security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

New debugging optionhs, updates to the manual.

Browse Source
This commit is contained in:
Werner Koch 2005-06-07 19:09:18 +00:00
parent 941880a28b
commit 3370164182
23 changed files with 759 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
NEWS
View File

@ -13,9 +13,12 @@ Noteworthy changes in version 1.9.17
does allows only signing using TCOS cards but we are going to
enhance it to match all the old capabilities.
* [gpg-agent] New option --rite-env-file and Assuan command
* [gpg-agent] New option --write-env-file and Assuan command
UPDATESTARTUPTTY.
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
SSH passphrase caching independent from the other passphrases.
Noteworthy changes in version 1.9.16 (2005-04-21)
-------------------------------------------------

21
agent/ChangeLog
View File

@ -1,3 +1,24 @@
2005-06-06 Werner Koch <wk@g10code.com>
* gpg-agent.c: New option --default-cache-ttl-ssh.
* agent.h (cache_mode_t): New.
* pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the
ARG IGNORE_CACHE. Changed all callers.
(agent_pksign): Ditto.
* findkey.c (agent_key_from_file): Ditto. Canged all callers.
(unprotect): Ditto.
* command-ssh.c (data_sign): Use CACHE_MODE_SSH.
* cache.c (agent_get_cache): New arg CACHE_MODE.
(agent_put_cache): Ditto. Store it in the cache.
* query.c (agent_query_dump_state, dump_mutex_state): New.
(unlock_pinentry): Reset the global context before releasing the
mutex.
* gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1.
* call-scd.c (agent_scd_check_aliveness): Always do a waitpid and
add a timeout to the locking.
2005-06-03 Werner Koch <wk@g10code.com>
* command.c (cmd_updatestartuptty): New.

49
agent/agent.h
View File

@ -69,9 +69,13 @@ struct {
smartcard tasks. */
int disable_scdaemon; /* Never use the SCdaemon. */
int no_grab; /* Don't let the pinentry grab the keyboard */
unsigned long def_cache_ttl;
/* The default and maximum TTL of cache entries. */
unsigned long def_cache_ttl; /* Normal. */
unsigned long def_cache_ttl_ssh; /* SSH. */
unsigned long max_cache_ttl;
int running_detached; /* We are running detached from the tty. */
int ignore_cache_for_signing;
@ -147,12 +151,26 @@ struct pin_entry_info_s {
};
enum {
PRIVATE_KEY_UNKNOWN = 0,
PRIVATE_KEY_CLEAR = 1,
PRIVATE_KEY_PROTECTED = 2,
PRIVATE_KEY_SHADOWED = 3
};
enum
{
PRIVATE_KEY_UNKNOWN = 0,
PRIVATE_KEY_CLEAR = 1,
PRIVATE_KEY_PROTECTED = 2,
PRIVATE_KEY_SHADOWED = 3
};
/* Values for the cache_mode arguments. */
typedef enum
{
CACHE_MODE_IGNORE = 0, /* Special mode to by pass the cache. */
CACHE_MODE_ANY, /* Any mode except ignore matches. */
CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */
CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */
CACHE_MODE_SSH /* SSH related cache. */
}
cache_mode_t;
/*-- gpg-agent.c --*/
void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */
@ -171,7 +189,8 @@ gpg_error_t agent_key_from_file (ctrl_t ctrl,
const char *desc_text,
const unsigned char *grip,
unsigned char **shadow_info,
int ignore_cache, gcry_sexp_t *result);
cache_mode_t cache_mode,
gcry_sexp_t *result);
gpg_error_t agent_public_key_from_file (ctrl_t ctrl,
const unsigned char *grip,
gcry_sexp_t *result);
@ -179,6 +198,7 @@ int agent_key_available (const unsigned char *grip);
/*-- query.c --*/
void initialize_module_query (void);
void agent_query_dump_state (void);
int agent_askpin (ctrl_t ctrl,
const char *desc_text, const char *prompt_text,
const char *inital_errtext,
@ -191,16 +211,19 @@ int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok,
/*-- cache.c --*/
void agent_flush_cache (void);
int agent_put_cache (const char *key, const char *data, int ttl);
const char *agent_get_cache (const char *key, void **cache_id);
int agent_put_cache (const char *key, cache_mode_t cache_mode,
const char *data, int ttl);
const char *agent_get_cache (const char *key, cache_mode_t cache_mode,
void **cache_id);
void agent_unlock_cache_entry (void **cache_id);
/*-- pksign.c --*/
int agent_pksign_do (CTRL ctrl, const char *desc_text,
gcry_sexp_t *signature_sexp, int ignore_cache);
int agent_pksign_do (ctrl_t ctrl, const char *desc_text,
gcry_sexp_t *signature_sexp,
cache_mode_t cache_mode);
int agent_pksign (ctrl_t ctrl, const char *desc_text,
membuf_t *outbuf, int ignore_cache);
membuf_t *outbuf, cache_mode_t cache_mode);
/*-- pkdecrypt.c --*/
int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,

