mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
New debugging optionhs, updates to the manual.
This commit is contained in:
parent
941880a28b
commit
3370164182
5
NEWS
5
NEWS
@ -13,9 +13,12 @@ Noteworthy changes in version 1.9.17
|
||||
does allows only signing using TCOS cards but we are going to
|
||||
enhance it to match all the old capabilities.
|
||||
|
||||
* [gpg-agent] New option --rite-env-file and Assuan command
|
||||
* [gpg-agent] New option --write-env-file and Assuan command
|
||||
UPDATESTARTUPTTY.
|
||||
|
||||
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
|
||||
SSH passphrase caching independent from the other passphrases.
|
||||
|
||||
|
||||
Noteworthy changes in version 1.9.16 (2005-04-21)
|
||||
-------------------------------------------------
|
||||
|
@ -1,3 +1,24 @@
|
||||
2005-06-06 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpg-agent.c: New option --default-cache-ttl-ssh.
|
||||
* agent.h (cache_mode_t): New.
|
||||
* pksign.c (agent_pksign_do): New arg CACHE_MODE to replace the
|
||||
ARG IGNORE_CACHE. Changed all callers.
|
||||
(agent_pksign): Ditto.
|
||||
* findkey.c (agent_key_from_file): Ditto. Canged all callers.
|
||||
(unprotect): Ditto.
|
||||
* command-ssh.c (data_sign): Use CACHE_MODE_SSH.
|
||||
* cache.c (agent_get_cache): New arg CACHE_MODE.
|
||||
(agent_put_cache): Ditto. Store it in the cache.
|
||||
|
||||
* query.c (agent_query_dump_state, dump_mutex_state): New.
|
||||
(unlock_pinentry): Reset the global context before releasing the
|
||||
mutex.
|
||||
* gpg-agent.c (handle_signal): Dump query.c info on SIGUSR1.
|
||||
|
||||
* call-scd.c (agent_scd_check_aliveness): Always do a waitpid and
|
||||
add a timeout to the locking.
|
||||
|
||||
2005-06-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* command.c (cmd_updatestartuptty): New.
|
||||
|
@ -69,9 +69,13 @@ struct {
|
||||
smartcard tasks. */
|
||||
int disable_scdaemon; /* Never use the SCdaemon. */
|
||||
int no_grab; /* Don't let the pinentry grab the keyboard */
|
||||
unsigned long def_cache_ttl;
|
||||
|
||||
/* The default and maximum TTL of cache entries. */
|
||||
unsigned long def_cache_ttl; /* Normal. */
|
||||
unsigned long def_cache_ttl_ssh; /* SSH. */
|
||||
unsigned long max_cache_ttl;
|
||||
|
||||
|
||||
int running_detached; /* We are running detached from the tty. */
|
||||
|
||||
int ignore_cache_for_signing;
|
||||
@ -147,12 +151,26 @@ struct pin_entry_info_s {
|
||||
};
|
||||
|
||||
|
||||
enum {
|
||||
PRIVATE_KEY_UNKNOWN = 0,
|
||||
PRIVATE_KEY_CLEAR = 1,
|
||||
PRIVATE_KEY_PROTECTED = 2,
|
||||
PRIVATE_KEY_SHADOWED = 3
|
||||
};
|
||||
enum
|
||||
{
|
||||
PRIVATE_KEY_UNKNOWN = 0,
|
||||
PRIVATE_KEY_CLEAR = 1,
|
||||
PRIVATE_KEY_PROTECTED = 2,
|
||||
PRIVATE_KEY_SHADOWED = 3
|
||||
};
|
||||
|
||||
|
||||
/* Values for the cache_mode arguments. */
|
||||
typedef enum
|
||||
{
|
||||
CACHE_MODE_IGNORE = 0, /* Special mode to by pass the cache. */
|
||||
CACHE_MODE_ANY, /* Any mode except ignore matches. */
|
||||
CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */
|
||||
CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */
|
||||
CACHE_MODE_SSH /* SSH related cache. */
|
||||
}
|
||||
cache_mode_t;
|
||||
|
||||
|
||||
/*-- gpg-agent.c --*/
|
||||
void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */
|
||||
@ -171,7 +189,8 @@ gpg_error_t agent_key_from_file (ctrl_t ctrl,
|
||||
const char *desc_text,
|
||||
const unsigned char *grip,
|
||||
unsigned char **shadow_info,
|
||||
int ignore_cache, gcry_sexp_t *result);
|
||||
cache_mode_t cache_mode,
|
||||
gcry_sexp_t *result);
|
||||
gpg_error_t agent_public_key_from_file (ctrl_t ctrl,
|
||||
const unsigned char *grip,
|
||||
gcry_sexp_t *result);
|
||||
@ -179,6 +198,7 @@ int agent_key_available (const unsigned char *grip);
|
||||
|
||||
/*-- query.c --*/
|
||||
void initialize_module_query (void);
|
||||
void agent_query_dump_state (void);
|
||||
int agent_askpin (ctrl_t ctrl,
|
||||
const char *desc_text, const char *prompt_text,
|
||||
const char *inital_errtext,
|
||||
@ -191,16 +211,19 @@ int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok,
|
||||
|
||||
/*-- cache.c --*/
|
||||
void agent_flush_cache (void);
|
||||
int agent_put_cache (const char *key, const char *data, int ttl);
|
||||
const char *agent_get_cache (const char *key, void **cache_id);
|
||||
int agent_put_cache (const char *key, cache_mode_t cache_mode,
|
||||
const char *data, int ttl);
|
||||
const char *agent_get_cache (const char *key, cache_mode_t cache_mode,
|
||||
void **cache_id);
|
||||
void agent_unlock_cache_entry (void **cache_id);
|
||||
|
||||
|
||||
/*-- pksign.c --*/
|
||||
int agent_pksign_do (CTRL ctrl, const char *desc_text,
|
||||
gcry_sexp_t *signature_sexp, int ignore_cache);
|
||||
int agent_pksign_do (ctrl_t ctrl, const char *desc_text,
|
||||
gcry_sexp_t *signature_sexp,
|
||||
cache_mode_t cache_mode);
|
||||
int agent_pksign (ctrl_t ctrl, const char *desc_text,
|
||||
membuf_t *outbuf, int ignore_cache);
|
||||
membuf_t *outbuf, cache_mode_t cache_mode);
|
||||
|
||||
/*-- pkdecrypt.c --*/
|
||||
int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text,
|
||||
|
@ -42,6 +42,7 @@ struct cache_item_s {
|
||||
int ttl; /* max. lifetime given in seconds, -1 one means infinite */
|
||||
int lockcount;
|
||||
struct secret_data_s *pw;
|
||||
cache_mode_t cache_mode;
|
||||
char key[1];
|
||||
};
|
||||
|
||||
@ -78,6 +79,7 @@ new_data (const void *data, size_t length)
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* check whether there are items to expire */
|
||||
static void
|
||||
housekeeping (void)
|
||||
@ -85,7 +87,7 @@ housekeeping (void)
|
||||
ITEM r, rprev;
|
||||
time_t current = gnupg_get_time ();
|
||||
|
||||
/* first expire the actual data */
|
||||
/* First expire the actual data */
|
||||
for (r=thecache; r; r = r->next)
|
||||
{
|
||||
if (!r->lockcount && r->pw
|
||||
@ -100,7 +102,7 @@ housekeeping (void)
|
||||
}
|
||||
}
|
||||
|
||||
/* second, make sure that we also remove them based on the created stamp so
|
||||
/* Second, make sure that we also remove them based on the created stamp so
|
||||
that the user has to enter it from time to time. We do this every hour */
|
||||
for (r=thecache; r; r = r->next)
|
||||
{
|
||||
@ -115,7 +117,7 @@ housekeeping (void)
|
||||
}
|
||||
}
|
||||
|
||||
/* third, make sure that we don't have too many items in the list.
