security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

Started to implement the audit log feature.

Browse Source 
Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry.
Improved support for the quality bar.
Minor internal restructuring.
Translation fixes.
This commit is contained in:
Werner Koch 2007-11-19 16:03:50 +00:00
parent 093b25c996
commit 55ba204bfa
103 changed files with 17892 additions and 15330 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -11,6 +11,9 @@ Noteworthy changes in version 2.0.8
* New option --list-config for gpgconf.
* The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the
pinentry.
Noteworthy changes in version 2.0.7 (2007-09-10)
------------------------------------------------

25
agent/ChangeLog
View File

@ -1,3 +1,28 @@
2007-11-19 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_askpin): Set the tooltip for the quality
bar.
2007-11-15 Werner Koch <wk@g10code.com>
* agent.h (struct server_control_s): Add XAUTHORITY and
PINENTRY_USER_DATA.
* gpg-agent.c: New option --xauthority.
(main, agent_init_default_ctrl)
(agent_deinit_default_ctrl): Implemented
* command.c (cmd_updatestartuptty): Ditto.
* command-ssh.c (start_command_handler_ssh): Ditto.
* call-pinentry.c (atfork_cb): Set the environment.
(start_pinentry): Pass CTRL as arg to atfork_cb.
2007-11-14 Werner Koch <wk@g10code.com>
* call-scd.c (start_scd) [W32]: Take care of fflush peculiarities.
2007-11-07 Werner Koch <wk@g10code.com>
* agent.h: Remove errors.h.
2007-10-24 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_constraints): Changed the wording of

5
agent/agent.h
View File

@ -31,7 +31,6 @@
#include <gcrypt.h>
#include "../common/util.h"
#include "../common/errors.h"
#include "../common/membuf.h"
#include "../common/sysutils.h" /* (gnupg_fd_t) */
@ -62,6 +61,8 @@ struct
char *startup_ttytype;
char *startup_lc_ctype;
char *startup_lc_messages;
char *startup_xauthority;
char *startup_pinentry_user_data;
const char *pinentry_program; /* Filename of the program to start as
@ -146,6 +147,8 @@ struct server_control_s
char *ttytype;
char *lc_ctype;
char *lc_messages;
char *xauthority;
char *pinentry_user_data;
struct {
int algo;
unsigned char value[MAX_DIGEST_LEN];

60
agent/call-pinentry.c
View File

@ -1,5 +1,5 @@
/* call-pinentry.c - fork of the pinentry to query stuff from the user
* Copyright (C) 2001, 2002, 2004 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2004, 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -33,6 +33,7 @@
#include <assuan.h>
#include "agent.h"
#include "setenv.h"
#include "i18n.h"
#ifdef _POSIX_OPEN_MAX
@ -164,8 +165,16 @@ unlock_pinentry (int rc)
static void
atfork_cb (void *opaque, int where)
{
ctrl_t ctrl = opaque;
if (!where)
gcry_control (GCRYCTL_TERM_SECMEM);
{
gcry_control (GCRYCTL_TERM_SECMEM);
if (ctrl->xauthority)
setenv ("XAUTHORITY", ctrl->xauthority, 1);
if (ctrl->pinentry_user_data)
setenv ("PINENTRY_USER_DATA", ctrl->pinentry_user_data, 1 );
}
}
@ -261,9 +270,10 @@ start_pinentry (ctrl_t ctrl)
}
no_close_list[i] = -1;
/* Connect to the pinentry and perform initial handshaking */
/* Connect to the pinentry and perform initial handshaking. Note
that atfork is used to change the environment for pinentry. */
rc = assuan_pipe_connect_ext (&ctx, opt.pinentry_program, argv,
no_close_list, atfork_cb, NULL, 0);
no_close_list, atfork_cb, ctrl, 0);
if (rc)
{
log_error ("can't connect to the PIN entry module: %s\n",
@ -568,9 +578,47 @@ agent_askpin (ctrl_t ctrl,
to the pinentry. */
if (pininfo->with_qualitybar && opt.min_passphrase_len )
{
rc = assuan_transact (entry_ctx, "SETQUALITYBAR",
char *tmpstr;
const char *tooltip;
/* TRANSLATORS: This string is displayed by pinentry as the
label for the quality bar. */
tmpstr = try_percent_escape (_("Quality:"), "\t\r\n\f\v");
snprintf (line, DIM(line)-1, "SETQUALITYBAR %s", tmpstr? tmpstr:"");
line[DIM(line)-1] = 0;
xfree (tmpstr);
rc = assuan_transact (entry_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
if (rc == 103 /*(Old assuan error code)*/
|| gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
; /* Ignore Unknown Command from old pinentry versions. */
else if (rc)
return unlock_pinentry (rc);
/* TRANSLATORS: This string is a tooltip, shown by pinentry when
hovering over the quality bar. Please use an appropriate
string to describe what this is about. The length of the
tooltip is limited to about 900 characters. If you do not
translate this entry, a default english text (see source)
will be used. */
tooltip = _("pinentry.qualitybar.tooltip");
if (!strcmp ("pinentry.qualitybar.tooltip", tooltip))
tooltip = ("The quality of the text entered above.\n"
"Please ask your administrator for "
"details about the criteria.");
/* Fixme: As soon as we have the extended error reporting
facility (audit log), we can use a user specified helptext if
that has been configured. */
tmpstr = try_percent_escape (tooltip, "\t\r\n\f\v");
snprintf (line, DIM(line)-1, "SETQUALITYBAR_TT %s", tmpstr? tmpstr:"");
line[DIM(line)-1] = 0;
xfree (tmpstr);
rc = assuan_transact (entry_ctx, line,
NULL, NULL, NULL, NULL, NULL, NULL);
if (rc == 103 /*(Old assuan error code)*/
|| gpg_err_code (rc) == GPG_ERR_ASS_UNKNOWN_CMD)
; /* Ignore Unknown Command from old pinentry versions. */
else if (rc)
return unlock_pinentry (rc);
}

