timestamp=<isodate>] <no>\n"
"\n"
"Generate a key on-card identified by NO, which is application\n"
"specific. Return values are application specific. For OpenPGP\n"
"cards 2 status lines are returned:\n"
"\n"
" S KEY-FPR <hexstring>\n"
" S KEY-CREATED-AT <seconds_since_epoch>\n"
" S KEY-DATA [p|n] <hexdata>\n"
"\n"
"--force is required to overwrite an already existing key. The\n"
"KEY-CREATED-AT is required for further processing because it is\n"
"part of the hashed key material for the fingerprint.\n"
"\n"
"If --timestamp is given an OpenPGP key will be created using this\n"
"value. The value needs to be in ISO Format; e.g.\n"
"\"--timestamp=20030316T120000\" and after 1970-01-01 00:00:00.\n"
"\n"
"The public part of the key can also later be retrieved using the\n"
"READKEY command.";
static gpg_error_t
cmd_genkey (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1336,13 +1333,15 @@ cmd_genkey (assuan_context_t ctx, char *line)
}
/* RANDOM <nbytes>
Get NBYTES of random from the card and send them back as data.
Note, that this function may be even be used on a locked card.
*/
static int
static const char hlp_random[] =
"RANDOM <nbytes>\n"
"\n"
"Get NBYTES of random from the card and send them back as data.\n"
"This usually involves EEPROM write on the card and thus excessive\n"
"use of this command may destroy the card.\n"
"\n"
"Note, that this function may be even be used on a locked card.";
static gpg_error_t
cmd_random (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1351,7 +1350,8 @@ cmd_random (assuan_context_t ctx, char *line)
unsigned char *buffer;
if (!*line)
return set_error (GPG_ERR_ASS_PARAMETER, "number of requested bytes missing");
return set_error (GPG_ERR_ASS_PARAMETER,
"number of requested bytes missing");
nbytes = strtoul (line, NULL, 0);
if ((rc = open_card (ctrl, NULL)))
@ -1377,14 +1377,16 @@ cmd_random (assuan_context_t ctx, char *line)
return rc;
}
/* PASSWD [--reset] [--nullpin] <chvno>
Change the PIN or, if --reset is given, reset the retry counter of
the card holder verfication vector CHVNO. The option --nullpin is
used for TCOS cards to set the initial PIN. The format of CHVNO
depends on the card application. */
static int
static const char hlp_passwd[] =
"PASSWD [--reset] [--nullpin] <chvno>\n"
"\n"
"Change the PIN or, if --reset is given, reset the retry counter of\n"
"the card holder verfication vector CHVNO. The option --nullpin is\n"
"used for TCOS cards to set the initial PIN. The format of CHVNO\n"
"depends on the card application.";
static gpg_error_t
cmd_passwd (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1428,40 +1430,39 @@ cmd_passwd (assuan_context_t ctx, char *line)
}
/* CHECKPIN <idstr>
Perform a VERIFY operation without doing anything else. This may
be used to initialize a the PIN cache earlier to long lasting
operations. Its use is highly application dependent.
For OpenPGP:
Perform a simple verify operation for CHV1 and CHV2, so that
further operations won't ask for CHV2 and it is possible to do a
cheap check on the PIN: If there is something wrong with the PIN
entry system, only the regular CHV will get blocked and not the
dangerous CHV3. IDSTR is the usual card's serial number in hex
notation; an optional fingerprint part will get ignored. There
is however a special mode if the IDSTR is sffixed with the
literal string "[CHV3]": In this case the Admin PIN is checked
if and only if the retry counter is still at 3.
For Netkey:
Any of the valid PIN Ids may be used. These are the strings:
PW1.CH - Global password 1
PW2.CH - Global password 2
PW1.CH.SIG - SigG password 1
PW2.CH.SIG - SigG password 2
For a definitive list, see the implementation in app-nks.c.
Note that we call a PW2.* PIN a "PUK" despite that since TCOS
3.0 they are technically alternative PINs used to mutally
unblock each other.
*/
static int
static const char hlp_checkpin[] =
"CHECKPIN <idstr>\n"
"\n"
"Perform a VERIFY operation without doing anything else. This may\n"
"be used to initialize a the PIN cache earlier to long lasting\n"
"operations. Its use is highly application dependent.\n"
"\n"
"For OpenPGP:\n"
"\n"
" Perform a simple verify operation for CHV1 and CHV2, so that\n"
" further operations won't ask for CHV2 and it is possible to do a\n"
" cheap check on the PIN: If there is something wrong with the PIN\n"
" entry system, only the regular CHV will get blocked and not the\n"
" dangerous CHV3. IDSTR is the usual card's serial number in hex\n"
" notation; an optional fingerprint part will get ignored. There\n"
" is however a special mode if the IDSTR is sffixed with the\n"
" literal string \"[CHV3]\": In this case the Admin PIN is checked\n"
" if and only if the retry counter is still at 3.\n"
"\n"
"For Netkey:\n"
"\n"
" Any of the valid PIN Ids may be used. These are the strings:\n"
"\n"
" PW1.CH - Global password 1\n"
" PW2.CH - Global password 2\n"
" PW1.CH.SIG - SigG password 1\n"
" PW2.CH.SIG - SigG password 2\n"
"\n"
" For a definitive list, see the implementation in app-nks.c.\n"
" Note that we call a PW2.* PIN a \"PUK\" despite that since TCOS\n"
" 3.0 they are technically alternative PINs used to mutally\n"
" unblock each other.";
static gpg_error_t
cmd_checkpin (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1494,17 +1495,17 @@ cmd_checkpin (assuan_context_t ctx, char *line)
}
/* LOCK [--wait]
Grant exclusive card access to this session. Note that there is
no lock counter used and a second lock from the same session will
be ignored. A single unlock (or RESET) unlocks the session.
Return GPG_ERR_LOCKED if another session has locked the reader.
If the option --wait is given the command will wait until a
lock has been released.
*/
static int
static const char hlp_lock[] =
"LOCK [--wait]\n"
"\n"
"Grant exclusive card access to this session. Note that there is\n"
"no lock counter used and a second lock from the same session will\n"
"be ignored. A single unlock (or RESET) unlocks the session.\n"
"Return GPG_ERR_LOCKED if another session has locked the reader.\n"
"\n"
"If the option --wait is given the command will wait until a\n"
"lock has been released.";
static gpg_error_t
cmd_lock (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1538,11 +1539,11 @@ cmd_lock (assuan_context_t ctx, char *line)
}
/* UNLOCK
Release exclusive card access.
*/
static int
static const char hlp_unlock[] =
"UNLOCK\n"
"\n"
"Release exclusive card access.";
static gpg_error_t
cmd_unlock (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1566,35 +1567,34 @@ cmd_unlock (assuan_context_t ctx, char *line)
}
/* GETINFO <what>
Multi purpose command to return certain information.
Supported values of WHAT are:
version - Return the version of the program.
pid - Return the process id of the server.
socket_name - Return the name of the socket.
status - Return the status of the current slot (in the future, may
also return the status of all slots). The status is a list of
one-character flags. The following flags are currently defined:
'u' Usable card present. This is the normal state during operation.
'r' Card removed. A reset is necessary.
These flags are exclusive.
reader_list - Return a list of detected card readers. Does
currently only work with the internal CCID driver.
deny_admin - Returns OK if admin commands are not allowed or
GPG_ERR_GENERAL if admin commands are allowed.
app_list - Return a list of supported applications. One
application per line, fields delimited by colons,
first field is the name.
*/
static int
static const char hlp_getinfo[] =
"GETINFO <what>\n"