|
||||
/* Third, make sure that we don't have too many items in the list.
|
||||
Expire old and unused entries after 30 minutes */
|
||||
for (rprev=NULL, r=thecache; r; )
|
||||
{
|
||||
@ -186,19 +188,27 @@ agent_flush_cache (void)
|
||||
with a maximum lifetime of TTL seconds. If there is already data
|
||||
under this key, it will be replaced. Using a DATA of NULL deletes
|
||||
the entry. A TTL of 0 is replaced by the default TTL and a TTL of
|
||||
-1 set infinite timeout. */
|
||||
-1 set infinite timeout. CACHE_MODE is stored with the cache entry
|
||||
and used t select different timeouts. */
|
||||
int
|
||||
agent_put_cache (const char *key, const char *data, int ttl)
|
||||
agent_put_cache (const char *key, cache_mode_t cache_mode,
|
||||
const char *data, int ttl)
|
||||
{
|
||||
ITEM r;
|
||||
|
||||
if (DBG_CACHE)
|
||||
log_debug ("agent_put_cache `%s' requested ttl=%d\n", key, ttl);
|
||||
log_debug ("agent_put_cache `%s' requested ttl=%d mode=%d\n",
|
||||
key, ttl, cache_mode);
|
||||
housekeeping ();
|
||||
|
||||
if (!ttl)
|
||||
ttl = opt.def_cache_ttl;
|
||||
if (!ttl)
|
||||
{
|
||||
if (cache_mode == CACHE_MODE_SSH)
|
||||
ttl = opt.def_cache_ttl_ssh;
|
||||
else
|
||||
ttl = opt.def_cache_ttl;
|
||||
}
|
||||
if (!ttl || cache_mode == CACHE_MODE_IGNORE)
|
||||
return 0;
|
||||
|
||||
for (r=thecache; r; r = r->next)
|
||||
@ -217,6 +227,7 @@ agent_put_cache (const char *key, const char *data, int ttl)
|
||||
{
|
||||
r->created = r->accessed = gnupg_get_time ();
|
||||
r->ttl = ttl;
|
||||
r->cache_mode = cache_mode;
|
||||
r->pw = new_data (data, strlen (data)+1);
|
||||
if (!r->pw)
|
||||
log_error ("out of core while allocating new cache item\n");
|
||||
@ -232,6 +243,7 @@ agent_put_cache (const char *key, const char *data, int ttl)
|
||||
strcpy (r->key, key);
|
||||
r->created = r->accessed = gnupg_get_time ();
|
||||
r->ttl = ttl;
|
||||
r->cache_mode = cache_mode;
|
||||
r->pw = new_data (data, strlen (data)+1);
|
||||
if (!r->pw)
|
||||
{
|
||||
@ -249,12 +261,16 @@ agent_put_cache (const char *key, const char *data, int ttl)
|
||||
}
|
||||
|
||||
|
||||
/* Try to find an item in the cache */
|
||||
/* Try to find an item in the cache. Note that we currently don't
|
||||
make use of CACHE_MODE. */
|
||||
const char *
|
||||
agent_get_cache (const char *key, void **cache_id)
|
||||
agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id)
|
||||
{
|
||||
ITEM r;
|
||||
|
||||
if (cache_mode == CACHE_MODE_IGNORE)
|
||||
return NULL;
|
||||
|
||||
if (DBG_CACHE)
|
||||
log_debug ("agent_get_cache `%s'...\n", key);
|
||||
housekeeping ();
|
||||
|
@ -372,25 +372,33 @@ start_scd (ctrl_t ctrl)
|
||||
void
|
||||
agent_scd_check_aliveness (void)
|
||||
{
|
||||
pth_event_t evt;
|
||||
pid_t pid;
|
||||
int rc;
|
||||
|
||||
/* We can do so only if there is no more active primary connection.
|
||||
With an active primary connection, this is all no problem because
|
||||
with the end of gpg-agent's session a disconnect is send and the
|
||||
this function will be used at a later time. */
|
||||
if (!primary_scd_ctx || !primary_scd_ctx_reusable)
|
||||
return;
|
||||
if (!primary_scd_ctx)
|
||||
return; /* No scdaemon running. */
|
||||
|
||||
if (!pth_mutex_acquire (&start_scd_lock, 0, NULL))
|
||||
/* This is not a critical function so we use a short timeout while
|
||||
acquiring the lock. */
|
||||
evt = pth_event (PTH_EVENT_TIME, pth_timeout (1, 0));
|
||||
if (!pth_mutex_acquire (&start_scd_lock, 0, evt))
|
||||
{
|
||||
log_error ("failed to acquire the start_scd lock while"
|
||||
" doing an aliveness check: %s\n",
|
||||
strerror (errno));
|
||||
if (pth_event_occurred (evt))
|
||||
{
|
||||
if (opt.verbose > 1)
|
||||
log_info ("failed to acquire the start_scd lock while"
|
||||
" doing an aliveness check: %s\n", "timeout");
|
||||
}
|
||||
else
|
||||
log_error ("failed to acquire the start_scd lock while"
|
||||
" doing an aliveness check: %s\n", strerror (errno));
|
||||
pth_event_free (evt, PTH_FREE_THIS);
|
||||
return;
|
||||
}
|
||||
pth_event_free (evt, PTH_FREE_THIS);
|
||||
|
||||
if (primary_scd_ctx && primary_scd_ctx_reusable)
|
||||
if (primary_scd_ctx)
|
||||
{
|
||||
pid = assuan_get_pid (primary_scd_ctx);
|
||||
if (pid != (pid_t)(-1) && pid
|
||||
|
@ -2014,7 +2014,8 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
|
||||
ctrl->use_auth_call = 1;
|
||||
err = agent_pksign_do (ctrl,
|
||||
_("Please enter the passphrase "
|
||||
"for the ssh key%0A %c"), &signature_sexp, 0);
|
||||
"for the ssh key%0A %c"), &signature_sexp,
|
||||
CACHE_MODE_SSH);
|
||||
ctrl->use_auth_call = 0;
|
||||
if (err)
|
||||
goto out;
|
||||
@ -2386,7 +2387,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl)
|
||||
for (i = 0; i < 20; i++)
|
||||
sprintf (key_grip + 2 * i, "%02X", key_grip_raw[i]);
|
||||
|
||||
err = agent_put_cache (key_grip, pi->pin, ttl);
|
||||
err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl);
|
||||
if (err)
|
||||
goto out;
|
||||
|
||||
|
@ -404,19 +404,19 @@ static int
|
||||
cmd_pksign (ASSUAN_CONTEXT ctx, char *line)
|
||||
{
|
||||
int rc;
|
||||
int ignore_cache = 0;
|
||||
cache_mode_t cache_mode = CACHE_MODE_NORMAL;
|
||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||
membuf_t outbuf;
|
||||
|
||||
if (opt.ignore_cache_for_signing)
|
||||
ignore_cache = 1;
|
||||
cache_mode = CACHE_MODE_IGNORE;
|
||||
else if (!ctrl->server_local->use_cache_for_signing)
|
||||
ignore_cache = 1;
|
||||
cache_mode = CACHE_MODE_IGNORE;
|
||||
|
||||
init_membuf (&outbuf, 512);
|
||||
|
||||
rc = agent_pksign (ctrl, ctrl->server_local->keydesc,
|
||||
&outbuf, ignore_cache);
|
||||
&outbuf, cache_mode);
|
||||
if (rc)
|
||||
clear_outbuf (&outbuf);
