security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-28 02:12:46 +02:00
Code Activity

2009-09-23 Marcus Brinkmann <marcus@g10code.de>

Browse Source 
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
	Update to new API (2, 1.1.0).

agent/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-agent.c (parse_rereadable_options): Don't set global assuan
	log file (there ain't one anymore).
	(main): Update to new API.
	(check_own_socket_pid_cb): Return gpg_error_t instead of int.
	(check_own_socket_thread, check_for_running_agent): Create assuan
	context before connecting to server.
	* command.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(write_and_clear_outbuf): Use gpg_error_t instead of
	assuan_error_t.
	(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
	(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
	(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
	(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
	(cmd_get_confirmation, cmd_learn, cmd_passwd)
	(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
	(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
	(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
	(post_cmd_notify): Change type of ERR to gpg_error_t from int.
	(io_monitor): Add hook argument.  Use symbols for constants.
	(register_commands): Change return type of HANDLER to gpg_error_t.
	(start_command_handler): Allocate assuan context before starting
	server.
	* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
	of GPG_ERR_SOURCE_DEFAULT check.
	(unlock_pinentry): Call assuan_release instead of
	assuan_disconnect.
	(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
	(start_pinentry): Allocate assuan context before connecting to
	server.
	* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
	(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
	(pass_data_thru): Change return type to gpg_error_t.
	(start_scd): Allocate assuan context before connecting to server.

common/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Allocate assuan context before
	starting server.

g10/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
	(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
	(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
	int.
	* gpg.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(main): Update to new Assuan API.
	* server.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
	(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
	(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
	(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
	instead of int.
	(register_commands): Allocate assuan context before starting
	server.
	(gpg_server): Allocate assuan_context before starting server.

scd/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* command.c: Include "scdaemon.h" before <assuan.h> because of
	GPG_ERR_SOURCE_DEFAULT check.
	(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
	(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
	(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
	(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
	(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
	(cmd_killscd): Return gpg_error_t instead of int.
	(scd_command_handler): Allocate assuan context before starting server.
	* scdaemon.c (main): Update to new Assuan API.

sm/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpgsm.c (main): Update to new assuan API.
	* server.c: Include "gpgsm.h" before <assuan.h> due to check for
	GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
	(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
	(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
	(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
	(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
	(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
	(register_commands): Same for member HANDLER in table.
	(gpgsm_server): Allocate assuan context before starting server.
	* sm/call-dirmngr.c:
	* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
	setting LDAPSERVER.
	(start_dirmngr_ext): Allocate assuan context before starting
	server.
	(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
	(run_command_cb, run_command_inq_cb, run_command_status_cb):
	Return gpg_error_t instead of int.

tools/
2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
	(main): Update to new Assuan API.


Conflicts:

	ChangeLog
	agent/ChangeLog
	agent/command.c
	common/ChangeLog
	g10/ChangeLog
	scd/ChangeLog
	sm/ChangeLog
	sm/gpgsm.c
	tools/ChangeLog

Somehow this slipped through.  Really commit this time.

2009-09-23  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
	(main): Update to new Assuan API.


2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* configure.ac: Check for libassuan instead of libassuan-pth.

common/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
	of LIBASSUAN_PTH_CFLAGS.

scd/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* AM_CFLAGS, scdaemon_LDADD: Use libassuan instead of libassuan-pth.
	* scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks and assuan_sock_init.

g13/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* AM_CFLAGS, g13_LDADD: Use libassuan instead of libassuan-pth.
	* g13.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks.

agent/
2009-10-16  Marcus Brinkmann  <marcus@g10code.com>

	* gpg_agent_CFLAGS, gpg_agent_LDADD: Use libassuan instead of
	libassuan-pth.
	* gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
	(main): Call assuan_set_system_hooks and assuan_sock_init.
	Fix invocation of assuan_socket_connect.


Conflicts:

	ChangeLog
	agent/ChangeLog
	common/ChangeLog
	configure.ac
	g13/ChangeLog
	g13/Makefile.am
	g13/g13.c
	scd/ChangeLog

agent/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (reset_notify): Take LINE arg and return error.
	(register_commands): Use assuan_handler_t type.

common/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
	type to gpg_error_t.

g10/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (reset_notify, input_notify, output_notify): Update to
	new assuan interface.
	(register_commands): Use assuan_handler_t.

scd/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (reset_notify): Take LINE arg and return error.
	(register_commands): Use assuan_handler_t type.

sm/
2009-11-02  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (reset_notify, input_notify, output_notify): Update to
	new assuan interface.
	(register_commands): Use assuan_handler_t.
	* call-agent.c (membuf_data_cb, default_inq_cb)
	(inq_ciphertext_cb, scd_serialno_status_cb)
	(scd_keypairinfo_status_cb, istrusted_status_cb)
	(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.


Conflicts:

	agent/ChangeLog
	common/ChangeLog
	g10/ChangeLog
	g10/server.c
	g13/ChangeLog
	g13/server.c
	scd/ChangeLog
	sm/ChangeLog

Adjust for assuan_register_command change.


Conflicts:

	agent/ChangeLog
	g10/ChangeLog
	g13/ChangeLog
	g13/server.c
	scd/ChangeLog
	sm/ChangeLog

Add hack for the HELP command.


Conflicts:

	tools/ChangeLog

Add help strings for all commands.


Conflicts:

	agent/ChangeLog
	agent/command.c

Add help strings for all commands.


Conflicts:

	scd/ChangeLog

Add help strings for all commands


Conflicts:

	sm/ChangeLog

agent/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not
	assuan_pipe_connect_ext.
	* command.c (start_command_handler): Change
	assuan_init_socket_server_ext into assuan_init_socket_server.
	* call-scd.c (start_scd): Update use of assuan_socket_connect and
	assuan_pipe_connect.
	* gpg-agent.c (check_own_socket_thread, check_for_running_agent):
	Update use of assuan_socket_connect.

common/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Update use of
	assuan_socket_connect and assuan_pipe_connect.

scd/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (scd_command_handler): Call assuan_init_socket_server,
	not assuan_init_socket_server_ext.

sm/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* call-dirmngr.c (start_dirmngr_ext): Update use of
	assuan_pipe_connect and assuan_socket_connect.

tools/
2009-11-05  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (start_agent): Update use of
	assuan_socket_connect and assuan_pipe_connect.


Conflicts:

	agent/ChangeLog
	common/ChangeLog
	g13/ChangeLog
	g13/call-gpg.c
	scd/ChangeLog
	sm/ChangeLog
	tools/ChangeLog

agent/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (start_command_handler): Use assuan_fd_t and
	assuan_fdopen on fds.

scd/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (scd_command_handler): Use assuan_fd_t and
	assuan_fdopen on fds.

sm/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on
	fds.

g10/
2009-11-25  Marcus Brinkmann  <marcus@g10code.de>

	* server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds.


Conflicts:

	agent/ChangeLog
	g10/ChangeLog
	g13/server.c
	scd/ChangeLog
	sm/ChangeLog

2009-11-27  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (start_command_handler): Do not call
	assuan_set_log_stream anymore.
	* gpg-agent.c (main): But call assuan_set_assuan_log_stream here.


Conflicts:

	agent/ChangeLog
	agent/command.c

2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent) [HAVE_W32_SYSTEM]: Add missing
	argument in assuan_socket_connect invocation.
	* iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function
	declaration.


Conflicts:

	common/ChangeLog
	common/iobuf.c

common/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* asshelp.c (start_new_gpg_agent): Convert posix FD to assuan FD.

agent/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* call-pinentry.c (start_pinentry): Convert posix fd to assuan fd.
	* call-scd.c (start_scd): Likewise.

sm/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* call-dirmngr.c (start_dirmngr_ext): Convert posix fd to assuan fd.

tools/
2009-12-08  Marcus Brinkmann  <marcus@g10code.de>

	* gpg-connect-agent.c (main): Convert posix fd to assuan fd.


Conflicts:

	agent/ChangeLog
	common/ChangeLog
	g13/call-gpg.c
	sm/ChangeLog
	tools/ChangeLog
This commit is contained in:
Marcus Brinkmann 2010-02-12 15:15:34 +00:00
parent d6a28faafa
commit 203f54a634
28 changed files with 1434 additions and 984 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ChangeLog
View File

@ -1,3 +1,16 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-10-16:
* configure.ac: Check for libassuan instead of libassuan-pth.
2009-10-12 Werner Koch <wk@g10code.com>
From trunk 2009-09-23:
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
2009-12-21 Werner Koch <wk@g10code.com> 2009-12-21 Werner Koch <wk@g10code.com>
Release 2.0.14. Release 2.0.14.

55
agent/ChangeLog
View File

@ -1,3 +1,58 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25,
2009-12-08:
* Makefile.am (gpg_agent_CFLAGS, gpg_agent_LDADD): Use libassuan
instead of libassuan-pth.
* gpg-agent.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
(main): Update to new API. Call assuan_set_system_hooks and
assuan_sock_init. Fix invocation of assuan_socket_connect.
Call assuan_set_assuan_log_stream here.
(parse_rereadable_options): Don't set global assuan log
file (there ain't one anymore).
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server. Update use of
assuan_socket_connect.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
Use assuan_handler_t type. Add NULL arg to assuan_register_command.
Add help arg to assuan_register_command. Convert all command
comments to help strings.
(start_command_handler): Allocate assuan context before starting
server. Change assuan_init_socket_server_ext into
assuan_init_socket_server. Use assuan_fd_t and assuan_fdopen on fds.
Do not call assuan_set_log_stream anymore.
(reset_notify): Take LINE arg and return error.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server. Call assuan_pipe_connect, notassuan_pipe_connect_ext.
Convert posix fd to assuan fd.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
Update use of assuan_socket_connect and assuan_pipe_connect.
Convert posix fd to assuan fd.
2010-01-26 Werner Koch <wk@g10code.com> 2010-01-26 Werner Koch <wk@g10code.com>
* protect.c (do_encryption): Encode the s2kcount and do not use a * protect.c (do_encryption): Encode the s2kcount and do not use a

4
agent/Makefile.am
View File

@ -62,9 +62,9 @@ gpg_agent_res_deps =
#endif #endif
gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_PTH_CFLAGS) $(PTH_CFLAGS) gpg_agent_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
gpg_agent_LDADD = $(commonpth_libs) \ gpg_agent_LDADD = $(commonpth_libs) \
$(LIBGCRYPT_LIBS) $(LIBASSUAN_PTH_LIBS) $(PTH_LIBS) \ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
$(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV) $(GPG_ERROR_LIBS) $(LIBINTL) $(NETLIBS) $(LIBICONV)
gpg_agent_LDFLAGS = $(gpg_agent_res_ldflags) gpg_agent_LDFLAGS = $(gpg_agent_res_ldflags)
gpg_agent_DEPENDENCIES = $(gpg_agent_res_deps) gpg_agent_DEPENDENCIES = $(gpg_agent_res_deps)

27
agent/call-pinentry.c
View File

@ -32,9 +32,9 @@
# include <signal.h> # include <signal.h>
#endif #endif
#include <pth.h> #include <pth.h>
#include <assuan.h>
#include "agent.h" #include "agent.h"
#include <assuan.h>
#include "setenv.h" #include "setenv.h"
#include "i18n.h" #include "i18n.h"
@ -158,7 +158,7 @@ unlock_pinentry (int rc)
if (!rc) if (!rc)
rc = gpg_error (GPG_ERR_INTERNAL); rc = gpg_error (GPG_ERR_INTERNAL);
} }
assuan_disconnect (ctx); assuan_release (ctx);
return rc; return rc;
} }
@ -196,7 +196,7 @@ atfork_cb (void *opaque, int where)
} }
static int static gpg_error_t
getinfo_pid_cb (void *opaque, const void *buffer, size_t length) getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
{ {
unsigned long *pid = opaque; unsigned long *pid = opaque;
@ -304,21 +304,30 @@ start_pinentry (ctrl_t ctrl)
if (!opt.running_detached) if (!opt.running_detached)
{ {
if (log_get_fd () != -1) if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd (); no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = fileno (stderr); no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
} }
no_close_list[i] = -1; no_close_list[i] = -1;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
return rc;
}
/* Connect to the pinentry and perform initial handshaking. Note /* Connect to the pinentry and perform initial handshaking. Note
that atfork is used to change the environment for pinentry. We that atfork is used to change the environment for pinentry. We
start the server in detached mode to suppress the console window start the server in detached mode to suppress the console window
under Windows. */ under Windows. */
rc = assuan_pipe_connect_ext (&ctx, opt.pinentry_program, argv, rc = assuan_pipe_connect (ctx, opt.pinentry_program, argv,
no_close_list, atfork_cb, ctrl, 128); no_close_list, atfork_cb, ctrl,
ASSUAN_PIPE_CONNECT_DETACHED);
if (rc) if (rc)
{ {
log_error ("can't connect to the PIN entry module: %s\n", log_error ("can't connect to the PIN entry module: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
assuan_release (ctx);
return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY)); return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
} }
entry_ctx = ctx; entry_ctx = ctx;
@ -463,7 +472,7 @@ pinentry_active_p (ctrl_t ctrl, int waitseconds)
} }
static int static gpg_error_t
getpin_cb (void *opaque, const void *buffer, size_t length) getpin_cb (void *opaque, const void *buffer, size_t length)
{ {
struct entry_parm_s *parm = opaque; struct entry_parm_s *parm = opaque;
@ -553,7 +562,7 @@ estimate_passphrase_quality (const char *pw)
/* Handle the QUALITY inquiry. */ /* Handle the QUALITY inquiry. */
static int static gpg_error_t
inq_quality (void *opaque, const char *line) inq_quality (void *opaque, const char *line)
{ {
assuan_context_t ctx = opaque; assuan_context_t ctx = opaque;

46
agent/call-scd.c
View File

@ -108,8 +108,8 @@ static int primary_scd_ctx_reusable;
/* Local prototypes. */ /* Local prototypes. */
static assuan_error_t membuf_data_cb (void *opaque, static gpg_error_t membuf_data_cb (void *opaque,
const void *buffer, size_t length); const void *buffer, size_t length);
@ -209,7 +209,7 @@ start_scd (ctrl_t ctrl)
{ {
gpg_error_t err = 0; gpg_error_t err = 0;
const char *pgmname; const char *pgmname;
assuan_context_t ctx; assuan_context_t ctx = NULL;
const char *argv[3]; const char *argv[3];
int no_close_list[3]; int no_close_list[3];
int i; int i;
@ -268,9 +268,17 @@ start_scd (ctrl_t ctrl)
goto leave; goto leave;
} }
rc = assuan_new (&ctx);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
err = rc;
goto leave;
}
if (socket_name) if (socket_name)
{ {
rc = assuan_socket_connect (&ctx, socket_name, 0); rc = assuan_socket_connect (ctx, socket_name, 0, 0);
if (rc) if (rc)
{ {
log_error ("can't connect to socket `%s': %s\n", log_error ("can't connect to socket `%s': %s\n",
@ -325,16 +333,16 @@ start_scd (ctrl_t ctrl)
if (!opt.running_detached) if (!opt.running_detached)
{ {
if (log_get_fd () != -1) if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd (); no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = fileno (stderr); no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
} }
no_close_list[i] = -1; no_close_list[i] = -1;
/* Connect to the pinentry and perform initial handshaking. Use /* Connect to the pinentry and perform initial handshaking. Use
detached flag (128) so that under W32 SCDAEMON does not show up a detached flag (128) so that under W32 SCDAEMON does not show up a
new window. */ new window. */
rc = assuan_pipe_connect_ext (&ctx, opt.scdaemon_program, argv, rc = assuan_pipe_connect (ctx, opt.scdaemon_program, argv,
no_close_list, atfork_cb, NULL, 128); no_close_list, atfork_cb, NULL, 128);
if (rc) if (rc)
{ {
log_error ("can't connect to the SCdaemon: %s\n", log_error ("can't connect to the SCdaemon: %s\n",
@ -399,6 +407,8 @@ start_scd (ctrl_t ctrl)
if (err) if (err)
{ {
unlock_scd (ctrl, err); unlock_scd (ctrl, err);
if (ctx)
assuan_release (ctx);
} }
else else
{ {
@ -477,14 +487,14 @@ agent_scd_check_aliveness (void)
struct scd_local_s *sl; struct scd_local_s *sl;
assuan_set_flag (primary_scd_ctx, ASSUAN_NO_WAITPID, 1); assuan_set_flag (primary_scd_ctx, ASSUAN_NO_WAITPID, 1);
assuan_disconnect (primary_scd_ctx); assuan_release (primary_scd_ctx);
for (sl=scd_local_list; sl; sl = sl->next_local) for (sl=scd_local_list; sl; sl = sl->next_local)
{ {
if (sl->ctx) if (sl->ctx)
{ {
if (sl->ctx != primary_scd_ctx) if (sl->ctx != primary_scd_ctx)
assuan_disconnect (sl->ctx); assuan_release (sl->ctx);
sl->ctx = NULL; sl->ctx = NULL;
} }
} }
@ -534,7 +544,7 @@ agent_reset_scd (ctrl_t ctrl)
primary_scd_ctx_reusable = 1; primary_scd_ctx_reusable = 1;
} }
else else
assuan_disconnect (ctrl->scd_local->ctx); assuan_release (ctrl->scd_local->ctx);
ctrl->scd_local->ctx = NULL; ctrl->scd_local->ctx = NULL;
} }
@ -563,7 +573,7 @@ agent_reset_scd (ctrl_t ctrl)
static int static gpg_error_t
learn_status_cb (void *opaque, const char *line) learn_status_cb (void *opaque, const char *line)
{ {
struct learn_parm_s *parm = opaque; struct learn_parm_s *parm = opaque;
@ -626,7 +636,7 @@ agent_card_learn (ctrl_t ctrl,
static int static gpg_error_t
get_serialno_cb (void *opaque, const char *line) get_serialno_cb (void *opaque, const char *line)
{ {
char **serialno = opaque; char **serialno = opaque;
@ -684,7 +694,7 @@ agent_card_serialno (ctrl_t ctrl, char **r_serialno)
static assuan_error_t static gpg_error_t
membuf_data_cb (void *opaque, const void *buffer, size_t length) membuf_data_cb (void *opaque, const void *buffer, size_t length)
{ {
membuf_t *data = opaque; membuf_t *data = opaque;
@ -695,7 +705,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
} }
/* Handle the NEEDPIN inquiry. */ /* Handle the NEEDPIN inquiry. */
static int static gpg_error_t
inq_needpin (void *opaque, const char *line) inq_needpin (void *opaque, const char *line)
{ {
struct inq_needpin_s *parm = opaque; struct inq_needpin_s *parm = opaque;
@ -991,7 +1001,7 @@ struct card_getattr_parm_s {
}; };
/* Callback function for agent_card_getattr. */ /* Callback function for agent_card_getattr. */
static assuan_error_t static gpg_error_t
card_getattr_cb (void *opaque, const char *line) card_getattr_cb (void *opaque, const char *line)
{ {
struct card_getattr_parm_s *parm = opaque; struct card_getattr_parm_s *parm = opaque;
@ -1067,7 +1077,7 @@ agent_card_getattr (ctrl_t ctrl, const char *name, char **result)
static int static gpg_error_t
pass_status_thru (void *opaque, const char *line) pass_status_thru (void *opaque, const char *line)
{ {
assuan_context_t ctx = opaque; assuan_context_t ctx = opaque;
@ -1087,7 +1097,7 @@ pass_status_thru (void *opaque, const char *line)
return 0; return 0;
} }
static int static gpg_error_t
pass_data_thru (void *opaque, const void *buffer, size_t length) pass_data_thru (void *opaque, const void *buffer, size_t length)
{ {
assuan_context_t ctx = opaque; assuan_context_t ctx = opaque;