"\n"
"Multi purpose command to return certain information. \n"
"Supported values of WHAT are:\n"
"\n"
"version - Return the version of the program.\n"
"pid - Return the process id of the server.\n"
"\n"
"socket_name - Return the name of the socket.\n"
"\n"
"status - Return the status of the current slot (in the future, may\n"
"also return the status of all slots). The status is a list of\n"
"one-character flags. The following flags are currently defined:\n"
" 'u' Usable card present. This is the normal state during operation.\n"
" 'r' Card removed. A reset is necessary.\n"
"These flags are exclusive.\n"
"\n"
"reader_list - Return a list of detected card readers. Does\n"
" currently only work with the internal CCID driver.\n"
"\n"
"deny_admin - Returns OK if admin commands are not allowed or\n"
" GPG_ERR_GENERAL if admin commands are allowed.\n"
"\n"
"app_list - Return a list of supported applications. One\n"
" application per line, fields delimited by colons,\n"
" first field is the name.";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
int rc = 0;
@ -1674,18 +1674,17 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
/* RESTART
Restart the current connection; this is a kind of warm reset. It
deletes the context used by this connection but does not send a
RESET to the card. Thus the card itself won't get reset.
This is used by gpg-agent to reuse a primary pipe connection and
may be used by clients to backup from a conflict in the serial
command; i.e. to select another application.
*/
static int
static const char hlp_restart[] =
"RESTART\n"
"\n"
"Restart the current connection; this is a kind of warm reset. It\n"
"deletes the context used by this connection but does not send a\n"
"RESET to the card. Thus the card itself won't get reset. \n"
"\n"
"This is used by gpg-agent to reuse a primary pipe connection and\n"
"may be used by clients to backup from a conflict in the serial\n"
"command; i.e. to select another application.";
static gpg_error_t
cmd_restart (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1706,12 +1705,12 @@ cmd_restart (assuan_context_t ctx, char *line)
}
/* DISCONNECT
Disconnect the card if it is not any longer used by other
connections and the backend supports a disconnect operation.
*/
static int
static const char hlp_disconnect[] =
"DISCONNECT\n"
"\n"
"Disconnect the card if it is not any longer used by other\n"
"connections and the backend supports a disconnect operation.";
static gpg_error_t
cmd_disconnect (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1724,26 +1723,26 @@ cmd_disconnect (assuan_context_t ctx, char *line)
/* APDU [--atr] [--more] [--exlen[=N]] [hexstring]
Send an APDU to the current reader. This command bypasses the high
level functions and sends the data directly to the card. HEXSTRING
is expected to be a proper APDU. If HEXSTRING is not given no
commands are set to the card but the command will implictly check
whether the card is ready for use.
Using the option "--atr" returns the ATR of the card as a status
message before any data like this:
S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1
Using the option --more handles the card status word MORE_DATA
(61xx) and concatenates all reponses to one block.
Using the option "--exlen" the returned APDU may use extended
length up to N bytes. If N is not given a default value is used
(currently 4096).
*/
static int
static const char hlp_apdu[] =
"APDU [--atr] [--more] [--exlen[=N]] [hexstring]\n"
"\n"
"Send an APDU to the current reader. This command bypasses the high\n"
"level functions and sends the data directly to the card. HEXSTRING\n"
"is expected to be a proper APDU. If HEXSTRING is not given no\n"
"commands are set to the card but the command will implictly check\n"
"whether the card is ready for use. \n"
"\n"
"Using the option \"--atr\" returns the ATR of the card as a status\n"
"message before any data like this:\n"
" S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1\n"
"\n"
"Using the option --more handles the card status word MORE_DATA\n"
"(61xx) and concatenates all reponses to one block.\n"
"\n"
"Using the option \"--exlen\" the returned APDU may use extended\n"
"length up to N bytes. If N is not given a default value is used\n"
"(currently 4096).";
static gpg_error_t
cmd_apdu (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1823,8 +1822,11 @@ cmd_apdu (assuan_context_t ctx, char *line)
}
/* KILLSCD - Commit suicide. */
static int
static const char hlp_killscd[] =
"KILLSCD\n"
"\n"
"Commit suicide.";
static gpg_error_t
cmd_killscd (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1843,40 +1845,42 @@ register_commands (assuan_context_t ctx)
{
static struct {
const char *name;
int (*handler)(assuan_context_t, char *line);
assuan_handler_t handler;
const char * const help;
} table[] = {
{ "SERIALNO", cmd_serialno },
{ "LEARN", cmd_learn },
{ "READCERT", cmd_readcert },
{ "READKEY", cmd_readkey },
{ "SETDATA", cmd_setdata },
{ "PKSIGN", cmd_pksign },
{ "PKAUTH", cmd_pkauth },
{ "PKDECRYPT", cmd_pkdecrypt },
{ "SERIALNO", cmd_serialno, hlp_serialno },
{ "LEARN", cmd_learn, hlp_learn },
{ "READCERT", cmd_readcert, hlp_readcert },
{ "READKEY", cmd_readkey, hlp_readkey },
{ "SETDATA", cmd_setdata, hlp_setdata },
{ "PKSIGN", cmd_pksign, hlp_pksign },
{ "PKAUTH", cmd_pkauth, hlp_pkauth },
{ "PKDECRYPT", cmd_pkdecrypt,hlp_pkdecrypt },
{ "INPUT", NULL },
{ "OUTPUT", NULL },
{ "GETATTR", cmd_getattr },
{ "SETATTR", cmd_setattr },
{ "WRITECERT", cmd_writecert },
{ "WRITEKEY", cmd_writekey },
{ "GENKEY", cmd_genkey },
{ "RANDOM", cmd_random },
{ "PASSWD", cmd_passwd },
{ "CHECKPIN", cmd_checkpin },
{ "LOCK", cmd_lock },
{ "UNLOCK", cmd_unlock },
{ "GETINFO", cmd_getinfo },
{ "RESTART", cmd_restart },
{ "DISCONNECT", cmd_disconnect },
{ "APDU", cmd_apdu },
{ "KILLSCD", cmd_killscd },
{ "GETATTR", cmd_getattr, hlp_getattr },
{ "SETATTR", cmd_setattr, hlp_setattr },
{ "WRITECERT", cmd_writecert,hlp_writecert },
{ "WRITEKEY", cmd_writekey, hlp_writekey },
{ "GENKEY", cmd_genkey, hlp_genkey },
{ "RANDOM", cmd_random, hlp_random },
{ "PASSWD", cmd_passwd, hlp_passwd },
{ "CHECKPIN", cmd_checkpin, hlp_checkpin },
{ "LOCK", cmd_lock, hlp_lock },
{ "UNLOCK", cmd_unlock, hlp_unlock },
{ "GETINFO", cmd_getinfo, hlp_getinfo },
{ "RESTART", cmd_restart, hlp_restart },
{ "DISCONNECT", cmd_disconnect,hlp_disconnect },
{ "APDU", cmd_apdu, hlp_apdu },
{ "KILLSCD", cmd_killscd, hlp_killscd },
{ NULL }
};
int i, rc;
for (i=0; table[i].name; i++)
{
rc = assuan_register_command (ctx, table[i].name, table[i].handler);
rc = assuan_register_command (ctx, table[i].name, table[i].handler,
table[i].help);
if (rc)
return rc;
}
@ -1895,20 +1899,29 @@ int
scd_command_handler (ctrl_t ctrl, int fd)
{
int rc;
assuan_context_t ctx;
assuan_context_t ctx = NULL;
int stopme;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("failed to allocate assuan context: %s\n",
gpg_strerror (rc));
scd_exit (2);
}
if (fd == -1)
{
int filedes[2];
assuan_fd_t filedes[2];
filedes[0] = 0;
filedes[1] = 1;
rc = assuan_init_pipe_server (&ctx, filedes);
filedes[0] = assuan_fdopen (0);
filedes[1] = assuan_fdopen (1);
rc = assuan_init_pipe_server (ctx, filedes);
}
else
{
rc = assuan_init_socket_server_ext (&ctx, INT2FD(fd), 2);
rc = assuan_init_socket_server (ctx, INT2FD(fd),
ASSUAN_SOCKET_SERVER_ACCEPTED);
}
if (rc)
{
@ -1987,7 +2000,7 @@ scd_command_handler (ctrl_t ctrl, int fd)
ctrl->server_local = NULL;
/* Release the Assuan context. */
assuan_deinit_server (ctx);
assuan_release (ctx);
if (stopme)
scd_exit (0);