36
agent/cache.c
View File

@ -42,6 +42,7 @@ struct cache_item_s {
int ttl; /* max. lifetime given in seconds, -1 one means infinite */
int lockcount;
struct secret_data_s *pw;
cache_mode_t cache_mode;
char key[1];
};
@ -78,6 +79,7 @@ new_data (const void *data, size_t length)
}
/* check whether there are items to expire */
static void
housekeeping (void)
@ -85,7 +87,7 @@ housekeeping (void)
ITEM r, rprev;
time_t current = gnupg_get_time ();
/* first expire the actual data */
/* First expire the actual data */
for (r=thecache; r; r = r->next)
{
if (!r->lockcount && r->pw
@ -100,7 +102,7 @@ housekeeping (void)
}
}
/* second, make sure that we also remove them based on the created stamp so
/* Second, make sure that we also remove them based on the created stamp so
that the user has to enter it from time to time. We do this every hour */
for (r=thecache; r; r = r->next)
{
@ -115,7 +117,7 @@ housekeeping (void)
}
}
/* third, make sure that we don't have too many items in the list.
/* Third, make sure that we don't have too many items in the list.
Expire old and unused entries after 30 minutes */
for (rprev=NULL, r=thecache; r; )
{
@ -186,19 +188,27 @@ agent_flush_cache (void)
with a maximum lifetime of TTL seconds. If there is already data
under this key, it will be replaced. Using a DATA of NULL deletes
the entry. A TTL of 0 is replaced by the default TTL and a TTL of
-1 set infinite timeout. */
-1 set infinite timeout. CACHE_MODE is stored with the cache entry
and used t select different timeouts. */
int
agent_put_cache (const char *key, const char *data, int ttl)
agent_put_cache (const char *key, cache_mode_t cache_mode,
const char *data, int ttl)
{
ITEM r;
if (DBG_CACHE)
log_debug ("agent_put_cache `%s' requested ttl=%d\n", key, ttl);
log_debug ("agent_put_cache `%s' requested ttl=%d mode=%d\n",
key, ttl, cache_mode);
housekeeping ();
if (!ttl)
ttl = opt.def_cache_ttl;
if (!ttl)
{
if (cache_mode == CACHE_MODE_SSH)
ttl = opt.def_cache_ttl_ssh;
else
ttl = opt.def_cache_ttl;
}
if (!ttl || cache_mode == CACHE_MODE_IGNORE)
return 0;
for (r=thecache; r; r = r->next)
@ -217,6 +227,7 @@ agent_put_cache (const char *key, const char *data, int ttl)
{
r->created = r->accessed = gnupg_get_time ();
r->ttl = ttl;
r->cache_mode = cache_mode;
r->pw = new_data (data, strlen (data)+1);
if (!r->pw)
log_error ("out of core while allocating new cache item\n");
@ -232,6 +243,7 @@ agent_put_cache (const char *key, const char *data, int ttl)
strcpy (r->key, key);
r->created = r->accessed = gnupg_get_time ();
r->ttl = ttl;
r->cache_mode = cache_mode;
r->pw = new_data (data, strlen (data)+1);
if (!r->pw)
{
@ -249,12 +261,16 @@ agent_put_cache (const char *key, const char *data, int ttl)
}
/* Try to find an item in the cache */
/* Try to find an item in the cache. Note that we currently don't
make use of CACHE_MODE. */
const char *
agent_get_cache (const char *key, void **cache_id)
agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id)
{
ITEM r;
if (cache_mode == CACHE_MODE_IGNORE)
return NULL;
if (DBG_CACHE)
log_debug ("agent_get_cache `%s'...\n", key);
housekeeping ();

30
agent/call-scd.c
View File

@ -372,25 +372,33 @@ start_scd (ctrl_t ctrl)
void
agent_scd_check_aliveness (void)
{
pth_event_t evt;
pid_t pid;
int rc;
/* We can do so only if there is no more active primary connection.
With an active primary connection, this is all no problem because
with the end of gpg-agent's session a disconnect is send and the
this function will be used at a later time. */
if (!primary_scd_ctx || !primary_scd_ctx_reusable)
return;
if (!primary_scd_ctx)
return; /* No scdaemon running. */
if (!pth_mutex_acquire (&start_scd_lock, 0, NULL))
/* This is not a critical function so we use a short timeout while
acquiring the lock. */
evt = pth_event (PTH_EVENT_TIME, pth_timeout (1, 0));
if (!pth_mutex_acquire (&start_scd_lock, 0, evt))
{
log_error ("failed to acquire the start_scd lock while"
" doing an aliveness check: %s\n",
strerror (errno));
if (pth_event_occurred (evt))
{
if (opt.verbose > 1)
log_info ("failed to acquire the start_scd lock while"
" doing an aliveness check: %s\n", "timeout");
}
else
log_error ("failed to acquire the start_scd lock while"
" doing an aliveness check: %s\n", strerror (errno));
pth_event_free (evt, PTH_FREE_THIS);
return;
}
pth_event_free (evt, PTH_FREE_THIS);
if (primary_scd_ctx && primary_scd_ctx_reusable)
if (primary_scd_ctx)
{
pid = assuan_get_pid (primary_scd_ctx);
if (pid != (pid_t)(-1) && pid

5
agent/command-ssh.c
View File

@ -2014,7 +2014,8 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
ctrl->use_auth_call = 1;
err = agent_pksign_do (ctrl,
_("Please enter the passphrase "
"for the ssh key%0A %c"), &signature_sexp, 0);
"for the ssh key%0A %c"), &signature_sexp,
CACHE_MODE_SSH);
ctrl->use_auth_call = 0;
if (err)
goto out;
@ -2386,7 +2387,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl)
for (i = 0; i < 20; i++)
sprintf (key_grip + 2 * i, "%02X", key_grip_raw[i]);
err = agent_put_cache (key_grip, pi->pin, ttl);
err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl);
if (err)
goto out;