607
agent/command.c
View File

@ -34,10 +34,9 @@
#include <sys/stat.h> #include <sys/stat.h>
#include <dirent.h> #include <dirent.h>
#include <assuan.h>
#include "i18n.h"
#include "agent.h" #include "agent.h"
#include <assuan.h>
#include "i18n.h"
/* maximum allowed size of the inquired ciphertext */ /* maximum allowed size of the inquired ciphertext */
#define MAXLEN_CIPHERTEXT 4096 #define MAXLEN_CIPHERTEXT 4096
@ -133,7 +132,7 @@ clear_outbuf (membuf_t *mb)
static gpg_error_t static gpg_error_t
write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb) write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb)
{ {
assuan_error_t ae; gpg_error_t ae;
void *p; void *p;
size_t n; size_t n;
@ -147,17 +146,20 @@ write_and_clear_outbuf (assuan_context_t ctx, membuf_t *mb)
} }
static void static gpg_error_t
reset_notify (assuan_context_t ctx) reset_notify (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
(void) line;
memset (ctrl->keygrip, 0, 20); memset (ctrl->keygrip, 0, 20);
ctrl->have_keygrip = 0; ctrl->have_keygrip = 0;
ctrl->digest.valuelen = 0; ctrl->digest.valuelen = 0;
xfree (ctrl->server_local->keydesc); xfree (ctrl->server_local->keydesc);
ctrl->server_local->keydesc = NULL; ctrl->server_local->keydesc = NULL;
return 0;
} }
@ -262,7 +264,7 @@ static int
parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf) parse_keygrip (assuan_context_t ctx, const char *string, unsigned char *buf)
{ {
int rc; int rc;
size_t n; size_t n = 0;
rc = parse_hexstring (ctx, string, &n); rc = parse_hexstring (ctx, string, &n);
if (rc) if (rc)
@ -341,20 +343,20 @@ agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid)
/* GETEVENTCOUNTER static const char hlp_geteventcounter[] =
"GETEVENTCOUNTER\n"
Return a a status line named EVENTCOUNTER with the current values "\n"
of all event counters. The values are decimal numbers in the range "Return a a status line named EVENTCOUNTER with the current values\n"
0 to UINT_MAX and wrapping around to 0. The actual values should "of all event counters. The values are decimal numbers in the range\n"
not be relied upon, they shall only be used to detect a change. "0 to UINT_MAX and wrapping around to 0. The actual values should\n"
"not be relied upon, they shall only be used to detect a change.\n"
The currently defined counters are: "\n"
"The currently defined counters are:\n"
ANY - Incremented with any change of any of the other counters. "\n"
KEY - Incremented for added or removed private keys. "ANY - Incremented with any change of any of the other counters.\n"
CARD - Incremented for changes of the card readers stati. "KEY - Incremented for added or removed private keys.\n"
*/ "CARD - Incremented for changes of the card readers stati.";
static int static gpg_error_t
cmd_geteventcounter (assuan_context_t ctx, char *line) cmd_geteventcounter (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -399,11 +401,12 @@ bump_card_eventcounter (void)
/* ISTRUSTED <hexstring_with_fingerprint> static const char hlp_istrusted[] =
"ISTRUSTED <hexstring_with_fingerprint>\n"
Return OK when we have an entry with this fingerprint in our "\n"
trustlist */ "Return OK when we have an entry with this fingerprint in our\n"
static int "trustlist";
static gpg_error_t
cmd_istrusted (assuan_context_t ctx, char *line) cmd_istrusted (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -437,10 +440,12 @@ cmd_istrusted (assuan_context_t ctx, char *line)
} }
} }
/* LISTTRUSTED
List all entries from the trustlist */ static const char hlp_listtrusted[] =
static int "LISTTRUSTED\n"
"\n"
"List all entries from the trustlist.";
static gpg_error_t
cmd_listtrusted (assuan_context_t ctx, char *line) cmd_listtrusted (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -454,10 +459,11 @@ cmd_listtrusted (assuan_context_t ctx, char *line)
} }
/* MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name> static const char hlp_martrusted[] =
"MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>\n"
Store a new key in into the trustlist*/ "\n"
static int "Store a new key in into the trustlist.";
static gpg_error_t
cmd_marktrusted (assuan_context_t ctx, char *line) cmd_marktrusted (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -498,10 +504,11 @@ cmd_marktrusted (assuan_context_t ctx, char *line)
/* HAVEKEY <hexstring_with_keygrip> static const char hlp_havekey[] =
"HAVEKEY <hexstring_with_keygrip>\n"
Return success when the secret key is available */ "\n"
static int "Return success when the secret key is available.";
static gpg_error_t
cmd_havekey (assuan_context_t ctx, char *line) cmd_havekey (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -518,11 +525,12 @@ cmd_havekey (assuan_context_t ctx, char *line)
} }
/* SIGKEY <hexstring_with_keygrip> static const char hlp_sigkey[] =
SETKEY <hexstring_with_keygrip> "SIGKEY <hexstring_with_keygrip>\n"
"SETKEY <hexstring_with_keygrip>\n"
Set the key used for a sign or decrypt operation */ "\n"
static int "Set the key used for a sign or decrypt operation.";
static gpg_error_t
cmd_sigkey (assuan_context_t ctx, char *line) cmd_sigkey (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -536,21 +544,21 @@ cmd_sigkey (assuan_context_t ctx, char *line)
} }
/* SETKEYDESC plus_percent_escaped_string static const char hlp_setkeydesc[] =
"SETKEYDESC plus_percent_escaped_string\n"
Set a description to be used for the next PKSIGN or PKDECRYPT "\n"
operation if this operation requires the entry of a passphrase. If "Set a description to be used for the next PKSIGN or PKDECRYPT\n"
this command is not used a default text will be used. Note, that "operation if this operation requires the entry of a passphrase. If\n"
this description implictly selects the label used for the entry "this command is not used a default text will be used. Note, that\n"
box; if the string contains the string PIN (which in general will "this description implictly selects the label used for the entry\n"
not be translated), "PIN" is used, otherwise the translation of "box; if the string contains the string PIN (which in general will\n"
"passphrase" is used. The description string should not contain "not be translated), \"PIN\" is used, otherwise the translation of\n"
blanks unless they are percent or '+' escaped. "\"passphrase\" is used. The description string should not contain\n"
"blanks unless they are percent or '+' escaped.\n"
The description is only valid for the next PKSIGN or PKDECRYPT "\n"
operation. "The description is only valid for the next PKSIGN or PKDECRYPT\n"
*/ "operation.";
static int static gpg_error_t
cmd_setkeydesc (assuan_context_t ctx, char *line) cmd_setkeydesc (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -580,11 +588,12 @@ cmd_setkeydesc (assuan_context_t ctx, char *line)
} }
/* SETHASH --hash=<name>|<algonumber> <hexstring> static const char hlp_sethash[] =
"SETHASH --hash=<name>|<algonumber> <hexstring>\n"
The client can use this command to tell the server about the data "\n"
(which usually is a hash) to be signed. */ "The client can use this command to tell the server about the data\n"
static int "(which usually is a hash) to be signed.";
static gpg_error_t
cmd_sethash (assuan_context_t ctx, char *line) cmd_sethash (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -635,6 +644,7 @@ cmd_sethash (assuan_context_t ctx, char *line)
ctrl->digest.algo = algo; ctrl->digest.algo = algo;
/* Parse the hash value. */ /* Parse the hash value. */
n = 0;
rc = parse_hexstring (ctx, line, &n); rc = parse_hexstring (ctx, line, &n);
if (rc) if (rc)
return rc; return rc;
@ -658,11 +668,12 @@ cmd_sethash (assuan_context_t ctx, char *line)
} }
/* PKSIGN <options> static const char hlp_pksign[] =
"PKSIGN [options]\n"
Perform the actual sign operation. Neither input nor output are "\n"
sensitive to eavesdropping. */ "Perform the actual sign operation. Neither input nor output are\n"
static int "sensitive to eavesdropping.";
static gpg_error_t
cmd_pksign (assuan_context_t ctx, char *line) cmd_pksign (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -692,11 +703,13 @@ cmd_pksign (assuan_context_t ctx, char *line)
return rc; return rc;
} }
/* PKDECRYPT <options>
Perform the actual decrypt operation. Input is not static const char hlp_pkdecrypt[] =
sensitive to eavesdropping */ "PKDECRYPT <options>\n"
static int "\n"
"Perform the actual decrypt operation. Input is not\n"
"sensitive to eavesdropping.";
static gpg_error_t
cmd_pkdecrypt (assuan_context_t ctx, char *line) cmd_pkdecrypt (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -730,21 +743,21 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
} }
/* GENKEY static const char hlp_genkey[] =
"GENKEY\n"
Generate a new key, store the secret part and return the public "\n"
part. Here is an example transaction: "Generate a new key, store the secret part and return the public\n"
"part. Here is an example transaction:\n"
C: GENKEY "\n"
S: INQUIRE KEYPARAM " C: GENKEY\n"
C: D (genkey (rsa (nbits 1024))) " S: INQUIRE KEYPARAM\n"
C: END " C: D (genkey (rsa (nbits 1024)))\n"
S: D (public-key " C: END\n"
S: D (rsa (n 326487324683264) (e 10001))) " S: D (public-key\n"
S OK key created " S: D (rsa (n 326487324683264) (e 10001)))\n"
*/ " S: OK key created\n"
"\n";
static int static gpg_error_t
cmd_genkey (assuan_context_t ctx, char *line) cmd_genkey (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -776,10 +789,11 @@ cmd_genkey (assuan_context_t ctx, char *line)
/* READKEY <hexstring_with_keygrip> static const char hlp_readkey[] =
"READKEY <hexstring_with_keygrip>\n"
Return the public key for the given keygrip. */ "\n"
static int "Return the public key for the given keygrip.";
static gpg_error_t
cmd_readkey (assuan_context_t ctx, char *line) cmd_readkey (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -819,32 +833,32 @@ cmd_readkey (assuan_context_t ctx, char *line)
/* KEYINFO [--list] <keygrip> static const char hlp_keyinfo[] =
"KEYINFO [--list] <keygrip>\n"
Return information about the key specified by the KEYGRIP. If the "\n"
key is not available GPG_ERR_NOT_FOUND is returned. If the option "Return information about the key specified by the KEYGRIP. If the\n"
--list is given the keygrip is ignored and information about all "key is not available GPG_ERR_NOT_FOUND is returned. If the option\n"
available keys are returned. The information is returned as a "--list is given the keygrip is ignored and information about all\n"
status line with this format: "available keys are returned. The information is returned as a\n"
"status line with this format:\n"
KEYINFO <keygrip> <type> <serialno> <idstr> "\n"
" KEYINFO <keygrip> <type> <serialno> <idstr>\n"
KEYGRIP is the keygrip. "\n"
"KEYGRIP is the keygrip.\n"
TYPE is describes the type of the key: "\n"
'D' - Regular key stored on disk, "TYPE is describes the type of the key:\n"
'T' - Key is stored on a smartcard (token). " 'D' - Regular key stored on disk,\n"
'-' - Unknown type. " 'T' - Key is stored on a smartcard (token).\n"
" '-' - Unknown type.\n"
SERIALNO is an ASCII string with the serial number of the "\n"
smartcard. If the serial number is not known a single "SERIALNO is an ASCII string with the serial number of the\n"
dash '-' is used instead. " smartcard. If the serial number is not known a single\n"
" dash '-' is used instead.\n"
IDSTR is the IDSTR used to distinguish keys on a smartcard. If it "\n"
is not known a dash is used instead. "IDSTR is the IDSTR used to distinguish keys on a smartcard. If it\n"
" is not known a dash is used instead.\n"
More information may be added in the future. "\n"
*/ "More information may be added in the future.";
static gpg_error_t static gpg_error_t
do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip) do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip)
{ {
@ -892,7 +906,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip)
} }
static int static gpg_error_t
cmd_keyinfo (assuan_context_t ctx, char *line) cmd_keyinfo (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -986,35 +1000,34 @@ send_back_passphrase (assuan_context_t ctx, int via_data, const char *pw)
} }
/* GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] static const char hlp_get_passphrase[] =
[--qualitybar] <cache_id> "GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]]\n"
[<error_message> <prompt> <description>] " [--qualitybar] <cache_id>\n"
" [<error_message> <prompt> <description>]\n"
This function is usually used to ask for a passphrase to be used "\n"
for conventional encryption, but may also be used by programs which "This function is usually used to ask for a passphrase to be used\n"
need specal handling of passphrases. This command uses a syntax "for conventional encryption, but may also be used by programs which\n"
which helps clients to use the agent with minimum effort. The "need specal handling of passphrases. This command uses a syntax\n"
agent either returns with an error or with a OK followed by the hex "which helps clients to use the agent with minimum effort. The\n"
encoded passphrase. Note that the length of the strings is "agent either returns with an error or with a OK followed by the hex\n"
implicitly limited by the maximum length of a command. "encoded passphrase. Note that the length of the strings is\n"
"implicitly limited by the maximum length of a command.\n"
If the option "--data" is used the passphrase is returned by usual "\n"
data lines and not on the okay line. "If the option \"--data\" is used the passphrase is returned by usual\n"
"data lines and not on the okay line.\n"
If the option "--check" is used the passphrase constraints checks as "\n"
implemented by gpg-agent are applied. A check is not done if the "If the option \"--check\" is used the passphrase constraints checks as\n"
passphrase has been found in the cache. "implemented by gpg-agent are applied. A check is not done if the\n"
"passphrase has been found in the cache.\n"
If the option "--no-ask" is used and the passphrase is not in the "\n"
cache the user will not be asked to enter a passphrase but the error "If the option \"--no-ask\" is used and the passphrase is not in the\n"
code GPG_ERR_NO_DATA is returned. "cache the user will not be asked to enter a passphrase but the error\n"
"code GPG_ERR_NO_DATA is returned. \n"
If the option "--qualitybar" is used a visual indication of the "\n"
entered passphrase quality is shown. (Unless no minimum passphrase "If the option \"--qualitybar\" is used a visual indication of the\n"
length has been configured.) "entered passphrase quality is shown. (Unless no minimum passphrase\n"
*/ "length has been configured.)";
static gpg_error_t
static int
cmd_get_passphrase (assuan_context_t ctx, char *line) cmd_get_passphrase (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1161,13 +1174,12 @@ cmd_get_passphrase (assuan_context_t ctx, char *line)
} }
/* CLEAR_PASSPHRASE <cache_id> static const char hlp_clear_passphrase[] =
"CLEAR_PASSPHRASE <cache_id>\n"
may be used to invalidate the cache entry for a passphrase. The "\n"
function returns with OK even when there is no cached passphrase. "may be used to invalidate the cache entry for a passphrase. The\n"
*/ "function returns with OK even when there is no cached passphrase.";
static gpg_error_t
static int
cmd_clear_passphrase (assuan_context_t ctx, char *line) cmd_clear_passphrase (assuan_context_t ctx, char *line)
{ {
char *cacheid = NULL; char *cacheid = NULL;
@ -1188,19 +1200,18 @@ cmd_clear_passphrase (assuan_context_t ctx, char *line)
} }
/* GET_CONFIRMATION <description> static const char hlp_get_confirmation[] =
"GET_CONFIRMATION <description>\n"
This command may be used to ask for a simple confirmation. "\n"
DESCRIPTION is displayed along with a Okay and Cancel button. This "This command may be used to ask for a simple confirmation.\n"
command uses a syntax which helps clients to use the agent with "DESCRIPTION is displayed along with a Okay and Cancel button. This\n"
minimum effort. The agent either returns with an error or with a "command uses a syntax which helps clients to use the agent with\n"
OK. Note, that the length of DESCRIPTION is implicitly limited by "minimum effort. The agent either returns with an error or with a\n"
the maximum length of a command. DESCRIPTION should not contain "OK. Note, that the length of DESCRIPTION is implicitly limited by\n"
any spaces, those must be encoded either percent escaped or simply "the maximum length of a command. DESCRIPTION should not contain\n"
as '+'. "any spaces, those must be encoded either percent escaped or simply\n"
*/ "as '+'.";
static gpg_error_t
static int
cmd_get_confirmation (assuan_context_t ctx, char *line) cmd_get_confirmation (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1237,11 +1248,12 @@ cmd_get_confirmation (assuan_context_t ctx, char *line)
/* LEARN [--send] static const char hlp_learn[] =
"LEARN [--send]\n"
Learn something about the currently inserted smartcard. With "\n"
--send the new certificates are send back. */ "Learn something about the currently inserted smartcard. With\n"
static int "--send the new certificates are send back.";
static gpg_error_t
cmd_learn (assuan_context_t ctx, char *line) cmd_learn (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1255,10 +1267,11 @@ cmd_learn (assuan_context_t ctx, char *line)
/* PASSWD <hexstring_with_keygrip> static const char hlp_passwd[] =
"PASSWD <hexstring_with_keygrip>\n"
Change the passphrase/PIN for the key identified by keygrip in LINE. */ "\n"
static int "Change the passphrase/PIN for the key identified by keygrip in LINE.";
static gpg_error_t
cmd_passwd (assuan_context_t ctx, char *line) cmd_passwd (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1297,14 +1310,16 @@ cmd_passwd (assuan_context_t ctx, char *line)
return rc; return rc;
} }
/* PRESET_PASSPHRASE <string_or_keygrip> <timeout> <hexstring>
Set the cached passphrase/PIN for the key identified by the keygrip static const char hlp_preset_passphrase[] =
to passwd for the given time, where -1 means infinite and 0 means "PRESET_PASSPHRASE <string_or_keygrip> <timeout> <hexstring>\n"
the default (currently only a timeout of -1 is allowed, which means "\n"
to never expire it). If passwd is not provided, ask for it via the "Set the cached passphrase/PIN for the key identified by the keygrip\n"
pinentry module. */ "to passwd for the given time, where -1 means infinite and 0 means\n"
static int "the default (currently only a timeout of -1 is allowed, which means\n"
"to never expire it). If passwd is not provided, ask for it via the\n"
"pinentry module.";
static gpg_error_t
cmd_preset_passphrase (assuan_context_t ctx, char *line) cmd_preset_passphrase (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -1336,6 +1351,7 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
line++; line++;
/* Syntax check the hexstring. */ /* Syntax check the hexstring. */
len = 0;
rc = parse_hexstring (ctx, line, &len); rc = parse_hexstring (ctx, line, &len);
if (rc) if (rc)
return rc; return rc;
@ -1362,12 +1378,14 @@ cmd_preset_passphrase (assuan_context_t ctx, char *line)
return rc; return rc;
} }
/* SCD <commands to pass to the scdaemon>
This is a general quote command to redirect everything to the
SCDAEMON. */ static const char hlp_scd[] =
static int "SCD <commands to pass to the scdaemon>\n"
" \n"
"This is a general quote command to redirect everything to the\n"
"SCdaemon.";
static gpg_error_t
cmd_scd (assuan_context_t ctx, char *line) cmd_scd (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1380,12 +1398,12 @@ cmd_scd (assuan_context_t ctx, char *line)
/* GETVAL <key> static const char hlp_getval[] =
"GETVAL <key>\n"
Return the value for KEY from the special environment as created by "\n"
PUTVAL. "Return the value for KEY from the special environment as created by\n"
*/ "PUTVAL.";
static int static gpg_error_t
cmd_getval (assuan_context_t ctx, char *line) cmd_getval (assuan_context_t ctx, char *line)
{ {
int rc = 0; int rc = 0;
@ -1424,25 +1442,25 @@ cmd_getval (assuan_context_t ctx, char *line)
} }
/* PUTVAL <key> [<percent_escaped_value>] static const char hlp_putval[] =
"PUTVAL <key> [<percent_escaped_value>]\n"
The gpg-agent maintains a kind of environment which may be used to "\n"
store key/value pairs in it, so that they can be retrieved later. "The gpg-agent maintains a kind of environment which may be used to\n"
This may be used by helper daemons to daemonize themself on "store key/value pairs in it, so that they can be retrieved later.\n"
invocation and register them with gpg-agent. Callers of the "This may be used by helper daemons to daemonize themself on\n"
daemon's service may now first try connect to get the information "invocation and register them with gpg-agent. Callers of the\n"
for that service from gpg-agent through the GETVAL command and then "daemon's service may now first try connect to get the information\n"
try to connect to that daemon. Only if that fails they may start "for that service from gpg-agent through the GETVAL command and then\n"
an own instance of the service daemon. "try to connect to that daemon. Only if that fails they may start\n"
"an own instance of the service daemon. \n"
KEY is an an arbitrary symbol with the same syntax rules as keys "\n"
for shell environment variables. PERCENT_ESCAPED_VALUE is the "KEY is an an arbitrary symbol with the same syntax rules as keys\n"
corresponsing value; they should be similar to the values of "for shell environment variables. PERCENT_ESCAPED_VALUE is the\n"
envronment variables but gpg-agent does not enforce any "corresponsing value; they should be similar to the values of\n"
restrictions. If that value is not given any value under that KEY "envronment variables but gpg-agent does not enforce any\n"
is removed from this special environment. "restrictions. If that value is not given any value under that KEY\n"
*/ "is removed from this special environment.";
static int static gpg_error_t
cmd_putval (assuan_context_t ctx, char *line) cmd_putval (assuan_context_t ctx, char *line)
{ {
int rc = 0; int rc = 0;
@ -1511,13 +1529,14 @@ cmd_putval (assuan_context_t ctx, char *line)
/* UPDATESTARTUPTTY static const char hlp_updatestartuptty[] =
"UPDATESTARTUPTTY\n"
Set startup TTY and X DISPLAY variables to the values of this "\n"
session. This command is useful to pull future pinentries to "Set startup TTY and X11 DISPLAY variables to the values of this\n"
another screen. It is only required because there is no way in the "session. This command is useful to pull future pinentries to\n"
ssh-agent protocol to convey this information. */ "another screen. It is only required because there is no way in the\n"
static int "ssh-agent protocol to convey this information.";
static gpg_error_t
cmd_updatestartuptty (assuan_context_t ctx, char *line) cmd_updatestartuptty (assuan_context_t ctx, char *line)
{ {
static const char *names[] = static const char *names[] =
@ -1572,11 +1591,12 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line)
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
/* KILLAGENT static const char hlp_killagent[] =
"KILLAGENT\n"
Under Windows we start the agent on the fly. Thus it also make "\n"
sense to allow a client to stop the agent. */ "Under Windows we start the agent on the fly. Thus it also make\n"
static int "sense to allow a client to stop the agent.";
static gpg_error_t
cmd_killagent (assuan_context_t ctx, char *line) cmd_killagent (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1587,11 +1607,13 @@ cmd_killagent (assuan_context_t ctx, char *line)
return gpg_error (GPG_ERR_EOF); return gpg_error (GPG_ERR_EOF);
} }
/* RELOADAGENT
As signals are inconvenient under Windows, we provide this command static const char hlp_reloadagent[] =
to allow reloading of the configuration. */ "RELOADAGENT\n"
static int "\n"
"As signals are inconvenient under Windows, we provide this command\n"
"to allow reloading of the configuration.";
static gpg_error_t
cmd_reloadagent (assuan_context_t ctx, char *line) cmd_reloadagent (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -1604,21 +1626,20 @@ cmd_reloadagent (assuan_context_t ctx, char *line)
/* GETINFO <what> static const char hlp_getinfo[] =
"GETINFO <what>\n"
Multipurpose function to return a variety of information. "\n"
Supported values for WHAT are: "Multipurpose function to return a variety of information.\n"
"Supported values for WHAT are:\n"
version - Return the version of the program. "\n"
pid - Return the process id of the server. " version - Return the version of the program.\n"
socket_name - Return the name of the socket. " pid - Return the process id of the server.\n"
ssh_socket_name - Return the name of the ssh socket. " socket_name - Return the name of the socket.\n"
scd_running - Return OK if the SCdaemon is already running. " ssh_socket_name - Return the name of the ssh socket.\n"
s2k_count - Return the calibrated S2K count. " scd_running - Return OK if the SCdaemon is already running.\n"
cmd_has_option CMD OPT " cmd_has_option\n"
- Returns OK if the command CMD implements the option OPT. " - Returns OK if the command CMD implements the option OPT.";
*/ static gpg_error_t
static int
cmd_getinfo (assuan_context_t ctx, char *line) cmd_getinfo (assuan_context_t ctx, char *line)
{ {
int rc = 0; int rc = 0;
@ -1703,7 +1724,7 @@ cmd_getinfo (assuan_context_t ctx, char *line)
static int static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value) option_handler (assuan_context_t ctx, const char *key, const char *value)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1773,7 +1794,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
/* Called by libassuan after all commands. ERR is the error from the /* Called by libassuan after all commands. ERR is the error from the
last assuan operation and not the one returned from the command. */ last assuan operation and not the one returned from the command. */
static void static void
post_cmd_notify (assuan_context_t ctx, int err) post_cmd_notify (assuan_context_t ctx, gpg_error_t err)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1789,15 +1810,17 @@ post_cmd_notify (assuan_context_t ctx, int err)
that the debug output won't get cluttered by this primitive that the debug output won't get cluttered by this primitive
command. */ command. */
static unsigned int static unsigned int
io_monitor (assuan_context_t ctx, int direction, io_monitor (assuan_context_t ctx, void *hook, int direction,
const char *line, size_t linelen) const char *line, size_t linelen)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
(void) hook;
/* Note that we only check for the uppercase name. This allows to /* Note that we only check for the uppercase name. This allows to
see the logging for debugging if using a non-upercase command see the logging for debugging if using a non-upercase command
name. */ name. */
if (ctx && !direction if (ctx && direction == ASSUAN_IO_FROM_PEER
&& linelen >= 15 && linelen >= 15
&& !strncmp (line, "GETEVENTCOUNTER", 15) && !strncmp (line, "GETEVENTCOUNTER", 15)
&& (linelen == 15 || spacep (line+15))) && (linelen == 15 || spacep (line+15)))
@ -1805,7 +1828,7 @@ io_monitor (assuan_context_t ctx, int direction,
ctrl->server_local->pause_io_logging = 1; ctrl->server_local->pause_io_logging = 1;
} }
return ctrl->server_local->pause_io_logging? 1:0; return ctrl->server_local->pause_io_logging? ASSUAN_IO_MONITOR_NOLOG : 0;
} }
@ -1829,46 +1852,48 @@ register_commands (assuan_context_t ctx)
{ {
static struct { static struct {
const char *name; const char *name;
int (*handler)(assuan_context_t, char *line); assuan_handler_t handler;
const char * const help;
} table[] = { } table[] = {
{ "GETEVENTCOUNTER",cmd_geteventcounter }, { "GETEVENTCOUNTER",cmd_geteventcounter, hlp_geteventcounter },
{ "ISTRUSTED", cmd_istrusted }, { "ISTRUSTED", cmd_istrusted, hlp_istrusted },
{ "HAVEKEY", cmd_havekey }, { "HAVEKEY", cmd_havekey, hlp_havekey },
{ "KEYINFO", cmd_keyinfo }, { "KEYINFO", cmd_keyinfo, hlp_keyinfo },
{ "SIGKEY", cmd_sigkey }, { "SIGKEY", cmd_sigkey, hlp_sigkey },
{ "SETKEY", cmd_sigkey }, { "SETKEY", cmd_sigkey, hlp_sigkey },
{ "SETKEYDESC", cmd_setkeydesc }, { "SETKEYDESC", cmd_setkeydesc,hlp_setkeydesc },
{ "SETHASH", cmd_sethash }, { "SETHASH", cmd_sethash, hlp_sethash },
{ "PKSIGN", cmd_pksign }, { "PKSIGN", cmd_pksign, hlp_pksign },
{ "PKDECRYPT", cmd_pkdecrypt }, { "PKDECRYPT", cmd_pkdecrypt, hlp_pkdecrypt },
{ "GENKEY", cmd_genkey }, { "GENKEY", cmd_genkey, hlp_genkey },
{ "READKEY", cmd_readkey }, { "READKEY", cmd_readkey, hlp_readkey },
{ "GET_PASSPHRASE", cmd_get_passphrase }, { "GET_PASSPHRASE", cmd_get_passphrase, hlp_get_passphrase },
{ "PRESET_PASSPHRASE", cmd_preset_passphrase }, { "PRESET_PASSPHRASE", cmd_preset_passphrase, hlp_preset_passphrase },
{ "CLEAR_PASSPHRASE", cmd_clear_passphrase }, { "CLEAR_PASSPHRASE", cmd_clear_passphrase, hlp_clear_passphrase },
{ "GET_CONFIRMATION", cmd_get_confirmation }, { "GET_CONFIRMATION", cmd_get_confirmation, hlp_get_confirmation },
{ "LISTTRUSTED", cmd_listtrusted }, { "LISTTRUSTED", cmd_listtrusted, hlp_listtrusted },
{ "MARKTRUSTED", cmd_marktrusted }, { "MARKTRUSTED", cmd_marktrusted, hlp_martrusted },
{ "LEARN", cmd_learn }, { "LEARN", cmd_learn, hlp_learn },
{ "PASSWD", cmd_passwd }, { "PASSWD", cmd_passwd, hlp_passwd },
{ "INPUT", NULL }, { "INPUT", NULL },
{ "OUTPUT", NULL }, { "OUTPUT", NULL },
{ "SCD", cmd_scd }, { "SCD", cmd_scd, hlp_scd },
{ "GETVAL", cmd_getval }, { "GETVAL", cmd_getval, hlp_getval },
{ "PUTVAL", cmd_putval }, { "PUTVAL", cmd_putval, hlp_putval },
{ "UPDATESTARTUPTTY", cmd_updatestartuptty }, { "UPDATESTARTUPTTY", cmd_updatestartuptty, hlp_updatestartuptty },
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
{ "KILLAGENT", cmd_killagent }, { "KILLAGENT", cmd_killagent, hlp_killagent },
{ "RELOADAGENT", cmd_reloadagent }, { "RELOADAGENT", cmd_reloadagent,hlp_reloadagent },
#endif #endif
{ "GETINFO", cmd_getinfo }, { "GETINFO", cmd_getinfo, hlp_getinfo },
{ NULL } { NULL }
}; };
int i, rc; int i, rc;
for (i=0; table[i].name; i++) for (i=0; table[i].name; i++)
{ {
rc = assuan_register_command (ctx, table[i].name, table[i].handler); rc = assuan_register_command (ctx, table[i].name, table[i].handler,
table[i].help);
if (rc) if (rc)
return rc; return rc;
} }
@ -1889,25 +1914,32 @@ void
start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
{ {
int rc; int rc;
assuan_context_t ctx; assuan_context_t ctx = NULL;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("failed to allocate assuan context: %s\n", gpg_strerror (rc));
agent_exit (2);
}
if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD) if (listen_fd == GNUPG_INVALID_FD && fd == GNUPG_INVALID_FD)
{ {
int filedes[2]; assuan_fd_t filedes[2];
filedes[0] = 0; filedes[0] = assuan_fdopen (0);
filedes[1] = 1; filedes[1] = assuan_fdopen (1);
rc = assuan_init_pipe_server (&ctx, filedes); rc = assuan_init_pipe_server (ctx, filedes);
} }
else if (listen_fd != GNUPG_INVALID_FD) else if (listen_fd != GNUPG_INVALID_FD)
{ {
rc = assuan_init_socket_server_ext (&ctx, listen_fd, 0); rc = assuan_init_socket_server (ctx, listen_fd, 0);
/* FIXME: Need to call assuan_sock_set_nonce for Windows. But /* FIXME: Need to call assuan_sock_set_nonce for Windows. But
this branch is currently not used. */ this branch is currently not used. */
} }
else else
{ {
rc = assuan_init_socket_server_ext (&ctx, fd, 2); rc = assuan_init_socket_server (ctx, fd, ASSUAN_SOCKET_SERVER_ACCEPTED);
} }
if (rc) if (rc)
{ {
@ -1930,11 +1962,8 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
ctrl->server_local->use_cache_for_signing = 1; ctrl->server_local->use_cache_for_signing = 1;
ctrl->digest.raw_value = 0; ctrl->digest.raw_value = 0;
if (DBG_ASSUAN)
assuan_set_log_stream (ctx, log_get_stream ());
#ifdef HAVE_ASSUAN_SET_IO_MONITOR #ifdef HAVE_ASSUAN_SET_IO_MONITOR
assuan_set_io_monitor (ctx, io_monitor); assuan_set_io_monitor (ctx, io_monitor, NULL);
#endif #endif
for (;;) for (;;)
@ -1965,7 +1994,7 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
agent_reset_query (ctrl); agent_reset_query (ctrl);
/* Cleanup. */ /* Cleanup. */
assuan_deinit_server (ctx); assuan_release (ctx);
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
if (ctrl->server_local->stopme) if (ctrl->server_local->stopme)
agent_exit (0); agent_exit (0);