16
agent/call-scd.c
View File

@ -294,9 +294,17 @@ start_scd (ctrl_t ctrl)
if (fflush (NULL))
{
err = gpg_error (gpg_err_code_from_errno (errno));
#ifndef HAVE_W32_SYSTEM
err = gpg_error_from_syserror ();
#endif
log_error ("error flushing pending output: %s\n", strerror (errno));
/* At least Windows XP fails here with EBADF. According to docs
and Wine an fflush(NULL) is the same as _flushall. However
the Wime implementaion does not flush stdin,stdout and stderr
- see above. Lets try to ignore the error. */
#ifndef HAVE_W32_SYSTEM
goto leave;
#endif
}
if (!opt.scdaemon_program || !*opt.scdaemon_program)
@ -319,9 +327,11 @@ start_scd (ctrl_t ctrl)
}
no_close_list[i] = -1;
/* Connect to the pinentry and perform initial handshaking */
/* Connect to the pinentry and perform initial handshaking. Use
detached flag (128) so that under W32 SCDAEMON does not show up a
new window. */
rc = assuan_pipe_connect_ext (&ctx, opt.scdaemon_program, argv,
no_close_list, atfork_cb, NULL, 0);
no_close_list, atfork_cb, NULL, 128);
if (rc)
{
log_error ("can't connect to the SCdaemon: %s\n",

4
agent/command-ssh.c
View File

@ -2871,6 +2871,10 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
ctrl->lc_ctype = strdup (opt.startup_lc_ctype);
if (!ctrl->lc_messages && opt.startup_lc_messages)
ctrl->lc_messages = strdup (opt.startup_lc_messages);
if (!ctrl->xauthority && opt.startup_xauthority)
ctrl->xauthority = strdup (opt.startup_xauthority);
if (!ctrl->pinentry_user_data && opt.startup_pinentry_user_data)
ctrl->pinentry_user_data = strdup (opt.startup_pinentry_user_data);
/* Create stream from socket. */

21
agent/command.c
View File

@ -1294,6 +1294,7 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line)
xfree (opt.startup_ttytype); opt.startup_ttytype = NULL;
xfree (opt.startup_lc_ctype); opt.startup_lc_ctype = NULL;
xfree (opt.startup_lc_messages); opt.startup_lc_messages = NULL;
xfree (opt.startup_xauthority); opt.startup_xauthority = NULL;
if (ctrl->display)
opt.startup_display = xtrystrdup (ctrl->display);
@ -1305,6 +1306,10 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line)
opt.startup_lc_ctype = xtrystrdup (ctrl->lc_ctype);
if (ctrl->lc_messages)
opt.startup_lc_messages = xtrystrdup (ctrl->lc_messages);
if (ctrl->xauthority)
opt.startup_xauthority = xtrystrdup (ctrl->xauthority);
if (ctrl->pinentry_user_data)
opt.startup_pinentry_user_data = xtrystrdup (ctrl->pinentry_user_data);
return 0;
}
@ -1442,6 +1447,22 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
if (!ctrl->lc_messages)
return out_of_core ();
}
else if (!strcmp (key, "xauthority"))
{
if (ctrl->xauthority)
free (ctrl->xauthority);
ctrl->xauthority = strdup (value);
if (!ctrl->xauthority)
return out_of_core ();
}
else if (!strcmp (key, "pinentry-user-data"))
{
if (ctrl->pinentry_user_data)
free (ctrl->pinentry_user_data);
ctrl->pinentry_user_data = strdup (value);
if (!ctrl->pinentry_user_data)
return out_of_core ();
}
else if (!strcmp (key, "use-cache-for-signing"))
ctrl->server_local->use_cache_for_signing = *value? atoi (value) : 0;
else