|
||||
else
|
||||
@ -623,7 +623,8 @@ cmd_get_passphrase (ASSUAN_CONTEXT ctx, char *line)
|
||||
desc = NULL;
|
||||
|
||||
/* Note: we store the hexified versions in the cache. */
|
||||
pw = cacheid ? agent_get_cache (cacheid, &cache_marker) : NULL;
|
||||
pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL, &cache_marker)
|
||||
: NULL;
|
||||
if (pw)
|
||||
{
|
||||
assuan_begin_confidential (ctx);
|
||||
@ -647,7 +648,7 @@ cmd_get_passphrase (ASSUAN_CONTEXT ctx, char *line)
|
||||
if (!rc)
|
||||
{
|
||||
if (cacheid)
|
||||
agent_put_cache (cacheid, response, 0);
|
||||
agent_put_cache (cacheid, CACHE_MODE_USER, response, 0);
|
||||
assuan_begin_confidential (ctx);
|
||||
rc = assuan_set_okay_line (ctx, response);
|
||||
xfree (response);
|
||||
@ -682,7 +683,7 @@ cmd_clear_passphrase (ASSUAN_CONTEXT ctx, char *line)
|
||||
if (!cacheid || !*cacheid || strlen (cacheid) > 50)
|
||||
return set_error (Parameter_Error, "invalid length of cacheID");
|
||||
|
||||
agent_put_cache (cacheid, NULL, 0);
|
||||
agent_put_cache (cacheid, CACHE_MODE_USER, NULL, 0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -772,7 +773,7 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line)
|
||||
Assuan error code. */
|
||||
|
||||
rc = agent_key_from_file (ctrl, ctrl->server_local->keydesc,
|
||||
grip, &shadow_info, 1, &s_skey);
|
||||
grip, &shadow_info, CACHE_MODE_IGNORE, &s_skey);
|
||||
if (rc)
|
||||
;
|
||||
else if (!s_skey)
|
||||
@ -842,7 +843,7 @@ cmd_preset_passphrase (ASSUAN_CONTEXT ctx, char *line)
|
||||
else
|
||||
return map_to_assuan_status (gpg_error (GPG_ERR_NOT_IMPLEMENTED));
|
||||
|
||||
rc = agent_put_cache (grip_clear, passphrase, ttl);
|
||||
rc = agent_put_cache (grip_clear, CACHE_MODE_ANY, passphrase, ttl);
|
||||
|
||||
if (rc)
|
||||
log_error ("command preset_passwd failed: %s\n", gpg_strerror (rc));
|
||||
|
@ -230,8 +230,9 @@ modify_description (const char *in, const char *comment, char **result)
|
||||
caching mechanism. DESC_TEXT may be set to override the default
|
||||
description used for the pinentry. */
|
||||
static int
|
||||
unprotect (CTRL ctrl, const char *desc_text,
|
||||
unsigned char **keybuf, const unsigned char *grip, int ignore_cache)
|
||||
unprotect (ctrl_t ctrl, const char *desc_text,
|
||||
unsigned char **keybuf, const unsigned char *grip,
|
||||
cache_mode_t cache_mode)
|
||||
{
|
||||
struct pin_entry_info_s *pi;
|
||||
struct try_unprotect_arg_s arg;
|
||||
@ -246,10 +247,12 @@ unprotect (CTRL ctrl, const char *desc_text,
|
||||
|
||||
/* First try to get it from the cache - if there is none or we can't
|
||||
unprotect it, we fall back to ask the user */
|
||||
if (!ignore_cache)
|
||||
if (cache_mode != CACHE_MODE_IGNORE)
|
||||
{
|
||||
void *cache_marker;
|
||||
const char *pw = agent_get_cache (hexgrip, &cache_marker);
|
||||
const char *pw;
|
||||
|
||||
pw = agent_get_cache (hexgrip, cache_mode, &cache_marker);
|
||||
if (pw)
|
||||
{
|
||||
rc = agent_unprotect (*keybuf, pw, &result, &resultlen);
|
||||
@ -280,7 +283,7 @@ unprotect (CTRL ctrl, const char *desc_text,
|
||||
if (!rc)
|
||||
{
|
||||
assert (arg.unprotected_key);
|
||||
agent_put_cache (hexgrip, pi->pin, 0);
|
||||
agent_put_cache (hexgrip, cache_mode, pi->pin, 0);
|
||||
xfree (*keybuf);
|
||||
*keybuf = arg.unprotected_key;
|
||||
}
|
||||
@ -360,14 +363,13 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result)
|
||||
/* Return the secret key as an S-Exp in RESULT after locating it using
|
||||
the grip. Returns NULL in RESULT if the operation should be
|
||||
diverted to a token; SHADOW_INFO will point then to an allocated
|
||||
S-Expression with the shadow_info part from the file. With
|
||||
IGNORE_CACHE passed as true the passphrase is not taken from the
|
||||
cache. DESC_TEXT may be set to present a custom description for the
|
||||
pinentry. */
|
||||
S-Expression with the shadow_info part from the file. CACHE_MODE
|
||||
defines now the cache shall be used. DESC_TEXT may be set to
|
||||
present a custom description for the pinentry. */
|
||||
gpg_error_t
|
||||
agent_key_from_file (ctrl_t ctrl, const char *desc_text,
|
||||
const unsigned char *grip, unsigned char **shadow_info,
|
||||
int ignore_cache, gcry_sexp_t *result)
|
||||
cache_mode_t cache_mode, gcry_sexp_t *result)
|
||||
{
|
||||
int rc;
|
||||
unsigned char *buf;
|
||||
@ -447,7 +449,7 @@ agent_key_from_file (ctrl_t ctrl, const char *desc_text,
|
||||
|
||||
if (!rc)
|
||||
{
|
||||
rc = unprotect (ctrl, desc_text_final, &buf, grip, ignore_cache);
|
||||
rc = unprotect (ctrl, desc_text_final, &buf, grip, cache_mode);
|
||||
if (rc)
|
||||
log_error ("failed to unprotect the secret key: %s\n",
|
||||
gpg_strerror (rc));
|
||||
|
@ -83,6 +83,7 @@ enum cmd_and_opt_values
|
||||
oLCmessages,
|
||||
oScdaemonProgram,
|
||||
oDefCacheTTL,
|
||||
oDefCacheTTLSSH,
|
||||
oMaxCacheTTL,
|
||||
oUseStandardSocket,
|
||||
oNoUseStandardSocket,
|
||||
@ -140,6 +141,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
|
||||
{ oDefCacheTTL, "default-cache-ttl", 4,
|
||||
N_("|N|expire cached PINs after N seconds")},
|
||||
{ oDefCacheTTLSSH, "default-cache-ttl-ssh", 4, "@" },
|
||||
{ oMaxCacheTTL, "max-cache-ttl", 4, "@" },
|
||||
{ oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
|
||||
N_("do not use the PIN cache when signing")},
|
||||
@ -367,6 +369,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
||||
opt.pinentry_program = NULL;
|
||||
opt.scdaemon_program = NULL;
|
||||
opt.def_cache_ttl = DEFAULT_CACHE_TTL;
|
||||
opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL;
|
||||
opt.max_cache_ttl = MAX_CACHE_TTL;
|
||||
opt.ignore_cache_for_signing = 0;
|
||||
opt.allow_mark_trusted = 0;
|
||||