21
agent/command.c
View File

@ -404,19 +404,19 @@ static int
cmd_pksign (ASSUAN_CONTEXT ctx, char *line)
{
int rc;
int ignore_cache = 0;
cache_mode_t cache_mode = CACHE_MODE_NORMAL;
ctrl_t ctrl = assuan_get_pointer (ctx);
membuf_t outbuf;
if (opt.ignore_cache_for_signing)
ignore_cache = 1;
cache_mode = CACHE_MODE_IGNORE;
else if (!ctrl->server_local->use_cache_for_signing)
ignore_cache = 1;
cache_mode = CACHE_MODE_IGNORE;
init_membuf (&outbuf, 512);
rc = agent_pksign (ctrl, ctrl->server_local->keydesc,
&outbuf, ignore_cache);
&outbuf, cache_mode);
if (rc)
clear_outbuf (&outbuf);
else
@ -623,7 +623,8 @@ cmd_get_passphrase (ASSUAN_CONTEXT ctx, char *line)
desc = NULL;
/* Note: we store the hexified versions in the cache. */
pw = cacheid ? agent_get_cache (cacheid, &cache_marker) : NULL;
pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL, &cache_marker)
: NULL;
if (pw)
{
assuan_begin_confidential (ctx);
@ -647,7 +648,7 @@ cmd_get_passphrase (ASSUAN_CONTEXT ctx, char *line)
if (!rc)
{
if (cacheid)
agent_put_cache (cacheid, response, 0);
agent_put_cache (cacheid, CACHE_MODE_USER, response, 0);
assuan_begin_confidential (ctx);
rc = assuan_set_okay_line (ctx, response);
xfree (response);
@ -682,7 +683,7 @@ cmd_clear_passphrase (ASSUAN_CONTEXT ctx, char *line)
if (!cacheid || !*cacheid || strlen (cacheid) > 50)
return set_error (Parameter_Error, "invalid length of cacheID");
agent_put_cache (cacheid, NULL, 0);
agent_put_cache (cacheid, CACHE_MODE_USER, NULL, 0);
return 0;
}
@ -772,7 +773,7 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line)
Assuan error code. */
rc = agent_key_from_file (ctrl, ctrl->server_local->keydesc,
grip, &shadow_info, 1, &s_skey);
grip, &shadow_info, CACHE_MODE_IGNORE, &s_skey);
if (rc)
;
else if (!s_skey)
@ -842,7 +843,7 @@ cmd_preset_passphrase (ASSUAN_CONTEXT ctx, char *line)
else
return map_to_assuan_status (gpg_error (GPG_ERR_NOT_IMPLEMENTED));
rc = agent_put_cache (grip_clear, passphrase, ttl);
rc = agent_put_cache (grip_clear, CACHE_MODE_ANY, passphrase, ttl);
if (rc)
log_error ("command preset_passwd failed: %s\n", gpg_strerror (rc));

24
agent/findkey.c
View File

@ -230,8 +230,9 @@ modify_description (const char *in, const char *comment, char **result)
caching mechanism. DESC_TEXT may be set to override the default
description used for the pinentry. */
static int
unprotect (CTRL ctrl, const char *desc_text,
unsigned char **keybuf, const unsigned char *grip, int ignore_cache)
unprotect (ctrl_t ctrl, const char *desc_text,
unsigned char **keybuf, const unsigned char *grip,
cache_mode_t cache_mode)
{
struct pin_entry_info_s *pi;
struct try_unprotect_arg_s arg;
@ -246,10 +247,12 @@ unprotect (CTRL ctrl, const char *desc_text,
/* First try to get it from the cache - if there is none or we can't
unprotect it, we fall back to ask the user */
if (!ignore_cache)
if (cache_mode != CACHE_MODE_IGNORE)
{
void *cache_marker;
const char *pw = agent_get_cache (hexgrip, &cache_marker);
const char *pw;
pw = agent_get_cache (hexgrip, cache_mode, &cache_marker);
if (pw)
{
rc = agent_unprotect (*keybuf, pw, &result, &resultlen);
@ -280,7 +283,7 @@ unprotect (CTRL ctrl, const char *desc_text,
if (!rc)
{
assert (arg.unprotected_key);
agent_put_cache (hexgrip, pi->pin, 0);
agent_put_cache (hexgrip, cache_mode, pi->pin, 0);
xfree (*keybuf);
*keybuf = arg.unprotected_key;
}
@ -360,14 +363,13 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result)
/* Return the secret key as an S-Exp in RESULT after locating it using
the grip. Returns NULL in RESULT if the operation should be
diverted to a token; SHADOW_INFO will point then to an allocated
S-Expression with the shadow_info part from the file. With
IGNORE_CACHE passed as true the passphrase is not taken from the
cache. DESC_TEXT may be set to present a custom description for the
pinentry. */
S-Expression with the shadow_info part from the file. CACHE_MODE
defines now the cache shall be used. DESC_TEXT may be set to
present a custom description for the pinentry. */
gpg_error_t
agent_key_from_file (ctrl_t ctrl, const char *desc_text,
const unsigned char *grip, unsigned char **shadow_info,
int ignore_cache, gcry_sexp_t *result)
cache_mode_t cache_mode, gcry_sexp_t *result)
{
int rc;
unsigned char *buf;
@ -447,7 +449,7 @@ agent_key_from_file (ctrl_t ctrl, const char *desc_text,
if (!rc)
{
rc = unprotect (ctrl, desc_text_final, &buf, grip, ignore_cache);
rc = unprotect (ctrl, desc_text_final, &buf, grip, cache_mode);
if (rc)
log_error ("failed to unprotect the secret key: %s\n",
gpg_strerror (rc));