2
agent/genkey.c
View File

@ -232,7 +232,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
check_passphrase_pattern (ctrl, pw))
{
const char *desc =
/* */ _("Warning: You have entered an insecure passphrase.%0A"
/* */ _("Warning: You have entered an insecure passphrase.%%0A"
"A passphrase may not be a known term or match%%0A"
"certain pattern.");

24
agent/gpg-agent.c
View File

@ -81,6 +81,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
oXauthority,
oScdaemonProgram,
oDefCacheTTL,
oDefCacheTTLSSH,
@ -145,7 +146,8 @@ static ARGPARSE_OPTS opts[] = {
{ oTTYtype, "ttytype", 2, "@" },
{ oLCctype, "lc-ctype", 2, "@" },
{ oLCmessages, "lc-messages", 2, "@" },
{ oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")},
{ oXauthority, "xauthority", 2, "@" },
{ oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")},
{ oKeepDISPLAY, "keep-display",
0, N_("ignore requests to change the X display")},
@ -217,6 +219,7 @@ static char *default_ttyname;
static char *default_ttytype;
static char *default_lc_ctype;
static char *default_lc_messages;
static char *default_xauthority;
/* Name of a config file, which will be reread on a HUP if it is not NULL. */
static char *config_filename;
@ -559,6 +562,12 @@ main (int argc, char **argv )
opt.startup_lc_messages = getenv ("LC_MESSAGES");
if (opt.startup_lc_messages)
opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);
opt.startup_xauthority = getenv ("XAUTHORITY");
if (opt.startup_xauthority)
opt.startup_xauthority = xstrdup (opt.startup_xauthority);
opt.startup_pinentry_user_data = getenv ("PINENTRY_USER_DATA");
if (opt.startup_pinentry_user_data)
opt.startup_pinentry_user_data = xstrdup (opt.startup_pinentry_user_data);
/* Check whether we have a config file on the commandline */
orig_argc = argc;
@ -662,6 +671,7 @@ main (int argc, char **argv )
case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;
case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;
case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);
case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
break;
case oUseStandardSocket: standard_socket = 1; break;
@ -1139,6 +1149,14 @@ agent_init_default_ctrl (ctrl_t ctrl)
if (ctrl->lc_messages)
free (ctrl->lc_messages);
ctrl->lc_messages = default_lc_messages? strdup (default_lc_messages) : NULL;
if (ctrl->xauthority)
free (ctrl->xauthority);
ctrl->xauthority = default_xauthority? strdup (default_xauthority) : NULL;
if (ctrl->pinentry_user_data)
free (ctrl->pinentry_user_data);
ctrl->pinentry_user_data = NULL;
}
@ -1155,6 +1173,10 @@ agent_deinit_default_ctrl (ctrl_t ctrl)
free (ctrl->lc_ctype);
if (ctrl->lc_messages)
free (ctrl->lc_messages);
if (ctrl->xauthority)
free (ctrl->xauthority);
if (ctrl->pinentry_user_data)
free (ctrl->pinentry_user_data);
}
/* Reread parts of the configuration. Note, that this function is

18
common/ChangeLog
View File

@ -1,3 +1,21 @@
2007-11-15 Werner Koch <wk@g10code.com>
* asshelp.c (send_pinentry_environment): Add args XAUTHORITY and
PINENTRY_USER_DATA.
(start_new_gpg_agent): Ditto.
2007-11-07 Werner Koch <wk@g10code.com>
* status.h: New.
* errors.h: Remove.
2007-11-05 Werner Koch <wk@g10code.com>
* audit.c, audit.h: New.
* Makefile.am: Add rules to build audit-events.h.
* exaudit.awk: New.
* mkstrtable.awk: New. Taken from libgpg-error.
2007-10-19 Werner Koch <wk@g10code.com>
* i18n.c (i18n_switchto_utf8, i18n_switchback): New.