@ -402,6 +405,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
||||
case oDisableScdaemon: opt.disable_scdaemon = 1; break;
|
||||
|
||||
case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
|
||||
case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
|
||||
case oMaxCacheTTL: opt.max_cache_ttl = pargs->r.ret_ulong; break;
|
||||
|
||||
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
|
||||
@ -413,6 +417,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
||||
default:
|
||||
return 0; /* not handled */
|
||||
}
|
||||
|
||||
return 1; /* handled */
|
||||
}
|
||||
|
||||
@ -1339,6 +1344,7 @@ handle_signal (int signo)
|
||||
case SIGUSR1:
|
||||
log_info ("SIGUSR1 received - printing internal information:\n");
|
||||
pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ());
|
||||
agent_query_dump_state ();
|
||||
agent_scd_dump_state ();
|
||||
break;
|
||||
|
||||
|
@ -66,7 +66,8 @@ agent_pkdecrypt (CTRL ctrl, const char *desc_text,
|
||||
log_printhex ("cipher: ", ciphertext, ciphertextlen);
|
||||
}
|
||||
rc = agent_key_from_file (ctrl, desc_text,
|
||||
ctrl->keygrip, &shadow_info, 0, &s_skey);
|
||||
ctrl->keygrip, &shadow_info,
|
||||
CACHE_MODE_NORMAL, &s_skey);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("failed to read the secret key\n");
|
||||
|
@ -79,8 +79,8 @@ do_encode_md (const byte * md, size_t mdlen, int algo, gcry_sexp_t * r_hash,
|
||||
/* SIGN whatever information we have accumulated in CTRL and return
|
||||
the signature S-Expression. */
|
||||
int
|
||||
agent_pksign_do (CTRL ctrl, const char *desc_text,
|
||||
gcry_sexp_t *signature_sexp, int ignore_cache)
|
||||
agent_pksign_do (ctrl_t ctrl, const char *desc_text,
|
||||
gcry_sexp_t *signature_sexp, cache_mode_t cache_mode)
|
||||
{
|
||||
gcry_sexp_t s_skey = NULL, s_sig = NULL;
|
||||
unsigned char *shadow_info = NULL;
|
||||
@ -90,16 +90,16 @@ agent_pksign_do (CTRL ctrl, const char *desc_text,
|
||||
return gpg_error (GPG_ERR_NO_SECKEY);
|
||||
|
||||
rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip,
|
||||
&shadow_info, ignore_cache, &s_skey);
|
||||
&shadow_info, cache_mode, &s_skey);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("failed to read the secret key\n");
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (! s_skey)
|
||||
if (!s_skey)
|
||||
{
|
||||
/* divert operation to the smartcard */
|
||||
/* Divert operation to the smartcard */
|
||||
|
||||
unsigned char *buf = NULL;
|
||||
size_t len = 0;
|
||||
@ -128,7 +128,7 @@ agent_pksign_do (CTRL ctrl, const char *desc_text,
|
||||
}
|
||||
else
|
||||
{
|
||||
/* no smartcard, but a private key */
|
||||
/* No smartcard, but a private key */
|
||||
|
||||
gcry_sexp_t s_hash = NULL;
|
||||
|
||||
@ -176,15 +176,15 @@ agent_pksign_do (CTRL ctrl, const char *desc_text,
|
||||
/* SIGN whatever information we have accumulated in CTRL and write it
|
||||
back to OUTFP. */
|
||||
int
|
||||
agent_pksign (CTRL ctrl, const char *desc_text,
|
||||
membuf_t *outbuf, int ignore_cache)
|
||||
agent_pksign (ctrl_t ctrl, const char *desc_text,
|
||||
membuf_t *outbuf, cache_mode_t cache_mode)
|
||||
{
|
||||
gcry_sexp_t s_sig = NULL;
|
||||
char *buf = NULL;
|
||||
size_t len = 0;
|
||||
int rc = 0;
|
||||
|
||||
rc = agent_pksign_do (ctrl, desc_text, &s_sig, ignore_cache);
|
||||
rc = agent_pksign_do (ctrl, desc_text, &s_sig, cache_mode);
|
||||
if (rc)
|
||||
goto leave;
|
||||
|
||||
|
@ -49,7 +49,7 @@
|
||||
#define LOCK_TIMEOUT (1*60)
|
||||
|
||||
|
||||
static ASSUAN_CONTEXT entry_ctx = NULL;
|
||||
static assuan_context_t entry_ctx = NULL;
|
||||
#ifdef USE_GNU_PTH
|
||||
static pth_mutex_t entry_lock;
|
||||
#endif
|
||||
@ -82,6 +82,30 @@ initialize_module_query (void)
|
||||
|
||||
|
||||
|
||||
static void
|
||||
dump_mutex_state (pth_mutex_t *m)
|
||||
{
|
||||
if (!(m->mx_state & PTH_MUTEX_INITIALIZED))
|
||||
log_printf ("not_initialized");
|
||||
else if (!(m->mx_state & PTH_MUTEX_LOCKED))
|
||||
log_printf ("not_locked");
|
||||
else
|
||||
log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count);
|
||||
}
|
||||
|
||||
|
||||
/* This function may be called to print infromation pertaining to the
|
||||
current state of this module to the log. */
|
||||
void
|
||||
agent_query_dump_state (void)
|
||||
{
|
||||
log_info ("agent_query_dump_state: entry_lock=");
|
||||
dump_mutex_state (&entry_lock);
|
||||
log_printf ("\n");
|
||||
log_info ("agent_query_dump_state: entry_ctx=%p pid=%ld\n",
|
||||
entry_ctx, (long)assuan_get_pid (entry_ctx));
|
||||
}
|
||||
|
||||
|
||||
/* Unlock the pinentry so that another thread can start one and
|
||||
disconnect that pinentry - we do this after the unlock so that a
|
||||
@ -90,8 +114,9 @@ initialize_module_query (void)
|
||||
static int
|
||||
unlock_pinentry (int rc)
|
||||
{
|
||||
ASSUAN_CONTEXT ctx = entry_ctx;
|
||||
assuan_context_t ctx = entry_ctx;
|
||||
|
||||
entry_ctx = NULL;
|
||||
#ifdef USE_GNU_PTH
|
||||
if (!pth_mutex_release (&entry_lock))
|
||||
{
|
||||
@ -100,7 +125,6 @@ unlock_pinentry (int rc)
|
||||
rc = gpg_error (GPG_ERR_INTERNAL);
|
||||
}
|
||||
#endif
|
||||
entry_ctx = NULL;
|
||||
assuan_disconnect (ctx);
|
||||
return rc;
|
||||
}
|
||||
|
@ -105,7 +105,7 @@ enable_core_dumps (void)
|
||||
setrlimit (RLIMIT_CORE, &limit);
|
||||
return 1; /* We always return true because trhis function is
|
||||
merely a debugging aid. */
|
||||
#endif
|
||||
# endif
|
||||
return 1;
|
||||
#endif
|
||||
}
|
||||
|
@ -1,5 +1,9 @@
|
||||
2005-06-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* debugging.texi (Architecture Details): New section, mostly empty.
|
||||
* gnupg-card-architecture.fig: New.
|
||||
* Makefile.am: Rules to build png and eps versions.