6
agent/gpg-agent.c
View File

@ -83,6 +83,7 @@ enum cmd_and_opt_values
oLCmessages,
oScdaemonProgram,
oDefCacheTTL,
oDefCacheTTLSSH,
oMaxCacheTTL,
oUseStandardSocket,
oNoUseStandardSocket,
@ -140,6 +141,7 @@ static ARGPARSE_OPTS opts[] = {
{ oDefCacheTTL, "default-cache-ttl", 4,
N_("|N|expire cached PINs after N seconds")},
{ oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" },
{ oMaxCacheTTL, "max-cache-ttl", 4, "@" },
{ oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
N_("do not use the PIN cache when signing")},
@ -367,6 +369,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.pinentry_program = NULL;
opt.scdaemon_program = NULL;
opt.def_cache_ttl = DEFAULT_CACHE_TTL;
opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL;
opt.max_cache_ttl = MAX_CACHE_TTL;
opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 0;
@ -402,6 +405,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oDisableScdaemon: opt.disable_scdaemon = 1; break;
case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
@ -413,6 +417,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
default:
return 0; /* not handled */
}
return 1; /* handled */
}
@ -1339,6 +1344,7 @@ handle_signal (int signo)
case SIGUSR1:
log_info ("SIGUSR1 received - printing internal information:\n");
pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ());
agent_query_dump_state ();
agent_scd_dump_state ();
break;

3
agent/pkdecrypt.c
View File

@ -66,7 +66,8 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text,
log_printhex ("cipher: ", ciphertext, ciphertextlen);
}
rc = agent_key_from_file (ctrl, desc_text,
ctrl->keygrip, &shadow_info, 0, &s_skey);
ctrl->keygrip, &shadow_info,
CACHE_MODE_NORMAL, &s_skey);
if (rc)
{
log_error ("failed to read the secret key\n");

18
agent/pksign.c
View File

@ -79,8 +79,8 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash,
/* SIGN whatever information we have accumulated in CTRL and return
the signature S-Expression. */
int
agent_pksign_do (CTRL ctrl, const char *desc_text,
gcry_sexp_t *signature_sexp, int ignore_cache)
agent_pksign_do (ctrl_t ctrl, const char *desc_text,
gcry_sexp_t *signature_sexp, cache_mode_t cache_mode)
{
gcry_sexp_t s_skey = NULL, s_sig = NULL;
unsigned char *shadow_info = NULL;
@ -90,16 +90,16 @@ agent_pksign_do (CTRL ctrl, const char *desc_text,
return gpg_error (GPG_ERR_NO_SECKEY);
rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip,
&shadow_info, ignore_cache, &s_skey);
&shadow_info, cache_mode, &s_skey);
if (rc)
{
log_error ("failed to read the secret key\n");
goto leave;
}
if (! s_skey)
if (!s_skey)
{
/* divert operation to the smartcard */
/* Divert operation to the smartcard */
unsigned char *buf = NULL;
size_t len = 0;
@ -128,7 +128,7 @@ agent_pksign_do (CTRL ctrl, const char *desc_text,
}
else
{
/* no smartcard, but a private key */
/* No smartcard, but a private key */
gcry_sexp_t s_hash = NULL;
@ -176,15 +176,15 @@ agent_pksign_do (CTRL ctrl, const char *desc_text,
/* SIGN whatever information we have accumulated in CTRL and write it
back to OUTFP. */
int
agent_pksign (CTRL ctrl, const char *desc_text,
membuf_t *outbuf, int ignore_cache)
agent_pksign (ctrl_t ctrl, const char *desc_text,
membuf_t *outbuf, cache_mode_t cache_mode)
{
gcry_sexp_t s_sig = NULL;
char *buf = NULL;
size_t len = 0;
int rc = 0;
rc = agent_pksign_do (ctrl, desc_text, &s_sig, ignore_cache);
rc = agent_pksign_do (ctrl, desc_text, &s_sig, cache_mode);
if (rc)
goto leave;

30
agent/query.c
View File

@ -49,7 +49,7 @@
#define LOCK_TIMEOUT (1*60)
static ASSUAN_CONTEXT entry_ctx = NULL;
static assuan_context_t entry_ctx = NULL;
#ifdef USE_GNU_PTH
static pth_mutex_t entry_lock;
#endif
@ -82,6 +82,30 @@ initialize_module_query (void)
static void
dump_mutex_state (pth_mutex_t *m)
{
if (!(m->mx_state & PTH_MUTEX_INITIALIZED))
log_printf ("not_initialized");
else if (!(m->mx_state & PTH_MUTEX_LOCKED))
log_printf ("not_locked");
else
log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count);
}
/* This function may be called to print infromation pertaining to the
current state of this module to the log. */
void
agent_query_dump_state (void)
{
log_info ("agent_query_dump_state: entry_lock=");
dump_mutex_state (&entry_lock);
log_printf ("\n");
log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld\n",
entry_ctx, (long)assuan_get_pid (entry_ctx));
}
/* Unlock the pinentry so that another thread can start one and
disconnect that pinentry - we do this after the unlock so that a
@ -90,8 +114,9 @@ initialize_module_query (void)
static int
unlock_pinentry (int rc)
{
ASSUAN_CONTEXT ctx = entry_ctx;
assuan_context_t ctx = entry_ctx;
entry_ctx = NULL;
#ifdef USE_GNU_PTH
if (!pth_mutex_release (&entry_lock))
{
@ -100,7 +125,6 @@ unlock_pinentry (int rc)
rc = gpg_error (GPG_ERR_INTERNAL);
}
#endif
entry_ctx = NULL;
assuan_disconnect (ctx);
return rc;
}

2
common/sysutils.c
View File

@ -105,7 +105,7 @@ enable_core_dumps (void)
setrlimit (RLIMIT_CORE, &limit);
return 1; /* We always return true because trhis function is
merely a debugging aid. */
#endif
# endif
return 1;
#endif
}