49
agent/gpg-agent.c
View File

@ -50,7 +50,6 @@
#include "gc-opt-flags.h" #include "gc-opt-flags.h"
#include "exechelp.h" #include "exechelp.h"
enum cmd_and_opt_values enum cmd_and_opt_values
{ aNull = 0, { aNull = 0,
oCsh = 'c', oCsh = 'c',
@ -276,6 +275,8 @@ static void check_own_socket (void);
static int check_for_running_agent (int silent, int mode); static int check_for_running_agent (int silent, int mode);
/* Pth wrapper function definitions. */ /* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL; GCRY_THREAD_OPTION_PTH_IMPL;
static int fixed_gcry_pth_init (void) static int fixed_gcry_pth_init (void)
{ {
@ -493,7 +494,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|| strcmp (current_logfile, pargs->r.ret_str)) || strcmp (current_logfile, pargs->r.ret_str))
{ {
log_set_file (pargs->r.ret_str); log_set_file (pargs->r.ret_str);
assuan_set_assuan_log_stream (log_get_stream ()); if (DBG_ASSUAN)
assuan_set_assuan_log_stream (log_get_stream ());
xfree (current_logfile); xfree (current_logfile);
current_logfile = xtrystrdup (pargs->r.ret_str); current_logfile = xtrystrdup (pargs->r.ret_str);
} }
@ -567,7 +569,7 @@ main (int argc, char **argv )
int gpgconf_list = 0; int gpgconf_list = 0;
gpg_error_t err; gpg_error_t err;
const char *env_file_name = NULL; const char *env_file_name = NULL;
struct assuan_malloc_hooks malloc_hooks;
/* Before we do anything else we save the list of currently open /* Before we do anything else we save the list of currently open
file descriptors and the signal mask. This info is required to file descriptors and the signal mask. This info is required to
@ -610,10 +612,14 @@ main (int argc, char **argv )
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
} }
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); malloc_hooks.malloc = gcry_malloc;
assuan_set_assuan_log_stream (log_get_stream ()); malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_assuan_log_prefix (log_get_prefix (NULL)); assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_set_system_hooks (ASSUAN_SYSTEM_PTH);
assuan_sock_init ();
setup_libgcrypt_logging (); setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
@ -939,8 +945,9 @@ main (int argc, char **argv )
|JNLIB_LOG_WITH_TIME |JNLIB_LOG_WITH_TIME
|JNLIB_LOG_WITH_PID)); |JNLIB_LOG_WITH_PID));
current_logfile = xstrdup (logfile); current_logfile = xstrdup (logfile);
assuan_set_assuan_log_stream (log_get_stream ());
} }
if (DBG_ASSUAN)
assuan_set_assuan_log_stream (log_get_stream ());
/* Make sure that we have a default ttyname. */ /* Make sure that we have a default ttyname. */
if (!default_ttyname && ttyname (1)) if (!default_ttyname && ttyname (1))
@ -2070,7 +2077,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)
/* Helper for check_own_socket. */ /* Helper for check_own_socket. */
static int static gpg_error_t
check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length) check_own_socket_pid_cb (void *opaque, const void *buffer, size_t length)
{ {
membuf_t *mb = opaque; membuf_t *mb = opaque;
@ -2087,14 +2094,21 @@ check_own_socket_thread (void *arg)
{ {
int rc; int rc;
char *sockname = arg; char *sockname = arg;
assuan_context_t ctx; assuan_context_t ctx = NULL;
membuf_t mb; membuf_t mb;
char *buffer; char *buffer;
check_own_socket_running++; check_own_socket_running++;
rc = assuan_socket_connect (&ctx, sockname, (pid_t)(-1)); rc = assuan_new (&ctx);
xfree (sockname); xfree (sockname);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
goto leave;
}
rc = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
if (rc) if (rc)
{ {
log_error ("can't connect my own socket: %s\n", gpg_strerror (rc)); log_error ("can't connect my own socket: %s\n", gpg_strerror (rc));
@ -2121,9 +2135,10 @@ check_own_socket_thread (void *arg)
log_error ("socket is still served by this server\n"); log_error ("socket is still served by this server\n");
xfree (buffer); xfree (buffer);
assuan_disconnect (ctx);
leave: leave:
if (ctx)
assuan_release (ctx);
if (rc) if (rc)
{ {
/* We may not remove the socket as it is now in use by another /* We may not remove the socket as it is now in use by another
@ -2181,7 +2196,7 @@ check_for_running_agent (int silent, int mode)
{ {
int rc; int rc;
char *infostr, *p; char *infostr, *p;
assuan_context_t ctx; assuan_context_t ctx = NULL;
int prot, pid; int prot, pid;
if (!mode) if (!mode)
@ -2229,8 +2244,9 @@ check_for_running_agent (int silent, int mode)
pid = (pid_t)(-1); pid = (pid_t)(-1);
} }
rc = assuan_new (&ctx);
rc = assuan_socket_connect (&ctx, infostr, pid); if (! rc)
rc = assuan_socket_connect (ctx, infostr, pid, 0);
xfree (infostr); xfree (infostr);
if (rc) if (rc)
{ {
@ -2239,12 +2255,15 @@ check_for_running_agent (int silent, int mode)
if (!mode && !silent) if (!mode && !silent)
log_error ("can't connect to the agent: %s\n", gpg_strerror (rc)); log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
if (ctx)
assuan_release (ctx);
return -1; return -1;
} }
if (!opt.quiet && !silent) if (!opt.quiet && !silent)
log_info ("gpg-agent running and available\n"); log_info ("gpg-agent running and available\n");
assuan_disconnect (ctx); assuan_release (ctx);
return 0; return 0;
} }

23
common/ChangeLog
View File

@ -1,3 +1,26 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-10-16, 2009-11-02, 2009-11-05:
* Makefile.am (libcommon_a_CFLAGS): Use LIBASSUAN_CFLAGS instead
of LIBASSUAN_PTH_CFLAGS.
* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
type to gpg_error_t.
* asshelp.c (start_new_gpg_agent): Update use of
assuan_socket_connect and assuan_pipe_connect. Convert posix FD
to assuan FD.
[HAVE_W32_SYSTEM]: Add missing argument in assuan_socket_connect
invocation.
* iobuf.c (iobuf_open_fd_or_name): Fix type of FD in function
declaration.
2009-10-13 Werner Koch <wk@g10code.com>
From trunk 2009-09-23:
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
2009-12-21 Marcus Brinkmann <marcus@g10code.de> (wk) 2009-12-21 Marcus Brinkmann <marcus@g10code.de> (wk)
* Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No * Makefile.am (audit-events.h, status.h) [!MAINTAINER_MODE]: No