26
common/Makefile.am
View File

@ -1,5 +1,5 @@
# Makefile for common gnupg modules
# Copyright (C) 2001, 2003 Free Software Foundation, Inc.
# Copyright (C) 2001, 2003, 2007 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
@ -18,10 +18,15 @@
## Process this file with automake to produce Makefile.in
EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk \
audit-events.h status-codes.h
noinst_LIBRARIES = libcommon.a libcommonpth.a libsimple-pwquery.a libgpgrl.a
noinst_PROGRAMS = $(module_tests)
TESTS = $(module_tests)
BUILT_SOURCES = audit-events.h status-codes.h
AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
@ -31,7 +36,7 @@ include $(top_srcdir)/am/cmacros.am
common_sources = \
common-defs.h \
util.h i18n.c i18n.h \
errors.h \
status.c status.h\
openpgpdefs.h \
gc-opt-flags.h \
keyserver.h \
@ -55,12 +60,14 @@ common_sources = \
exechelp.c exechelp.h \
signal.c \
estream.c estream.h estream-printf.c estream-printf.h \
audit.c audit.h \
srv.h \
dns-cert.c dns-cert.h \
pka.c pka.h \
http.c http.h
libcommon_a_SOURCES = $(common_sources)
if USE_DNS_SRV
libcommon_a_SOURCES += srv.c
@ -80,6 +87,19 @@ libsimple_pwquery_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
libgpgrl_a_SOURCES = \
gpgrlhelp.c
# Create the audit-events.h include file from audit.h
audit-events.h: Makefile mkstrtable.awk exaudit.awk audit.h
$(AWK) -f $(srcdir)/exaudit.awk $(srcdir)/audit.h \
| $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
-v namespace=eventstr_ >$@
# Create the status-codes.h include file from status.h
status-codes.h: Makefile mkstrtable.awk exstatus.awk status.h
$(AWK) -f $(srcdir)/exstatus.awk $(srcdir)/status.h \
| $(AWK) -f $(srcdir)/mkstrtable.awk -v textidx=3 -v nogettext=1 \
-v namespace=statusstr_ >$@
#
# Module tests
#
@ -92,3 +112,5 @@ t_convert_LDADD = $(t_common_ldadd)
t_gettime_LDADD = $(t_common_ldadd)
t_sysutils_LDADD = $(t_common_ldadd)

39
common/asshelp.c
View File

@ -1,5 +1,5 @@
/* asshelp.c - Helper functions for Assuan
* Copyright (C) 2002, 2004 Free Software Foundation, Inc.
* Copyright (C) 2002, 2004, 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -31,7 +31,7 @@
#include "util.h"
#include "exechelp.h"
#include "sysutils.h"
#include "errors.h" /* FIXME: This one conatisn only status code - rename it*/
#include "status.h"
#include "asshelp.h"
@ -56,7 +56,7 @@ send_one_option (assuan_context_t ctx, gpg_err_source_t errsource,
}
/* Send the assuan commands pertaining to the pinenry environment. The
/* Send the assuan commands pertaining to the pinentry environment. The
OPT_* arguments are optional and may be used to override the
defaults taken from the current locale. */
gpg_error_t
@ -66,7 +66,9 @@ send_pinentry_environment (assuan_context_t ctx,
const char *opt_ttyname,
const char *opt_ttytype,
const char *opt_lc_ctype,
const char *opt_lc_messages)
const char *opt_lc_messages,
const char *opt_xauthority,
const char *opt_pinentry_user_data)
{
gpg_error_t err = 0;
char *dft_display = NULL;
@ -74,6 +76,8 @@ send_pinentry_environment (assuan_context_t ctx,
char *dft_ttytype = NULL;
char *old_lc = NULL;
char *dft_lc = NULL;
char *dft_xauthority = NULL;
char *dft_pinentry_user_data = NULL;
/* Send the DISPLAY variable. */
dft_display = getenv ("DISPLAY");
@ -162,6 +166,27 @@ send_pinentry_environment (assuan_context_t ctx,
if (err)
return err;
/* Send the XAUTHORITY variable. */
dft_xauthority = getenv ("XAUTHORITY");
if (opt_xauthority || dft_xauthority)
{
err = send_one_option (ctx, errsource, "xauthority",
opt_xauthority ? opt_xauthority : dft_xauthority);
if (err)
return err;
}
/* Send the PINENTRY_USER_DATA variable. */
dft_pinentry_user_data = getenv ("PINENTRY_USER_DATA");
if (opt_pinentry_user_data || dft_pinentry_user_data)
{
err = send_one_option (ctx, errsource, "pinentry-user-data",
opt_pinentry_user_data ?
opt_pinentry_user_data : dft_pinentry_user_data);
if (err)
return err;
}
return 0;
}
@ -179,6 +204,8 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
const char *opt_ttytype,
const char *opt_lc_ctype,
const char *opt_lc_messages,
const char *opt_xauthority,
const char *opt_pinentry_user_data,
int verbose, int debug,
gpg_error_t (*status_cb)(ctrl_t, int, ...),
ctrl_t status_cb_arg)
@ -333,7 +360,9 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
if (!rc)
rc = send_pinentry_environment (ctx, errsource,
opt_display, opt_ttyname, opt_ttytype,
opt_lc_ctype, opt_lc_messages);
opt_lc_ctype, opt_lc_messages,
opt_xauthority,
opt_pinentry_user_data);
if (rc)
{
assuan_disconnect (ctx);