16
scd/scdaemon.c
View File

@ -53,7 +53,6 @@
#include "mkdtemp.h"
#include "gc-opt-flags.h"
enum cmd_and_opt_values
{ aNull = 0,
oCsh = 'c',
@ -204,6 +203,8 @@ static void *start_connection_thread (void *arg);
static void handle_connections (int listen_fd);
/* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL;
static int fixed_gcry_pth_init (void)
{
@ -393,7 +394,8 @@ main (int argc, char **argv )
const char *config_filename = NULL;
int allow_coredump = 0;
int standard_socket = 0;
struct assuan_malloc_hooks malloc_hooks;
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
/* Please note that we may running SUID(ROOT), so be very CAREFUL
@ -426,10 +428,14 @@ main (int argc, char **argv )
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
assuan_set_assuan_log_stream (log_get_stream ());
malloc_hooks.malloc = gcry_malloc;
malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_set_system_hooks (ASSUAN_SYSTEM_PTH);
assuan_sock_init ();
setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);

33
sm/ChangeLog
View File

@ -1,3 +1,36 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25,
2009-12-08:
* call-agent.c (membuf_data_cb, default_inq_cb)
(inq_ciphertext_cb, scd_serialno_status_cb)
(scd_keypairinfo_status_cb, istrusted_status_cb)
(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
* server.c (reset_notify, input_notify, output_notify): Update to
new assuan interface.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Use assuan_handler_t. Same for member HANDLER
in table. Add NULL arg to assuan_register_command. Add help arg to
assuan_register_command. Provide help strings for all commands.
(gpgsm_server): Allocate assuan context before starting server.
Use assuan_fd_t and assuan_fdopen on fds.
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server. Update use ofassuan_pipe_connect and assuan_socket_connect.
Convert posix fd to assuan fd.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
2009-12-10 Werner Koch <wk@g10code.com>
* gpgsm.c: Add option --ignore-cert-extension.