4
doc/ChangeLog
View File

@ -1,5 +1,9 @@
2005-06-03 Werner Koch <wk@g10code.com>
* debugging.texi (Architecture Details): New section, mostly empty.
* gnupg-card-architecture.fig: New.
* Makefile.am: Rules to build png and eps versions.
* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
2005-05-17 Werner Koch <wk@g10code.com>

24
doc/Makefile.am
View File

@ -18,14 +18,34 @@
## Process this file with automake to produce Makefile.in
EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg
EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg \
gnupg-card-architecture.eps gnupg-card-architecture.png
BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png
info_TEXINFOS = gnupg.texi
gnupg_TEXINFOS = \
gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi assuan.texi \
tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
sysnotes.texi
sysnotes.texi gnupg-card-architecture.fig
DISTCLEANFILES = gnupg.tmp gnupg.ops
.fig.png:
fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
.fig.jpg:
fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@
.fig.eps:
fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@
.fig.pdf:
fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@

44
doc/debugging.texi
View File

@ -18,6 +18,7 @@ solve the problem at hand.
@menu
* Debugging Tools:: Description of some useful tools
* Common Problems:: Commonly seen problems.
* Architecture Details:: How the whole thing works internally.
@end menu
@ -105,6 +106,49 @@ shell). Even for GUI based Pinentries; you should have set
on how to do it.
@item SSH hangs while a popping up pinentry was expected
SSH has no way to tell the gpg-agent what terminal or X display it is
running on. So when remotely logging into a box where a gpg-agent with
SSH support is running, the pinentry will get popped up on whatever
display t he gpg-agent has been started. To solve this problem you may
issue the command
@smallexample
echo UPDATESTARTUPTTY | gpg-connect-agent
@end smallexample
and the next pinentry will pop up on your display or screen. However,
you need to kill the running pinentry first because only one pinentry
may be running at once. If you plan to use ssh on a new display you
should issue the above command before invoking ssh or any other service
making use of ssh.
@end itemize
@c ********************************************
@c *** Architecture Details *****************
@c ********************************************
@node Architecture Details
@section How the whole thing works internally.
@menu
* gpg 1.4 vs. 1.9:: Relationship between the two branches.
@end menu
@node gpg 1.4 vs. 1.9
@subsection Relationship between the two branches.
Here is a little picture showing how the components work together:
@image{gnupg-card-architecture, 14cm}
@noindent
Lets try to explain it:
TO BE DONE.

