From 33701641829798ddd7fced64cf9a504cc5f48cc1 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 7 Jun 2005 19:09:18 +0000 Subject: [PATCH] New debugging optionhs, updates to the manual. --- NEWS | 5 +- agent/ChangeLog | 21 ++ agent/agent.h | 49 +++- agent/cache.c | 36 ++- agent/call-scd.c | 30 ++- agent/command-ssh.c | 5 +- agent/command.c | 21 +- agent/findkey.c | 24 +- agent/gpg-agent.c | 6 + agent/pkdecrypt.c | 3 +- agent/pksign.c | 18 +- agent/query.c | 30 ++- common/sysutils.c | 2 +- doc/ChangeLog | 4 + doc/Makefile.am | 24 +- doc/debugging.texi | 44 ++++ doc/gnupg-card-architecture.fig | 419 ++++++++++++++++++++++++++++++++ doc/gnupg.texi | 19 +- doc/gpg-agent.texi | 47 +++- doc/scdaemon.texi | 8 + scd/ChangeLog | 4 + scd/command.c | 3 +- scd/scdaemon.c | 18 ++ 23 files changed, 759 insertions(+), 81 deletions(-) create mode 100644 doc/gnupg-card-architecture.fig diff --git a/NEWS b/NEWS index e28f1284a..daa18c4c0 100644 --- a/NEWS +++ b/NEWS @@ -13,9 +13,12 @@ Noteworthy changes in version 1.9.17 does allows only signing using TCOS cards but we are going to enhance it to match all the old capabilities. - * [gpg-agent] New option --rite-env-file and Assuan command + * [gpg-agent] New option --write-env-file and Assuan command UPDATESTARTUPTTY. + * [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for + SSH passphrase caching independent from the other passphrases. + Noteworthy changes in version 1.9.16 (2005-04-21) ------------------------------------------------- diff --git a/agent/ChangeLog b/agent/ChangeLog index 9621e5de0..1a157fa52 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,24 @@ +2005-06-06 Werner Koch + + * gpg-agent.c: New option --default-cache-ttl-ssh. + * agent.h (cache_mode_t): New. + * pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the + ARG IGNORE_CACHE. Changed all callers. + (agent_pksign): Ditto. + * findkey.c (agent_key_from_file): Ditto. Canged all callers. + (unprotect): Ditto. + * command-ssh.c (data_sign): Use CACHE_MODE_SSH. + * cache.c (agent_get_cache): New arg CACHE_MODE. + (agent_put_cache): Ditto. Store it in the cache. + + * query.c (agent_query_dump_state, dump_mutex_state): New. + (unlock_pinentry): Reset the global context before releasing the + mutex. + * gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1. + + * call-scd.c (agent_scd_check_aliveness): Always do a waitpid and + add a timeout to the locking. + 2005-06-03 Werner Koch * command.c (cmd_updatestartuptty): New. diff --git a/agent/agent.h b/agent/agent.h index 51e66abee..350e5c0d2 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -69,9 +69,13 @@ struct { smartcard tasks. */ int disable_scdaemon; /* Never use the SCdaemon. */ int no_grab; /* Don't let the pinentry grab the keyboard */ - unsigned long def_cache_ttl; + + /* The default and maximum TTL of cache entries. */ + unsigned long def_cache_ttl; /* Normal. */ + unsigned long def_cache_ttl_ssh; /* SSH. */ unsigned long max_cache_ttl; + int running_detached; /* We are running detached from the tty. */ int ignore_cache_for_signing; @@ -147,12 +151,26 @@ struct pin_entry_info_s { }; -enum { - PRIVATE_KEY_UNKNOWN = 0, - PRIVATE_KEY_CLEAR = 1, - PRIVATE_KEY_PROTECTED = 2, - PRIVATE_KEY_SHADOWED = 3 -}; +enum + { + PRIVATE_KEY_UNKNOWN = 0, + PRIVATE_KEY_CLEAR = 1, + PRIVATE_KEY_PROTECTED = 2, + PRIVATE_KEY_SHADOWED = 3 + }; + + +/* Values for the cache_mode arguments. */ +typedef enum + { + CACHE_MODE_IGNORE = 0, /* Special mode to by pass the cache. */ + CACHE_MODE_ANY, /* Any mode except ignore matches. */ + CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */ + CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */ + CACHE_MODE_SSH /* SSH related cache. */ + } +cache_mode_t; + /*-- gpg-agent.c --*/ void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */ @@ -171,7 +189,8 @@ gpg_error_t agent_key_from_file (ctrl_t ctrl, const char *desc_text, const unsigned char *grip, unsigned char **shadow_info, - int ignore_cache, gcry_sexp_t *result); + cache_mode_t cache_mode, + gcry_sexp_t *result); gpg_error_t agent_public_key_from_file (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t *result); @@ -179,6 +198,7 @@ int agent_key_available (const unsigned char *grip); /*-- query.c --*/ void initialize_module_query (void); +void agent_query_dump_state (void); int agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *inital_errtext, @@ -191,16 +211,19 @@ int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok, /*-- cache.c --*/ void agent_flush_cache (void); -int agent_put_cache (const char *key, const char *data, int ttl); -const char *agent_get_cache (const char *key, void **cache_id); +int agent_put_cache (const char *key, cache_mode_t cache_mode, + const char *data, int ttl); +const char *agent_get_cache (const char *key, cache_mode_t cache_mode, + void **cache_id); void agent_unlock_cache_entry (void **cache_id); /*-- pksign.c --*/ -int agent_pksign_do (CTRL ctrl, const char *desc_text, - gcry_sexp_t *signature_sexp, int ignore_cache); +int agent_pksign_do (ctrl_t ctrl, const char *desc_text, + gcry_sexp_t *signature_sexp, + cache_mode_t cache_mode); int agent_pksign (ctrl_t ctrl, const char *desc_text, - membuf_t *outbuf, int ignore_cache); + membuf_t *outbuf, cache_mode_t cache_mode); /*-- pkdecrypt.c --*/ int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, diff --git a/agent/cache.c b/agent/cache.c index 18aa7653b..a032b4fa7 100644 --- a/agent/cache.c +++ b/agent/cache.c @@ -42,6 +42,7 @@ struct cache_item_s { int ttl; /* max. lifetime given in seconds, -1 one means infinite */ int lockcount; struct secret_data_s *pw; + cache_mode_t cache_mode; char key[1]; }; @@ -78,6 +79,7 @@ new_data (const void *data, size_t length) } + /* check whether there are items to expire */ static void housekeeping (void) @@ -85,7 +87,7 @@ housekeeping (void) ITEM r, rprev; time_t current = gnupg_get_time (); - /* first expire the actual data */ + /* First expire the actual data */ for (r=thecache; r; r = r->next) { if (!r->lockcount && r->pw @@ -100,7 +102,7 @@ housekeeping (void) } } - /* second, make sure that we also remove them based on the created stamp so + /* Second, make sure that we also remove them based on the created stamp so that the user has to enter it from time to time. We do this every hour */ for (r=thecache; r; r = r->next) { @@ -115,7 +117,7 @@ housekeeping (void) } } - /* third, make sure that we don't have too many items in the list. + /* Third, make sure that we don't have too many items in the list. Expire old and unused entries after 30 minutes */ for (rprev=NULL, r=thecache; r; ) { @@ -186,19 +188,27 @@ agent_flush_cache (void) with a maximum lifetime of TTL seconds. If there is already data under this key, it will be replaced. Using a DATA of NULL deletes the entry. A TTL of 0 is replaced by the default TTL and a TTL of - -1 set infinite timeout. */ + -1 set infinite timeout. CACHE_MODE is stored with the cache entry + and used t select different timeouts. */ int -agent_put_cache (const char *key, const char *data, int ttl) +agent_put_cache (const char *key, cache_mode_t cache_mode, + const char *data, int ttl) { ITEM r; if (DBG_CACHE) - log_debug ("agent_put_cache `%s' requested ttl=%d\n", key, ttl); + log_debug ("agent_put_cache `%s' requested ttl=%d mode=%d\n", + key, ttl, cache_mode); housekeeping (); if (!ttl) - ttl = opt.def_cache_ttl; - if (!ttl) + { + if (cache_mode == CACHE_MODE_SSH) + ttl = opt.def_cache_ttl_ssh; + else + ttl = opt.def_cache_ttl; + } + if (!ttl || cache_mode == CACHE_MODE_IGNORE) return 0; for (r=thecache; r; r = r->next) @@ -217,6 +227,7 @@ agent_put_cache (const char *key, const char *data, int ttl) { r->created = r->accessed = gnupg_get_time (); r->ttl = ttl; + r->cache_mode = cache_mode; r->pw = new_data (data, strlen (data)+1); if (!r->pw) log_error ("out of core while allocating new cache item\n"); @@ -232,6 +243,7 @@ agent_put_cache (const char *key, const char *data, int ttl) strcpy (r->key, key); r->created = r->accessed = gnupg_get_time (); r->ttl = ttl; + r->cache_mode = cache_mode; r->pw = new_data (data, strlen (data)+1); if (!r->pw) { @@ -249,12 +261,16 @@ agent_put_cache (const char *key, const char *data, int ttl) } -/* Try to find an item in the cache */ +/* Try to find an item in the cache. Note that we currently don't + make use of CACHE_MODE. */ const char * -agent_get_cache (const char *key, void **cache_id) +agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id) { ITEM r; + if (cache_mode == CACHE_MODE_IGNORE) + return NULL; + if (DBG_CACHE) log_debug ("agent_get_cache `%s'...\n", key); housekeeping (); diff --git a/agent/call-scd.c b/agent/call-scd.c index 00c9df2a7..4dff8e3c1 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -372,25 +372,33 @@ start_scd (ctrl_t ctrl) void agent_scd_check_aliveness (void) { + pth_event_t evt; pid_t pid; int rc; - /* We can do so only if there is no more active primary connection. - With an active primary connection, this is all no problem because - with the end of gpg-agent's session a disconnect is send and the - this function will be used at a later time. */ - if (!primary_scd_ctx || !primary_scd_ctx_reusable) - return; + if (!primary_scd_ctx) + return; /* No scdaemon running. */ - if (!pth_mutex_acquire (&start_scd_lock, 0, NULL)) + /* This is not a critical function so we use a short timeout while + acquiring the lock. */ + evt = pth_event (PTH_EVENT_TIME, pth_timeout (1, 0)); + if (!pth_mutex_acquire (&start_scd_lock, 0, evt)) { - log_error ("failed to acquire the start_scd lock while" - " doing an aliveness check: %s\n", - strerror (errno)); + if (pth_event_occurred (evt)) + { + if (opt.verbose > 1) + log_info ("failed to acquire the start_scd lock while" + " doing an aliveness check: %s\n", "timeout"); + } + else + log_error ("failed to acquire the start_scd lock while" + " doing an aliveness check: %s\n", strerror (errno)); + pth_event_free (evt, PTH_FREE_THIS); return; } + pth_event_free (evt, PTH_FREE_THIS); - if (primary_scd_ctx && primary_scd_ctx_reusable) + if (primary_scd_ctx) { pid = assuan_get_pid (primary_scd_ctx); if (pid != (pid_t)(-1) && pid diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 030cc70a0..870afe059 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -2014,7 +2014,8 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder, ctrl->use_auth_call = 1; err = agent_pksign_do (ctrl, _("Please enter the passphrase " - "for the ssh key%0A %c"), &signature_sexp, 0); + "for the ssh key%0A %c"), &signature_sexp, + CACHE_MODE_SSH); ctrl->use_auth_call = 0; if (err) goto out; @@ -2386,7 +2387,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) for (i = 0; i < 20; i++) sprintf (key_grip + 2 * i, "%02X", key_grip_raw[i]); - err = agent_put_cache (key_grip, pi->pin, ttl); + err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl); if (err) goto out; diff --git a/agent/command.c b/agent/command.c index 56167118d..ebf3a8220 100644 --- a/agent/command.c +++ b/agent/command.c @@ -404,19 +404,19 @@ static int cmd_pksign (ASSUAN_CONTEXT ctx, char *line) { int rc; - int ignore_cache = 0; + cache_mode_t cache_mode = CACHE_MODE_NORMAL; ctrl_t ctrl = assuan_get_pointer (ctx); membuf_t outbuf; - + if (opt.ignore_cache_for_signing) - ignore_cache = 1; + cache_mode = CACHE_MODE_IGNORE; else if (!ctrl->server_local->use_cache_for_signing) - ignore_cache = 1; + cache_mode = CACHE_MODE_IGNORE; init_membuf (&outbuf, 512); rc = agent_pksign (ctrl, ctrl->server_local->keydesc, - &outbuf, ignore_cache); + &outbuf, cache_mode); if (rc) clear_outbuf (&outbuf); else @@ -623,7 +623,8 @@ cmd_get_passphrase (ASSUAN_CONTEXT ctx, char *line) desc = NULL; /* Note: we store the hexified versions in the cache. */ - pw = cacheid ? agent_get_cache (cacheid, &cache_marker) : NULL; + pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL, &cache_marker) + : NULL; if (pw) { assuan_begin_confidential (ctx); @@ -647,7 +648,7 @@ cmd_get_passphrase (ASSUAN_CONTEXT ctx, char *line) if (!rc) { if (cacheid) - agent_put_cache (cacheid, response, 0); + agent_put_cache (cacheid, CACHE_MODE_USER, response, 0); assuan_begin_confidential (ctx); rc = assuan_set_okay_line (ctx, response); xfree (response); @@ -682,7 +683,7 @@ cmd_clear_passphrase (ASSUAN_CONTEXT ctx, char *line) if (!cacheid || !*cacheid || strlen (cacheid) > 50) return set_error (Parameter_Error, "invalid length of cacheID"); - agent_put_cache (cacheid, NULL, 0); + agent_put_cache (cacheid, CACHE_MODE_USER, NULL, 0); return 0; } @@ -772,7 +773,7 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line) Assuan error code. */ rc = agent_key_from_file (ctrl, ctrl->server_local->keydesc, - grip, &shadow_info, 1, &s_skey); + grip, &shadow_info, CACHE_MODE_IGNORE, &s_skey); if (rc) ; else if (!s_skey) @@ -842,7 +843,7 @@ cmd_preset_passphrase (ASSUAN_CONTEXT ctx, char *line) else return map_to_assuan_status (gpg_error (GPG_ERR_NOT_IMPLEMENTED)); - rc = agent_put_cache (grip_clear, passphrase, ttl); + rc = agent_put_cache (grip_clear, CACHE_MODE_ANY, passphrase, ttl); if (rc) log_error ("command preset_passwd failed: %s\n", gpg_strerror (rc)); diff --git a/agent/findkey.c b/agent/findkey.c index 999a5d620..56433c9c4 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -230,8 +230,9 @@ modify_description (const char *in, const char *comment, char **result) caching mechanism. DESC_TEXT may be set to override the default description used for the pinentry. */ static int -unprotect (CTRL ctrl, const char *desc_text, - unsigned char **keybuf, const unsigned char *grip, int ignore_cache) +unprotect (ctrl_t ctrl, const char *desc_text, + unsigned char **keybuf, const unsigned char *grip, + cache_mode_t cache_mode) { struct pin_entry_info_s *pi; struct try_unprotect_arg_s arg; @@ -246,10 +247,12 @@ unprotect (CTRL ctrl, const char *desc_text, /* First try to get it from the cache - if there is none or we can't unprotect it, we fall back to ask the user */ - if (!ignore_cache) + if (cache_mode != CACHE_MODE_IGNORE) { void *cache_marker; - const char *pw = agent_get_cache (hexgrip, &cache_marker); + const char *pw; + + pw = agent_get_cache (hexgrip, cache_mode, &cache_marker); if (pw) { rc = agent_unprotect (*keybuf, pw, &result, &resultlen); @@ -280,7 +283,7 @@ unprotect (CTRL ctrl, const char *desc_text, if (!rc) { assert (arg.unprotected_key); - agent_put_cache (hexgrip, pi->pin, 0); + agent_put_cache (hexgrip, cache_mode, pi->pin, 0); xfree (*keybuf); *keybuf = arg.unprotected_key; } @@ -360,14 +363,13 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) /* Return the secret key as an S-Exp in RESULT after locating it using the grip. Returns NULL in RESULT if the operation should be diverted to a token; SHADOW_INFO will point then to an allocated - S-Expression with the shadow_info part from the file. With - IGNORE_CACHE passed as true the passphrase is not taken from the - cache. DESC_TEXT may be set to present a custom description for the - pinentry. */ + S-Expression with the shadow_info part from the file. CACHE_MODE + defines now the cache shall be used. DESC_TEXT may be set to + present a custom description for the pinentry. */ gpg_error_t agent_key_from_file (ctrl_t ctrl, const char *desc_text, const unsigned char *grip, unsigned char **shadow_info, - int ignore_cache, gcry_sexp_t *result) + cache_mode_t cache_mode, gcry_sexp_t *result) { int rc; unsigned char *buf; @@ -447,7 +449,7 @@ agent_key_from_file (ctrl_t ctrl, const char *desc_text, if (!rc) { - rc = unprotect (ctrl, desc_text_final, &buf, grip, ignore_cache); + rc = unprotect (ctrl, desc_text_final, &buf, grip, cache_mode); if (rc) log_error ("failed to unprotect the secret key: %s\n", gpg_strerror (rc)); diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 90b071d5e..6cc08f845 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -83,6 +83,7 @@ enum cmd_and_opt_values oLCmessages, oScdaemonProgram, oDefCacheTTL, + oDefCacheTTLSSH, oMaxCacheTTL, oUseStandardSocket, oNoUseStandardSocket, @@ -140,6 +141,7 @@ static ARGPARSE_OPTS opts[] = { { oDefCacheTTL, "default-cache-ttl", 4, N_("|N|expire cached PINs after N seconds")}, + { oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" }, { oMaxCacheTTL, "max-cache-ttl", 4, "@" }, { oIgnoreCacheForSigning, "ignore-cache-for-signing", 0, N_("do not use the PIN cache when signing")}, @@ -367,6 +369,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.pinentry_program = NULL; opt.scdaemon_program = NULL; opt.def_cache_ttl = DEFAULT_CACHE_TTL; + opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL; opt.max_cache_ttl = MAX_CACHE_TTL; opt.ignore_cache_for_signing = 0; opt.allow_mark_trusted = 0; @@ -402,6 +405,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oDisableScdaemon: opt.disable_scdaemon = 1; break; case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break; + case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break; case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break; case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break; @@ -413,6 +417,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) default: return 0; /* not handled */ } + return 1; /* handled */ } @@ -1339,6 +1344,7 @@ handle_signal (int signo) case SIGUSR1: log_info ("SIGUSR1 received - printing internal information:\n"); pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); + agent_query_dump_state (); agent_scd_dump_state (); break; diff --git a/agent/pkdecrypt.c b/agent/pkdecrypt.c index 7a93e58f8..42ce69697 100644 --- a/agent/pkdecrypt.c +++ b/agent/pkdecrypt.c @@ -66,7 +66,8 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text, log_printhex ("cipher: ", ciphertext, ciphertextlen); } rc = agent_key_from_file (ctrl, desc_text, - ctrl->keygrip, &shadow_info, 0, &s_skey); + ctrl->keygrip, &shadow_info, + CACHE_MODE_NORMAL, &s_skey); if (rc) { log_error ("failed to read the secret key\n"); diff --git a/agent/pksign.c b/agent/pksign.c index 3337e188c..2a355e43e 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -79,8 +79,8 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash, /* SIGN whatever information we have accumulated in CTRL and return the signature S-Expression. */ int -agent_pksign_do (CTRL ctrl, const char *desc_text, - gcry_sexp_t *signature_sexp, int ignore_cache) +agent_pksign_do (ctrl_t ctrl, const char *desc_text, + gcry_sexp_t *signature_sexp, cache_mode_t cache_mode) { gcry_sexp_t s_skey = NULL, s_sig = NULL; unsigned char *shadow_info = NULL; @@ -90,16 +90,16 @@ agent_pksign_do (CTRL ctrl, const char *desc_text, return gpg_error (GPG_ERR_NO_SECKEY); rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip, - &shadow_info, ignore_cache, &s_skey); + &shadow_info, cache_mode, &s_skey); if (rc) { log_error ("failed to read the secret key\n"); goto leave; } - if (! s_skey) + if (!s_skey) { - /* divert operation to the smartcard */ + /* Divert operation to the smartcard */ unsigned char *buf = NULL; size_t len = 0; @@ -128,7 +128,7 @@ agent_pksign_do (CTRL ctrl, const char *desc_text, } else { - /* no smartcard, but a private key */ + /* No smartcard, but a private key */ gcry_sexp_t s_hash = NULL; @@ -176,15 +176,15 @@ agent_pksign_do (CTRL ctrl, const char *desc_text, /* SIGN whatever information we have accumulated in CTRL and write it back to OUTFP. */ int -agent_pksign (CTRL ctrl, const char *desc_text, - membuf_t *outbuf, int ignore_cache) +agent_pksign (ctrl_t ctrl, const char *desc_text, + membuf_t *outbuf, cache_mode_t cache_mode) { gcry_sexp_t s_sig = NULL; char *buf = NULL; size_t len = 0; int rc = 0; - rc = agent_pksign_do (ctrl, desc_text, &s_sig, ignore_cache); + rc = agent_pksign_do (ctrl, desc_text, &s_sig, cache_mode); if (rc) goto leave; diff --git a/agent/query.c b/agent/query.c index d3b42a416..c1e4dbacc 100644 --- a/agent/query.c +++ b/agent/query.c @@ -49,7 +49,7 @@ #define LOCK_TIMEOUT (1*60) -static ASSUAN_CONTEXT entry_ctx = NULL; +static assuan_context_t entry_ctx = NULL; #ifdef USE_GNU_PTH static pth_mutex_t entry_lock; #endif @@ -82,6 +82,30 @@ initialize_module_query (void) +static void +dump_mutex_state (pth_mutex_t *m) +{ + if (!(m->mx_state & PTH_MUTEX_INITIALIZED)) + log_printf ("not_initialized"); + else if (!(m->mx_state & PTH_MUTEX_LOCKED)) + log_printf ("not_locked"); + else + log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count); +} + + +/* This function may be called to print infromation pertaining to the + current state of this module to the log. */ +void +agent_query_dump_state (void) +{ + log_info ("agent_query_dump_state: entry_lock="); + dump_mutex_state (&entry_lock); + log_printf ("\n"); + log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld\n", + entry_ctx, (long)assuan_get_pid (entry_ctx)); +} + /* Unlock the pinentry so that another thread can start one and disconnect that pinentry - we do this after the unlock so that a @@ -90,8 +114,9 @@ initialize_module_query (void) static int unlock_pinentry (int rc) { - ASSUAN_CONTEXT ctx = entry_ctx; + assuan_context_t ctx = entry_ctx; + entry_ctx = NULL; #ifdef USE_GNU_PTH if (!pth_mutex_release (&entry_lock)) { @@ -100,7 +125,6 @@ unlock_pinentry (int rc) rc = gpg_error (GPG_ERR_INTERNAL); } #endif - entry_ctx = NULL; assuan_disconnect (ctx); return rc; } diff --git a/common/sysutils.c