20
sm/call-agent.c
View File

@ -111,7 +111,7 @@ start_agent (ctrl_t ctrl)
static int
static gpg_error_t
membuf_data_cb (void *opaque, const void *buffer, size_t length)
{
membuf_t *data = opaque;
@ -124,7 +124,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
/* This is the default inquiry callback. It mainly handles the
Pinentry notifications. */
static int
static gpg_error_t
default_inq_cb (void *opaque, const char *line)
{
gpg_error_t err;
@ -301,7 +301,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
assuan_transact talkes care of flushing and writing the end */
static int
static gpg_error_t
inq_ciphertext_cb (void *opaque, const char *line)
{
struct cipher_parm_s *parm = opaque;
@ -423,7 +423,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
/* Handle a KEYPARMS inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */
static int
static gpg_error_t
inq_genkey_parms (void *opaque, const char *line)
{
struct genkey_parm_s *parm = opaque;
@ -561,7 +561,7 @@ store_serialno (const char *line)
/* Callback for the gpgsm_agent_serialno fucntion. */
static int
static gpg_error_t
scd_serialno_status_cb (void *opaque, const char *line)
{
char **r_serialno = opaque;
@ -613,7 +613,7 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
/* Callback for the gpgsm_agent_serialno fucntion. */
static int
static gpg_error_t
scd_keypairinfo_status_cb (void *opaque, const char *line)
{
strlist_t *listaddr = opaque;
@ -681,7 +681,7 @@ gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
static int
static gpg_error_t
istrusted_status_cb (void *opaque, const char *line)
{
struct rootca_flags_s *flags = opaque;
@ -812,7 +812,7 @@ gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
}
static int
static gpg_error_t
learn_status_cb (void *opaque, const char *line)
{
struct learn_parm_s *parm = opaque;
@ -831,7 +831,7 @@ learn_status_cb (void *opaque, const char *line)
return 0;
}
static int
static gpg_error_t
learn_cb (void *opaque, const void *buffer, size_t length)
{
struct learn_parm_s *parm = opaque;
@ -1002,7 +1002,7 @@ gpgsm_agent_send_nop (ctrl_t ctrl)
static int
static gpg_error_t
keyinfo_status_cb (void *opaque, const char *line)
{
char **serialno = opaque;

38
sm/call-dirmngr.c
View File

@ -159,6 +159,9 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
}
audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
if (!ctx || err)
return;
server = opt.keyserver;
while (server)
{
@ -188,7 +191,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
{
int rc;
char *infostr, *p;
assuan_context_t ctx;
assuan_context_t ctx = NULL;
int try_default = 0;
if (opt.disable_dirmngr)
@ -216,6 +219,14 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
infostr = xstrdup (dirmngr_socket_name ());
try_default = 1;
}
rc = assuan_new (&ctx);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
return rc;
}
if (!infostr)
{
const char *pgmname;
@ -247,13 +258,13 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
i=0;
if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd ();
no_close_list[i++] = fileno (stderr);
no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
no_close_list[i] = -1;
/* connect to the agent and perform initial handshaking */
rc = assuan_pipe_connect (&ctx, opt.dirmngr_program, argv,
no_close_list);
rc = assuan_pipe_connect (ctx, opt.dirmngr_program, argv,
no_close_list, NULL, NULL, 0);
}
else
{
@ -286,7 +297,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
else
pid = -1;
rc = assuan_socket_connect (&ctx, infostr, pid);
rc = assuan_socket_connect (ctx, infostr, pid, 0);
#ifdef HAVE_W32_SYSTEM
if (rc)
log_debug ("connecting dirmngr at `%s' failed\n", infostr);
@ -307,6 +318,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
if (rc)
{
assuan_release (ctx);
log_error ("can't connect to the dirmngr: %s\n", gpg_strerror (rc));
return gpg_error (GPG_ERR_NO_DIRMNGR);
}
@ -376,7 +388,7 @@ release_dirmngr2 (ctrl_t ctrl)
/* Handle a SENDCERT inquiry. */
static int
static gpg_error_t
inq_certificate (void *opaque, const char *line)
{
struct inq_certificate_parm_s *parm = opaque;
@ -504,7 +516,7 @@ unhexify_fpr (const char *hexstr, unsigned char *fpr)
}
static assuan_error_t
static gpg_error_t
isvalid_status_cb (void *opaque, const char *line)
{
struct isvalid_status_parm_s *parm = opaque;
@ -677,7 +689,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
/* Lookup helpers*/
static int
static gpg_error_t
lookup_cb (void *opaque, const void *buffer, size_t length)
{
struct lookup_parm_s *parm = opaque;
@ -783,7 +795,7 @@ pattern_from_strlist (strlist_t names)
return pattern;
}
static int
static gpg_error_t
lookup_status_cb (void *opaque, const char *line)
{
struct lookup_parm_s *parm = opaque;
@ -889,7 +901,7 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
/* Run Command helpers*/
/* Fairly simple callback to write all output of dirmngr to stdout. */
static int
static gpg_error_t
run_command_cb (void *opaque, const void *buffer, size_t length)
{
(void)opaque;
@ -903,7 +915,7 @@ run_command_cb (void *opaque, const void *buffer, size_t length)
}
/* Handle inquiries from the dirmngr COMMAND. */
static int
static gpg_error_t
run_command_inq_cb (void *opaque, const char *line)
{
struct run_command_parm_s *parm = opaque;
@ -950,7 +962,7 @@ run_command_inq_cb (void *opaque, const char *line)
return rc;
}
static int
static gpg_error_t
run_command_status_cb (void *opaque, const char *line)
{
ctrl_t ctrl = opaque;

9
sm/gpgsm.c
View File

@ -884,6 +884,7 @@ main ( int argc, char **argv)
int recp_required = 0;
estream_t auditfp = NULL;
estream_t htmlauditfp = NULL;
struct assuan_malloc_hooks malloc_hooks;
/*mtrace();*/
@ -970,10 +971,12 @@ main ( int argc, char **argv)
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
assuan_set_assuan_log_stream (log_get_stream ());
malloc_hooks.malloc = gcry_malloc;
malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);