|
||||
|
||||
* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
|
||||
|
||||
2005-05-17 Werner Koch <wk@g10code.com>
|
||||
|
@ -18,14 +18,34 @@
|
||||
|
||||
## Process this file with automake to produce Makefile.in
|
||||
|
||||
EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg
|
||||
EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg \
|
||||
gnupg-card-architecture.eps gnupg-card-architecture.png
|
||||
|
||||
BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png
|
||||
|
||||
info_TEXINFOS = gnupg.texi
|
||||
|
||||
|
||||
|
||||
gnupg_TEXINFOS = \
|
||||
gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi assuan.texi \
|
||||
tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
|
||||
sysnotes.texi
|
||||
sysnotes.texi gnupg-card-architecture.fig
|
||||
|
||||
DISTCLEANFILES = gnupg.tmp gnupg.ops
|
||||
|
||||
|
||||
|
||||
.fig.png:
|
||||
fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
|
||||
|
||||
.fig.jpg:
|
||||
fig2dev -L jpg `test -f '$<' || echo '$(srcdir)/'`$< $@
|
||||
|
||||
.fig.eps:
|
||||
fig2dev -L eps `test -f '$<' || echo '$(srcdir)/'`$< $@
|
||||
|
||||
.fig.pdf:
|
||||
fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
|
||||
|
||||
|
||||
|
@ -18,6 +18,7 @@ solve the problem at hand.
|
||||
@menu
|
||||
* Debugging Tools:: Description of some useful tools
|
||||
* Common Problems:: Commonly seen problems.
|
||||
* Architecture Details:: How the whole thing works internally.
|
||||
@end menu
|
||||
|
||||
|
||||
@ -105,6 +106,49 @@ shell). Even for GUI based Pinentries; you should have set
|
||||
on how to do it.
|
||||
|
||||
|
||||
@item SSH hangs while a popping up pinentry was expected
|
||||
|
||||
SSH has no way to tell the gpg-agent what terminal or X display it is
|
||||
running on. So when remotely logging into a box where a gpg-agent with
|
||||
SSH support is running, the pinentry will get popped up on whatever
|
||||
display t he gpg-agent has been started. To solve this problem you may
|
||||
issue the command
|
||||
|
||||
@smallexample
|
||||
echo UPDATESTARTUPTTY | gpg-connect-agent
|
||||
@end smallexample
|
||||
|
||||
and the next pinentry will pop up on your display or screen. However,
|
||||
you need to kill the running pinentry first because only one pinentry
|
||||
may be running at once. If you plan to use ssh on a new display you
|
||||
should issue the above command before invoking ssh or any other service
|
||||
making use of ssh.
|
||||
|
||||
|
||||
@end itemize
|
||||
|
||||
|
||||
@c ********************************************
|
||||
@c *** Architecture Details *****************
|
||||
@c ********************************************
|
||||
@node Architecture Details
|
||||
@section How the whole thing works internally.
|
||||
|
||||
|
||||
@menu
|
||||
* gpg 1.4 vs. 1.9:: Relationship between the two branches.
|
||||
@end menu
|
||||
|
||||
@node gpg 1.4 vs. 1.9
|
||||
@subsection Relationship between the two branches.
|
||||
|
||||
Here is a little picture showing how the components work together:
|
||||
|
||||
@image{gnupg-card-architecture, 14cm}
|
||||
|
||||
@noindent
|
||||
Lets try to explain it:
|
||||
|
||||
TO BE DONE.
|
||||
|
||||
|
||||
|
419
doc/gnupg-card-architecture.fig
Normal file
419
doc/gnupg-card-architecture.fig
Normal file
@ -0,0 +1,419 @@
|
||||
#FIG 3.2 Produced by xfig version 3.2.5-alpha5
|
||||
# Copyright 2005 Werner Koch
|
||||
#
|
||||
# This file is part of GnuPG.
|
||||
#
|
||||
# GnuPG is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# GnuPG is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
|
||||
Landscape
|
||||
Center
|
||||
Metric
|
||||
A4
|
||||
100.00
|
||||
Single
|
||||
-2
|
||||
1200 2
|
||||
0 32 #414541
|
||||
0 33 #808080
|
||||
0 34 #c0c0c0
|
||||
0 35 #c6b797
|
||||
0 36 #eff8ff
|
||||
0 37 #dccba6
|
||||
0 38 #e0e0e0
|
||||
0 39 #8e8f8e
|
||||
0 40 #aaaaaa
|
||||
0 41 #555555
|
||||
0 42 #404040
|
||||
0 43 #868286
|
||||
0 44 #c7c3c7
|
||||
0 45 #e7e3e7
|
||||
0 46 #8e8e8e
|
||||
0 47 #444444
|
||||
0 48 #868686
|
||||
0 49 #c7c7c7
|
||||
0 50 #666666
|
||||
0 51 #e2e2ee
|
||||
0 52 #94949a
|
||||
0 53 #dbdbdb
|
||||
0 54 #a1a1b7
|
||||
0 55 #9c0000
|
||||
0 56 #ededed
|
||||
0 57 #86acff
|
||||
0 58 #7070ff
|
||||
0 59 #bebebe
|
||||
0 60 #515151
|
||||
0 61 #000049
|
||||
0 62 #797979
|
||||
0 63 #303430
|
||||
0 64 #c7b696
|
||||
0 65 #d7d7d7
|
||||
0 66 #aeaeae
|
||||
0 67 #85807d
|
||||
0 68 #d2d2d2
|
||||
0 69 #3a3a3a
|
||||
0 70 #4573aa
|
||||
0 71 #000000
|
||||
0 72 #e7e7e7
|
||||
0 73 #f7f7f7
|
||||
0 74 #d6d7d6
|
||||
0 75 #7b79a5
|
||||
0 76 #effbff
|
||||
0 77 #9e9e9e
|
||||
0 78 #717571
|
||||
0 79 #73758c
|
||||
0 80 #414141
|
||||
0 81 #635dce
|
||||
0 82 #565151
|
||||
0 83 #dd9d93
|
||||
0 84 #f1ece0
|
||||
0 85 #c3c3c3
|
||||
0 86 #e2c8a8
|
||||
0 87 #e1e1e1
|
||||
0 88 #da7a1a
|
||||
0 89 #f1e41a
|
||||
0 90 #887dc2
|
||||
0 91 #d6d6d6
|
||||
0 92 #8c8ca5
|
||||
0 93 #4a4a4a
|
||||
0 94 #8c6b6b
|
||||
0 95 #5a5a5a
|
||||
0 96 #636363
|
||||
0 97 #b79b73
|
||||
0 98 #4193ff
|
||||
0 99 #bf703b
|
||||
0 100 #db7700
|
||||
0 101 #dab800
|
||||
0 102 #006400
|
||||
0 103 #5a6b3b
|
||||
0 104 #d3d3d3
|
||||
0 105 #8e8ea4
|
||||
0 106 #f3b95d
|
||||
0 107 #89996b
|
||||
0 108 #646464
|
||||
0 109 #b7e6ff
|
||||
0 110 #86c0ec
|
||||
0 111 #bdbdbd
|
||||
0 112 #d39552
|
||||
0 113 #98d2fe
|
||||
0 114 #8c9c6b
|
||||
0 115 #f76b00
|
||||
0 116 #5a6b39
|
||||
0 117 #8c9c6b
|
||||
0 118 #8c9c7b
|
||||
0 119 #184a18
|
||||
0 120 #adadad
|
||||
0 121 #f7bd5a
|
||||
0 122 #636b9c
|
||||
0 123 #de0000
|
||||
0 124 #adadad
|
||||
0 125 #f7bd5a
|
||||
0 126 #adadad
|
||||
0 127 #f7bd5a
|
||||
0 128 #636b9c
|
||||
0 129 #526b29
|
||||
0 130 #949494
|
||||
0 131 #006300
|
||||
0 132 #00634a
|
||||
0 133 #7b844a
|
||||
0 134 #e7bd7b
|
||||
0 135 #a5b5c6
|
||||
0 136 #6b6b94
|
||||
0 137 #846b6b
|
||||
0 138 #529c4a
|
||||
0 139 #d6e7e7
|
||||
0 140 #526363
|
||||
0 141 #186b4a
|
||||
0 142 #9ca5b5
|
||||
0 143 #ff9400
|
||||
0 144 #ff9400
|
||||
0 145 #00634a
|
||||
0 146 #7b844a
|
||||
0 147 #63737b