b/common/sysutils.c index 97fa23d95..a8f6f6f5d 100644 --- a/common/sysutils.c +++ b/common/sysutils.c @@ -105,7 +105,7 @@ enable_core_dumps (void) setrlimit (RLIMIT_CORE, &limit); return 1; /* We always return true because trhis function is merely a debugging aid. */ -#endif +# endif return 1; #endif } diff --git a/doc/ChangeLog b/doc/ChangeLog index f353bdf03..c4d263513 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,5 +1,9 @@ 2005-06-03 Werner Koch + * debugging.texi (Architecture Details): New section, mostly empty. + * gnupg-card-architecture.fig: New. + * Makefile.am: Rules to build png and eps versions. + * gpg-agent.texi (Agent UPDATESTARTUPTTY): New. 2005-05-17 Werner Koch diff --git a/doc/Makefile.am b/doc/Makefile.am index 988bbf849..fdcd62dc0 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -18,14 +18,34 @@ ## Process this file with automake to produce Makefile.in -EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg +EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg \ + gnupg-card-architecture.eps gnupg-card-architecture.png + +BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png info_TEXINFOS = gnupg.texi + + gnupg_TEXINFOS = \ gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi assuan.texi \ tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \ - sysnotes.texi + sysnotes.texi gnupg-card-architecture.fig DISTCLEANFILES = gnupg.tmp gnupg.ops + + +.fig.png: + fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.jpg: + fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.eps: + fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@ + +.fig.pdf: + fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@ + + diff --git a/doc/debugging.texi b/doc/debugging.texi index 49ab70bde..429dbd407 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -18,6 +18,7 @@ solve the problem at hand. @menu * Debugging Tools:: Description of some useful tools * Common Problems:: Commonly seen problems. +* Architecture Details:: How the whole thing works internally. @end menu @@ -105,6 +106,49 @@ shell). Even for GUI based Pinentries; you should have set on how to do it. +@item SSH hangs while a popping up pinentry was expected + +SSH has no way to tell the gpg-agent what terminal or X display it is +running on. So when remotely logging into a box where a gpg-agent with +SSH support is running, the pinentry will get popped up on whatever +display t he gpg-agent has been started. To solve this problem you may +issue the command + +@smallexample +echo UPDATESTARTUPTTY | gpg-connect-agent +@end smallexample + +and the next pinentry will pop up on your display or screen. However, +you need to kill the running pinentry first because only one pinentry +may be running at once. If you plan to use ssh on a new display you +should issue the above command before invoking ssh or any other service +making use of ssh. + @end itemize + +@c ******************************************** +@c *** Architecture Details ***************** +@c ******************************************** +@node Architecture Details +@section How the whole thing works internally. + + +@menu +* gpg 1.4 vs. 1.9:: Relationship between the two branches. +@end menu + +@node gpg 1.4 vs. 1.9 +@subsection Relationship between the two branches. + +Here is a little picture showing how the components work together: + +@image{gnupg-card-architecture, 14cm} + +@noindent +Lets try to explain it: + +TO BE DONE. + + diff --git a/doc/gnupg-card-architecture.fig b/doc/gnupg-card-architecture.fig new file mode 100644 index 000000000..e5772cd0f --- /dev/null +++ b/doc/gnupg-card-architecture.fig @@ -0,0 +1,419 @@ +#FIG 3.2 Produced by xfig version 3.2.5-alpha5 +# Copyright 2005 Werner Koch +# +# This file is part of GnuPG. +# +# GnuPG is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# GnuPG is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +Landscape +Center +Metric +A4 +100.00 +Single +-2 +1200 2 +0 32 #414541 +0 33 #808080 +0 34 #c0c0c0 +0 35 #c6b797 +0 36 #eff8ff +0 37 #dccba6 +0 38 #e0e0e0 +0 39 #8e8f8e +0 40 #aaaaaa +0 41 #555555 +0 42 #404040 +0 43 #868286 +0 44 #c7c3c7 +0 45 #e7e3e7 +0 46 #8e8e8e +0 47 #444444 +0 48 #868686 +0 49 #c7c7c7 +0 50 #666666 +0 51 #e2e2ee +0 52 #94949a +0 53 #dbdbdb +0 54 #a1a1b7 +0 55 #9c0000 +0 56 #ededed +0 57 #86acff +0 58 #7070ff +0 59 #bebebe +0 60 #515151 +0 61 #000049 +0 62 #797979 +0 63 #303430 +0 64 #c7b696 +0 65 #d7d7d7 +0 66 #aeaeae +0 67 #85807d +0 68 #d2d2d2 +0 69 #3a3a3a +0 70 #4573aa +0 71 #000000 +0 72 #e7e7e7 +0 73 #f7f7f7 +0 74 #d6d7d6 +0 75 #7b79a5 +0 76 #effbff +0 77 #9e9e9e +0 78 #717571 +0 79 #73758c +0 80 #414141 +0 81 #635dce +0 82 #565151 +0 83 #dd9d93 +0 84 #f1ece0 +0 85 #c3c3c3 +0 86 #e2c8a8 +0 87 #e1e1e1 +0 88 #da7a1a +0 89 #f1e41a +0 90 #887dc2 +0 91 #d6d6d6 +0 92 #8c8ca5 +0 93 #4a4a4a +0 94 #8c6b6b +0 95 #5a5a5a +0 96 #636363 +0 97 #b79b73 +0 98 #4193ff +0 99 #bf703b +0 100 #db7700 +0 101 #dab800 +0 102 #006400 +0 103 #5a6b3b +0 104 #d3d3d3 +0 105 #8e8ea4 +0 106 #f3b95d +0 107 #89996b +0 108 #646464 +0 109 #b7e6ff +0 110 #86c0ec +0 111 #bdbdbd +0 112 #d39552 +0 113 #98d2fe +0 114 #8c9c6b +0 115 #f76b00 +0 116 #5a6b39 +0 117 #8c9c6b +0 118 #8c9c7b +0 119 #184a18 +0 120 #adadad +0 121 #f7bd5a +0 122 #636b9c +0 123 #de0000 +0 124 #adadad +0 125 #f7bd5a +0 126 #adadad +0 127 #f7bd5a +0 128 #636b9c +0 129 #526b29 +0 130 #949494 +0 131 #006300 +0 132 #00634a +0 133 #7b844a +0 134 #e7bd7b +0 135 #a5b5c6 +0 136 #6b6b94 +0 137 #846b6b +0 138 #529c4a +0 139 #d6e7e7 +0 140 #526363 +0 141 #186b4a +0 142 #9ca5b5 +0 143 #ff9400 +0 144 #ff9400 +0 145 #00634a +0 146 #7b844a +0 147 #63737b +0 148 #e7bd7b +0 149 #184a18 +0 150 #f7bd5a +0 151 #dedede +0 152 #f3eed3 +0 153 #f5ae5d +0 154 #95ce99 +0 155 #b5157d +0 156 #eeeeee +0 157 #848484 +0 158 #7b7b7b +0 159 #005a00 +0 160 #e77373 +0 161 #ffcb31 +0 162 #29794a +0 163 #de2821 +0 164 #2159c6 +0 165 #f8f8f8 +0 166 #e6e6e6 +0 167 #21845a +0 168 #ff9408 +0 169 #007000 +0 170 #d00000 +0 171 #fed600 +0 172 #d82010 +0 173 #003484 +0 174 #d62010 +0 175 #389000 +0 176 #ba0000 +0 177 #003380 +0 178 #00a7bd +0 179 #ffc500 +0 180 #087bd0 +0 181 #fbc100 +0 182 #840029 +0 183 #07399c +0 184 #0063bd +0 185 #39acdf +0 186 #42c0e0 +0 187 #31ceff +0 188 #ffde00 +0 189 #085a00 +0 190 #ff2100 +0 191 #f75e08 +0 192 #ef7b08 +0 193 #ff8200 +0 194 #007d00 +0 195 #0000be +0 196 #757575 +0 197 #f3f3f3 +0 198 #d7d3d7 +0 199 #aeaaae +0 200 #c2c2c2 +0 201 #303030 +0 202 #515551 +0 203 #f7f3f7 +0 204 #717171 +6 9270 1980 13230 6570 +6 9471 3906 13014 5677 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 10540 4394 10540 3936 9471 3936 9471 4394 10540 4394 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 10387 5616 10387 5158 9471 5158 9471 5616 10387 5616 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 12984 5005 12984 4547 9471 4547 9471 5005 12984 5005 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 12984 5616 12984 5158 12067 5158 12067 5616 12984 5616 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 11701 5627 11701 5168 10784 5168 10784 5627 11701 5627 +4 0 0 50 -1 16 11 0.0000 4 173 835 9623 4242 OpenPGP\001 +4 0 0 50 -1 16 11 0.0000 4 132 2770 9776 4853 APDU and ISO-7816 access code\001 +4 0 0 50 -1 16 11 0.0000 4 132 448 9623 5464 CCID\001 +4 0 0 50 -1 16 11 0.0000 4 132 601 12220 5464 CT-API\001 +4 0 0 50 -1 16 11 0.0000 4 132 560 10957 5464 PC/SC\001 +-6 +6 10693 3906 13014 4394 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 11762 4394 11762 3936 10693 3936 10693 4394 11762 4394 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 12984 4394 12984 3936 11915 3936 11915 4394 12984 4394 +4 0 0 50 -1 16 11 0.0000 4 132 377 10998 4242 NKS\001 +4 0 0 50 -1 16 11 0.0000 4 132 804 12067 4242 PKCS#15\001 +-6 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 13137 2072 9318 2072 9318 5739 13137 5739 13137 2072 +2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2 + 9318 3753 13137 3753 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 11691 6360 10774 6360 10774 5901 11691 5901 11691 6360 +2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1 + 11762 5739 +2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 4 + 10693 5739 10693 6502 11762 6502 11762 5739 +4 0 0 50 -1 18 15 0.0000 4 183 1293 10540 2989 SCDaemon\001 +4 0 0 50 -1 16 11 0.0000 4 133 662 10896 6176 wrapper\001 +-6 +6 90 1980 4050 5760 +6 306 3906 3849 5677 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 1375 4394 1375 3936 306 3936 306 4394 1375 4394 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 1222 5616 1222 5158 306 5158 306 5616 1222 5616 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 3819 5005 3819 4547 306 4547 306 5005 3819 5005 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 3819 5616 3819 5158 2902 5158 2902 5616 3819 5616 +2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5 + 2536 5627 2536 5168 1619 5168 1619 5627 2536 5627 +4 0 0 50 -1 16 11 0.0000 4 173 835 458 4242 OpenPGP\001 +4 0 0 50 -1 16 11 0.0000 4 132 2770 611 4853 APDU and ISO-7816 access code\001 +4 0 0 50 -1 16 11 0.0000 4 132 448 458 5464 CCID\001 +4 0 0 50 -1 16 11 0.0000 4 132 601 3055 5464 CT-API\001 +4 0 0 50 -1 16 11 0.0000 4 132 560 1792 5464 PC/SC\001 +-6 +6 2139 3753 3208 4211 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 3208 4211 3208 3753 2139 3753 2139 4211 3208 4211 +4 0 0 50 -1 16 11 0.0000 4 132 784 2291 4058 Gluecode\001 +-6 +2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1 + 2597 5739 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 2139 4028 1405 4150 +2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 4 + 153 3753 1833 3753 1833 4364 3972 4364 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 3972 2072 153 2072 153 5739 3972 5739 3972 2072 +4 0 0 50 -1 18 15 0.0000 4 224 866 1375 2989 gpg 1.4\001 +-6 +6 4888 4058 5346 5433 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 5346 5433 5346 4058 4888 4058 4888 5433 5346 5433 +4 0 0 50 -1 16 11 1.5708 4 132 611 5194 5128 Assuan\001 +-6 +6 4680 1980 8640 5760 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 5346 3753 5346 2378 4888 2378 4888 3753 5346 3753 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 8554 5739 4735 5739 4735 2072 8554 2072 8554 5739 +4 0 0 50 -1 16 11 1.5708 4 173 804 5194 3447 ssh-agent\001 +-6 +6 5805 3447 7332 4975 +6 5957 3447 7179 4211 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 7179 4211 7179 3447 5957 3447 5957 4211 7179 4211 +4 0 0 50 -1 16 11 0.0000 4 173 937 6110 3753 Private Key\001 +4 0 0 50 -1 16 11 0.0000 4 173 896 6110 4058 Operations\001 +-6 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1 + 7195 4883 