2
common/Makefile.am
View File

@ -87,7 +87,7 @@ libcommonpth_a_SOURCES = $(common_sources)
if USE_DNS_SRV if USE_DNS_SRV
libcommonpth_a_SOURCES += srv.c libcommonpth_a_SOURCES += srv.c
endif endif
libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_PTH_CFLAGS) $(PTH_CFLAGS) libcommonpth_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
libsimple_pwquery_a_SOURCES = \ libsimple_pwquery_a_SOURCES = \
simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h

25
common/asshelp.c
View File

@ -183,6 +183,13 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
*r_ctx = NULL; *r_ctx = NULL;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("error allocating assuan context: %s\n", gpg_strerror (rc));
return rc;
}
restart: restart:
infostr = force_pipe_server? NULL : getenv ("GPG_AGENT_INFO"); infostr = force_pipe_server? NULL : getenv ("GPG_AGENT_INFO");
if (!infostr || !*infostr) if (!infostr || !*infostr)
@ -192,7 +199,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
/* First check whether we can connect at the standard /* First check whether we can connect at the standard
socket. */ socket. */
sockname = make_filename (homedir, "S.gpg-agent", NULL); sockname = make_filename (homedir, "S.gpg-agent", NULL);
rc = assuan_socket_connect (&ctx, sockname, 0); rc = assuan_socket_connect (ctx, sockname, 0, 0);
if (rc) if (rc)
{ {
@ -210,6 +217,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
log_error ("error flushing pending output: %s\n", log_error ("error flushing pending output: %s\n",
strerror (errno)); strerror (errno));
xfree (sockname); xfree (sockname);
assuan_release (ctx);
return tmperr; return tmperr;
} }
@ -239,7 +247,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
/* Give the agent some time to prepare itself. */ /* Give the agent some time to prepare itself. */
gnupg_sleep (3); gnupg_sleep (3);
/* Now try again to connect the agent. */ /* Now try again to connect the agent. */
rc = assuan_socket_connect (&ctx, sockname, 0); rc = assuan_socket_connect (ctx, sockname, 0, 0);
} }
} }
#else /*!HAVE_W32_SYSTEM*/ #else /*!HAVE_W32_SYSTEM*/
@ -260,13 +268,13 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
i=0; i=0;
if (log_get_fd () != -1) if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd (); no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = fileno (stderr); no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
no_close_list[i] = -1; no_close_list[i] = -1;
/* Connect to the agent and perform initial handshaking. */ /* Connect to the agent and perform initial handshaking. */
rc = assuan_pipe_connect (&ctx, agent_program, argv, rc = assuan_pipe_connect (ctx, agent_program, argv,
no_close_list); no_close_list, NULL, NULL, 0);
} }
#endif /*!HAVE_W32_SYSTEM*/ #endif /*!HAVE_W32_SYSTEM*/
} }
@ -299,7 +307,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
goto restart; goto restart;
} }
rc = assuan_socket_connect (&ctx, infostr, pid); rc = assuan_socket_connect (ctx, infostr, pid, 0);
xfree (infostr); xfree (infostr);
if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED) if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED)
{ {
@ -312,6 +320,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
if (rc) if (rc)
{ {
log_error ("can't connect to the agent: %s\n", gpg_strerror (rc)); log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
assuan_release (ctx);
return gpg_error (GPG_ERR_NO_AGENT); return gpg_error (GPG_ERR_NO_AGENT);
} }
@ -326,7 +335,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
session_env); session_env);
if (rc) if (rc)
{ {
assuan_disconnect (ctx); assuan_release (ctx);
return rc; return rc;
} }

4
common/get-passphrase.c
View File

@ -103,7 +103,7 @@ start_agent (void)
/* This is the default inquiry callback. It merely handles the /* This is the default inquiry callback. It merely handles the
Pinentry notification. */ Pinentry notification. */
static int static gpg_error_t
default_inq_cb (void *opaque, const char *line) default_inq_cb (void *opaque, const char *line)
{ {
(void)opaque; (void)opaque;
@ -120,7 +120,7 @@ default_inq_cb (void *opaque, const char *line)
} }
static int static gpg_error_t
membuf_data_cb (void *opaque, const void *buffer, size_t length) membuf_data_cb (void *opaque, const void *buffer, size_t length)
{ {
membuf_t *data = opaque; membuf_t *data = opaque;

26
common/iobuf.c
View File

@ -1260,6 +1260,32 @@ iobuf_is_pipe_filename (const char *fname)
return check_special_filename (fname) != -1; return check_special_filename (fname) != -1;
} }
/* Either open the file specified by the file descriptor FD or - if FD
is -1, the file with name FNAME. As of now MODE is assumed to be
"rb" if FNAME is used. In contrast to iobuf_fdopen the file
descriptor FD will not be closed during an iobuf_close. */
iobuf_t
iobuf_open_fd_or_name (gnupg_fd_t fd, const char *fname, const char *mode)
{
iobuf_t a;
if (fd == -1)
a = iobuf_open (fname);
else
{
int fd2;
fd2 = dup (fd);
if (fd2 == -1)
a = NULL;
else
a = iobuf_fdopen (fd2, mode);
}
return a;
}
/**************** /****************
* Create a head iobuf for reading from a file * Create a head iobuf for reading from a file
* returns: NULL if an error occures and sets errno * returns: NULL if an error occures and sets errno

13
configure.ac
View File

@ -42,8 +42,8 @@ NEED_GPG_ERROR_VERSION=1.4
NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.4.0 NEED_LIBGCRYPT_VERSION=1.4.0
NEED_LIBASSUAN_API=1 NEED_LIBASSUAN_API=2
NEED_LIBASSUAN_VERSION=1.0.4 NEED_LIBASSUAN_VERSION=1.1.0
NEED_KSBA_API=1 NEED_KSBA_API=1
NEED_KSBA_VERSION=1.0.2 NEED_KSBA_VERSION=1.0.2
@ -614,11 +614,8 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
have_libassuan=yes,have_libassuan=no) have_libassuan=yes,have_libassuan=no)
if test "$have_libassuan" = "yes"; then if test "$have_libassuan" = "yes"; then
have_libassuan=no have_libassuan=no
AM_PATH_LIBASSUAN_PTH("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION", AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION",
have_libassuan=yes,have_libassuan=no) have_libassuan=yes,have_libassuan=no)
AM_CHECK_LIBASSUAN("$NEED_LIBASSUAN_API:1.0.1",
[AC_DEFINE(HAVE_ASSUAN_SET_IO_MONITOR, 1,
[Define to 1 if you have the `assuan_set_io_monitor' function.])],)
AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version", AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version",
[version of the libbassuan library]) [version of the libbassuan library])
fi fi
@ -1409,7 +1406,7 @@ if test "$have_libassuan" = "no"; then
die=yes die=yes
AC_MSG_NOTICE([[ AC_MSG_NOTICE([[
*** ***
*** You need libassuan with Pth support to build this program. *** You need libassuan to build this program.
*** This library is for example available at *** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/libassuan/ *** ftp://ftp.gnupg.org/gcrypt/libassuan/
*** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required). *** (at least version $NEED_LIBASSUAN_VERSION (API $NEED_LIBASSUAN_API) is required).

28
g10/ChangeLog
View File

@ -1,3 +1,31 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-09-23, 2009-11-02, 2009-11-25:
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(reset_notify, input_notify, output_notify): Update to
new assuan interface.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server. Use assuan_handler_t. Add NULL arg to
assuan_register_command.
(gpg_server): Allocate assuan_context before starting server.
Use assuan_fd_t and assuan_fdopen on fds.
2010-02-02 Werner Koch <wk@g10code.com> 2010-02-02 Werner Koch <wk@g10code.com>
* card-util.c (card_edit): Change prompt to "gpg/card". * card-util.c (card_edit): Change prompt to "gpg/card".

20
g10/call-agent.c
View File

@ -29,9 +29,9 @@
#ifdef HAVE_LOCALE_H #ifdef HAVE_LOCALE_H
#include <locale.h> #include <locale.h>
#endif #endif
#include <assuan.h>
#include "gpg.h" #include "gpg.h"
#include <assuan.h>
#include "util.h" #include "util.h"
#include "membuf.h" #include "membuf.h"
#include "options.h" #include "options.h"
@ -77,7 +77,7 @@ struct genkey_parm_s
}; };
static int learn_status_cb (void *opaque, const char *line); static gpg_error_t learn_status_cb (void *opaque, const char *line);
@ -230,7 +230,7 @@ store_serialno (const char *line)
/* This is a dummy data line callback. */ /* This is a dummy data line callback. */
static int static gpg_error_t
dummy_data_cb (void *opaque, const void *buffer, size_t length) dummy_data_cb (void *opaque, const void *buffer, size_t length)
{ {
(void)opaque; (void)opaque;
@ -240,7 +240,7 @@ dummy_data_cb (void *opaque, const void *buffer, size_t length)
} }
/* A simple callback used to return the serialnumber of a card. */ /* A simple callback used to return the serialnumber of a card. */
static int static gpg_error_t
get_serialno_cb (void *opaque, const char *line) get_serialno_cb (void *opaque, const char *line)
{ {
char **serialno = opaque; char **serialno = opaque;
@ -274,7 +274,7 @@ get_serialno_cb (void *opaque, const char *line)
/* This is the default inquiry callback. It mainly handles the /* This is the default inquiry callback. It mainly handles the
Pinentry notifications. */ Pinentry notifications. */
static int static gpg_error_t
default_inq_cb (void *opaque, const char *line) default_inq_cb (void *opaque, const char *line)
{ {
(void)opaque; (void)opaque;
@ -312,7 +312,7 @@ agent_release_card_info (struct agent_card_info_s *info)
info->fpr1valid = info->fpr2valid = info->fpr3valid = 0; info->fpr1valid = info->fpr2valid = info->fpr3valid = 0;
} }
static int static gpg_error_t
learn_status_cb (void *opaque, const char *line) learn_status_cb (void *opaque, const char *line)
{ {
struct agent_card_info_s *parm = opaque; struct agent_card_info_s *parm = opaque;
@ -597,7 +597,7 @@ agent_scd_setattr (const char *name,
/* Handle a CERTDATA inquiry. Note, we only send the data, /* Handle a CERTDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the END assuan_transact takes care of flushing and writing the END
command. */ command. */
static int static gpg_error_t
inq_writecert_parms (void *opaque, const char *line) inq_writecert_parms (void *opaque, const char *line)
{ {
int rc; int rc;
@ -645,7 +645,7 @@ agent_scd_writecert (const char *certidstr,
/* Handle a KEYDATA inquiry. Note, we only send the data, /* Handle a KEYDATA inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */ assuan_transact takes care of flushing and writing the end */
static int static gpg_error_t
inq_writekey_parms (void *opaque, const char *line) inq_writekey_parms (void *opaque, const char *line)
{ {
int rc; int rc;
@ -695,7 +695,7 @@ agent_scd_writekey (int keyno, const char *serialno,
/* Status callback for the SCD GENKEY command. */ /* Status callback for the SCD GENKEY command. */
static int static gpg_error_t
scd_genkey_cb (void *opaque, const char *line) scd_genkey_cb (void *opaque, const char *line)
{ {
struct agent_card_genkey_s *parm = opaque; struct agent_card_genkey_s *parm = opaque;
@ -882,7 +882,7 @@ select_openpgp (const char *serialno)
static int static gpg_error_t
membuf_data_cb (void *opaque, const void *buffer, size_t length) membuf_data_cb (void *opaque, const void *buffer, size_t length)
{ {
membuf_t *data = opaque; membuf_t *data = opaque;

10
g10/gpg.c
View File

@ -30,13 +30,13 @@
#include <sys/stat.h> /* for stat() */ #include <sys/stat.h> /* for stat() */
#endif #endif
#include <fcntl.h> #include <fcntl.h>
#include <assuan.h>
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
#include <windows.h> #include <windows.h>
#endif #endif
#define INCLUDED_BY_MAIN_MODULE 1 #define INCLUDED_BY_MAIN_MODULE 1
#include "gpg.h" #include "gpg.h"
#include <assuan.h>
#include "packet.h" #include "packet.h"
#include "../common/iobuf.h" #include "../common/iobuf.h"
#include "util.h" #include "util.h"
@ -1917,6 +1917,7 @@ main (int argc, char **argv)
int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */ int fpr_maybe_cmd = 0; /* --fingerprint maybe a command. */
int any_explicit_recipient = 0; int any_explicit_recipient = 0;
int require_secmem=0,got_secmem=0; int require_secmem=0,got_secmem=0;
struct assuan_malloc_hooks malloc_hooks;
#ifdef __riscos__ #ifdef __riscos__
opt.lock_once = 1; opt.lock_once = 1;
@ -2066,8 +2067,11 @@ main (int argc, char **argv)
/* Okay, we are now working under our real uid */ /* Okay, we are now working under our real uid */
/* malloc hooks go here ... */ /* malloc hooks go here ... */
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); malloc_hooks.malloc = gcry_malloc;
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT); malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
/* Try for a version specific config file first */ /* Try for a version specific config file first */

73
g10/server.c
View File

@ -26,9 +26,9 @@
#include <ctype.h> #include <ctype.h>
#include <unistd.h> #include <unistd.h>
#include <assuan.h>
#include "gpg.h" #include "gpg.h"
#include <assuan.h>
#include "util.h" #include "util.h"
#include "i18n.h" #include "i18n.h"
#include "options.h" #include "options.h"
@ -64,7 +64,7 @@ close_message_fd (ctrl_t ctrl)
/* Called by libassuan for Assuan options. See the Assuan manual for /* Called by libassuan for Assuan options. See the Assuan manual for
details. */ details. */
static int static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value) option_handler (assuan_context_t ctx, const char *key, const char *value)
{ {
/* ctrl_t ctrl = assuan_get_pointer (ctx); */ /* ctrl_t ctrl = assuan_get_pointer (ctx); */
@ -106,20 +106,23 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
/* Called by libassuan for RESET commands. */ /* Called by libassuan for RESET commands. */
static void static gpg_error_t
reset_notify (assuan_context_t ctx) reset_notify (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
(void)line;
close_message_fd (ctrl); close_message_fd (ctrl);
assuan_close_input_fd (ctx); assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx); assuan_close_output_fd (ctx);
return 0;
} }
/* Called by libassuan for INPUT commands. */ /* Called by libassuan for INPUT commands. */
static void static gpg_error_t
input_notify (assuan_context_t ctx, const char *line) input_notify (assuan_context_t ctx, char *line)
{ {
/* ctrl_t ctrl = assuan_get_pointer (ctx); */ /* ctrl_t ctrl = assuan_get_pointer (ctx); */
@ -135,12 +138,13 @@ input_notify (assuan_context_t ctx, const char *line)
{ {
/* FIXME (autodetect encoding) */ /* FIXME (autodetect encoding) */
} }
return 0;
} }
/* Called by libassuan for OUTPUT commands. */ /* Called by libassuan for OUTPUT commands. */
static void static gpg_error_t
output_notify (assuan_context_t ctx, const char *line) output_notify (assuan_context_t ctx, char *line)
{ {
/* ctrl_t ctrl = assuan_get_pointer (ctx); */ /* ctrl_t ctrl = assuan_get_pointer (ctx); */
@ -152,6 +156,7 @@ output_notify (assuan_context_t ctx, const char *line)
{ {
/* FIXME */ /* FIXME */
} }
return 0;
} }
@ -168,7 +173,7 @@ output_notify (assuan_context_t ctx, const char *line)
encrypt at all if not all recipients are valid, the client has to encrypt at all if not all recipients are valid, the client has to
take care of this. All RECIPIENT commands are cumulative until a take care of this. All RECIPIENT commands are cumulative until a
RESET or an successful ENCRYPT command. */ RESET or an successful ENCRYPT command. */
static int static gpg_error_t
cmd_recipient (assuan_context_t ctx, char *line) cmd_recipient (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -193,7 +198,7 @@ cmd_recipient (assuan_context_t ctx, char *line)
Note that this command returns an INV_RECP status which is a bit Note that this command returns an INV_RECP status which is a bit
strange, but they are very similar. */ strange, but they are very similar. */
static int static gpg_error_t
cmd_signer (assuan_context_t ctx, char *line) cmd_signer (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -216,7 +221,7 @@ cmd_signer (assuan_context_t ctx, char *line)
This command should in general not fail, as all necessary checks This command should in general not fail, as all necessary checks
have been done while setting the recipients. The input and output have been done while setting the recipients. The input and output
pipes are closed. */ pipes are closed. */
static int static gpg_error_t
cmd_encrypt (assuan_context_t ctx, char *line) cmd_encrypt (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -230,7 +235,7 @@ cmd_encrypt (assuan_context_t ctx, char *line)
This performs the decrypt operation after doing some checks on the This performs the decrypt operation after doing some checks on the
internal state (e.g. that only needed data has been set). */ internal state (e.g. that only needed data has been set). */
static int static gpg_error_t
cmd_decrypt (assuan_context_t ctx, char *line) cmd_decrypt (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -249,7 +254,7 @@ cmd_decrypt (assuan_context_t ctx, char *line)
If the signature is a detached one, the server will inquire about If the signature is a detached one, the server will inquire about
the signed material and the client must provide it. the signed material and the client must provide it.
*/ */
static int static gpg_error_t
cmd_verify (assuan_context_t ctx, char *line) cmd_verify (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -296,7 +301,7 @@ cmd_verify (assuan_context_t ctx, char *line)
Sign the data set with the INPUT command and write it to the sink Sign the data set with the INPUT command and write it to the sink
set by OUTPUT. With "--detached" specified, a detached signature set by OUTPUT. With "--detached" specified, a detached signature
is created. */ is created. */
static int static gpg_error_t
cmd_sign (assuan_context_t ctx, char *line) cmd_sign (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -310,7 +315,7 @@ cmd_sign (assuan_context_t ctx, char *line)
Import keys as read from the input-fd, return status message for Import keys as read from the input-fd, return status message for
each imported one. The import checks the validity of the key. */ each imported one. The import checks the validity of the key. */
static int static gpg_error_t
cmd_import (assuan_context_t ctx, char *line) cmd_import (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -330,7 +335,7 @@ cmd_import (assuan_context_t ctx, char *line)
Recall that in general the output format is set with the OUTPUT Recall that in general the output format is set with the OUTPUT
command. command.
*/ */
static int static gpg_error_t
cmd_export (assuan_context_t ctx, char *line) cmd_export (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -344,7 +349,7 @@ cmd_export (assuan_context_t ctx, char *line)
Fixme Fixme
*/ */
static int static gpg_error_t
cmd_delkeys (assuan_context_t ctx, char *line) cmd_delkeys (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -358,7 +363,7 @@ cmd_delkeys (assuan_context_t ctx, char *line)
Set the file descriptor to read a message which is used with Set the file descriptor to read a message which is used with
detached signatures. */ detached signatures. */
static int static gpg_error_t
cmd_message (assuan_context_t ctx, char *line) cmd_message (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -381,7 +386,7 @@ cmd_message (assuan_context_t ctx, char *line)
fixme fixme
*/ */
static int static gpg_error_t
do_listkeys (assuan_context_t ctx, char *line, int mode) do_listkeys (assuan_context_t ctx, char *line, int mode)
{ {
(void)ctx; (void)ctx;
@ -392,14 +397,14 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
} }
static int static gpg_error_t
cmd_listkeys (assuan_context_t ctx, char *line) cmd_listkeys (assuan_context_t ctx, char *line)
{ {
return do_listkeys (ctx, line, 3); return do_listkeys (ctx, line, 3);
} }
static int static gpg_error_t
cmd_listsecretkeys (assuan_context_t ctx, char *line) cmd_listsecretkeys (assuan_context_t ctx, char *line)
{ {
return do_listkeys (ctx, line, 2); return do_listkeys (ctx, line, 2);
@ -412,7 +417,7 @@ cmd_listsecretkeys (assuan_context_t ctx, char *line)
Read the parameters in native format from the input fd and create a Read the parameters in native format from the input fd and create a
new OpenPGP key. new OpenPGP key.
*/ */
static int static gpg_error_t
cmd_genkey (assuan_context_t ctx, char *line) cmd_genkey (assuan_context_t ctx, char *line)
{ {
(void)ctx; (void)ctx;
@ -430,7 +435,7 @@ cmd_genkey (assuan_context_t ctx, char *line)
pid - Return the process id of the server. pid - Return the process id of the server.
*/ */
static int static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line) cmd_getinfo (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -461,7 +466,7 @@ register_commands (assuan_context_t ctx)
static struct static struct
{ {
const char *name; const char *name;
int (*handler)(assuan_context_t, char *line); assuan_handler_t handler;
} table[] = { } table[] = {
{ "RECIPIENT", cmd_recipient }, { "RECIPIENT", cmd_recipient },
{ "SIGNER", cmd_signer }, { "SIGNER", cmd_signer },
@ -485,7 +490,7 @@ register_commands (assuan_context_t ctx)
for (i=0; table[i].name; i++) for (i=0; table[i].name; i++)
{ {
rc = assuan_register_command (ctx, table[i].name, table[i].handler); rc = assuan_register_command (ctx, table[i].name, table[i].handler, NULL);
if (rc) if (rc)
return rc; return rc;
} }
@ -502,16 +507,24 @@ gpg_server (ctrl_t ctrl)
{ {
int rc; int rc;
int filedes[2]; int filedes[2];
assuan_context_t ctx; assuan_context_t ctx = NULL;
static const char hello[] = ("GNU Privacy Guard's OpenPGP server " static const char hello[] = ("GNU Privacy Guard's OpenPGP server "
VERSION " ready"); VERSION " ready");
/* We use a pipe based server so that we can work from scripts. /* We use a pipe based server so that we can work from scripts.
assuan_init_pipe_server will automagically detect when we are assuan_init_pipe_server will automagically detect when we are
called with a socketpair and ignore FILEDES in this case. */ called with a socketpair and ignore FILEDES in this case. */
filedes[0] = 0; filedes[0] = assuan_fdopen (0);
filedes[1] = 1; filedes[1] = assuan_fdopen (1);
rc = assuan_init_pipe_server (&ctx, filedes); rc = assuan_new (&ctx);
if (rc)
{
log_error ("failed to allocate the assuan context: %s\n",
gpg_strerror (rc));
goto leave;
}
rc = assuan_init_pipe_server (ctx, filedes);
if (rc) if (rc)
{ {
log_error ("failed to initialize the server: %s\n", gpg_strerror (rc)); log_error ("failed to initialize the server: %s\n", gpg_strerror (rc));
@ -590,7 +603,7 @@ gpg_server (ctrl_t ctrl)
leave: leave:
xfree (ctrl->server_local); xfree (ctrl->server_local);
ctrl->server_local = NULL; ctrl->server_local = NULL;
assuan_deinit_server (ctx); assuan_release (ctx);
return rc; return rc;
} }