|
||||
0 148 #e7bd7b
|
||||
0 149 #184a18
|
||||
0 150 #f7bd5a
|
||||
0 151 #dedede
|
||||
0 152 #f3eed3
|
||||
0 153 #f5ae5d
|
||||
0 154 #95ce99
|
||||
0 155 #b5157d
|
||||
0 156 #eeeeee
|
||||
0 157 #848484
|
||||
0 158 #7b7b7b
|
||||
0 159 #005a00
|
||||
0 160 #e77373
|
||||
0 161 #ffcb31
|
||||
0 162 #29794a
|
||||
0 163 #de2821
|
||||
0 164 #2159c6
|
||||
0 165 #f8f8f8
|
||||
0 166 #e6e6e6
|
||||
0 167 #21845a
|
||||
0 168 #ff9408
|
||||
0 169 #007000
|
||||
0 170 #d00000
|
||||
0 171 #fed600
|
||||
0 172 #d82010
|
||||
0 173 #003484
|
||||
0 174 #d62010
|
||||
0 175 #389000
|
||||
0 176 #ba0000
|
||||
0 177 #003380
|
||||
0 178 #00a7bd
|
||||
0 179 #ffc500
|
||||
0 180 #087bd0
|
||||
0 181 #fbc100
|
||||
0 182 #840029
|
||||
0 183 #07399c
|
||||
0 184 #0063bd
|
||||
0 185 #39acdf
|
||||
0 186 #42c0e0
|
||||
0 187 #31ceff
|
||||
0 188 #ffde00
|
||||
0 189 #085a00
|
||||
0 190 #ff2100
|
||||
0 191 #f75e08
|
||||
0 192 #ef7b08
|
||||
0 193 #ff8200
|
||||
0 194 #007d00
|
||||
0 195 #0000be
|
||||
0 196 #757575
|
||||
0 197 #f3f3f3
|
||||
0 198 #d7d3d7
|
||||
0 199 #aeaaae
|
||||
0 200 #c2c2c2
|
||||
0 201 #303030
|
||||
0 202 #515551
|
||||
0 203 #f7f3f7
|
||||
0 204 #717171
|
||||
6 9270 1980 13230 6570
|
||||
6 9471 3906 13014 5677
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
10540 4394 10540 3936 9471 3936 9471 4394 10540 4394
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
10387 5616 10387 5158 9471 5158 9471 5616 10387 5616
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
12984 5005 12984 4547 9471 4547 9471 5005 12984 5005
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
12984 5616 12984 5158 12067 5158 12067 5616 12984 5616
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
11701 5627 11701 5168 10784 5168 10784 5627 11701 5627
|
||||
4 0 0 50 -1 16 11 0.0000 4 173 835 9623 4242 OpenPGP\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 2770 9776 4853 APDU and ISO-7816 access code\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 448 9623 5464 CCID\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 601 12220 5464 CT-API\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 560 10957 5464 PC/SC\001
|
||||
-6
|
||||
6 10693 3906 13014 4394
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
11762 4394 11762 3936 10693 3936 10693 4394 11762 4394
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
12984 4394 12984 3936 11915 3936 11915 4394 12984 4394
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 377 10998 4242 NKS\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 804 12067 4242 PKCS#15\001
|
||||
-6
|
||||
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
|
||||
13137 2072 9318 2072 9318 5739 13137 5739 13137 2072
|
||||
2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
|
||||
9318 3753 13137 3753
|
||||
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
|
||||
11691 6360 10774 6360 10774 5901 11691 5901 11691 6360
|
||||
2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1
|
||||
11762 5739
|
||||
2 1 1 2 0 7 50 -1 -1 6.000 0 0 -1 0 0 4
|
||||
10693 5739 10693 6502 11762 6502 11762 5739
|
||||
4 0 0 50 -1 18 15 0.0000 4 183 1293 10540 2989 SCDaemon\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 133 662 10896 6176 wrapper\001
|
||||
-6
|
||||
6 90 1980 4050 5760
|
||||
6 306 3906 3849 5677
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
1375 4394 1375 3936 306 3936 306 4394 1375 4394
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
1222 5616 1222 5158 306 5158 306 5616 1222 5616
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
3819 5005 3819 4547 306 4547 306 5005 3819 5005
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
3819 5616 3819 5158 2902 5158 2902 5616 3819 5616
|
||||
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
|
||||
2536 5627 2536 5168 1619 5168 1619 5627 2536 5627
|
||||
4 0 0 50 -1 16 11 0.0000 4 173 835 458 4242 OpenPGP\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 2770 611 4853 APDU and ISO-7816 access code\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 448 458 5464 CCID\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 601 3055 5464 CT-API\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 560 1792 5464 PC/SC\001
|
||||
-6
|
||||
6 2139 3753 3208 4211
|
||||
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
|
||||
3208 4211 3208 3753 2139 3753 2139 4211 3208 4211
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 784 2291 4058 Gluecode\001
|
||||
-6
|
||||
2 1 2 2 0 7 50 -1 -1 4.500 0 0 -1 0 0 1
|
||||
2597 5739
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
|
||||
1 1 1.00 40.73 81.47
|
||||
2139 4028 1405 4150
|
||||
2 1 2 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 4
|
||||
153 3753 1833 3753 1833 4364 3972 4364
|
||||
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
|
||||
3972 2072 153 2072 153 5739 3972 5739 3972 2072
|
||||
4 0 0 50 -1 18 15 0.0000 4 224 866 1375 2989 gpg 1.4\001
|
||||
-6
|
||||
6 4888 4058 5346 5433
|
||||
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
|
||||
5346 5433 5346 4058 4888 4058 4888 5433 5346 5433
|
||||
4 0 0 50 -1 16 11 1.5708 4 132 611 5194 5128 Assuan\001
|
||||
-6
|
||||
6 4680 1980 8640 5760
|
||||
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
|
||||
5346 3753 5346 2378 4888 2378 4888 3753 5346 3753
|
||||
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
|
||||
8554 5739 4735 5739 4735 2072 8554 2072 8554 5739
|
||||
4 0 0 50 -1 16 11 1.5708 4 173 804 5194 3447 ssh-agent\001
|
||||
-6
|
||||
6 5805 3447 7332 4975
|
||||
6 5957 3447 7179 4211
|
||||
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
|
||||
7179 4211 7179 3447 5957 3447 5957 4211 7179 4211
|
||||
4 0 0 50 -1 16 11 0.0000 4 173 937 6110 3753 Private Key\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 173 896 6110 4058 Operations\001
|
||||
-6
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
|
||||
7195 4883
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
|
||||
7195 4883
|
||||
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