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1 + 7195 4883 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 7332 4975 7332 4517 6721 4517 6721 4975 7332 4975 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2 + 1 1 1.00 40.73 81.47 + 1 1 1.00 40.73 81.47 + 6568 4211 7027 4517 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2 + 1 1 1.00 40.73 81.47 + 1 1 1.00 40.73 81.47 + 6568 4211 6110 4517 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 6416 4975 6416 4517 5805 4517 5805 4975 6416 4975 +4 0 0 50 -1 16 11 0.0000 4 132 397 6874 4822 Card\001 +4 0 0 50 -1 16 11 0.0000 4 132 356 5957 4822 Disk\001 +-6 +6 7638 3600 8401 4058 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 8401 4058 8401 3600 7638 3600 7638 4058 8401 4058 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1 + 7638 3814 +4 0 0 50 -1 16 11 0.0000 4 132 530 7790 3905 Cache\001 +-6 +6 9471 2225 9929 3600 +2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5 + 9929 3600 9929 2225 9471 2225 9471 3600 9929 3600 +4 0 0 50 -1 16 11 1.5708 4 132 611 9776 3294 Assuan\001 +-6 +6 6480 360 8640 1440 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 8554 1339 6568 1339 6568 423 8554 423 8554 1339 +4 0 0 50 -1 18 15 0.0000 4 234 967 7027 881 pinentry\001 +4 0 0 50 -1 16 10 0.0000 4 153 1375 6874 1187 (GTK+, Qt, Curses)\001 +-6 +6 10570 270 13137 1003 +2 1 1 1 1 2 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 10632 331 11181 331 +2 1 0 2 1 2 50 -1 -1 6.000 0 0 -1 1 0 2 + 1 1 2.00 81.47 162.94 + 10632 637 11181 637 +2 1 0 1 0 2 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 10632 942 11181 942 +4 0 0 50 -1 16 10 0.0000 4 163 1762 11365 392 Alternative access paths\001 +4 0 0 50 -1 16 10 0.0000 4 163 1426 11365 698 IPC (pipe or socket)\001 +4 0 0 50 -1 16 10 0.0000 4 122 1232 11365 1003 Internal data flow\001 +-6 +# Smartcard ID-1 +6 6840 6120 8550 7200 +6 7069 6526 7307 6746 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7234 6691 7307 6691 +2 1 0 1 0 0 48 -1 20 0.000 0 0 -1 0 0 2 + 7069 6636 7143 6636 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7069 6581 7143 6581 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7069 6691 7143 6691 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7143 6526 7143 6746 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 3 + 7307 6581 7234 6581 7234 6746 +2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2 + 7234 6636 7307 6636 +2 4 0 1 0 31 49 -1 20 0.000 0 0 1 0 0 5 + 7069 6526 7307 6526 7307 6746 7069 6746 7069 6526 +-6 +2 4 0 1 -1 7 50 -1 20 0.000 0 0 1 0 0 5 + 8472 7185 6904 7185 6904 6197 8472 6197 8472 7185 +-6 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 5346 3142 5957 3753 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2 + 1 1 1.00 40.73 81.47 + 5346 4669 5957 3905 +2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2 + 1 1 1.00 40.73 81.47 + 1 1 1.00 40.73 81.47 + 7179 3814 7638 3814 +2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5 + 11731 7480 10693 7480 10693 6991 11731 6991 11731 7480 +3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3 + 1 1 2.00 81.47 162.94 + 8022 3600 8096 2225 7513 1360 + 0.000 -1.000 0.000 +3 2 0 2 1 2 50 -1 -1 0.000 0 1 0 3 + 0 0 2.00 81.47 162.94 + 7332 4730 8737 4486 9471 2897 + 0.000 -1.000 0.000 +3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3 + 1 1 2.00 81.47 162.94 + 3238 3997 4216 4242 4888 4730 + 0.000 -1.000 0.000 +3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3 + 1 1 2.00 81.47 162.94 + 11243 6502 11304 6747 11181 6991 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 10693 7235 9471 7174 8493 6869 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 9898 5647 9532 6380 8493 6563 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 12465 5647 11731 6624 8493 6747 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 2077 5647 3177 6502 6843 6624 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 733 5647 2444 6808 6843 6747 + 0.000 -1.000 0.000 +3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3 + 1 1 1.00 40.73 81.47 + 3361 5647 4155 6319 6843 6502 + 0.000 -1.000 0.000 +4 0 0 50 -1 18 15 0.0000 4 214 1191 5957 2989 gpg-agent\001 +4 0 0 50 -1 16 11 0.0000 4 173 387 10998 7297 pcsd\001 diff --git a/doc/gnupg.texi b/doc/gnupg.texi index 4c30980b3..d92f01cd9 100644 --- a/doc/gnupg.texi +++ b/doc/gnupg.texi @@ -86,14 +86,15 @@ section entitled ``Copying''. @insertcopying @end titlepage - +@ifnothtml @summarycontents @contents @page +@end ifnothtml @ifnottex @node Top -@top The GNU Privacy Guard +@top @insertcopying This manual documents how to use the GNU Privacy Guard system as well as @@ -120,6 +121,20 @@ the administration and the architecture. * Index:: Index of concepts and symbol names. @end menu +@ifhtml + +@center @image{gnupg-badge-openpgp,6cm,,The GnuPG Logo} + +@end ifhtml + + +@ifhtml +@page +@summarycontents +@contents +@end ifhtml + + @include gpg.texi @include gpgsm.texi @include gpg-agent.texi diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 5e8c19468..bad6639e2 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -42,7 +42,8 @@ else fi @end smallexample -The new option @option{--write-env-file} may be used instead. +@noindent +Note that the new option @option{--write-env-file} may be used instead. @noindent @@ -289,6 +290,11 @@ control this