26
scd/ChangeLog
View File

@ -1,3 +1,29 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-09-23, 2009-10-16, 2009-11-02, 2009-11-04, 2009-11-05,
2009-11-25:
* Makefile.am (AM_CFLAGS, scdaemon_LDADD): Use libassuan instead
of libassuan-pth.
* scdaemon.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
(main): Update to new Assuan API. Call assuan_set_system_hooks
and assuan_sock_init.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
Call assuan_init_socket_server, not assuan_init_socket_server_ext.
Use assuan_fd_t and assuan_fdopen on fds.
(reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
Add NULL arg to assuan_register_command. Add help arg to
assuan_register_command. Add help strings to all commands.
2009-12-03 Werner Koch <wk@g10code.com> 2009-12-03 Werner Koch <wk@g10code.com>
* scdaemon.c (set_debug): Allow for numerical debug levels. Print * scdaemon.c (set_debug): Allow for numerical debug levels. Print

6
scd/Makefile.am
View File

@ -27,7 +27,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
include $(top_srcdir)/am/cmacros.am include $(top_srcdir)/am/cmacros.am
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
$(KSBA_CFLAGS) $(LIBASSUAN_PTH_CFLAGS) $(PTH_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c
@ -42,7 +42,7 @@ scdaemon_SOURCES = \
scdaemon_LDADD = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a \ scdaemon_LDADD = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_PTH_LIBS) $(PTH_LIBS) \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
$(LIBUSB_LIBS) $(GPG_ERROR_LIBS) \ $(LIBUSB_LIBS) $(GPG_ERROR_LIBS) \
$(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV) $(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV)
@ -60,7 +60,7 @@ scdaemon_LDADD = $(libcommonpth) ../jnlib/libjnlib.a ../gl/libgnu.a \
#sc_copykeys_LDADD = \ #sc_copykeys_LDADD = \
# ../jnlib/libjnlib.a ../common/libcommon.a \ # ../jnlib/libjnlib.a ../common/libcommon.a \
# ../common/libsimple-pwquery.a \ # ../common/libsimple-pwquery.a \
# $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_PTH_LIBS) $(PTH_LIBS) \ # $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(PTH_LIBS) \
# $(LIBUSB_LIBS) \ # $(LIBUSB_LIBS) \
# -lgpg-error @LIBINTL@ @DL_LIBS@ # -lgpg-error @LIBINTL@ @DL_LIBS@
# #