419
doc/gnupg-card-architecture.fig Normal file
View File

@ -0,0 +1,419 @@
#FIG 3.2 Produced by xfig version 3.2.5-alpha5
# Copyright 2005 Werner Koch
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
Landscape
Center
Metric
A4
100.00
Single
-2
1200 2
0 32 #414541
0 33 #808080
0 34 #c0c0c0
0 35 #c6b797
0 36 #eff8ff
0 37 #dccba6
0 38 #e0e0e0
0 39 #8e8f8e
0 40 #aaaaaa
0 41 #555555
0 42 #404040
0 43 #868286
0 44 #c7c3c7
0 45 #e7e3e7
0 46 #8e8e8e
0 47 #444444
0 48 #868686
0 49 #c7c7c7
0 50 #666666
0 51 #e2e2ee
0 52 #94949a
0 53 #dbdbdb
0 54 #a1a1b7
0 55 #9c0000
0 56 #ededed
0 57 #86acff
0 58 #7070ff
0 59 #bebebe
0 60 #515151
0 61 #000049
0 62 #797979
0 63 #303430
0 64 #c7b696
0 65 #d7d7d7
0 66 #aeaeae
0 67 #85807d
0 68 #d2d2d2
0 69 #3a3a3a
0 70 #4573aa
0 71 #000000
0 72 #e7e7e7
0 73 #f7f7f7
0 74 #d6d7d6
0 75 #7b79a5
0 76 #effbff
0 77 #9e9e9e
0 78 #717571
0 79 #73758c
0 80 #414141
0 81 #635dce
0 82 #565151
0 83 #dd9d93
0 84 #f1ece0
0 85 #c3c3c3
0 86 #e2c8a8
0 87 #e1e1e1
0 88 #da7a1a
0 89 #f1e41a
0 90 #887dc2
0 91 #d6d6d6
0 92 #8c8ca5
0 93 #4a4a4a
0 94 #8c6b6b
0 95 #5a5a5a
0 96 #636363
0 97 #b79b73
0 98 #4193ff
0 99 #bf703b
0 100 #db7700
0 101 #dab800
0 102 #006400
0 103 #5a6b3b
0 104 #d3d3d3
0 105 #8e8ea4
0 106 #f3b95d
0 107 #89996b
0 108 #646464
0 109 #b7e6ff
0 110 #86c0ec
0 111 #bdbdbd
0 112 #d39552
0 113 #98d2fe
0 114 #8c9c6b
0 115 #f76b00
0 116 #5a6b39
0 117 #8c9c6b
0 118 #8c9c7b
0 119 #184a18
0 120 #adadad
0 121 #f7bd5a
0 122 #636b9c
0 123 #de0000
0 124 #adadad
0 125 #f7bd5a
0 126 #adadad
0 127 #f7bd5a
0 128 #636b9c
0 129 #526b29
0 130 #949494
0 131 #006300
0 132 #00634a
0 133 #7b844a
0 134 #e7bd7b
0 135 #a5b5c6
0 136 #6b6b94
0 137 #846b6b
0 138 #529c4a
0 139 #d6e7e7
0 140 #526363
0 141 #186b4a
0 142 #9ca5b5
0 143 #ff9400
0 144 #ff9400
0 145 #00634a
0 146 #7b844a
0 147 #63737b
0 148 #e7bd7b
0 149 #184a18
0 150 #f7bd5a
0 151 #dedede
0 152 #f3eed3
0 153 #f5ae5d
0 154 #95ce99
0 155 #b5157d
0 156 #eeeeee
0 157 #848484
0 158 #7b7b7b
0 159 #005a00
0 160 #e77373
0 161 #ffcb31
0 162 #29794a
0 163 #de2821
0 164 #2159c6
0 165 #f8f8f8
0 166 #e6e6e6
0 167 #21845a
0 168 #ff9408
0 169 #007000
0 170 #d00000
0 171 #fed600
0 172 #d82010
0 173 #003484
0 174 #d62010
0 175 #389000
0 176 #ba0000
0 177 #003380
0 178 #00a7bd
0 179 #ffc500
0 180 #087bd0
0 181 #fbc100
0 182 #840029
0 183 #07399c
0 184 #0063bd
0 185 #39acdf
0 186 #42c0e0
0 187 #31ceff
0 188 #ffde00
0 189 #085a00
0 190 #ff2100
0 191 #f75e08
0 192 #ef7b08
0 193 #ff8200
0 194 #007d00
0 195 #0000be
0 196 #757575
0 197 #f3f3f3
0 198 #d7d3d7
0 199 #aeaaae
0 200 #c2c2c2
0 201 #303030
0 202 #515551
0 203 #f7f3f7
0 204 #717171
6 9270 1980 13230 6570
6 9471 3906 13014 5677
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
10540 4394 10540 3936 9471 3936 9471 4394 10540 4394
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
10387 5616 10387 5158 9471 5158 9471 5616 10387 5616
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
12984 5005 12984 4547 9471 4547 9471 5005 12984 5005
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
12984 5616 12984 5158 12067 5158 12067 5616 12984 5616
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
11701 5627 11701 5168 10784 5168 10784 5627 11701 5627
4 0 0 50 -1 16 11 0.0000 4 173 835 9623 4242 OpenPGP\001
4 0 0 50 -1 16 11 0.0000 4 132 2770 9776 4853 APDU and ISO-7816 access code\001
4 0 0 50 -1 16 11 0.0000 4 132 448 9623 5464 CCID\001
4 0 0 50 -1 16 11 0.0000 4 132 601 12220 5464 CT-API\001
4 0 0 50 -1 16 11 0.0000 4 132 560 10957 5464 PC/SC\001
-6
6 10693 3906 13014 4394
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
11762 4394 11762 3936 10693 3936 10693 4394 11762 4394
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
12984 4394 12984 3936 11915 3936 11915 4394 12984 4394
4 0 0 50 -1 16 11 0.0000 4 132 377 10998 4242 NKS\001
4 0 0 50 -1 16 11 0.0000 4 132 804 12067 4242 PKCS#15\001
-6
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
13137 2072 9318 2072 9318 5739 13137 5739 13137 2072
2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
9318 3753 13137 3753
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
11691 6360 10774 6360 10774 5901 11691 5901 11691 6360
2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1
11762 5739
2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 4
10693 5739 10693 6502 11762 6502 11762 5739
4 0 0 50 -1 18 15 0.0000 4 183 1293 10540 2989 SCDaemon\001
4 0 0 50 -1 16 11 0.0000 4 133 662 10896 6176 wrapper\001
-6
6 90 1980 4050 5760
6 306 3906 3849 5677
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
1375 4394 1375 3936 306 3936 306 4394 1375 4394
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
1222 5616 1222 5158 306 5158 306 5616 1222 5616
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
3819 5005 3819 4547 306 4547 306 5005 3819 5005
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
3819 5616 3819 5158 2902 5158 2902 5616 3819 5616
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
2536 5627 2536 5168 1619 5168 1619 5627 2536 5627
4 0 0 50 -1 16 11 0.0000 4 173 835 458 4242 OpenPGP\001
4 0 0 50 -1 16 11 0.0000 4 132 2770 611 4853 APDU and ISO-7816 access code\001
4 0 0 50 -1 16 11 0.0000 4 132 448 458 5464 CCID\001
4 0 0 50 -1 16 11 0.0000 4 132 601 3055 5464 CT-API\001
4 0 0 50 -1 16 11 0.0000 4 132 560 1792 5464 PC/SC\001
-6
6 2139 3753 3208 4211
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
3208 4211 3208 3753 2139 3753 2139 4211 3208 4211
4 0 0 50 -1 16 11 0.0000 4 132 784 2291 4058 Gluecode\001
-6
2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1