|
||||
7332 4975 7332 4517 6721 4517 6721 4975 7332 4975
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
|
||||
1 1 1.00 40.73 81.47
|
||||
1 1 1.00 40.73 81.47
|
||||
6568 4211 7027 4517
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
|
||||
1 1 1.00 40.73 81.47
|
||||
1 1 1.00 40.73 81.47
|
||||
6568 4211 6110 4517
|
||||
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
|
||||
6416 4975 6416 4517 5805 4517 5805 4975 6416 4975
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 397 6874 4822 Card\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 356 5957 4822 Disk\001
|
||||
-6
|
||||
6 7638 3600 8401 4058
|
||||
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
|
||||
8401 4058 8401 3600 7638 3600 7638 4058 8401 4058
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 0 0 1
|
||||
7638 3814
|
||||
4 0 0 50 -1 16 11 0.0000 4 132 530 7790 3905 Cache\001
|
||||
-6
|
||||
6 9471 2225 9929 3600
|
||||
2 4 0 1 0 7 50 -1 -1 4.000 0 0 5 0 0 5
|
||||
9929 3600 9929 2225 9471 2225 9471 3600 9929 3600
|
||||
4 0 0 50 -1 16 11 1.5708 4 132 611 9776 3294 Assuan\001
|
||||
-6
|
||||
6 6480 360 8640 1440
|
||||
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
|
||||
8554 1339 6568 1339 6568 423 8554 423 8554 1339
|
||||
4 0 0 50 -1 18 15 0.0000 4 234 967 7027 881 pinentry\001
|
||||
4 0 0 50 -1 16 10 0.0000 4 153 1375 6874 1187 (GTK+, Qt, Curses)\001
|
||||
-6
|
||||
6 10570 270 13137 1003
|
||||
2 1 1 1 1 2 50 -1 -1 4.000 0 0 -1 1 0 2
|
||||
1 1 1.00 40.73 81.47
|
||||
10632 331 11181 331
|
||||
2 1 0 2 1 2 50 -1 -1 6.000 0 0 -1 1 0 2
|
||||
1 1 2.00 81.47 162.94
|
||||
10632 637 11181 637
|
||||
2 1 0 1 0 2 50 -1 -1 4.000 0 0 -1 1 0 2
|
||||
1 1 1.00 40.73 81.47
|
||||
10632 942 11181 942
|
||||
4 0 0 50 -1 16 10 0.0000 4 163 1762 11365 392 Alternative access paths\001
|
||||
4 0 0 50 -1 16 10 0.0000 4 163 1426 11365 698 IPC (pipe or socket)\001
|
||||
4 0 0 50 -1 16 10 0.0000 4 122 1232 11365 1003 Internal data flow\001
|
||||
-6
|
||||
# Smartcard ID-1
|
||||
6 6840 6120 8550 7200
|
||||
6 7069 6526 7307 6746
|
||||
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
|
||||
7234 6691 7307 6691
|
||||
2 1 0 1 0 0 48 -1 20 0.000 0 0 -1 0 0 2
|
||||
7069 6636 7143 6636
|
||||
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
|
||||
7069 6581 7143 6581
|
||||
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
|
||||
7069 6691 7143 6691
|
||||
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
|
||||
7143 6526 7143 6746
|
||||
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 3
|
||||
7307 6581 7234 6581 7234 6746
|
||||
2 1 0 1 0 7 48 -1 -1 0.000 0 0 -1 0 0 2
|
||||
7234 6636 7307 6636
|
||||
2 4 0 1 0 31 49 -1 20 0.000 0 0 1 0 0 5
|
||||
7069 6526 7307 6526 7307 6746 7069 6746 7069 6526
|
||||
-6
|
||||
2 4 0 1 -1 7 50 -1 20 0.000 0 0 1 0 0 5
|
||||
8472 7185 6904 7185 6904 6197 8472 6197 8472 7185
|
||||
-6
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
|
||||
1 1 1.00 40.73 81.47
|
||||
5346 3142 5957 3753
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 0 2
|
||||
1 1 1.00 40.73 81.47
|
||||
5346 4669 5957 3905
|
||||
2 1 0 1 0 7 50 -1 -1 4.000 0 0 -1 1 1 2
|
||||
1 1 1.00 40.73 81.47
|
||||
1 1 1.00 40.73 81.47
|
||||
7179 3814 7638 3814
|
||||
2 4 0 2 0 6 60 -1 20 0.000 0 0 5 0 0 5
|
||||
11731 7480 10693 7480 10693 6991 11731 6991 11731 7480
|
||||
3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
|
||||
1 1 2.00 81.47 162.94
|
||||
8022 3600 8096 2225 7513 1360
|
||||
0.000 -1.000 0.000
|
||||
3 2 0 2 1 2 50 -1 -1 0.000 0 1 0 3
|
||||
0 0 2.00 81.47 162.94
|
||||
7332 4730 8737 4486 9471 2897
|
||||
0.000 -1.000 0.000
|
||||
3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
|
||||
1 1 2.00 81.47 162.94
|
||||
3238 3997 4216 4242 4888 4730
|
||||
0.000 -1.000 0.000
|
||||
3 2 0 2 1 2 50 -1 -1 6.000 0 1 0 3
|
||||
1 1 2.00 81.47 162.94
|
||||
11243 6502 11304 6747 11181 6991
|
||||
0.000 -1.000 0.000
|
||||
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
|
||||
1 1 1.00 40.73 81.47
|
||||
10693 7235 9471 7174 8493 6869
|
||||
0.000 -1.000 0.000
|
||||
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
|
||||
1 1 1.00 40.73 81.47
|
||||
9898 5647 9532 6380 8493 6563
|
||||
0.000 -1.000 0.000
|
||||
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
|
||||
1 1 1.00 40.73 81.47
|
||||
12465 5647 11731 6624 8493 6747
|
||||
0.000 -1.000 0.000
|
||||
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
|
||||
1 1 1.00 40.73 81.47
|
||||
2077 5647 3177 6502 6843 6624
|
||||
0.000 -1.000 0.000
|
||||
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
|
||||
1 1 1.00 40.73 81.47
|
||||
733 5647 2444 6808 6843 6747
|
||||
0.000 -1.000 0.000
|
||||
3 2 1 1 1 2 50 -1 -1 4.000 0 1 0 3
|
||||
1 1 1.00 40.73 81.47
|
||||
3361 5647 4155 6319 6843 6502
|
||||
0.000 -1.000 0.000
|
||||
4 0 0 50 -1 18 15 0.0000 4 214 1191 5957 2989 gpg-agent\001
|
||||
4 0 0 50 -1 16 11 0.0000 4 173 387 10998 7297 pcsd\001
|
@ -86,14 +86,15 @@ section entitled ``Copying''.
|
||||
@insertcopying
|
||||
@end titlepage
|
||||
|
||||
|
||||
@ifnothtml
|
||||
@summarycontents
|
||||
@contents
|
||||
@page
|
||||
@end ifnothtml
|
||||
|
||||
@ifnottex
|
||||
@node Top
|
||||
@top The GNU Privacy Guard
|
||||
@top
|
||||
@insertcopying
|
||||
|
||||
This manual documents how to use the GNU Privacy Guard system as well as
|
||||
@ -120,6 +121,20 @@ the administration and the architecture.
|
||||
* Index:: Index of concepts and symbol names.
|
||||
@end menu
|
||||
|
||||
@ifhtml
|
||||
|
||||
@center @image{gnupg-badge-openpgp,6cm,,The GnuPG Logo}
|
||||
|
||||
@end ifhtml
|
||||
|
||||
|
||||
@ifhtml
|
||||
@page
|
||||
@summarycontents
|
||||
@contents
|
||||
@end ifhtml
|
||||
|
||||
|
||||
@include gpg.texi
|
||||
@include gpgsm.texi
|
||||
@include gpg-agent.texi
|
||||
|
@ -42,7 +42,8 @@ else
|
||||
fi
|
||||
@end smallexample
|
||||
|
||||
The new option @option{--write-env-file} may be used instead.
|
||||
@noindent
|
||||
Note that the new option @option{--write-env-file} may be used instead.