757
scd/command.c
View File

@ -30,9 +30,8 @@
# include <pth.h> # include <pth.h>
#endif #endif
#include <assuan.h>
#include "scdaemon.h" #include "scdaemon.h"
#include <assuan.h>
#include <ksba.h> #include <ksba.h>
#include "app-common.h" #include "app-common.h"
#include "apdu.h" /* Required for apdu_*_reader (). */ #include "apdu.h" /* Required for apdu_*_reader (). */
@ -339,16 +338,19 @@ do_reset (ctrl_t ctrl, int send_reset)
} }
static void static gpg_error_t
reset_notify (assuan_context_t ctx) reset_notify (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
(void) line;
do_reset (ctrl, 1); do_reset (ctrl, 1);
return 0;
} }
static int static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value) option_handler (assuan_context_t ctx, const char *key, const char *value)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -401,7 +403,7 @@ get_reader_slot (void)
/* If the card has not yet been opened, do it. Note that this /* If the card has not yet been opened, do it. Note that this
function returns an Assuan error, so don't map the error a second function returns an Assuan error, so don't map the error a second
time. */ time. */
static assuan_error_t static gpg_error_t
open_card (ctrl_t ctrl, const char *apptype) open_card (ctrl_t ctrl, const char *apptype)
{ {
gpg_error_t err; gpg_error_t err;
@ -464,26 +466,26 @@ open_card (ctrl_t ctrl, const char *apptype)
} }
/* SERIALNO [APPTYPE] static const char hlp_serialno[] =
"SERIALNO [<apptype>]\n"
Return the serial number of the card using a status reponse. This "\n"
function should be used to check for the presence of a card. "Return the serial number of the card using a status reponse. This\n"
"function should be used to check for the presence of a card.\n"
If APPTYPE is given, an application of that type is selected and an "\n"
error is returned if the application is not supported or available. "If APPTYPE is given, an application of that type is selected and an\n"
The default is to auto-select the application using a hardwired "error is returned if the application is not supported or available.\n"
preference system. Note, that a future extension to this function "The default is to auto-select the application using a hardwired\n"
may allow to specify a list and order of applications to try. "preference system. Note, that a future extension to this function\n"
"may allow to specify a list and order of applications to try.\n"
This function is special in that it can be used to reset the card. "\n"
Most other functions will return an error when a card change has "This function is special in that it can be used to reset the card.\n"
been detected and the use of this function is therefore required. "Most other functions will return an error when a card change has\n"
"been detected and the use of this function is therefore required.\n"
Background: We want to keep the client clear of handling card "\n"
changes between operations; i.e. the client can assume that all "Background: We want to keep the client clear of handling card\n"
operations are done on the same card unless he calls this function. "changes between operations; i.e. the client can assume that all\n"
*/ "operations are done on the same card unless he calls this function.";
static int static gpg_error_t
cmd_serialno (assuan_context_t ctx, char *line) cmd_serialno (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -519,78 +521,76 @@ cmd_serialno (assuan_context_t ctx, char *line)
} }
static const char hlp_learn[] =
"LEARN [--force] [--keypairinfo]\n"
/* LEARN [--force] [--keypairinfo] "\n"
"Learn all useful information of the currently inserted card. When\n"
Learn all useful information of the currently inserted card. When "used without the force options, the command might do an INQUIRE\n"
used without the force options, the command might do an INQUIRE "like this:\n"
like this: "\n"
" INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp>\n"
INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp> "\n"
"The client should just send an \"END\" if the processing should go on\n"
The client should just send an "END" if the processing should go on "or a \"CANCEL\" to force the function to terminate with a Cancel\n"
or a "CANCEL" to force the function to terminate with a Cancel "error message.\n"
error message. "\n"
"With the option --keypairinfo only KEYPARIINFO lstatus lines are\n"
With the option --keypairinfo only KEYPARIINFO lstatus lines are "returned.\n"
returned. "\n"
"The response of this command is a list of status lines formatted as\n"
The response of this command is a list of status lines formatted as "this:\n"
this: "\n"
" S APPTYPE <apptype>\n"
S APPTYPE <apptype> "\n"
"This returns the type of the application, currently the strings:\n"
This returns the type of the application, currently the strings: "\n"
" P15 = PKCS-15 structure used\n"
P15 = PKCS-15 structure used " DINSIG = DIN SIG\n"
DINSIG = DIN SIG " OPENPGP = OpenPGP card\n"
OPENPGP = OpenPGP card " NKS = NetKey card\n"
NKS = NetKey card "\n"
"are implemented. These strings are aliases for the AID\n"
are implemented. These strings are aliases for the AID "\n"
" S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id>\n"
S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id> "\n"
"If there is no certificate yet stored on the card a single 'X' is\n"
If there is no certificate yet stored on the card a single "X" is "returned as the keygrip. In addition to the keypair info, information\n"
returned as the keygrip. In addition to the keypair info, information "about all certificates stored on the card is also returned:\n"
about all certificates stored on the card is also returned: "\n"
" S CERTINFO <certtype> <hexstring_with_id>\n"
S CERTINFO <certtype> <hexstring_with_id> "\n"
"Where CERTTYPE is a number indicating the type of certificate:\n"
Where CERTTYPE is a number indicating the type of certificate: " 0 := Unknown\n"
0 := Unknown " 100 := Regular X.509 cert\n"
100 := Regular X.509 cert " 101 := Trusted X.509 cert\n"
101 := Trusted X.509 cert " 102 := Useful X.509 cert\n"
102 := Useful X.509 cert " 110 := Root CA cert in a special format (e.g. DINSIG)\n"
110 := Root CA cert in a special format (e.g. DINSIG) " 111 := Root CA cert as standard X509 cert.\n"
111 := Root CA cert as standard X509 cert. "\n"
"For certain cards, more information will be returned:\n"
For certain cards, more information will be returned: "\n"
" S KEY-FPR <no> <hexstring>\n"
S KEY-FPR <no> <hexstring> "\n"
"For OpenPGP cards this returns the stored fingerprints of the\n"
For OpenPGP cards this returns the stored fingerprints of the "keys. This can be used check whether a key is available on the\n"
keys. This can be used check whether a key is available on the "card. NO may be 1, 2 or 3.\n"
card. NO may be 1, 2 or 3. "\n"
" S CA-FPR <no> <hexstring>\n"
S CA-FPR <no> <hexstring> "\n"
"Similar to above, these are the fingerprints of keys assumed to be\n"
Similar to above, these are the fingerprints of keys assumed to be "ultimately trusted.\n"
ultimately trusted. "\n"
" S DISP-NAME <name_of_card_holder>\n"
S DISP-NAME <name_of_card_holder> "\n"
"The name of the card holder as stored on the card; percent\n"
The name of the card holder as stored on the card; percent "escaping takes place, spaces are encoded as '+'\n"
escaping takes place, spaces are encoded as '+' "\n"
" S PUBKEY-URL <url>\n"
S PUBKEY-URL <url> "\n"
"The URL to be used for locating the entire public key.\n"
The URL to be used for locating the entire public key. " \n"
"Note, that this function may even be used on a locked card.";
Note, that this function may even be used on a locked card. static gpg_error_t
*/
static int
cmd_learn (assuan_context_t ctx, char *line) cmd_learn (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -658,11 +658,11 @@ cmd_learn (assuan_context_t ctx, char *line)
/* READCERT <hexified_certid>|<keyid> static const char hlp_readcert[] =
"READCERT <hexified_certid>|<keyid>\n"
Note, that this function may even be used on a locked card. "\n"
*/ "Note, that this function may even be used on a locked card.";
static int static gpg_error_t
cmd_readcert (assuan_context_t ctx, char *line) cmd_readcert (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -692,14 +692,14 @@ cmd_readcert (assuan_context_t ctx, char *line)
} }
/* READKEY <keyid> static const char hlp_readkey[] =
"READKEY <keyid>\n"
Return the public key for the given cert or key ID as an standard "\n"
S-Expression. "Return the public key for the given cert or key ID as a standard\n"
"S-expression.\n"
Note, that this function may even be used on a locked card. "\n"
*/ "Note, that this function may even be used on a locked card.";
static int static gpg_error_t
cmd_readkey (assuan_context_t ctx, char *line) cmd_readkey (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -775,12 +775,11 @@ cmd_readkey (assuan_context_t ctx, char *line)
static const char hlp_setdata[] =
/* SETDATA <hexstring> "SETDATA <hexstring> \n"
"\n"
The client should use this command to tell us the data he want to "The client should use this command to tell us the data he want to sign.";
sign. */ static gpg_error_t
static int
cmd_setdata (assuan_context_t ctx, char *line) cmd_setdata (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -873,12 +872,11 @@ pin_cb (void *opaque, const char *info, char **retstr)
} }
/* PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id> static const char hlp_pksign[] =
"PKSIGN [--hash=[rmd160|sha{1,224,256,384,512}|md5]] <hexified_id>\n"
The --hash option is optional; the default is SHA1. "\n"
"The --hash option is optional; the default is SHA1.";
*/ static gpg_error_t
static int
cmd_pksign (assuan_context_t ctx, char *line) cmd_pksign (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -945,10 +943,10 @@ cmd_pksign (assuan_context_t ctx, char *line)
return rc; return rc;
} }
/* PKAUTH <hexified_id>
*/ static const char hlp_pkauth[] =
static int "PKAUTH <hexified_id>";
static gpg_error_t
cmd_pkauth (assuan_context_t ctx, char *line) cmd_pkauth (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -995,10 +993,10 @@ cmd_pkauth (assuan_context_t ctx, char *line)
return rc; return rc;
} }
/* PKDECRYPT <hexified_id>
*/ static const char hlp_pkdecrypt[] =
static int "PKDECRYPT <hexified_id>";
static gpg_error_t
cmd_pkdecrypt (assuan_context_t ctx, char *line) cmd_pkdecrypt (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1040,19 +1038,19 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
} }
/* GETATTR <name> static const char hlp_getattr[] =
"GETATTR <name>\n"
This command is used to retrieve data from a smartcard. The "\n"
allowed names depend on the currently selected smartcard "This command is used to retrieve data from a smartcard. The\n"
application. NAME must be percent and '+' escaped. The value is "allowed names depend on the currently selected smartcard\n"
returned through status message, see the LEARN command for details. "application. NAME must be percent and '+' escaped. The value is\n"
"returned through status message, see the LEARN command for details.\n"
However, the current implementation assumes that Name is not escaped; "\n"
this works as long as noone uses arbitrary escaping. "However, the current implementation assumes that Name is not escaped;\n"
"this works as long as noone uses arbitrary escaping. \n"
Note, that this function may even be used on a locked card. "\n"
*/ "Note, that this function may even be used on a locked card.";
static int static gpg_error_t
cmd_getattr (assuan_context_t ctx, char *line) cmd_getattr (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1079,19 +1077,20 @@ cmd_getattr (assuan_context_t ctx, char *line)
} }
/* SETATTR <name> <value> static const char hlp_setattr[] =
"SETATTR <name> <value> \n"
This command is used to store data on a a smartcard. The allowed "\n"
names and values are depend on the currently selected smartcard "This command is used to store data on a a smartcard. The allowed\n"
application. NAME and VALUE must be percent and '+' escaped. "names and values are depend on the currently selected smartcard\n"
"application. NAME and VALUE must be percent and '+' escaped.\n"
However, the current implementation assumes that NAME is not "\n"
escaped; this works as long as noone uses arbitrary escaping. "However, the current implementation assumes that NAME is not\n"
"escaped; this works as long as noone uses arbitrary escaping.\n"
A PIN will be requested for most NAMEs. See the corresponding "\n"
setattr function of the actually used application (app-*.c) for "A PIN will be requested for most NAMEs. See the corresponding\n"
details. */ "setattr function of the actually used application (app-*.c) for\n"
static int "details.";
static gpg_error_t
cmd_setattr (assuan_context_t ctx, char *orig_line) cmd_setattr (assuan_context_t ctx, char *orig_line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1131,18 +1130,18 @@ cmd_setattr (assuan_context_t ctx, char *orig_line)
} }
static const char hlp_writecert[] =
/* WRITECERT <hexified_certid> "WRITECERT <hexified_certid>\n"
"\n"
This command is used to store a certifciate on a smartcard. The "This command is used to store a certifciate on a smartcard. The\n"
allowed certids depend on the currently selected smartcard "allowed certids depend on the currently selected smartcard\n"
application. The actual certifciate is requested using the inquiry "application. The actual certifciate is requested using the inquiry\n"
"CERTDATA" and needs to be provided in its raw (e.g. DER) form. "\"CERTDATA\" and needs to be provided in its raw (e.g. DER) form.\n"
"\n"
In almost all cases a a PIN will be requested. See the related "In almost all cases a a PIN will be requested. See the related\n"
writecert function of the actually used application (app-*.c) for "writecert function of the actually used application (app-*.c) for\n"
details. */ "details.";
static int static gpg_error_t
cmd_writecert (assuan_context_t ctx, char *line) cmd_writecert (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1193,21 +1192,21 @@ cmd_writecert (assuan_context_t ctx, char *line)
} }
static const char hlp_writekey[] =
/* WRITEKEY [--force] <keyid> "WRITEKEY [--force] <keyid> \n"
"\n"
This command is used to store a secret key on a a smartcard. The "This command is used to store a secret key on a a smartcard. The\n"
allowed keyids depend on the currently selected smartcard "allowed keyids depend on the currently selected smartcard\n"
application. The actual keydata is requested using the inquiry "application. The actual keydata is requested using the inquiry\n"
"KEYDATA" and need to be provided without any protection. With "\"KEYDATA\" and need to be provided without any protection. With\n"
--force set an existing key under this KEYID will get overwritten. "--force set an existing key under this KEYID will get overwritten.\n"
The keydata is expected to be the usual canonical encoded "The keydata is expected to be the usual canonical encoded\n"
S-expression. "S-expression.\n"
"\n"
A PIN will be requested for most NAMEs. See the corresponding "A PIN will be requested for most NAMEs. See the corresponding\n"
writekey function of the actually used application (app-*.c) for "writekey function of the actually used application (app-*.c) for\n"
details. */ "details.";
static int static gpg_error_t
cmd_writekey (assuan_context_t ctx, char *line) cmd_writekey (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1260,30 +1259,28 @@ cmd_writekey (assuan_context_t ctx, char *line)
} }
static const char hlp_genkey[] =
/* GENKEY [--force] [--timestamp=<isodate>] <no> "GENKEY [--force] [--timestamp=<isodate>] <no>\n"
"\n"
Generate a key on-card identified by NO, which is application "Generate a key on-card identified by NO, which is application\n"
specific. Return values are application specific. For OpenPGP "specific. Return values are application specific. For OpenPGP\n"
cards 2 status lines are returned: "cards 2 status lines are returned:\n"
"\n"
S KEY-FPR <hexstring> " S KEY-FPR <hexstring>\n"
S KEY-CREATED-AT <seconds_since_epoch> " S KEY-CREATED-AT <seconds_since_epoch>\n"
S KEY-DATA [p|n] <hexdata> " S KEY-DATA [p|n] <hexdata>\n"
"\n"
--force is required to overwrite an already existing key. The "--force is required to overwrite an already existing key. The\n"
KEY-CREATED-AT is required for further processing because it is "KEY-CREATED-AT is required for further processing because it is\n"
part of the hashed key material for the fingerprint. "part of the hashed key material for the fingerprint.\n"
"\n"
If --timestamp is given an OpenPGP key will be created using this "If --timestamp is given an OpenPGP key will be created using this\n"
value. The value needs to be in ISO Format; e.g. "value. The value needs to be in ISO Format; e.g.\n"
"--timestamp=20030316T120000" and after 1970-01-01 00:00:00. "\"--timestamp=20030316T120000\" and after 1970-01-01 00:00:00.\n"
"\n"
The public part of the key can also later be retrieved using the "The public part of the key can also later be retrieved using the\n"
READKEY command. "READKEY command.";
static gpg_error_t
*/
static int
cmd_genkey (assuan_context_t ctx, char *line) cmd_genkey (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1336,13 +1333,15 @@ cmd_genkey (assuan_context_t ctx, char *line)
} }
/* RANDOM <nbytes> static const char hlp_random[] =
"RANDOM <nbytes>\n"
Get NBYTES of random from the card and send them back as data. "\n"
"Get NBYTES of random from the card and send them back as data.\n"
Note, that this function may be even be used on a locked card. "This usually involves EEPROM write on the card and thus excessive\n"
*/ "use of this command may destroy the card.\n"
static int "\n"
"Note, that this function may be even be used on a locked card.";
static gpg_error_t
cmd_random (assuan_context_t ctx, char *line) cmd_random (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1351,7 +1350,8 @@ cmd_random (assuan_context_t ctx, char *line)
unsigned char *buffer; unsigned char *buffer;
if (!*line) if (!*line)
return set_error (GPG_ERR_ASS_PARAMETER, "number of requested bytes missing"); return set_error (GPG_ERR_ASS_PARAMETER,
"number of requested bytes missing");
nbytes = strtoul (line, NULL, 0); nbytes = strtoul (line, NULL, 0);
if ((rc = open_card (ctrl, NULL))) if ((rc = open_card (ctrl, NULL)))
@ -1377,14 +1377,16 @@ cmd_random (assuan_context_t ctx, char *line)
return rc; return rc;
} }
/* PASSWD [--reset] [--nullpin] <chvno>
Change the PIN or, if --reset is given, reset the retry counter of
the card holder verfication vector CHVNO. The option --nullpin is static const char hlp_passwd[] =
used for TCOS cards to set the initial PIN. The format of CHVNO "PASSWD [--reset] [--nullpin] <chvno>\n"
depends on the card application. */ "\n"
static int "Change the PIN or, if --reset is given, reset the retry counter of\n"
"the card holder verfication vector CHVNO. The option --nullpin is\n"
"used for TCOS cards to set the initial PIN. The format of CHVNO\n"
"depends on the card application.";
static gpg_error_t
cmd_passwd (assuan_context_t ctx, char *line) cmd_passwd (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1428,40 +1430,39 @@ cmd_passwd (assuan_context_t ctx, char *line)
} }
/* CHECKPIN <idstr> static const char hlp_checkpin[] =
"CHECKPIN <idstr>\n"
Perform a VERIFY operation without doing anything else. This may "\n"
be used to initialize a the PIN cache earlier to long lasting "Perform a VERIFY operation without doing anything else. This may\n"
operations. Its use is highly application dependent. "be used to initialize a the PIN cache earlier to long lasting\n"
"operations. Its use is highly application dependent.\n"
For OpenPGP: "\n"
"For OpenPGP:\n"
Perform a simple verify operation for CHV1 and CHV2, so that "\n"
further operations won't ask for CHV2 and it is possible to do a " Perform a simple verify operation for CHV1 and CHV2, so that\n"
cheap check on the PIN: If there is something wrong with the PIN " further operations won't ask for CHV2 and it is possible to do a\n"
entry system, only the regular CHV will get blocked and not the " cheap check on the PIN: If there is something wrong with the PIN\n"
dangerous CHV3. IDSTR is the usual card's serial number in hex " entry system, only the regular CHV will get blocked and not the\n"
notation; an optional fingerprint part will get ignored. There " dangerous CHV3. IDSTR is the usual card's serial number in hex\n"
is however a special mode if the IDSTR is sffixed with the " notation; an optional fingerprint part will get ignored. There\n"
literal string "[CHV3]": In this case the Admin PIN is checked " is however a special mode if the IDSTR is sffixed with the\n"
if and only if the retry counter is still at 3. " literal string \"[CHV3]\": In this case the Admin PIN is checked\n"
" if and only if the retry counter is still at 3.\n"
For Netkey: "\n"
"For Netkey:\n"
Any of the valid PIN Ids may be used. These are the strings: "\n"
" Any of the valid PIN Ids may be used. These are the strings:\n"
PW1.CH - Global password 1 "\n"
PW2.CH - Global password 2 " PW1.CH - Global password 1\n"
PW1.CH.SIG - SigG password 1 " PW2.CH - Global password 2\n"
PW2.CH.SIG - SigG password 2 " PW1.CH.SIG - SigG password 1\n"
" PW2.CH.SIG - SigG password 2\n"
For a definitive list, see the implementation in app-nks.c. "\n"
Note that we call a PW2.* PIN a "PUK" despite that since TCOS " For a definitive list, see the implementation in app-nks.c.\n"
3.0 they are technically alternative PINs used to mutally " Note that we call a PW2.* PIN a \"PUK\" despite that since TCOS\n"
unblock each other. " 3.0 they are technically alternative PINs used to mutally\n"
" unblock each other.";
*/ static gpg_error_t
static int
cmd_checkpin (assuan_context_t ctx, char *line) cmd_checkpin (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1494,17 +1495,17 @@ cmd_checkpin (assuan_context_t ctx, char *line)
} }
/* LOCK [--wait] static const char hlp_lock[] =
"LOCK [--wait]\n"
Grant exclusive card access to this session. Note that there is "\n"
no lock counter used and a second lock from the same session will "Grant exclusive card access to this session. Note that there is\n"
be ignored. A single unlock (or RESET) unlocks the session. "no lock counter used and a second lock from the same session will\n"
Return GPG_ERR_LOCKED if another session has locked the reader. "be ignored. A single unlock (or RESET) unlocks the session.\n"
"Return GPG_ERR_LOCKED if another session has locked the reader.\n"
If the option --wait is given the command will wait until a "\n"
lock has been released. "If the option --wait is given the command will wait until a\n"
*/ "lock has been released.";
static int static gpg_error_t
cmd_lock (assuan_context_t ctx, char *line) cmd_lock (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1538,11 +1539,11 @@ cmd_lock (assuan_context_t ctx, char *line)
} }
/* UNLOCK static const char hlp_unlock[] =
"UNLOCK\n"
Release exclusive card access. "\n"
*/ "Release exclusive card access.";
static int static gpg_error_t
cmd_unlock (assuan_context_t ctx, char *line) cmd_unlock (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1566,35 +1567,34 @@ cmd_unlock (assuan_context_t ctx, char *line)
} }
/* GETINFO <what> static const char hlp_getinfo[] =
"GETINFO <what>\n"
Multi purpose command to return certain information. "\n"
Supported values of WHAT are: "Multi purpose command to return certain information. \n"
"Supported values of WHAT are:\n"
version - Return the version of the program. "\n"
pid - Return the process id of the server. "version - Return the version of the program.\n"
"pid - Return the process id of the server.\n"
socket_name - Return the name of the socket. "\n"
"socket_name - Return the name of the socket.\n"
status - Return the status of the current slot (in the future, may "\n"
also return the status of all slots). The status is a list of "status - Return the status of the current slot (in the future, may\n"
one-character flags. The following flags are currently defined: "also return the status of all slots). The status is a list of\n"
'u' Usable card present. This is the normal state during operation. "one-character flags. The following flags are currently defined:\n"
'r' Card removed. A reset is necessary. " 'u' Usable card present. This is the normal state during operation.\n"
These flags are exclusive. " 'r' Card removed. A reset is necessary.\n"
"These flags are exclusive.\n"
reader_list - Return a list of detected card readers. Does "\n"
currently only work with the internal CCID driver. "reader_list - Return a list of detected card readers. Does\n"
" currently only work with the internal CCID driver.\n"
deny_admin - Returns OK if admin commands are not allowed or "\n"
GPG_ERR_GENERAL if admin commands are allowed. "deny_admin - Returns OK if admin commands are not allowed or\n"
" GPG_ERR_GENERAL if admin commands are allowed.\n"
app_list - Return a list of supported applications. One "\n"
application per line, fields delimited by colons, "app_list - Return a list of supported applications. One\n"
first field is the name. " application per line, fields delimited by colons,\n"
*/ " first field is the name.";
static gpg_error_t
static int
cmd_getinfo (assuan_context_t ctx, char *line) cmd_getinfo (assuan_context_t ctx, char *line)
{ {
int rc = 0; int rc = 0;
@ -1674,18 +1674,17 @@ cmd_getinfo (assuan_context_t ctx, char *line)
} }
/* RESTART static const char hlp_restart[] =
"RESTART\n"
Restart the current connection; this is a kind of warm reset. It "\n"
deletes the context used by this connection but does not send a "Restart the current connection; this is a kind of warm reset. It\n"
RESET to the card. Thus the card itself won't get reset. "deletes the context used by this connection but does not send a\n"
"RESET to the card. Thus the card itself won't get reset. \n"
This is used by gpg-agent to reuse a primary pipe connection and "\n"
may be used by clients to backup from a conflict in the serial "This is used by gpg-agent to reuse a primary pipe connection and\n"
command; i.e. to select another application. "may be used by clients to backup from a conflict in the serial\n"
*/ "command; i.e. to select another application.";
static gpg_error_t
static int
cmd_restart (assuan_context_t ctx, char *line) cmd_restart (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1706,12 +1705,12 @@ cmd_restart (assuan_context_t ctx, char *line)
} }
/* DISCONNECT static const char hlp_disconnect[] =
"DISCONNECT\n"
Disconnect the card if it is not any longer used by other "\n"
connections and the backend supports a disconnect operation. "Disconnect the card if it is not any longer used by other\n"
*/ "connections and the backend supports a disconnect operation.";
static int static gpg_error_t
cmd_disconnect (assuan_context_t ctx, char *line) cmd_disconnect (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1724,26 +1723,26 @@ cmd_disconnect (assuan_context_t ctx, char *line)
/* APDU [--atr] [--more] [--exlen[=N]] [hexstring] static const char hlp_apdu[] =
"APDU [--atr] [--more] [--exlen[=N]] [hexstring]\n"
Send an APDU to the current reader. This command bypasses the high "\n"
level functions and sends the data directly to the card. HEXSTRING "Send an APDU to the current reader. This command bypasses the high\n"
is expected to be a proper APDU. If HEXSTRING is not given no "level functions and sends the data directly to the card. HEXSTRING\n"
commands are set to the card but the command will implictly check "is expected to be a proper APDU. If HEXSTRING is not given no\n"
whether the card is ready for use. "commands are set to the card but the command will implictly check\n"
"whether the card is ready for use. \n"
Using the option "--atr" returns the ATR of the card as a status "\n"
message before any data like this: "Using the option \"--atr\" returns the ATR of the card as a status\n"
S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1 "message before any data like this:\n"
" S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1\n"
Using the option --more handles the card status word MORE_DATA "\n"
(61xx) and concatenates all reponses to one block. "Using the option --more handles the card status word MORE_DATA\n"
"(61xx) and concatenates all reponses to one block.\n"
Using the option "--exlen" the returned APDU may use extended "\n"
length up to N bytes. If N is not given a default value is used "Using the option \"--exlen\" the returned APDU may use extended\n"
(currently 4096). "length up to N bytes. If N is not given a default value is used\n"
*/ "(currently 4096).";
static int static gpg_error_t
cmd_apdu (assuan_context_t ctx, char *line) cmd_apdu (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1823,8 +1822,11 @@ cmd_apdu (assuan_context_t ctx, char *line)
} }
/* KILLSCD - Commit suicide. */ static const char hlp_killscd[] =
static int "KILLSCD\n"
"\n"
"Commit suicide.";
static gpg_error_t
cmd_killscd (assuan_context_t ctx, char *line) cmd_killscd (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1843,40 +1845,42 @@ register_commands (assuan_context_t ctx)
{ {
static struct { static struct {
const char *name; const char *name;
int (*handler)(assuan_context_t, char *line); assuan_handler_t handler;
const char * const help;
} table[] = { } table[] = {
{ "SERIALNO", cmd_serialno }, { "SERIALNO", cmd_serialno, hlp_serialno },
{ "LEARN", cmd_learn }, { "LEARN", cmd_learn, hlp_learn },
{ "READCERT", cmd_readcert }, { "READCERT", cmd_readcert, hlp_readcert },
{ "READKEY", cmd_readkey }, { "READKEY", cmd_readkey, hlp_readkey },
{ "SETDATA", cmd_setdata }, { "SETDATA", cmd_setdata, hlp_setdata },
{ "PKSIGN", cmd_pksign }, { "PKSIGN", cmd_pksign, hlp_pksign },
{ "PKAUTH", cmd_pkauth }, { "PKAUTH", cmd_pkauth, hlp_pkauth },
{ "PKDECRYPT", cmd_pkdecrypt }, { "PKDECRYPT", cmd_pkdecrypt,hlp_pkdecrypt },
{ "INPUT", NULL }, { "INPUT", NULL },
{ "OUTPUT", NULL }, { "OUTPUT", NULL },
{ "GETATTR", cmd_getattr }, { "GETATTR", cmd_getattr, hlp_getattr },
{ "SETATTR", cmd_setattr }, { "SETATTR", cmd_setattr, hlp_setattr },
{ "WRITECERT", cmd_writecert }, { "WRITECERT", cmd_writecert,hlp_writecert },
{ "WRITEKEY", cmd_writekey }, { "WRITEKEY", cmd_writekey, hlp_writekey },
{ "GENKEY", cmd_genkey }, { "GENKEY", cmd_genkey, hlp_genkey },
{ "RANDOM", cmd_random }, { "RANDOM", cmd_random, hlp_random },
{ "PASSWD", cmd_passwd }, { "PASSWD", cmd_passwd, hlp_passwd },
{ "CHECKPIN", cmd_checkpin }, { "CHECKPIN", cmd_checkpin, hlp_checkpin },
{ "LOCK", cmd_lock }, { "LOCK", cmd_lock, hlp_lock },
{ "UNLOCK", cmd_unlock }, { "UNLOCK", cmd_unlock, hlp_unlock },
{ "GETINFO", cmd_getinfo }, { "GETINFO", cmd_getinfo, hlp_getinfo },
{ "RESTART", cmd_restart }, { "RESTART", cmd_restart, hlp_restart },
{ "DISCONNECT", cmd_disconnect }, { "DISCONNECT", cmd_disconnect,hlp_disconnect },
{ "APDU", cmd_apdu }, { "APDU", cmd_apdu, hlp_apdu },
{ "KILLSCD", cmd_killscd }, { "KILLSCD", cmd_killscd, hlp_killscd },
{ NULL } { NULL }
}; };
int i, rc; int i, rc;
for (i=0; table[i].name; i++) for (i=0; table[i].name; i++)
{ {
rc = assuan_register_command (ctx, table[i].name, table[i].handler); rc = assuan_register_command (ctx, table[i].name, table[i].handler,
table[i].help);
if (rc) if (rc)
return rc; return rc;
} }
@ -1895,20 +1899,29 @@ int
scd_command_handler (ctrl_t ctrl, int fd) scd_command_handler (ctrl_t ctrl, int fd)
{ {
int rc; int rc;
assuan_context_t ctx; assuan_context_t ctx = NULL;
int stopme; int stopme;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("failed to allocate assuan context: %s\n",
gpg_strerror (rc));
scd_exit (2);
}
if (fd == -1) if (fd == -1)
{ {
int filedes[2]; assuan_fd_t filedes[2];
filedes[0] = 0; filedes[0] = assuan_fdopen (0);
filedes[1] = 1; filedes[1] = assuan_fdopen (1);
rc = assuan_init_pipe_server (&ctx, filedes); rc = assuan_init_pipe_server (ctx, filedes);
} }
else else
{ {
rc = assuan_init_socket_server_ext (&ctx, INT2FD(fd), 2); rc = assuan_init_socket_server (ctx, INT2FD(fd),
ASSUAN_SOCKET_SERVER_ACCEPTED);
} }
if (rc) if (rc)
{ {
@ -1987,7 +2000,7 @@ scd_command_handler (ctrl_t ctrl, int fd)
ctrl->server_local = NULL; ctrl->server_local = NULL;
/* Release the Assuan context. */ /* Release the Assuan context. */
assuan_deinit_server (ctx); assuan_release (ctx);
if (stopme) if (stopme)
scd_exit (0); scd_exit (0);

14
scd/scdaemon.c
View File

@ -53,7 +53,6 @@
#include "mkdtemp.h" #include "mkdtemp.h"
#include "gc-opt-flags.h" #include "gc-opt-flags.h"
enum cmd_and_opt_values enum cmd_and_opt_values
{ aNull = 0, { aNull = 0,
oCsh = 'c', oCsh = 'c',
@ -204,6 +203,8 @@ static void *start_connection_thread (void *arg);
static void handle_connections (int listen_fd); static void handle_connections (int listen_fd);
/* Pth wrapper function definitions. */ /* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL; GCRY_THREAD_OPTION_PTH_IMPL;
static int fixed_gcry_pth_init (void) static int fixed_gcry_pth_init (void)
{ {
@ -393,6 +394,7 @@ main (int argc, char **argv )
const char *config_filename = NULL; const char *config_filename = NULL;
int allow_coredump = 0; int allow_coredump = 0;
int standard_socket = 0; int standard_socket = 0;
struct assuan_malloc_hooks malloc_hooks;
set_strusage (my_strusage); set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
@ -426,10 +428,14 @@ main (int argc, char **argv )
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); malloc_hooks.malloc = gcry_malloc;
assuan_set_assuan_log_stream (log_get_stream ()); malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_assuan_log_prefix (log_get_prefix (NULL)); assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
assuan_set_system_hooks (ASSUAN_SYSTEM_PTH);
assuan_sock_init ();
setup_libgcrypt_logging (); setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);

33
sm/ChangeLog
View File

@ -1,3 +1,36 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25,
2009-12-08:
* call-agent.c (membuf_data_cb, default_inq_cb)
(inq_ciphertext_cb, scd_serialno_status_cb)
(scd_keypairinfo_status_cb, istrusted_status_cb)
(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
* server.c (reset_notify, input_notify, output_notify): Update to
new assuan interface.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Use assuan_handler_t. Same for member HANDLER
in table. Add NULL arg to assuan_register_command. Add help arg to
assuan_register_command. Provide help strings for all commands.
(gpgsm_server): Allocate assuan context before starting server.
Use assuan_fd_t and assuan_fdopen on fds.
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server. Update use ofassuan_pipe_connect and assuan_socket_connect.
Convert posix fd to assuan fd.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
2009-12-10 Werner Koch <wk@g10code.com> 2009-12-10 Werner Koch <wk@g10code.com>
* gpgsm.c: Add option --ignore-cert-extension. * gpgsm.c: Add option --ignore-cert-extension.