2597 5739
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
1 1 1.00 40.73 81.47
2139 4028 1405 4150
2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 4
153 3753 1833 3753 1833 4364 3972 4364
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
3972 2072 153 2072 153 5739 3972 5739 3972 2072
4 0 0 50 -1 18 15 0.0000 4 224 866 1375 2989 gpg 1.4\001
-6
6 4888 4058 5346 5433
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
5346 5433 5346 4058 4888 4058 4888 5433 5346 5433
4 0 0 50 -1 16 11 1.5708 4 132 611 5194 5128 Assuan\001
-6
6 4680 1980 8640 5760
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
5346 3753 5346 2378 4888 2378 4888 3753 5346 3753
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
8554 5739 4735 5739 4735 2072 8554 2072 8554 5739
4 0 0 50 -1 16 11 1.5708 4 173 804 5194 3447 ssh-agent\001
-6
6 5805 3447 7332 4975
6 5957 3447 7179 4211
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
7179 4211 7179 3447 5957 3447 5957 4211 7179 4211
4 0 0 50 -1 16 11 0.0000 4 173 937 6110 3753 Private Key\001
4 0 0 50 -1 16 11 0.0000 4 173 896 6110 4058 Operations\001
-6
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
7195 4883
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
7195 4883
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
7332 4975 7332 4517 6721 4517 6721 4975 7332 4975
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
1 1 1.00 40.73 81.47
1 1 1.00 40.73 81.47
6568 4211 7027 4517
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
1 1 1.00 40.73 81.47
1 1 1.00 40.73 81.47
6568 4211 6110 4517
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
6416 4975 6416 4517 5805 4517 5805 4975 6416 4975
4 0 0 50 -1 16 11 0.0000 4 132 397 6874 4822 Card\001
4 0 0 50 -1 16 11 0.0000 4 132 356 5957 4822 Disk\001
-6
6 7638 3600 8401 4058
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
8401 4058 8401 3600 7638 3600 7638 4058 8401 4058
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
7638 3814
4 0 0 50 -1 16 11 0.0000 4 132 530 7790 3905 Cache\001
-6
6 9471 2225 9929 3600
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
9929 3600 9929 2225 9471 2225 9471 3600 9929 3600
4 0 0 50 -1 16 11 1.5708 4 132 611 9776 3294 Assuan\001
-6
6 6480 360 8640 1440
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
8554 1339 6568 1339 6568 423 8554 423 8554 1339
4 0 0 50 -1 18 15 0.0000 4 234 967 7027 881 pinentry\001
4 0 0 50 -1 16 10 0.0000 4 153 1375 6874 1187 (GTK+, Qt, Curses)\001
-6
6 10570 270 13137 1003
2 1 1 1 1 2 50 -1 -1 4.000 0 0 -1 1 0 2
1 1 1.00 40.73 81.47
10632 331 11181 331
2 1 0 2 1 2 50 -1 -1 6.000 0 0 -1 1 0 2
1 1 2.00 81.47 162.94
10632 637 11181 637
2 1 0 1 0 2 50 -1 -1 4.000 0 0 -1 1 0 2
1 1 1.00 40.73 81.47
10632 942 11181 942
4 0 0 50 -1 16 10 0.0000 4 163 1762 11365 392 Alternative access paths\001
4 0 0 50 -1 16 10 0.0000 4 163 1426 11365 698 IPC (pipe or socket)\001
4 0 0 50 -1 16 10 0.0000 4 122 1232 11365 1003 Internal data flow\001
-6
# Smartcard ID-1
6 6840 6120 8550 7200
6 7069 6526 7307 6746
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
7234 6691 7307 6691
2 1 0 1 0 0 48 -1 20 0.000 0 0 -1 0 0 2
7069 6636 7143 6636
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
7069 6581 7143 6581
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
7069 6691 7143 6691
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
7143 6526 7143 6746
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 3
7307 6581 7234 6581 7234 6746
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
7234 6636 7307 6636
2 4 0 1 0 31 49 -1 20 0.000 0 0 1 0 0 5
7069 6526 7307 6526 7307 6746 7069 6746 7069 6526
-6
2 4 0 1 -1 7 50 -1 20 0.000 0 0 1 0 0 5
8472 7185 6904 7185 6904 6197 8472 6197 8472 7185
-6
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
1 1 1.00 40.73 81.47
5346 3142 5957 3753
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
1 1 1.00 40.73 81.47
5346 4669 5957 3905
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
1 1 1.00 40.73 81.47
1 1 1.00 40.73 81.47
7179 3814 7638 3814
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
11731 7480 10693 7480 10693 6991 11731 6991 11731 7480
3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
1 1 2.00 81.47 162.94
8022 3600 8096 2225 7513 1360
0.000 -1.000 0.000
3 2 0 2 1 2 50 -1 -1 0.000 0 1 0 3
0 0 2.00 81.47 162.94
7332 4730 8737 4486 9471 2897
0.000 -1.000 0.000
3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
1 1 2.00 81.47 162.94
3238 3997 4216 4242 4888 4730
0.000 -1.000 0.000
3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
1 1 2.00 81.47 162.94
11243 6502 11304 6747 11181 6991
0.000 -1.000 0.000
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
1 1 1.00 40.73 81.47
10693 7235 9471 7174 8493 6869
0.000 -1.000 0.000
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
1 1 1.00 40.73 81.47
9898 5647 9532 6380 8493 6563
0.000 -1.000 0.000
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
1 1 1.00 40.73 81.47
12465 5647 11731 6624 8493 6747
0.000 -1.000 0.000
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
1 1 1.00 40.73 81.47
2077 5647 3177 6502 6843 6624
0.000 -1.000 0.000
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
1 1 1.00 40.73 81.47
733 5647 2444 6808 6843 6747
0.000 -1.000 0.000
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
1 1 1.00 40.73 81.47
3361 5647 4155 6319 6843 6502
0.000 -1.000 0.000
4 0 0 50 -1 18 15 0.0000 4 214 1191 5957 2989 gpg-agent\001
4 0 0 50 -1 16 11 0.0000 4 173 387 10998 7297 pcsd\001