|
||||
|
||||
|
||||
@noindent
|
||||
@ -289,6 +290,11 @@ control this behaviour but this command line option takes precedence.
|
||||
Set the time a cache entry is valid to @var{n} seconds. The default are
|
||||
600 seconds.
|
||||
|
||||
@item --default-cache-ttl-ssh @var{n}
|
||||
@opindex default-cache-ttl
|
||||
Set the time a cache entry used for SSH keys is valid to @var{n}
|
||||
seconds. The default are 600 seconds.
|
||||
|
||||
@item --max-cache-ttl @var{n}
|
||||
@opindex max-cache-ttl
|
||||
Set the maximum time a cache entry is valid to @var{n} seconds. After
|
||||
@ -506,12 +512,13 @@ are still pending, a shutdown is forced.
|
||||
@cpindex SIGINT
|
||||
Shuts down the process immediately.
|
||||
|
||||
|
||||
@item SIGUSR1
|
||||
@itemx SIGUSR2
|
||||
@cpindex SIGUSR1
|
||||
Dump internal information to the log file.
|
||||
|
||||
@item SIGUSR2
|
||||
@cpindex SIGUSR2
|
||||
These signals are used for internal purposes.
|
||||
This signal is used for internal purposes.
|
||||
|
||||
@end table
|
||||
|
||||
@ -523,12 +530,44 @@ These signals are used for internal purposes.
|
||||
|
||||
@c man begin EXAMPLES
|
||||
|
||||
The usual way to invoke @command{gpg-agent} is
|
||||
|
||||
@example
|
||||
$ eval `gpg-agent --daemon`
|
||||
@end example
|
||||
|
||||
@c man end
|
||||
|
||||
An alternative way is by replacing @command{ssh-agent} with
|
||||
@command{gpg-agent}. If for example @command{ssh-agent} is started as
|
||||
part of the Xsession intialization you may simply replace
|
||||
@command{ssh-agent} by a script like:
|
||||
|
||||
@cartouche
|
||||
@example
|
||||
#!/bin/sh
|
||||
|
||||
exec /usr/local/bin/gpg-agent --enable-ssh-support --daemon \
|
||||
--write-env-file $@{HOME@}/.gpg-agent-info "$@@"
|
||||
@end example
|
||||
@end cartouche
|
||||
|
||||
@noindent
|
||||
and add something like (for Bourne shells)
|
||||
|
||||
@cartouche
|
||||
@example
|
||||
if [ -f "$@{HOME@}/.gpg-agent-info" ]; then
|
||||
. "$@{HOME@}/.gpg-agent-info"
|
||||
export GPG_AGENT_INFO
|
||||
export SSH_AUTH_SOCK
|
||||
export SSH_AGENT_PID
|
||||
fi
|
||||
@end example
|
||||
@end cartouche
|
||||
|
||||
@noindent
|
||||
to your shell initialization file (e.g. @file{~/.bashrc}).
|
||||
|
||||
@c
|
||||
@c Assuan Protocol
|
||||
|
@ -181,6 +181,14 @@ protocol. Note that this option may reveal sensitive data.
|
||||
This option disables all ticker functions like checking for card
|
||||
insertions.
|
||||
|
||||
@item --debug-allow-core-dump
|
||||
@opindex debug-allow-core-dump
|
||||
For security reasons we won't create a core dump when the process
|
||||
aborts. For debugging purposes it is sometimes better to allow core
|
||||
dump. This options enables it and also changes the working directory to
|
||||
@file{/tmp} when running in @option{--server} mode.
|
||||
|
||||
|
||||
@item --no-detach
|
||||
@opindex no-detach
|
||||
Don't detach the process from the console. This is manly usefule for
|
||||
|
@ -1,3 +1,7 @@
|
||||
2005-06-06 Werner Koch <wk@g10code.com>
|
||||
|
||||
* scdaemon.c (main): New option --debug-allow-core-dump.
|
||||
|
||||
2005-06-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* scdaemon.c (handle_connections): Make sure that the signals we
|
||||
|
@ -70,7 +70,7 @@ struct server_local_s {
|
||||
struct server_local_s *next_session;
|
||||
|
||||
/* This object is usually assigned to a CTRL object (which is
|
||||
globally visible). While enumeratin all sessions we sometimes
|
||||
globally visible). While enumerating all sessions we sometimes
|
||||
need to access data of the CTRL object; thus we keep a
|
||||
backpointer here. */
|
||||
ctrl_t ctrl_backlink;
|
||||
@ -860,6 +860,7 @@ cmd_getattr (assuan_context_t ctx, char *line)
|
||||
/* FIXME: Applications should not return sensistive data if the card
|
||||
is locked. */
|
||||
rc = app_getattr (ctrl->app_ctx, ctrl, keyword);
|
||||
xfree (keyword);
|
||||
|
||||
TEST_CARD_REMOVAL (ctrl, rc);
|
||||
return map_to_assuan_status (rc);
|
||||
|
@ -67,6 +67,7 @@ enum cmd_and_opt_values
|
||||
oDebugAll,
|
||||
oDebugLevel,
|
||||
oDebugWait,
|
||||
oDebugAllowCoreDump,
|
||||
oDebugCCIDDriver,
|
||||
oNoGreeting,
|
||||
oNoOptions,
|
||||
@ -110,6 +111,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oDebugAll, "debug-all" ,0, "@"},
|
||||
{ oDebugLevel, "debug-level" ,2, "@"},
|
||||
{ oDebugWait,"debug-wait",1, "@"},
|
||||
{ oDebugAllowCoreDump, "debug-allow-core-dump", 0, "@" },
|
||||
{ oDebugCCIDDriver, "debug-ccid-driver", 0, "@"},
|
||||
{ oDebugDisableTicker, "debug-disable-ticker", 0, "@"},
|
||||
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
|
||||
@ -318,6 +320,7 @@ main (int argc, char **argv )
|
||||
int debug_wait = 0;
|
||||
int gpgconf_list = 0;
|
||||
const char *config_filename = NULL;
|
||||
int allow_coredump = 0;
|
||||
|
||||
set_strusage (my_strusage);
|
||||
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
|
||||
@ -448,6 +451,10 @@ main (int argc, char **argv )
|
||||
case oDebugAll: opt.debug = ~0; break;
|
||||
case oDebugLevel: debug_level = pargs.r.ret_str; break;
|
||||
case oDebugWait: debug_wait = pargs.r.ret_int; break;
|
||||
case oDebugAllowCoreDump:
|
||||
enable_core_dumps ();
|
||||
allow_coredump = 1;
|
||||
break;
|
||||
case oDebugCCIDDriver:
|
||||
ccid_set_debug_level (ccid_set_debug_level (-1)+1);
|
||||
break;
|
||||
@ -604,6 +611,17 @@ main (int argc, char **argv )
|
||||
sigaction (SIGPIPE, &sa, NULL);
|
||||
}
|
||||
|
||||
/* If --debug-allow-core-dump has been given we also need to
|
||||
switch the working directory to a place where we can actually
|
||||
write. */
|
||||
if (allow_coredump)
|
||||
{
|
||||
if (chdir("/tmp"))
|
||||
log_debug ("chdir to `/tmp' failed: %s\n", strerror (errno));
|
||||
else
|
||||
log_debug ("changed working directory to `/tmp'\n");
|
||||
}
|
||||
|
||||
/* In multi server mode we need to listen on an additional
|
||||
socket. Create that socket now before starting the handler
|
||||
for the pipe connection. This allows that handler to send
|
||||
|
Loading…
x
Reference in New Issue
Block a user