20
sm/call-agent.c
View File

@ -111,7 +111,7 @@ start_agent (ctrl_t ctrl)
static int static gpg_error_t
membuf_data_cb (void *opaque, const void *buffer, size_t length) membuf_data_cb (void *opaque, const void *buffer, size_t length)
{ {
membuf_t *data = opaque; membuf_t *data = opaque;
@ -124,7 +124,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
/* This is the default inquiry callback. It mainly handles the /* This is the default inquiry callback. It mainly handles the
Pinentry notifications. */ Pinentry notifications. */
static int static gpg_error_t
default_inq_cb (void *opaque, const char *line) default_inq_cb (void *opaque, const char *line)
{ {
gpg_error_t err; gpg_error_t err;
@ -301,7 +301,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
/* Handle a CIPHERTEXT inquiry. Note, we only send the data, /* Handle a CIPHERTEXT inquiry. Note, we only send the data,
assuan_transact talkes care of flushing and writing the end */ assuan_transact talkes care of flushing and writing the end */
static int static gpg_error_t
inq_ciphertext_cb (void *opaque, const char *line) inq_ciphertext_cb (void *opaque, const char *line)
{ {
struct cipher_parm_s *parm = opaque; struct cipher_parm_s *parm = opaque;
@ -423,7 +423,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
/* Handle a KEYPARMS inquiry. Note, we only send the data, /* Handle a KEYPARMS inquiry. Note, we only send the data,
assuan_transact takes care of flushing and writing the end */ assuan_transact takes care of flushing and writing the end */
static int static gpg_error_t
inq_genkey_parms (void *opaque, const char *line) inq_genkey_parms (void *opaque, const char *line)
{ {
struct genkey_parm_s *parm = opaque; struct genkey_parm_s *parm = opaque;
@ -561,7 +561,7 @@ store_serialno (const char *line)
/* Callback for the gpgsm_agent_serialno fucntion. */ /* Callback for the gpgsm_agent_serialno fucntion. */
static int static gpg_error_t
scd_serialno_status_cb (void *opaque, const char *line) scd_serialno_status_cb (void *opaque, const char *line)
{ {
char **r_serialno = opaque; char **r_serialno = opaque;
@ -613,7 +613,7 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno)
/* Callback for the gpgsm_agent_serialno fucntion. */ /* Callback for the gpgsm_agent_serialno fucntion. */
static int static gpg_error_t
scd_keypairinfo_status_cb (void *opaque, const char *line) scd_keypairinfo_status_cb (void *opaque, const char *line)
{ {
strlist_t *listaddr = opaque; strlist_t *listaddr = opaque;
@ -681,7 +681,7 @@ gpgsm_agent_scd_keypairinfo (ctrl_t ctrl, strlist_t *r_list)
static int static gpg_error_t
istrusted_status_cb (void *opaque, const char *line) istrusted_status_cb (void *opaque, const char *line)
{ {
struct rootca_flags_s *flags = opaque; struct rootca_flags_s *flags = opaque;
@ -812,7 +812,7 @@ gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
} }
static int static gpg_error_t
learn_status_cb (void *opaque, const char *line) learn_status_cb (void *opaque, const char *line)
{ {
struct learn_parm_s *parm = opaque; struct learn_parm_s *parm = opaque;
@ -831,7 +831,7 @@ learn_status_cb (void *opaque, const char *line)
return 0; return 0;
} }
static int static gpg_error_t
learn_cb (void *opaque, const void *buffer, size_t length) learn_cb (void *opaque, const void *buffer, size_t length)
{ {
struct learn_parm_s *parm = opaque; struct learn_parm_s *parm = opaque;
@ -1002,7 +1002,7 @@ gpgsm_agent_send_nop (ctrl_t ctrl)
static int static gpg_error_t
keyinfo_status_cb (void *opaque, const char *line) keyinfo_status_cb (void *opaque, const char *line)
{ {
char **serialno = opaque; char **serialno = opaque;

38
sm/call-dirmngr.c
View File

@ -159,6 +159,9 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
} }
audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err);
if (!ctx || err)
return;
server = opt.keyserver; server = opt.keyserver;
while (server) while (server)
{ {
@ -188,7 +191,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
{ {
int rc; int rc;
char *infostr, *p; char *infostr, *p;
assuan_context_t ctx; assuan_context_t ctx = NULL;
int try_default = 0; int try_default = 0;
if (opt.disable_dirmngr) if (opt.disable_dirmngr)
@ -216,6 +219,14 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
infostr = xstrdup (dirmngr_socket_name ()); infostr = xstrdup (dirmngr_socket_name ());
try_default = 1; try_default = 1;
} }
rc = assuan_new (&ctx);
if (rc)
{
log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc));
return rc;
}
if (!infostr) if (!infostr)
{ {
const char *pgmname; const char *pgmname;
@ -247,13 +258,13 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
i=0; i=0;
if (log_get_fd () != -1) if (log_get_fd () != -1)
no_close_list[i++] = log_get_fd (); no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = fileno (stderr); no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
no_close_list[i] = -1; no_close_list[i] = -1;
/* connect to the agent and perform initial handshaking */ /* connect to the agent and perform initial handshaking */
rc = assuan_pipe_connect (&ctx, opt.dirmngr_program, argv, rc = assuan_pipe_connect (ctx, opt.dirmngr_program, argv,
no_close_list); no_close_list, NULL, NULL, 0);
} }
else else
{ {
@ -286,7 +297,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
else else
pid = -1; pid = -1;
rc = assuan_socket_connect (&ctx, infostr, pid); rc = assuan_socket_connect (ctx, infostr, pid, 0);
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
if (rc) if (rc)
log_debug ("connecting dirmngr at `%s' failed\n", infostr); log_debug ("connecting dirmngr at `%s' failed\n", infostr);
@ -307,6 +318,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
if (rc) if (rc)
{ {
assuan_release (ctx);
log_error ("can't connect to the dirmngr: %s\n", gpg_strerror (rc)); log_error ("can't connect to the dirmngr: %s\n", gpg_strerror (rc));
return gpg_error (GPG_ERR_NO_DIRMNGR); return gpg_error (GPG_ERR_NO_DIRMNGR);
} }
@ -376,7 +388,7 @@ release_dirmngr2 (ctrl_t ctrl)
/* Handle a SENDCERT inquiry. */ /* Handle a SENDCERT inquiry. */
static int static gpg_error_t
inq_certificate (void *opaque, const char *line) inq_certificate (void *opaque, const char *line)
{ {
struct inq_certificate_parm_s *parm = opaque; struct inq_certificate_parm_s *parm = opaque;
@ -504,7 +516,7 @@ unhexify_fpr (const char *hexstr, unsigned char *fpr)
} }
static assuan_error_t static gpg_error_t
isvalid_status_cb (void *opaque, const char *line) isvalid_status_cb (void *opaque, const char *line)
{ {
struct isvalid_status_parm_s *parm = opaque; struct isvalid_status_parm_s *parm = opaque;
@ -677,7 +689,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
/* Lookup helpers*/ /* Lookup helpers*/
static int static gpg_error_t
lookup_cb (void *opaque, const void *buffer, size_t length) lookup_cb (void *opaque, const void *buffer, size_t length)
{ {
struct lookup_parm_s *parm = opaque; struct lookup_parm_s *parm = opaque;
@ -783,7 +795,7 @@ pattern_from_strlist (strlist_t names)
return pattern; return pattern;
} }
static int static gpg_error_t
lookup_status_cb (void *opaque, const char *line) lookup_status_cb (void *opaque, const char *line)
{ {
struct lookup_parm_s *parm = opaque; struct lookup_parm_s *parm = opaque;
@ -889,7 +901,7 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
/* Run Command helpers*/ /* Run Command helpers*/
/* Fairly simple callback to write all output of dirmngr to stdout. */ /* Fairly simple callback to write all output of dirmngr to stdout. */
static int static gpg_error_t
run_command_cb (void *opaque, const void *buffer, size_t length) run_command_cb (void *opaque, const void *buffer, size_t length)
{ {
(void)opaque; (void)opaque;
@ -903,7 +915,7 @@ run_command_cb (void *opaque, const void *buffer, size_t length)
} }
/* Handle inquiries from the dirmngr COMMAND. */ /* Handle inquiries from the dirmngr COMMAND. */
static int static gpg_error_t
run_command_inq_cb (void *opaque, const char *line) run_command_inq_cb (void *opaque, const char *line)
{ {
struct run_command_parm_s *parm = opaque; struct run_command_parm_s *parm = opaque;
@ -950,7 +962,7 @@ run_command_inq_cb (void *opaque, const char *line)
return rc; return rc;
} }
static int static gpg_error_t
run_command_status_cb (void *opaque, const char *line) run_command_status_cb (void *opaque, const char *line)
{ {
ctrl_t ctrl = opaque; ctrl_t ctrl = opaque;

9
sm/gpgsm.c
View File

@ -884,6 +884,7 @@ main ( int argc, char **argv)
int recp_required = 0; int recp_required = 0;
estream_t auditfp = NULL; estream_t auditfp = NULL;
estream_t htmlauditfp = NULL; estream_t htmlauditfp = NULL;
struct assuan_malloc_hooks malloc_hooks;
/*mtrace();*/ /*mtrace();*/
@ -970,10 +971,12 @@ main ( int argc, char **argv)
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free ); ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
assuan_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); malloc_hooks.malloc = gcry_malloc;
assuan_set_assuan_log_stream (log_get_stream ()); malloc_hooks.realloc = gcry_realloc;
malloc_hooks.free = gcry_free;
assuan_set_malloc_hooks (&malloc_hooks);
assuan_set_assuan_log_prefix (log_get_prefix (NULL)); assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT); assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free); keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);