393
sm/server.c
View File

@ -27,9 +27,8 @@
#include <ctype.h>
#include <unistd.h>
#include <assuan.h>
#include "gpgsm.h"
#include <assuan.h>
#include "sysutils.h"
#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
@ -183,7 +182,7 @@ start_audit_session (ctrl_t ctrl)
}
static int
static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -309,11 +308,13 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
}
static void
reset_notify (assuan_context_t ctx)
static gpg_error_t
reset_notify (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void) line;
gpgsm_release_certlist (ctrl->server_local->recplist);
gpgsm_release_certlist (ctrl->server_local->signerlist);
ctrl->server_local->recplist = NULL;
@ -321,11 +322,12 @@ reset_notify (assuan_context_t ctx)
close_message_fd (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
return 0;
}
static void
input_notify (assuan_context_t ctx, const char *line)
static gpg_error_t
input_notify (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -340,10 +342,11 @@ input_notify (assuan_context_t ctx, const char *line)
;
else
ctrl->autodetect_encoding = 1;
return 0;
}
static void
output_notify (assuan_context_t ctx, const char *line)
static gpg_error_t
output_notify (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -353,22 +356,23 @@ output_notify (assuan_context_t ctx, const char *line)
ctrl->create_pem = 1;
else if (strstr (line, "--base64"))
ctrl->create_base64 = 1; /* just the raw output */
return 0;
}
/* RECIPIENT <userID>
Set the recipient for the encryption. <userID> should be the
internal representation of the key; the server may accept any other
way of specification [we will support this]. If this is a valid and
trusted recipient the server does respond with OK, otherwise the
return is an ERR with the reason why the recipient can't be used,
the encryption will then not be done for this recipient. If the
policy is not to encrypt at all if not all recipients are valid, the
client has to take care of this. All RECIPIENT commands are
cumulative until a RESET or an successful ENCRYPT command. */
static int
static const char hlp_recipient[] =
"RECIPIENT <userID>\n"
"\n"
"Set the recipient for the encryption. USERID shall be the\n"
"internal representation of the key; the server may accept any other\n"
"way of specification [we will support this]. If this is a valid and\n"
"trusted recipient the server does respond with OK, otherwise the\n"
"return is an ERR with the reason why the recipient can't be used,\n"
"the encryption will then not be done for this recipient. If the\n"
"policy is not to encrypt at all if not all recipients are valid, the\n"
"client has to take care of this. All RECIPIENT commands are\n"
"cumulative until a RESET or an successful ENCRYPT command.";
static gpg_error_t
cmd_recipient (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -391,20 +395,22 @@ cmd_recipient (assuan_context_t ctx, char *line)
return rc;
}
/* SIGNER <userID>
Set the signer's keys for the signature creation. <userID> should
be the internal representation of the key; the server may accept any
other way of specification [we will support this]. If this is a
valid and usable signing key the server does respond with OK,
otherwise it returns an ERR with the reason why the key can't be
used, the signing will then not be done for this key. If the policy
is not to sign at all if not all signer keys are valid, the client
has to take care of this. All SIGNER commands are cumulative until
a RESET but they are *not* reset by an SIGN command becuase it can
be expected that set of signers are used for more than one sign
operation. */
static int
static const char hlp_signer[] =
"SIGNER <userID>\n"
"\n"
"Set the signer's keys for the signature creation. USERID should\n"
"be the internal representation of the key; the server may accept any\n"
"other way of specification [we will support this]. If this is a\n"
"valid and usable signing key the server does respond with OK,\n"
"otherwise it returns an ERR with the reason why the key can't be\n"
"used, the signing will then not be done for this key. If the policy\n"
"is not to sign at all if not all signer keys are valid, the client\n"
"has to take care of this. All SIGNER commands are cumulative until\n"
"a RESET but they are *not* reset by an SIGN command becuase it can\n"
"be expected that set of signers are used for more than one sign\n"
"operation.";
static gpg_error_t
cmd_signer (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -425,20 +431,21 @@ cmd_signer (assuan_context_t ctx, char *line)
}
/* ENCRYPT
Do the actual encryption process. Takes the plaintext from the INPUT
command, writes to the ciphertext to the file descriptor set with
the OUTPUT command, take the recipients form all the recipients set
so far. If this command fails the clients should try to delete all
output currently done or otherwise mark it as invalid. GPGSM does
ensure that there won't be any security problem with leftover data
on the output in this case.
This command should in general not fail, as all necessary checks
have been done while setting the recipients. The input and output
pipes are closed. */
static int
static const char hlp_encrypt[] =
"ENCRYPT \n"
"\n"
"Do the actual encryption process. Takes the plaintext from the INPUT\n"
"command, writes to the ciphertext to the file descriptor set with\n"
"the OUTPUT command, take the recipients form all the recipients set\n"
"so far. If this command fails the clients should try to delete all\n"
"output currently done or otherwise mark it as invalid. GPGSM does\n"
"ensure that there won't be any security problem with leftover data\n"
"on the output in this case.\n"
"\n"
"This command should in general not fail, as all necessary checks\n"
"have been done while setting the recipients. The input and output\n"
"pipes are closed.";
static gpg_error_t
cmd_encrypt (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -488,14 +495,15 @@ cmd_encrypt (assuan_context_t ctx, char *line)
}
/* DECRYPT
This performs the decrypt operation after doing some check on the
internal state. (e.g. that only needed data has been set). Because