8
common/asshelp.h
View File

@ -1,5 +1,5 @@
/* asshelp.h - Helper functions for Assuan
* Copyright (C) 2004 Free Software Foundation, Inc.
* Copyright (C) 2004, 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -30,7 +30,9 @@ send_pinentry_environment (assuan_context_t ctx,
const char *opt_ttyname,
const char *opt_ttytype,
const char *opt_lc_ctype,
const char *opt_lc_messages);
const char *opt_lc_messages,
const char *opt_xauthority,
const char *opt_pinentry_user_data);
/* This fucntion is used by the call-agent.c modules to fire up a new
agent. What a parameter list ;-). */
@ -44,6 +46,8 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
const char *opt_ttytype,
const char *opt_lc_ctype,
const char *opt_lc_messages,
const char *opt_xauthority,
const char *opt_pinentry_user_data,
int verbose, int debug,
gpg_error_t (*status_cb)(ctrl_t, int, ...),
ctrl_t status_cb_arg);

336
common/audit.c Normal file
View File

@ -0,0 +1,336 @@
/* audit.c - GnuPG's audit subsystem
* Copyright (C) 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdlib.h>
#include "util.h"
#include "audit.h"
#include "audit-events.h"
/* One log entry. */
struct log_item_s
{
audit_event_t event; /* The event. */
gpg_error_t err; /* The logged error code. */
int intvalue; /* A logged interger value. */
char *string; /* A malloced string or NULL. */
ksba_cert_t cert; /* A certifciate or NULL. */
int have_err:1;
int have_intvalue:1;
};
typedef struct log_item_s *log_item_t;
/* The main audit object. */
struct audit_ctx_s
{
const char *failure; /* If set a description of the internal failure. */
audit_type_t type;
log_item_t log; /* The table with the log entries. */
size_t logsize; /* The allocated size for LOG. */
size_t logused; /* The used size of LOG. */
};
static const char *
event2str (audit_event_t event)
{
int idx = eventstr_msgidxof (event);
if (idx == -1)
return "Unknown event";
else
return eventstr_msgstr + eventstr_msgidx[idx];
}
/* Create a new audit context. In case of an error NULL is returned
and errno set appropriately. */
audit_ctx_t
audit_new (void)
{
audit_ctx_t ctx;
ctx = xtrycalloc (1, sizeof *ctx);
return ctx;
}
/* Release an audit context. Passing NULL for CTX is allowed and does
nothing. */
void
audit_release (audit_ctx_t ctx)
{
int idx;
if (!ctx)
return;
if (ctx->log)
{
for (idx=0; idx < ctx->logused; idx++)
{
if (ctx->log[idx].string)
xfree (ctx->log[idx].string);
if (ctx->log[idx].cert)
ksba_cert_release (ctx->log[idx].cert);
}
xfree (ctx->log);
}
xfree (ctx);
}
/* Set the type for the audit operation. If CTX is NULL, this is a
dummy fucntion. */
void
audit_set_type (audit_ctx_t ctx, audit_type_t type)
{
if (!ctx || ctx->failure)
return; /* Audit not enabled or an internal error has occurred. */
if (ctx->type && ctx->type != type)
{
ctx->failure = "conflict in type initialization";
return;
}
ctx->type = type;
}
/* Create a new log item and put it into the table. Return that log
item on success; return NULL on memory failure and mark that in
CTX. */
static log_item_t
create_log_item (audit_ctx_t ctx)
{
log_item_t item, table;
size_t size;
if (!ctx->log)
{
size = 10;
table = xtrymalloc (size * sizeof *table);
if (!table)
{
ctx->failure = "Out of memory in create_log_item";
return NULL;
}
ctx->log = table;
ctx->logsize = size;
item = ctx->log + 0;
ctx->logused = 1;
}
else if (ctx->logused >= ctx->logsize)
{
size = ctx->logsize + 10;
table = xtryrealloc (ctx->log, size * sizeof *table);
if (!table)
{
ctx->failure = "Out of memory while reallocating in create_log_item";
return NULL;
}
ctx->log = table;
ctx->logsize = size;
item = ctx->log + ctx->logused++;
}
else
item = ctx->log + ctx->logused++;