19
doc/gnupg.texi
View File

@ -86,14 +86,15 @@ section entitled ``Copying''.
@insertcopying
@end titlepage
@ifnothtml
@summarycontents
@contents
@page
@end ifnothtml
@ifnottex
@node Top
@top The GNU Privacy Guard
@top
@insertcopying
This manual documents how to use the GNU Privacy Guard system as well as
@ -120,6 +121,20 @@ the administration and the architecture.
* Index:: Index of concepts and symbol names.
@end menu
@ifhtml
@center @image{gnupg-badge-openpgp,6cm,,The GnuPG Logo}
@end ifhtml
@ifhtml
@page
@summarycontents
@contents
@end ifhtml
@include gpg.texi
@include gpgsm.texi
@include gpg-agent.texi

47
doc/gpg-agent.texi
View File

@ -42,7 +42,8 @@ else
fi
@end smallexample
The new option @option{--write-env-file} may be used instead.
@noindent
Note that the new option @option{--write-env-file} may be used instead.
@noindent
@ -289,6 +290,11 @@ control this behaviour but this command line option takes precedence.
Set the time a cache entry is valid to @var{n} seconds. The default are
600 seconds.
@item --default-cache-ttl-ssh @var{n}
@opindex default-cache-ttl
Set the time a cache entry used for SSH keys is valid to @var{n}
seconds. The default are 600 seconds.
@item --max-cache-ttl @var{n}
@opindex max-cache-ttl
Set the maximum time a cache entry is valid to @var{n} seconds. After
@ -506,12 +512,13 @@ are still pending, a shutdown is forced.
@cpindex SIGINT
Shuts down the process immediately.
@item SIGUSR1
@itemx SIGUSR2
@cpindex SIGUSR1
Dump internal information to the log file.
@item SIGUSR2
@cpindex SIGUSR2
These signals are used for internal purposes.
This signal is used for internal purposes.
@end table
@ -523,12 +530,44 @@ These signals are used for internal purposes.
@c man begin EXAMPLES
The usual way to invoke @command{gpg-agent} is
@example
$ eval `gpg-agent --daemon`
@end example
@c man end
An alternative way is by replacing @command{ssh-agent} with
@command{gpg-agent}. If for example @command{ssh-agent} is started as
part of the Xsession intialization you may simply replace
@command{ssh-agent} by a script like:
@cartouche
@example
#!/bin/sh
exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \
--write-env-file $@{HOME@}/.gpg-agent-info "$@@"
@end example
@end cartouche
@noindent
and add something like (for Bourne shells)
@cartouche
@example
if [ -f "$@{HOME@}/.gpg-agent-info" ]; then
. "$@{HOME@}/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
fi
@end example
@end cartouche
@noindent
to your shell initialization file (e.g. @file{~/.bashrc}).
@c
@c Assuan Protocol

8
doc/scdaemon.texi
View File

@ -181,6 +181,14 @@ protocol. Note that this option may reveal sensitive data.
This option disables all ticker functions like checking for card
insertions.
@item --debug-allow-core-dump
@opindex debug-allow-core-dump
For security reasons we won't create a core dump when the process
aborts. For debugging purposes it is sometimes better to allow core
dump. This options enables it and also changes the working directory to
@file{/tmp} when running in @option{--server} mode.
@item --no-detach
@opindex no-detach
Don't detach the process from the console. This is manly usefule for

4
scd/ChangeLog
View File

@ -1,3 +1,7 @@
2005-06-06 Werner Koch <wk@g10code.com>
* scdaemon.c (main): New option --debug-allow-core-dump.
2005-06-03 Werner Koch <wk@g10code.com>
* scdaemon.c (handle_connections): Make sure that the signals we

3
scd/command.c
View File

@ -70,7 +70,7 @@ struct server_local_s {
struct server_local_s *next_session;
/* This object is usually assigned to a CTRL object (which is
globally visible). While enumeratin all sessions we sometimes
globally visible). While enumerating all sessions we sometimes
need to access data of the CTRL object; thus we keep a
backpointer here. */
ctrl_t ctrl_backlink;
@ -860,6 +860,7 @@ cmd_getattr (assuan_context_t ctx, char *line)
/* FIXME: Applications should not return sensistive data if the card
is locked. */
rc = app_getattr (ctrl->app_ctx, ctrl, keyword);
xfree (keyword);
TEST_CARD_REMOVAL (ctrl, rc);
return map_to_assuan_status (rc);

18
scd/scdaemon.c
View File

@ -67,6 +67,7 @@ enum cmd_and_opt_values
oDebugAll,
oDebugLevel,
oDebugWait,
oDebugAllowCoreDump,
oDebugCCIDDriver,
oNoGreeting,
oNoOptions,
@ -110,6 +111,7 @@ static ARGPARSE_OPTS opts[] = {
{ oDebugAll, "debug-all" ,0, "@"},
{ oDebugLevel, "debug-level" ,2, "@"},
{ oDebugWait,"debug-wait",1, "@"},
{ oDebugAllowCoreDump, "debug-allow-core-dump", 0, "@" },
{ oDebugCCIDDriver, "debug-ccid-driver", 0, "@"},
{ oDebugDisableTicker, "debug-disable-ticker", 0, "@"},
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
@ -318,6 +320,7 @@ main (int argc, char **argv )
int debug_wait = 0;
int gpgconf_list = 0;
const char *config_filename = NULL;
int allow_coredump = 0;
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
@ -448,6 +451,10 @@ main (int argc, char **argv )
case oDebugAll: opt.debug = ~0; break;
case oDebugLevel: debug_level = pargs.r.ret_str; break;
case oDebugWait: debug_wait = pargs.r.ret_int; break;
case oDebugAllowCoreDump:
enable_core_dumps ();
allow_coredump = 1;
break;
case oDebugCCIDDriver:
ccid_set_debug_level (ccid_set_debug_level (-1)+1);
break;
@ -604,6 +611,17 @@ main (int argc, char **argv )
sigaction (SIGPIPE, &sa, NULL);
}
/* If --debug-allow-core-dump has been given we also need to
switch the working directory to a place where we can actually
write. */
if (allow_coredump)
{
if (chdir("/tmp"))
log_debug ("chdir to `/tmp' failed: %s\n", strerror (errno));
else
log_debug ("changed working directory to `/tmp'\n");
}
/* In multi server mode we need to listen on an additional
socket. Create that socket now before starting the handler
for the pipe connection. This allows that handler to send