it utilizes the GPG-Agent for the session key decryption, there is
no need to ask the client for a protecting passphrase - GpgAgent
does take care of this by requesting this from the user. */
static int
static const char hlp_decrypt[] =
"DECRYPT\n"
"\n"
"This performs the decrypt operation after doing some check on the\n"
"internal state. (e.g. that only needed data has been set). Because\n"
"it utilizes the GPG-Agent for the session key decryption, there is\n"
"no need to ask the client for a protecting passphrase - GPG-Agent\n"
"does take care of this by requesting this from the user.";
static gpg_error_t
cmd_decrypt (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -530,16 +538,16 @@ cmd_decrypt (assuan_context_t ctx, char *line)
}
/* VERIFY
This does a verify operation on the message send to the input-FD.
The result is written out using status lines. If an output FD was
given, the signed text will be written to that.
If the signature is a detached one, the server will inquire about
the signed material and the client must provide it.
*/
static int
static const char hlp_verify[] =
"VERIFY\n"
"\n"
"This does a verify operation on the message send to the input FD.\n"
"The result is written out using status lines. If an output FD was\n"
"given, the signed text will be written to that.\n"
"\n"
"If the signature is a detached one, the server will inquire about\n"
"the signed material and the client must provide it.";
static gpg_error_t
cmd_verify (assuan_context_t ctx, char *line)
{
int rc;
@ -576,12 +584,13 @@ cmd_verify (assuan_context_t ctx, char *line)
}
/* SIGN [--detached]
Sign the data set with the INPUT command and write it to the sink
set by OUTPUT. With "--detached" specified, a detached signature is
created (surprise). */
static int
static const char hlp_sign[] =
"SIGN [--detached]\n"
"\n"
"Sign the data set with the INPUT command and write it to the sink\n"
"set by OUTPUT. With \"--detached\", a detached signature is\n"
"created (surprise).";
static gpg_error_t
cmd_sign (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -618,18 +627,19 @@ cmd_sign (assuan_context_t ctx, char *line)
}
/* IMPORT [--re-import]
Import the certificates read form the input-fd, return status
message for each imported one. The import checks the validity of
the certificate but not of the entire chain. It is possible to
import expired certificates.
With the option --re-import the input data is expected to a be a LF
separated list of fingerprints. The command will re-import these
certificates, meaning that they are made permanent by removing
their ephemeral flag. */
static int
static const char hlp_import[] =
"IMPORT [--re-import]\n"
"\n"
"Import the certificates read form the input-fd, return status\n"
"message for each imported one. The import checks the validity of\n"
"the certificate but not of the entire chain. It is possible to\n"
"import expired certificates.\n"
"\n"
"With the option --re-import the input data is expected to a be a LF\n"
"separated list of fingerprints. The command will re-import these\n"
"certificates, meaning that they are made permanent by removing\n"
"their ephemeral flag.";
static gpg_error_t
cmd_import (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -653,11 +663,15 @@ cmd_import (assuan_context_t ctx, char *line)
}
/* EXPORT [--data [--armor|--base64]] [--] pattern
*/
static int
static const char hlp_export[] =
"EXPORT [--data [--armor|--base64]] [--] <pattern>\n"
"\n"
"Export the certificates selected by PATTERN. With --data the output\n"
"is returned using Assuan D lines; the default is to use the sink given\n"
"by the last \"OUTPUT\" command. The options --armor or --base64 encode \n"
"the output using the PEM respective a plain base-64 format; the default\n"
"is a binary format which is only suitable for a single certificate.";
static gpg_error_t
cmd_export (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -743,7 +757,14 @@ cmd_export (assuan_context_t ctx, char *line)
}
static int
static const char hlp_delkeys[] =
"DELKEYS <patterns>\n"
"\n"
"Delete the certificates specified by PATTERNS. Each pattern shall be\n"
"a percent-plus escaped certificate specification. Usually a\n"
"fingerprint will be used for this.";
static gpg_error_t
cmd_delkeys (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -787,11 +808,28 @@ cmd_delkeys (assuan_context_t ctx, char *line)
/* MESSAGE FD=<n>
Set the file descriptor to read a message which is used with
detached signatures */
static int
static const char hlp_output[] =
"OUTPUT FD[=<n>]\n"
"\n"
"Set the file descriptor to write the output data to N. If N is not\n"
"given and the operating system supports file descriptor passing, the\n"
"file descriptor currently in flight will be used. See also the\n"
"\"INPUT\" and \"MESSAGE\" commands.";
static const char hlp_input[] =
"INPUT FD[=<n>]\n"
"\n"
"Set the file descriptor to read the input data to N. If N is not\n"
"given and the operating system supports file descriptor passing, the\n"
"file descriptor currently in flight will be used. See also the\n"
"\"MESSAGE\" and \"OUTPUT\" commands.";
static const char hlp_message[] =
"MESSAGE FD[=<n>]\n"
"\n"
"Set the file descriptor to read the message for a detached\n"
"signatures to N. If N is not given and the operating system\n"
"supports file descriptor passing, the file descriptor currently in\n"
"flight will be used. See also the \"INPUT\" and \"OUTPUT\" commands.";
static gpg_error_t
cmd_message (assuan_context_t ctx, char *line)
{
int rc;
@ -809,11 +847,36 @@ cmd_message (assuan_context_t ctx, char *line)
return 0;
}
/* LISTKEYS [<patterns>]
DUMPKEYS [<patterns>]
LISTSECRETKEYS [<patterns>]
DUMPSECRETKEYS [<patterns>]
*/
static const char hlp_listkeys[] =
"LISTKEYS [<patterns>]\n"
"LISTSECRETKEYS [<patterns>]\n"
"DUMPKEYS [<patterns>]\n"
"DUMPSECRETKEYS [<patterns>]\n"
"\n"
"List all certificates or only those specified by PATTERNS. Each\n"
"pattern shall be a percent-plus escaped certificate specification.\n"
"The \"SECRET\" versions of the command filter the output to include\n"
"only certificates where the secret key is available or a corresponding\n"