item->event = AUDIT_NULL_EVENT;
item->err = 0;
item->have_err = 0;
item->intvalue = 0;
item->have_intvalue = 0;
item->string = NULL;
item->cert = NULL;
return item;
}
/* Add a new event to the audit log. If CTX is NULL, this function
does nothing. */
void
audit_log (audit_ctx_t ctx, audit_event_t event)
{
log_item_t item;
if (!ctx || ctx->failure)
return; /* Audit not enabled or an internal error has occurred. */
if (!event)
{
ctx->failure = "Invalid event passed to audit_log";
return;
}
if (!(item = create_log_item (ctx)))
return;
item->event = event;
}
/* Add a new event to the audit log. If CTX is NULL, this function
does nothing. This version also adds the result of the oepration
to the log.. */
void
audit_log_ok (audit_ctx_t ctx, audit_event_t event, gpg_error_t err)
{
log_item_t item;
if (!ctx || ctx->failure)
return; /* Audit not enabled or an internal error has occurred. */
if (!event)
{
ctx->failure = "Invalid event passed to audit_log_ok";
return;
}
if (!(item = create_log_item (ctx)))
return;
item->event = event;
item->err = err;
item->have_err = 1;
}
/* Add a new event to the audit log. If CTX is NULL, this function
does nothing. This version also add the integer VALUE to the log. */
void
audit_log_i (audit_ctx_t ctx, audit_event_t event, int value)
{
log_item_t item;
if (!ctx || ctx->failure)
return; /* Audit not enabled or an internal error has occurred. */
if (!event)
{
ctx->failure = "Invalid event passed to audit_log_i";
return;
}
if (!(item = create_log_item (ctx)))
return;
item->event = event;
item->intvalue = value;
item->have_intvalue = 1;
}
/* Add a new event to the audit log. If CTX is NULL, this function
does nothing. This version also add the integer VALUE to the log. */
void
audit_log_s (audit_ctx_t ctx, audit_event_t event, const char *value)
{
log_item_t item;
char *tmp;
if (!ctx || ctx->failure)
return; /* Audit not enabled or an internal error has occurred. */
if (!event)
{
ctx->failure = "Invalid event passed to audit_log_s";
return;
}
tmp = xtrystrdup (value? value : "");
if (!tmp)
{
ctx->failure = "Out of memory in audit_event";
return;
}
if (!(item = create_log_item (ctx)))
{
xfree (tmp);
return;
}
item->event = event;
item->string = tmp;
}
/* Add a new event to the audit log. If CTX is NULL, this function
does nothing. This version also adds the certificate CERT and the
result of an operation to the log. */
void
audit_log_cert (audit_ctx_t ctx, audit_event_t event,
ksba_cert_t cert, gpg_error_t err)
{
log_item_t item;
if (!ctx || ctx->failure)
return; /* Audit not enabled or an internal error has occurred. */
if (!event)
{
ctx->failure = "Invalid event passed to audit_log_cert";
return;
}
if (!(item = create_log_item (ctx)))
return;
item->event = event;
item->err = err;
item->have_err = 1;
if (cert)
{
ksba_cert_ref (cert);
item->cert = cert;
}
}
/* Print the formatted audit result. THIS IS WORK IN PROGRESS. */
void
audit_print_result (audit_ctx_t ctx, FILE *fp)
{
int idx;
int maxlen;
size_t n;
if (!ctx)
return;
if (!ctx->log || !ctx->logused)
{
fprintf (fp, "AUDIT-LOG: No entries\n");
return;
}
for (idx=0,maxlen=0; idx < DIM (eventstr_msgidx); idx++)
{
n = strlen (eventstr_msgstr + eventstr_msgidx[idx]);
if (n > maxlen)
maxlen = n;
}
for (idx=0; idx < ctx->logused; idx++)
{
fprintf (fp, "AUDIT-LOG[%d]: %-*s",
idx, maxlen, event2str (ctx->log[idx].event));
if (ctx->log[idx].have_intvalue)
fprintf (fp, " i=%d", ctx->log[idx].intvalue);
if (ctx->log[idx].string)
fprintf (fp, " s=`%s'", ctx->log[idx].string);
if (ctx->log[idx].cert)
fprintf (fp, " has_cert");
if (ctx->log[idx].have_err)
fprintf (fp, " err=\"%s\"", gpg_strerror (ctx->log[idx].err));
putc ('\n', fp);
}
}