behaviour but this command line option takes precedence. Set the time a cache entry is valid to @var{n} seconds. The default are 600 seconds. +@item --default-cache-ttl-ssh @var{n} +@opindex default-cache-ttl +Set the time a cache entry used for SSH keys is valid to @var{n} +seconds. The default are 600 seconds. + @item --max-cache-ttl @var{n} @opindex max-cache-ttl Set the maximum time a cache entry is valid to @var{n} seconds. After @@ -506,12 +512,13 @@ are still pending, a shutdown is forced. @cpindex SIGINT Shuts down the process immediately. - @item SIGUSR1 -@itemx SIGUSR2 @cpindex SIGUSR1 +Dump internal information to the log file. + +@item SIGUSR2 @cpindex SIGUSR2 -These signals are used for internal purposes. +This signal is used for internal purposes. @end table @@ -523,12 +530,44 @@ These signals are used for internal purposes. @c man begin EXAMPLES +The usual way to invoke @command{gpg-agent} is + @example $ eval `gpg-agent --daemon` @end example @c man end +An alternative way is by replacing @command{ssh-agent} with +@command{gpg-agent}. If for example @command{ssh-agent} is started as +part of the Xsession intialization you may simply replace +@command{ssh-agent} by a script like: + +@cartouche +@example +#!/bin/sh + +exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \ + --write-env-file $@{HOME@}/.gpg-agent-info "$@@" +@end example +@end cartouche + +@noindent +and add something like (for Bourne shells) + +@cartouche +@example + if [ -f "$@{HOME@}/.gpg-agent-info" ]; then + . "$@{HOME@}/.gpg-agent-info" + export GPG_AGENT_INFO + export SSH_AUTH_SOCK + export SSH_AGENT_PID + fi +@end example +@end cartouche + +@noindent +to your shell initialization file (e.g. @file{~/.bashrc}). @c @c Assuan Protocol diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 134ca40df..d4a21b5ce 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -181,6 +181,14 @@ protocol. Note that this option may reveal sensitive data. This option disables all ticker functions like checking for card insertions. +@item --debug-allow-core-dump +@opindex debug-allow-core-dump +For security reasons we won't create a core dump when the process +aborts. For debugging purposes it is sometimes better to allow core +dump. This options enables it and also changes the working directory to +@file{/tmp} when running in @option{--server} mode. + + @item --no-detach @opindex no-detach Don't detach the process from the console. This is manly usefule for diff --git a/scd/ChangeLog b/scd/ChangeLog index da433e2f8..0f7e4d2fa 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,7 @@ +2005-06-06 Werner Koch + + * scdaemon.c (main): New option --debug-allow-core-dump. + 2005-06-03 Werner Koch * scdaemon.c (handle_connections): Make sure that the signals we diff --git a/scd/command.c b/scd/command.c index 287f8c921..a308078d3 100644 --- a/scd/command.c +++ b/scd/command.c @@ -70,7 +70,7 @@ struct server_local_s { struct server_local_s *next_session; /* This object is usually assigned to a CTRL object (which is - globally visible). While enumeratin all sessions we sometimes + globally visible). While enumerating all sessions we sometimes need to access data of the CTRL object; thus we keep a backpointer here. */ ctrl_t ctrl_backlink; @@ -860,6 +860,7 @@ cmd_getattr (assuan_context_t ctx, char *line) /* FIXME: Applications should not return sensistive data if the card is locked. */ rc = app_getattr (ctrl->app_ctx, ctrl, keyword); + xfree (keyword); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 5b5e09176..c75e87a62 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -67,6 +67,7 @@ enum cmd_and_opt_values oDebugAll, oDebugLevel, oDebugWait, + oDebugAllowCoreDump, oDebugCCIDDriver, oNoGreeting, oNoOptions, @@ -110,6 +111,7 @@ static ARGPARSE_OPTS opts[] = { { oDebugAll, "debug-all" ,0, "@"}, { oDebugLevel, "debug-level" ,2, "@"}, { oDebugWait,"debug-wait",1, "@"}, + { oDebugAllowCoreDump, "debug-allow-core-dump", 0, "@" }, { oDebugCCIDDriver, "debug-ccid-driver", 0, "@"}, { oDebugDisableTicker, "debug-disable-ticker", 0, "@"}, { oNoDetach, "no-detach" ,0, N_("do not detach from the console")}, @@ -318,6 +320,7 @@ main (int argc, char **argv ) int debug_wait = 0; int gpgconf_list = 0; const char *config_filename = NULL; + int allow_coredump = 0; set_strusage (my_strusage); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); @@ -448,6 +451,10 @@ main (int argc, char **argv ) case oDebugAll: opt.debug = ~0; break; case oDebugLevel: debug_level = pargs.r.ret_str; break; case oDebugWait: debug_wait = pargs.r.ret_int; break; + case oDebugAllowCoreDump: + enable_core_dumps (); + allow_coredump = 1; + break; case oDebugCCIDDriver: ccid_set_debug_level (ccid_set_debug_level (-1)+1); break; @@ -604,6 +611,17 @@ main (int argc, char **argv ) sigaction (SIGPIPE, &sa, NULL); } + /* If --debug-allow-core-dump has been given we also need to + switch the working directory to a place where we can actually + write. */ + if (allow_coredump) + { + if (chdir("/tmp")) + log_debug ("chdir to `/tmp' failed: %s\n", strerror (errno)); + else + log_debug ("changed working directory to `/tmp'\n"); + } + /* In multi server mode we need to listen on an additional socket. Create that socket now before starting the handler for the pipe connection. This allows that handler to send