393
sm/server.c
View File

@ -27,9 +27,8 @@
#include <ctype.h> #include <ctype.h>
#include <unistd.h> #include <unistd.h>
#include <assuan.h>
#include "gpgsm.h" #include "gpgsm.h"
#include <assuan.h>
#include "sysutils.h" #include "sysutils.h"
#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t)) #define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
@ -183,7 +182,7 @@ start_audit_session (ctrl_t ctrl)
} }
static int static gpg_error_t
option_handler (assuan_context_t ctx, const char *key, const char *value) option_handler (assuan_context_t ctx, const char *key, const char *value)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -309,11 +308,13 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
} }
static void static gpg_error_t
reset_notify (assuan_context_t ctx) reset_notify (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
(void) line;
gpgsm_release_certlist (ctrl->server_local->recplist); gpgsm_release_certlist (ctrl->server_local->recplist);
gpgsm_release_certlist (ctrl->server_local->signerlist); gpgsm_release_certlist (ctrl->server_local->signerlist);
ctrl->server_local->recplist = NULL; ctrl->server_local->recplist = NULL;
@ -321,11 +322,12 @@ reset_notify (assuan_context_t ctx)
close_message_fd (ctrl); close_message_fd (ctrl);
assuan_close_input_fd (ctx); assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx); assuan_close_output_fd (ctx);
return 0;
} }
static void static gpg_error_t
input_notify (assuan_context_t ctx, const char *line) input_notify (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -340,10 +342,11 @@ input_notify (assuan_context_t ctx, const char *line)
; ;
else else
ctrl->autodetect_encoding = 1; ctrl->autodetect_encoding = 1;
return 0;
} }
static void static gpg_error_t
output_notify (assuan_context_t ctx, const char *line) output_notify (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -353,22 +356,23 @@ output_notify (assuan_context_t ctx, const char *line)
ctrl->create_pem = 1; ctrl->create_pem = 1;
else if (strstr (line, "--base64")) else if (strstr (line, "--base64"))
ctrl->create_base64 = 1; /* just the raw output */ ctrl->create_base64 = 1; /* just the raw output */
return 0;
} }
static const char hlp_recipient[] =
/* RECIPIENT <userID> "RECIPIENT <userID>\n"
"\n"
Set the recipient for the encryption. <userID> should be the "Set the recipient for the encryption. USERID shall be the\n"
internal representation of the key; the server may accept any other "internal representation of the key; the server may accept any other\n"
way of specification [we will support this]. If this is a valid and "way of specification [we will support this]. If this is a valid and\n"
trusted recipient the server does respond with OK, otherwise the "trusted recipient the server does respond with OK, otherwise the\n"
return is an ERR with the reason why the recipient can't be used, "return is an ERR with the reason why the recipient can't be used,\n"
the encryption will then not be done for this recipient. If the "the encryption will then not be done for this recipient. If the\n"
policy is not to encrypt at all if not all recipients are valid, the "policy is not to encrypt at all if not all recipients are valid, the\n"
client has to take care of this. All RECIPIENT commands are "client has to take care of this. All RECIPIENT commands are\n"
cumulative until a RESET or an successful ENCRYPT command. */ "cumulative until a RESET or an successful ENCRYPT command.";
static int static gpg_error_t
cmd_recipient (assuan_context_t ctx, char *line) cmd_recipient (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -391,20 +395,22 @@ cmd_recipient (assuan_context_t ctx, char *line)
return rc; return rc;
} }
/* SIGNER <userID>
Set the signer's keys for the signature creation. <userID> should static const char hlp_signer[] =
be the internal representation of the key; the server may accept any "SIGNER <userID>\n"
other way of specification [we will support this]. If this is a "\n"
valid and usable signing key the server does respond with OK, "Set the signer's keys for the signature creation. USERID should\n"
otherwise it returns an ERR with the reason why the key can't be "be the internal representation of the key; the server may accept any\n"
used, the signing will then not be done for this key. If the policy "other way of specification [we will support this]. If this is a\n"
is not to sign at all if not all signer keys are valid, the client "valid and usable signing key the server does respond with OK,\n"
has to take care of this. All SIGNER commands are cumulative until "otherwise it returns an ERR with the reason why the key can't be\n"
a RESET but they are *not* reset by an SIGN command becuase it can "used, the signing will then not be done for this key. If the policy\n"
be expected that set of signers are used for more than one sign "is not to sign at all if not all signer keys are valid, the client\n"
operation. */ "has to take care of this. All SIGNER commands are cumulative until\n"
static int "a RESET but they are *not* reset by an SIGN command becuase it can\n"
"be expected that set of signers are used for more than one sign\n"
"operation.";
static gpg_error_t
cmd_signer (assuan_context_t ctx, char *line) cmd_signer (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -425,20 +431,21 @@ cmd_signer (assuan_context_t ctx, char *line)
} }
/* ENCRYPT static const char hlp_encrypt[] =
"ENCRYPT \n"
Do the actual encryption process. Takes the plaintext from the INPUT "\n"
command, writes to the ciphertext to the file descriptor set with "Do the actual encryption process. Takes the plaintext from the INPUT\n"
the OUTPUT command, take the recipients form all the recipients set "command, writes to the ciphertext to the file descriptor set with\n"
so far. If this command fails the clients should try to delete all "the OUTPUT command, take the recipients form all the recipients set\n"
output currently done or otherwise mark it as invalid. GPGSM does "so far. If this command fails the clients should try to delete all\n"
ensure that there won't be any security problem with leftover data "output currently done or otherwise mark it as invalid. GPGSM does\n"
on the output in this case. "ensure that there won't be any security problem with leftover data\n"
"on the output in this case.\n"
This command should in general not fail, as all necessary checks "\n"
have been done while setting the recipients. The input and output "This command should in general not fail, as all necessary checks\n"
pipes are closed. */ "have been done while setting the recipients. The input and output\n"
static int "pipes are closed.";
static gpg_error_t
cmd_encrypt (assuan_context_t ctx, char *line) cmd_encrypt (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -488,14 +495,15 @@ cmd_encrypt (assuan_context_t ctx, char *line)
} }
/* DECRYPT static const char hlp_decrypt[] =
"DECRYPT\n"
This performs the decrypt operation after doing some check on the "\n"
internal state. (e.g. that only needed data has been set). Because "This performs the decrypt operation after doing some check on the\n"
it utilizes the GPG-Agent for the session key decryption, there is "internal state. (e.g. that only needed data has been set). Because\n"
no need to ask the client for a protecting passphrase - GpgAgent "it utilizes the GPG-Agent for the session key decryption, there is\n"
does take care of this by requesting this from the user. */ "no need to ask the client for a protecting passphrase - GPG-Agent\n"
static int "does take care of this by requesting this from the user.";
static gpg_error_t
cmd_decrypt (assuan_context_t ctx, char *line) cmd_decrypt (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -530,16 +538,16 @@ cmd_decrypt (assuan_context_t ctx, char *line)
} }
/* VERIFY static const char hlp_verify[] =
"VERIFY\n"
This does a verify operation on the message send to the input-FD. "\n"
The result is written out using status lines. If an output FD was "This does a verify operation on the message send to the input FD.\n"
given, the signed text will be written to that. "The result is written out using status lines. If an output FD was\n"
"given, the signed text will be written to that.\n"
If the signature is a detached one, the server will inquire about "\n"
the signed material and the client must provide it. "If the signature is a detached one, the server will inquire about\n"
*/ "the signed material and the client must provide it.";
static int static gpg_error_t
cmd_verify (assuan_context_t ctx, char *line) cmd_verify (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -576,12 +584,13 @@ cmd_verify (assuan_context_t ctx, char *line)
} }
/* SIGN [--detached] static const char hlp_sign[] =
"SIGN [--detached]\n"
Sign the data set with the INPUT command and write it to the sink "\n"
set by OUTPUT. With "--detached" specified, a detached signature is "Sign the data set with the INPUT command and write it to the sink\n"
created (surprise). */ "set by OUTPUT. With \"--detached\", a detached signature is\n"
static int "created (surprise).";
static gpg_error_t
cmd_sign (assuan_context_t ctx, char *line) cmd_sign (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -618,18 +627,19 @@ cmd_sign (assuan_context_t ctx, char *line)
} }
/* IMPORT [--re-import] static const char hlp_import[] =
"IMPORT [--re-import]\n"
Import the certificates read form the input-fd, return status "\n"
message for each imported one. The import checks the validity of "Import the certificates read form the input-fd, return status\n"
the certificate but not of the entire chain. It is possible to "message for each imported one. The import checks the validity of\n"
import expired certificates. "the certificate but not of the entire chain. It is possible to\n"
"import expired certificates.\n"
With the option --re-import the input data is expected to a be a LF "\n"
separated list of fingerprints. The command will re-import these "With the option --re-import the input data is expected to a be a LF\n"
certificates, meaning that they are made permanent by removing "separated list of fingerprints. The command will re-import these\n"
their ephemeral flag. */ "certificates, meaning that they are made permanent by removing\n"
static int "their ephemeral flag.";
static gpg_error_t
cmd_import (assuan_context_t ctx, char *line) cmd_import (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -653,11 +663,15 @@ cmd_import (assuan_context_t ctx, char *line)
} }
/* EXPORT [--data [--armor|--base64]] [--] pattern static const char hlp_export[] =
"EXPORT [--data [--armor|--base64]] [--] <pattern>\n"
*/ "\n"
"Export the certificates selected by PATTERN. With --data the output\n"
static int "is returned using Assuan D lines; the default is to use the sink given\n"
"by the last \"OUTPUT\" command. The options --armor or --base64 encode \n"
"the output using the PEM respective a plain base-64 format; the default\n"
"is a binary format which is only suitable for a single certificate.";
static gpg_error_t
cmd_export (assuan_context_t ctx, char *line) cmd_export (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -743,7 +757,14 @@ cmd_export (assuan_context_t ctx, char *line)
} }
static int
static const char hlp_delkeys[] =
"DELKEYS <patterns>\n"
"\n"
"Delete the certificates specified by PATTERNS. Each pattern shall be\n"
"a percent-plus escaped certificate specification. Usually a\n"
"fingerprint will be used for this.";
static gpg_error_t
cmd_delkeys (assuan_context_t ctx, char *line) cmd_delkeys (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -787,11 +808,28 @@ cmd_delkeys (assuan_context_t ctx, char *line)
/* MESSAGE FD=<n> static const char hlp_output[] =
"OUTPUT FD[=<n>]\n"
Set the file descriptor to read a message which is used with "\n"
detached signatures */ "Set the file descriptor to write the output data to N. If N is not\n"
static int "given and the operating system supports file descriptor passing, the\n"
"file descriptor currently in flight will be used. See also the\n"
"\"INPUT\" and \"MESSAGE\" commands.";
static const char hlp_input[] =
"INPUT FD[=<n>]\n"
"\n"
"Set the file descriptor to read the input data to N. If N is not\n"
"given and the operating system supports file descriptor passing, the\n"
"file descriptor currently in flight will be used. See also the\n"
"\"MESSAGE\" and \"OUTPUT\" commands.";
static const char hlp_message[] =
"MESSAGE FD[=<n>]\n"
"\n"
"Set the file descriptor to read the message for a detached\n"
"signatures to N. If N is not given and the operating system\n"
"supports file descriptor passing, the file descriptor currently in\n"
"flight will be used. See also the \"INPUT\" and \"OUTPUT\" commands.";
static gpg_error_t
cmd_message (assuan_context_t ctx, char *line) cmd_message (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
@ -809,11 +847,36 @@ cmd_message (assuan_context_t ctx, char *line)
return 0; return 0;
} }
/* LISTKEYS [<patterns>]
DUMPKEYS [<patterns>]
LISTSECRETKEYS [<patterns>] static const char hlp_listkeys[] =
DUMPSECRETKEYS [<patterns>] "LISTKEYS [<patterns>]\n"
*/ "LISTSECRETKEYS [<patterns>]\n"
"DUMPKEYS [<patterns>]\n"
"DUMPSECRETKEYS [<patterns>]\n"
"\n"
"List all certificates or only those specified by PATTERNS. Each\n"
"pattern shall be a percent-plus escaped certificate specification.\n"
"The \"SECRET\" versions of the command filter the output to include\n"
"only certificates where the secret key is available or a corresponding\n"
"smartcard has been registered. The \"DUMP\" versions of the command\n"
"are only useful for debugging. The output format is a percent escaped\n"
"colon delimited listing as described in the manual.\n"
"\n"
"These \"OPTION\" command keys effect the output::\n"
"\n"
" \"list-mode\" set to 0: List only local certificates (default).\n"
" 1: Ditto.\n"
" 2: List only external certificates.\n"
" 3: List local and external certificates.\n"
"\n"
" \"with-validation\" set to true: Validate each certificate.\n"
"\n"
" \"with-ephemeral-key\" set to true: Always include ephemeral\n"
" certificates.\n"
"\n"
" \"list-to-output\" set to true: Write output to the file descriptor\n"
" given by the last \"OUTPUT\" command.";
static int static int
do_listkeys (assuan_context_t ctx, char *line, int mode) do_listkeys (assuan_context_t ctx, char *line, int mode)
{ {
@ -879,37 +942,38 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
return err; return err;
} }
static int static gpg_error_t
cmd_listkeys (assuan_context_t ctx, char *line) cmd_listkeys (assuan_context_t ctx, char *line)
{ {
return do_listkeys (ctx, line, 3); return do_listkeys (ctx, line, 3);
} }
static int static gpg_error_t
cmd_dumpkeys (assuan_context_t ctx, char *line) cmd_dumpkeys (assuan_context_t ctx, char *line)
{ {
return do_listkeys (ctx, line, 259); return do_listkeys (ctx, line, 259);
} }
static int static gpg_error_t
cmd_listsecretkeys (assuan_context_t ctx, char *line) cmd_listsecretkeys (assuan_context_t ctx, char *line)
{ {
return do_listkeys (ctx, line, 2); return do_listkeys (ctx, line, 2);
} }
static int static gpg_error_t
cmd_dumpsecretkeys (assuan_context_t ctx, char *line) cmd_dumpsecretkeys (assuan_context_t ctx, char *line)
{ {
return do_listkeys (ctx, line, 258); return do_listkeys (ctx, line, 258);
} }
/* GENKEY
Read the parameters in native format from the input fd and write a
certificate request to the output. static const char hlp_genkey[] =
*/ "GENKEY\n"
static int "\n"
"Read the parameters in native format from the input fd and write a\n"
"certificate request to the output.";
static gpg_error_t
cmd_genkey (assuan_context_t ctx, char *line) cmd_genkey (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -949,17 +1013,15 @@ cmd_genkey (assuan_context_t ctx, char *line)
/* GETAUDITLOG [--data] [--html] static const char hlp_getauditlog[] =
"GETAUDITLOG [--data] [--html]\n"
!!!WORK in PROGRESS!!! "\n"
"If --data is used, the output is send using D-lines and not to the\n"
If --data is used, the output is send using D-lines and not to the "file descriptor given by an OUTPUT command.\n"
source given by an OUTPUT command. "\n"
"If --html is used the output is formated as an XHTML block. This is\n"
If --html is used the output is formated as an XHTML block. This is "designed to be incorporated into a HTML document.";
designed to be incorporated into a HTML document. static gpg_error_t
*/
static int
cmd_getauditlog (assuan_context_t ctx, char *line) cmd_getauditlog (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
@ -1007,19 +1069,18 @@ cmd_getauditlog (assuan_context_t ctx, char *line)
} }
/* GETINFO <what> static const char hlp_getinfo[] =
"GETINFO <what>\n"
Multipurpose function to return a variety of information. "\n"
Supported values for WHAT are: "Multipurpose function to return a variety of information.\n"
"Supported values for WHAT are:\n"
version - Return the version of the program. "\n"
pid - Return the process id of the server. " version - Return the version of the program.\n"
agent-check - Return success if the agent is running. " pid - Return the process id of the server.\n"
cmd_has_option CMD OPT " agent-check - Return success if the agent is running.\n"
- Returns OK if the command CMD implements the option OPT. " cmd_has_option CMD OPT\n"
" - Returns OK if the command CMD implements the option OPT.";
*/ static gpg_error_t
static int
cmd_getinfo (assuan_context_t ctx, char *line) cmd_getinfo (assuan_context_t ctx, char *line)
{ {
int rc = 0; int rc = 0;
@ -1101,34 +1162,36 @@ register_commands (assuan_context_t ctx)
{ {
static struct { static struct {
const char *name; const char *name;
int (*handler)(assuan_context_t, char *line); assuan_handler_t handler;
const char * const help;
} table[] = { } table[] = {
{ "RECIPIENT", cmd_recipient }, { "RECIPIENT", cmd_recipient, hlp_recipient },
{ "SIGNER", cmd_signer }, { "SIGNER", cmd_signer, hlp_signer },
{ "ENCRYPT", cmd_encrypt }, { "ENCRYPT", cmd_encrypt, hlp_encrypt },
{ "DECRYPT", cmd_decrypt }, { "DECRYPT", cmd_decrypt, hlp_decrypt },
{ "VERIFY", cmd_verify }, { "VERIFY", cmd_verify, hlp_verify },
{ "SIGN", cmd_sign }, { "SIGN", cmd_sign, hlp_sign },
{ "IMPORT", cmd_import }, { "IMPORT", cmd_import, hlp_import },
{ "EXPORT", cmd_export }, { "EXPORT", cmd_export, hlp_export },
{ "INPUT", NULL }, { "INPUT", NULL, hlp_input },
{ "OUTPUT", NULL }, { "OUTPUT", NULL, hlp_output },
{ "MESSAGE", cmd_message }, { "MESSAGE", cmd_message, hlp_message },
{ "LISTKEYS", cmd_listkeys }, { "LISTKEYS", cmd_listkeys, hlp_listkeys },
{ "DUMPKEYS", cmd_dumpkeys }, { "DUMPKEYS", cmd_dumpkeys, hlp_listkeys },
{ "LISTSECRETKEYS",cmd_listsecretkeys }, { "LISTSECRETKEYS",cmd_listsecretkeys, hlp_listkeys },
{ "DUMPSECRETKEYS",cmd_dumpsecretkeys }, { "DUMPSECRETKEYS",cmd_dumpsecretkeys, hlp_listkeys },
{ "GENKEY", cmd_genkey }, { "GENKEY", cmd_genkey, hlp_genkey },
{ "DELKEYS", cmd_delkeys }, { "DELKEYS", cmd_delkeys, hlp_delkeys },
{ "GETAUDITLOG", cmd_getauditlog }, { "GETAUDITLOG", cmd_getauditlog, hlp_getauditlog },
{ "GETINFO", cmd_getinfo }, { "GETINFO", cmd_getinfo, hlp_getinfo },
{ NULL } { NULL }
}; };
int i, rc; int i, rc;
for (i=0; table[i].name; i++) for (i=0; table[i].name; i++)
{ {
rc = assuan_register_command (ctx, table[i].name, table[i].handler); rc = assuan_register_command (ctx, table[i].name, table[i].handler,
table[i].help);
if (rc) if (rc)
return rc; return rc;
} }
@ -1142,7 +1205,7 @@ void
gpgsm_server (certlist_t default_recplist) gpgsm_server (certlist_t default_recplist)
{ {
int rc; int rc;
int filedes[2]; assuan_fd_t filedes[2];
assuan_context_t ctx; assuan_context_t ctx;
struct server_control_s ctrl; struct server_control_s ctrl;
static const char hello[] = ("GNU Privacy Guard's S/M server " static const char hello[] = ("GNU Privacy Guard's S/M server "
@ -1154,9 +1217,17 @@ gpgsm_server (certlist_t default_recplist)
/* We use a pipe based server so that we can work from scripts. /* We use a pipe based server so that we can work from scripts.
assuan_init_pipe_server will automagically detect when we are assuan_init_pipe_server will automagically detect when we are
called with a socketpair and ignore FIELDES in this case. */ called with a socketpair and ignore FIELDES in this case. */
filedes[0] = 0; filedes[0] = assuan_fdopen (0);
filedes[1] = 1; filedes[1] = assuan_fdopen (1);
rc = assuan_init_pipe_server (&ctx, filedes); rc = assuan_new (&ctx);
if (rc)
{
log_error ("failed to allocate assuan context: %s\n",
gpg_strerror (rc));
gpgsm_exit (2);
}
rc = assuan_init_pipe_server (ctx, filedes);
if (rc) if (rc)
{ {
log_error ("failed to initialize the server: %s\n", log_error ("failed to initialize the server: %s\n",
@ -1241,7 +1312,7 @@ gpgsm_server (certlist_t default_recplist)
audit_release (ctrl.audit); audit_release (ctrl.audit);
ctrl.audit = NULL; ctrl.audit = NULL;
assuan_deinit_server (ctx); assuan_release (ctx);
} }

10
tools/ChangeLog
View File

@ -1,3 +1,13 @@
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
From 2009-09-23, 2009-11-04, 2009-11-05, 2009-12-08:
* gpg-connect-agent.c (read_and_print_response): Add arg WITHHASH.
(getinfo_pid_cb, read_and_print_response)
(main): Pass true for WITHHASH for the HELP command. Update to
new Assuan API. Update use of assuan_socket_connect and
assuan_pipe_connect. Convert posix fd to assuan fd.
2010-01-10 Werner Koch <wk@g10code.com> 2010-01-10 Werner Koch <wk@g10code.com>
* symcryptrun.c (utmp.h): Remove header; it is not used. * symcryptrun.c (utmp.h): Remove header; it is not used.

83
tools/gpg-connect-agent.c
View File

@ -159,7 +159,8 @@ static struct
/*-- local prototypes --*/ /*-- local prototypes --*/
static char *substitute_line_copy (const char *buffer); static char *substitute_line_copy (const char *buffer);
static int read_and_print_response (assuan_context_t ctx, int *r_goterr); static int read_and_print_response (assuan_context_t ctx, int withhash,
int *r_goterr);
static assuan_context_t start_agent (void); static assuan_context_t start_agent (void);
@ -1086,7 +1087,7 @@ do_showopen (void)
static int static gpg_error_t
getinfo_pid_cb (void *opaque, const void *buffer, size_t length) getinfo_pid_cb (void *opaque, const void *buffer, size_t length)
{ {
membuf_t *mb = opaque; membuf_t *mb = opaque;
@ -1155,11 +1156,11 @@ main (int argc, char **argv)
i18n_init(); i18n_init();
init_common_subsystems (); init_common_subsystems ();
assuan_set_assuan_err_source (0); assuan_set_gpg_err_source (0);
opt.homedir = default_homedir (); opt.homedir = default_homedir ();
opt.connect_flags = 1; /* Use extended connect mode. */ opt.connect_flags = 1;
/* Parse the command line. */ /* Parse the command line. */
pargs.argc = &argc; pargs.argc = &argc;
@ -1221,12 +1222,20 @@ main (int argc, char **argv)
{ {
int no_close[3]; int no_close[3];
no_close[0] = fileno (stderr); no_close[0] = assuan_fd_from_posix_fd (fileno (stderr));
no_close[1] = log_get_fd (); no_close[1] = assuan_fd_from_posix_fd (log_get_fd ());
no_close[2] = -1; no_close[2] = -1;
rc = assuan_pipe_connect_ext (&ctx, *argv, (const char **)argv,
no_close, NULL, NULL, rc = assuan_new (&ctx);
opt.connect_flags); if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
rc = assuan_pipe_connect
(ctx, *argv, (const char **)argv, no_close, NULL, NULL,
(opt.connect_flags & 1) ? ASSUAN_PIPE_CONNECT_FDPASSING : 0);
if (rc) if (rc)
{ {
log_error ("assuan_pipe_connect_ext failed: %s\n", log_error ("assuan_pipe_connect_ext failed: %s\n",
@ -1240,8 +1249,16 @@ main (int argc, char **argv)
} }
else if (opt.raw_socket) else if (opt.raw_socket)
{ {
rc = assuan_socket_connect_ext (&ctx, opt.raw_socket, 0, rc = assuan_new (&ctx);
opt.connect_flags); if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
rc = assuan_socket_connect
(ctx, opt.raw_socket, 0,
(opt.connect_flags & 1) ? ASSUAN_SOCKET_CONNECT_FDPASSING : 0);
if (rc) if (rc)
{ {
log_error ("can't connect to socket `%s': %s\n", log_error ("can't connect to socket `%s': %s\n",
@ -1259,7 +1276,7 @@ main (int argc, char **argv)
assuan did not run the initial handshaking). */ assuan did not run the initial handshaking). */
if (assuan_pending_line (ctx)) if (assuan_pending_line (ctx))
{ {
rc = read_and_print_response (ctx, &cmderr); rc = read_and_print_response (ctx, 0, &cmderr);
if (rc) if (rc)
log_info (_("receiving line failed: %s\n"), gpg_strerror (rc) ); log_info (_("receiving line failed: %s\n"), gpg_strerror (rc) );
} }
@ -1747,7 +1764,9 @@ main (int argc, char **argv)
if (*line == '#' || !*line) if (*line == '#' || !*line)
continue; /* Don't expect a response for a comment line. */ continue; /* Don't expect a response for a comment line. */
rc = read_and_print_response (ctx, &cmderr); rc = read_and_print_response (ctx, (!ascii_strncasecmp (line, "HELP", 4)
&& (spacep (line+4) || !line[4])),
&cmderr);
if (rc) if (rc)
log_info (_("receiving line failed: %s\n"), gpg_strerror (rc) ); log_info (_("receiving line failed: %s\n"), gpg_strerror (rc) );
if ((rc || cmderr) && script_fp) if ((rc || cmderr) && script_fp)
@ -1876,14 +1895,15 @@ handle_inquire (assuan_context_t ctx, char *line)
/* Read all response lines from server and print them. Returns 0 on /* Read all response lines from server and print them. Returns 0 on
success or an assuan error code. Set R_GOTERR to true if the success or an assuan error code. If WITHHASH istrue, comment lines
command did not returned OK. */ are printed. Sets R_GOTERR to true if the command did not returned
OK. */
static int static int
read_and_print_response (assuan_context_t ctx, int *r_goterr) read_and_print_response (assuan_context_t ctx, int withhash, int *r_goterr)
{ {
char *line; char *line;
size_t linelen; size_t linelen;
assuan_error_t rc; gpg_error_t rc;
int i, j; int i, j;
int need_lf = 0; int need_lf = 0;
@ -1896,7 +1916,7 @@ read_and_print_response (assuan_context_t ctx, int *r_goterr)
if (rc) if (rc)
return rc; return rc;
if (opt.verbose > 1 && *line == '#') if ((withhash || opt.verbose > 1) && *line == '#')
{ {
fwrite (line, linelen, 1, stdout); fwrite (line, linelen, 1, stdout);
putchar ('\n'); putchar ('\n');
@ -2086,9 +2106,16 @@ start_agent (void)
{ {
char *sockname; char *sockname;
rc = assuan_new (&ctx);
if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
/* Check whether we can connect at the standard socket. */ /* Check whether we can connect at the standard socket. */
sockname = make_filename (opt.homedir, "S.gpg-agent", NULL); sockname = make_filename (opt.homedir, "S.gpg-agent", NULL);
rc = assuan_socket_connect (&ctx, sockname, 0); rc = assuan_socket_connect (ctx, sockname, 0, 0);
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
/* If we failed to connect under Windows, we fire up the agent. */ /* If we failed to connect under Windows, we fire up the agent. */
@ -2115,7 +2142,14 @@ start_agent (void)
/* Give the agent some time to prepare itself. */ /* Give the agent some time to prepare itself. */
gnupg_sleep (3); gnupg_sleep (3);
/* Now try again to connect the agent. */ /* Now try again to connect the agent. */
rc = assuan_socket_connect (&ctx, sockname, 0); rc = assuan_new (&ctx);
if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
rc = assuan_socket_connect (ctx, sockname, 0, 0);
} }
if (rc) if (rc)
rc = save_rc; rc = save_rc;
@ -2148,7 +2182,14 @@ start_agent (void)
exit (1); exit (1);
} }
rc = assuan_socket_connect (&ctx, infostr, pid); rc = assuan_new (&ctx);
if (rc)
{
log_error ("assuan_new failed: %s\n", gpg_strerror (rc));
exit (1);
}
rc = assuan_socket_connect (ctx, infostr, pid, 0);
xfree (infostr); xfree (infostr);
} }