139
common/audit.h Normal file
View File

@ -0,0 +1,139 @@
/* audit.h - Definitions for the audit subsystem
* Copyright (C) 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GNUPG_COMMON_AUDIT_H
#define GNUPG_COMMON_AUDIT_H
#include <ksba.h>
struct audit_ctx_s;
typedef struct audit_ctx_s *audit_ctx_t;
/* Constants for the audit type. */
typedef enum
{
AUDIT_TYPE_NONE = 0, /* No type set. */
AUDIT_TYPE_VERIFY /* Signature verification. */
}
audit_type_t;
/* The events we support. */
typedef enum
{
AUDIT_NULL_EVENT = 0,
/* No such event. Its value shall be 0 and no other values shall
be assigned to the other enum symbols. This is required so
that the exaudit.awk script comes up with correct values
without running cc. */
AUDIT_SETUP_READY,
/* All preparations done so that the actual processing can start
now. This indicates that all parameters are okay and we can
start to process the actual data. */
AUDIT_DETACHED_SIGNATURE,
/* The signature is a detached one. */
AUDIT_CERT_ONLY_SIG,
/* A certifciate only signature has been detected. */
AUDIT_DATA_HASH_ALGO, /* int */
/* The hash algo given as argument is used for this signature.
This event will be repeated for all hash algorithms used with
the data. */
AUDIT_BAD_DATA_HASH_ALGO, /* string */
/* The hash algo as specified by the signature can't be used.
STRING is the description of this algorithm which usually is an
OID string. STRING may be NULL. */
AUDIT_DATA_HASHING, /* ok_err */
/* Logs the result of the data hashing. */
AUDIT_READ_ERROR, /* ok_err */
/* A generic read error occurred. */
AUDIT_WRITE_ERROR, /* ok_err */
/* A generic write error occurred. */
AUDIT_USAGE_ERROR,
/* The program was used in an inappropriate way; For example by
passing a data object while the signature does not expect one
or vice versa. */
AUDIT_SAVE_CERT, /* cert, ok_err */
/* Save the certificate received in a message. */
AUDIT_NEW_SIG, /* int */
/* Start the verification of a new signature for the last data
object. The argument is the signature number as used
internally by the program. */
AUDIT_SIG_NAME, /* string */
/* The name of a signer. This is the name or other identification
data as known from the signature and not the name from the
certificate used for verification. An example for STRING when
using CMS is:b "#1234/CN=Prostetnic Vogon Jeltz". */
AUDIT_SIG_STATUS, /* string */
/* The signature status of the current signer. This is the last
audit information for one signature. STRING gives the status:
"error" - there was a problem checking this or any signature.
"unsupported" - the signature type is not supported.
"no-cert" - The certificate of the signer was not found (the
S/N+issuer of the signer is already in the log).
"bad" - bad signature
"good" - good signature
*/
AUDIT_VALIDATE_CHAIN,
/* Start the validation of a certificate chain. */
AUDIT_CHAIN_BEGIN,
AUDIT_CHAIN_CERT, /* cert */
AUDIT_CHAIN_ROOTCERT,/* cert */
AUDIT_CHAIN_END,
/* These 4 events are used to log the certificates making up a
certificate chain. ROOTCERT is used for the trustanchor and
CERT for all other certificates. */
AUDIT_LAST_EVENT /* Marker for parsing this list. */
}
audit_event_t;
audit_ctx_t audit_new (void);
void audit_release (audit_ctx_t ctx);
void audit_set_type (audit_ctx_t ctx, audit_type_t type);
void audit_log (audit_ctx_t ctx, audit_event_t event);
void audit_log_ok (audit_ctx_t ctx, audit_event_t event, gpg_error_t err);
void audit_log_i (audit_ctx_t ctx, audit_event_t event, int value);
void audit_log_s (audit_ctx_t ctx, audit_event_t event, const char *value);
void audit_log_cert (audit_ctx_t ctx, audit_event_t event,
ksba_cert_t cert, gpg_error_t err);
void audit_print_result (audit_ctx_t ctx, FILE *fp);
#endif /*GNUPG_COMMON_AUDIT_H*/