"smartcard has been registered. The \"DUMP\" versions of the command\n"
"are only useful for debugging. The output format is a percent escaped\n"
"colon delimited listing as described in the manual.\n"
"\n"
"These \"OPTION\" command keys effect the output::\n"
"\n"
" \"list-mode\" set to 0: List only local certificates (default).\n"
" 1: Ditto.\n"
" 2: List only external certificates.\n"
" 3: List local and external certificates.\n"
"\n"
" \"with-validation\" set to true: Validate each certificate.\n"
"\n"
" \"with-ephemeral-key\" set to true: Always include ephemeral\n"
" certificates.\n"
"\n"
" \"list-to-output\" set to true: Write output to the file descriptor\n"
" given by the last \"OUTPUT\" command.";
static int
do_listkeys (assuan_context_t ctx, char *line, int mode)
{
@ -879,37 +942,38 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
return err;
}
static int
static gpg_error_t
cmd_listkeys (assuan_context_t ctx, char *line)
{
return do_listkeys (ctx, line, 3);
}
static int
static gpg_error_t
cmd_dumpkeys (assuan_context_t ctx, char *line)
{
return do_listkeys (ctx, line, 259);
}
static int
static gpg_error_t
cmd_listsecretkeys (assuan_context_t ctx, char *line)
{
return do_listkeys (ctx, line, 2);
}
static int
static gpg_error_t
cmd_dumpsecretkeys (assuan_context_t ctx, char *line)
{
return do_listkeys (ctx, line, 258);
}
/* GENKEY
Read the parameters in native format from the input fd and write a
certificate request to the output.
*/
static int
static const char hlp_genkey[] =
"GENKEY\n"
"\n"
"Read the parameters in native format from the input fd and write a\n"
"certificate request to the output.";
static gpg_error_t
cmd_genkey (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -949,17 +1013,15 @@ cmd_genkey (assuan_context_t ctx, char *line)
/* GETAUDITLOG [--data] [--html]
!!!WORK in PROGRESS!!!
If --data is used, the output is send using D-lines and not to the
source given by an OUTPUT command.
If --html is used the output is formated as an XHTML block. This is
designed to be incorporated into a HTML document.
*/
static int
static const char hlp_getauditlog[] =
"GETAUDITLOG [--data] [--html]\n"
"\n"
"If --data is used, the output is send using D-lines and not to the\n"
"file descriptor given by an OUTPUT command.\n"
"\n"
"If --html is used the output is formated as an XHTML block. This is\n"
"designed to be incorporated into a HTML document.";
static gpg_error_t
cmd_getauditlog (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1007,19 +1069,18 @@ cmd_getauditlog (assuan_context_t ctx, char *line)
}
/* GETINFO <what>
Multipurpose function to return a variety of information.
Supported values for WHAT are:
version - Return the version of the program.
pid - Return the process id of the server.
agent-check - Return success if the agent is running.
cmd_has_option CMD OPT
- Returns OK if the command CMD implements the option OPT.
*/
static int
static const char hlp_getinfo[] =
"GETINFO <what>\n"
"\n"
"Multipurpose function to return a variety of information.\n"
"Supported values for WHAT are:\n"
"\n"
" version - Return the version of the program.\n"
" pid - Return the process id of the server.\n"
" agent-check - Return success if the agent is running.\n"
" cmd_has_option CMD OPT\n"
" - Returns OK if the command CMD implements the option OPT.";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
int rc = 0;
@ -1101,34 +1162,36 @@ register_commands (assuan_context_t ctx)
{
static struct {
const char *name;
int (*handler)(assuan_context_t, char *line);
assuan_handler_t handler;
const char * const help;
} table[] = {
{ "RECIPIENT", cmd_recipient },
{ "SIGNER", cmd_signer },
{ "ENCRYPT", cmd_encrypt },
{ "DECRYPT", cmd_decrypt },
{ "VERIFY", cmd_verify },
{ "SIGN", cmd_sign },
{ "IMPORT", cmd_import },
{ "EXPORT", cmd_export },
{ "INPUT", NULL },
{ "OUTPUT", NULL },
{ "MESSAGE", cmd_message },
{ "LISTKEYS", cmd_listkeys },
{ "DUMPKEYS", cmd_dumpkeys },
{ "LISTSECRETKEYS",cmd_listsecretkeys },
{ "DUMPSECRETKEYS",cmd_dumpsecretkeys },
{ "GENKEY", cmd_genkey },
{ "DELKEYS", cmd_delkeys },
{ "GETAUDITLOG", cmd_getauditlog },
{ "GETINFO", cmd_getinfo },
{ "RECIPIENT", cmd_recipient, hlp_recipient },
{ "SIGNER", cmd_signer, hlp_signer },
{ "ENCRYPT", cmd_encrypt, hlp_encrypt },
{ "DECRYPT", cmd_decrypt, hlp_decrypt },
{ "VERIFY", cmd_verify, hlp_verify },
{ "SIGN", cmd_sign, hlp_sign },
{ "IMPORT", cmd_import, hlp_import },
{ "EXPORT", cmd_export, hlp_export },
{ "INPUT", NULL, hlp_input },
{ "OUTPUT", NULL, hlp_output },
{ "MESSAGE", cmd_message, hlp_message },
{ "LISTKEYS", cmd_listkeys, hlp_listkeys },
{ "DUMPKEYS", cmd_dumpkeys, hlp_listkeys },
{ "LISTSECRETKEYS",cmd_listsecretkeys, hlp_listkeys },
{ "DUMPSECRETKEYS",cmd_dumpsecretkeys, hlp_listkeys },
{ "GENKEY", cmd_genkey, hlp_genkey },
{ "DELKEYS", cmd_delkeys, hlp_delkeys },
{ "GETAUDITLOG", cmd_getauditlog, hlp_getauditlog },
{ "GETINFO", cmd_getinfo, hlp_getinfo },
{ NULL }
};
int i, rc;
for (i=0; table[i].name; i++)
{
rc = assuan_register_command (ctx, table[i].name, table[i].handler);
rc = assuan_register_command (ctx, table[i].name, table[i].handler,
table[i].help);
if (rc)
return rc;
}
@ -1142,7 +1205,7 @@ void
gpgsm_server (certlist_t default_recplist)
{
int rc;
int filedes[2];
assuan_fd_t filedes[2];
assuan_context_t ctx;
struct server_control_s ctrl;
static const char hello[] = ("GNU Privacy Guard's S/M server "
@ -1154,9 +1217,17 @@ gpgsm_server (certlist_t default_recplist)
/* We use a pipe based server so that we can work from scripts.
assuan_init_pipe_server will automagically detect when we are
called with a socketpair and ignore FIELDES in this case. */
filedes[0] = 0;
filedes[1] = 1;
rc = assuan_init_pipe_server (&ctx, filedes);
filedes[0] = assuan_fdopen (0);
filedes[1] = assuan_fdopen (1);
rc = assuan_new (&ctx);
if (rc)
{
log_error ("failed to allocate assuan context: %s\n",
gpg_strerror (rc));
gpgsm_exit (2);
}
rc = assuan_init_pipe_server (ctx, filedes);
if (rc)
{
log_error ("failed to initialize the server: %s\n",
@ -1241,7 +1312,7 @@ gpgsm_server (certlist_t default_recplist)
audit_release (ctrl.audit);
ctrl.audit = NULL;
assuan_deinit_server (ctx);
assuan_release (ctx);
}

10
tools/ChangeLog
View File

@ -1,3 +1,13 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From 2009-09-23, 2009-11-04, 2009-11-05, 2009-12-08:
* gpg-connect-agent.c (read_and_print_response): Add arg WITHHASH.
(getinfo_pid_cb, read_and_print_response)
(main): Pass true for WITHHASH for the HELP command. Update to
new Assuan API. Update use of assuan_socket_connect and
assuan_pipe_connect. Convert posix fd to assuan fd.
2010-01-10 Werner Koch <wk@g10code.com>
* symcryptrun.c (utmp.h): Remove header; it is not used.

83
tools/gpg-connect-agent.c
View File

@ -159,7 +159,8 @@ static struct
/*-- local prototypes --*/
static char *substitute_line_copy (const char *buffer);
static int read_and_print_response (assuan_context_t ctx, int *r_goterr);
static int read_and_print_response (assuan_context_t ctx, int withhash,
int *r_goterr);
static assuan_context_t start_agent (void);
@ -1086,7 +1087,7 @@ do_showopen (void)
static int
static gpg_error_t
getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
{
membuf_t *mb = opaque;
@ -1155,11 +1156,11 @@ main (int argc, char **argv)
i18n_init();
init_common_subsystems ();
assuan_set_assuan_err_source (0);
assuan_set_gpg_err_source (0);
opt.homedir = default_homedir ();
opt.connect_flags = 1; /* Use extended connect mode. */
opt.connect_flags = 1;
/* Parse the command line. */
pargs.argc = &argc;
@ -1221,12 +1222,20 @@ main (int argc, char **argv)
{
int no_close[3];
no_close[0] = fileno (stderr);
no_close[1] = log_get_fd ();
no_close[0] = assuan_fd_from_posix_fd (fileno (stderr));
no_close[1] = assuan_fd_from_posix_fd (log_get_fd ());
no_close[2] = -1;
rc = assuan_pipe_connect_ext (&ctx, *argv, (const char **)argv,
no_close, NULL, NULL,
opt.connect_flags);
rc = assuan_new (&ctx);
if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
rc = assuan_pipe_connect
(ctx, *argv, (const char **)argv, no_close, NULL, NULL,
(opt.connect_flags & 1) ? ASSUAN_PIPE_CONNECT_FDPASSING : 0);
if (rc)
{
log_error ("assuan_pipe_connect_ext failed: %s\n",
@ -1240,8 +1249,16 @@ main (int argc, char **argv)
}
else if (opt.raw_socket)
{
rc = assuan_socket_connect_ext (&ctx, opt.raw_socket, 0,
opt.connect_flags);
rc = assuan_new (&ctx);
if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
rc = assuan_socket_connect
(ctx, opt.raw_socket, 0,
(opt.connect_flags & 1) ? ASSUAN_SOCKET_CONNECT_FDPASSING : 0);
if (rc)
{
log_error ("can't connect to socket `%s': %s\n",
@ -1259,7 +1276,7 @@ main (int argc, char **argv)
assuan did not run the initial handshaking). */
if (assuan_pending_line (ctx))
{
rc = read_and_print_response (ctx, &cmderr);
rc = read_and_print_response (ctx, 0, &cmderr);
if (rc)
log_info (_("receiving line failed: %s\n"), gpg_strerror (rc) );
}
@ -1747,7 +1764,9 @@ main (int argc, char **argv)
if (*line == '#' || !*line)
continue; /* Don't expect a response for a comment line. */
rc = read_and_print_response (ctx, &cmderr);
rc = read_and_print_response (ctx, (!ascii_strncasecmp (line, "HELP", 4)
&& (spacep (line+4) || !line[4])),
&cmderr);
if (rc)
log_info (_("receiving line failed: %s\n"), gpg_strerror (rc) );
if ((rc || cmderr) && script_fp)
@ -1876,14 +1895,15 @@ handle_inquire (assuan_context_t ctx, char *line)
/* Read all response lines from server and print them. Returns 0 on
success or an assuan error code. Set R_GOTERR to true if the
command did not returned OK. */
success or an assuan error code. If WITHHASH istrue, comment lines
are printed. Sets R_GOTERR to true if the command did not returned
OK. */
static int
read_and_print_response (assuan_context_t ctx, int *r_goterr)
read_and_print_response (assuan_context_t ctx, int withhash, int *r_goterr)
{
char *line;
size_t linelen;
assuan_error_t rc;
gpg_error_t rc;
int i, j;
int need_lf = 0;
@ -1896,7 +1916,7 @@ read_and_print_response (assuan_context_t ctx, int *r_goterr)
if (rc)
return rc;
if (opt.verbose > 1 && *line == '#')
if ((withhash || opt.verbose > 1) && *line == '#')
{
fwrite (line, linelen, 1, stdout);
putchar ('\n');
@ -2086,9 +2106,16 @@ start_agent (void)
{
char *sockname;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
/* Check whether we can connect at the standard socket. */
sockname = make_filename (opt.homedir, "S.gpg-agent", NULL);
rc = assuan_socket_connect (&ctx, sockname, 0);
rc = assuan_socket_connect (ctx, sockname, 0, 0);
#ifdef HAVE_W32_SYSTEM
/* If we failed to connect under Windows, we fire up the agent. */
@ -2115,7 +2142,14 @@ start_agent (void)
/* Give the agent some time to prepare itself. */
gnupg_sleep (3);
/* Now try again to connect the agent. */
rc = assuan_socket_connect (&ctx, sockname, 0);
rc = assuan_new (&ctx);
if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
rc = assuan_socket_connect (ctx, sockname, 0, 0);
}
if (rc)
rc = save_rc;
@ -2148,7 +2182,14 @@ start_agent (void)
exit (1);
}
rc = assuan_socket_connect (&ctx, infostr, pid);
rc = assuan_new (&ctx);
if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
rc = assuan_socket_connect (ctx, infostr, pid, 0);
xfree (infostr);
}