111
common/errors.h
View File

@ -1,111 +0,0 @@
/* errors.h - Globally used error codes
* Copyright (C) 2001 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GNUPG_COMMON_ERRORS_H
#define GNUPG_COMMON_ERRORS_H
#include "util.h"
/* Status codes - fixme: should go into another file */
enum {
STATUS_ENTER,
STATUS_LEAVE,
STATUS_ABORT,
STATUS_GOODSIG,
STATUS_BADSIG,
STATUS_ERRSIG,
STATUS_BADARMOR,
STATUS_RSA_OR_IDEA,
STATUS_SIGEXPIRED,
STATUS_KEYREVOKED,
STATUS_TRUST_UNDEFINED,
STATUS_TRUST_NEVER,
STATUS_TRUST_MARGINAL,
STATUS_TRUST_FULLY,
STATUS_TRUST_ULTIMATE,
STATUS_SHM_INFO,
STATUS_SHM_GET,
STATUS_SHM_GET_BOOL,
STATUS_SHM_GET_HIDDEN,
STATUS_NEED_PASSPHRASE,
STATUS_VALIDSIG,
STATUS_SIG_ID,
STATUS_ENC_TO,
STATUS_NODATA,
STATUS_BAD_PASSPHRASE,
STATUS_NO_PUBKEY,
STATUS_NO_SECKEY,
STATUS_NEED_PASSPHRASE_SYM,
STATUS_DECRYPTION_FAILED,
STATUS_DECRYPTION_OKAY,
STATUS_MISSING_PASSPHRASE,
STATUS_GOOD_PASSPHRASE,
STATUS_GOODMDC,
STATUS_BADMDC,
STATUS_ERRMDC,
STATUS_IMPORTED,
STATUS_IMPORT_OK,
STATUS_IMPORT_PROBLEM,
STATUS_IMPORT_RES,
STATUS_FILE_START,
STATUS_FILE_DONE,
STATUS_FILE_ERROR,
STATUS_BEGIN_DECRYPTION,
STATUS_END_DECRYPTION,
STATUS_BEGIN_ENCRYPTION,
STATUS_END_ENCRYPTION,
STATUS_DELETE_PROBLEM,
STATUS_GET_BOOL,
STATUS_GET_LINE,
STATUS_GET_HIDDEN,
STATUS_GOT_IT,
STATUS_PROGRESS,
STATUS_SIG_CREATED,
STATUS_SESSION_KEY,
STATUS_NOTATION_NAME,
STATUS_NOTATION_DATA,
STATUS_POLICY_URL,
STATUS_BEGIN_STREAM,
STATUS_END_STREAM,
STATUS_KEY_CREATED,
STATUS_USERID_HIN,
STATUS_UNEXPECTED,
STATUS_INV_RECP,
STATUS_NO_RECP,
STATUS_ALREADY_SIGNED,
STATUS_EXPSIG,
STATUS_EXPKEYSIG,
STATUS_TRUNCATED,
STATUS_ERROR,
STATUS_NEWSIG
};
/*-- errors.c (build by mkerror and mkerrtok) --*/
const char *gnupg_strerror (int err);
const char *gnupg_error_token (int err);
#endif /*GNUPG_COMMON_ERRORS_H*/

43
common/exaudit.awk Normal file
View File

@ -0,0 +1,43 @@
# exaudit.awk - Extract audit event codes from audit.h
# Copyright (C) 2007 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
BEGIN {
print "# Output of exaudit.awk - DO NOT EDIT."
topheader = 0;
okay = 0;
code = 0;
}
topheader == 0 && /^\/\*/ { topheader = 1 }
topheader == 1 { print $0 }
topheader == 1 && /\*\// { topheader = 2; print "" }
/AUDIT_NULL_EVENT/ { okay = 1 }
!okay { next }
/AUDIT_LAST_EVENT/ { exit }
/AUDIT_[A-Za-z_]+/ {
sub (/[,\/\*]+/, "", $1);
desc = tolower (substr($1,7));
gsub (/_/," ",desc);
printf "%d\t%s\t%s\n", code, $1, desc;
code++;
}
END {
print "# end of audit codes."
}

40
common/exstatus.awk Normal file
View File

@ -0,0 +1,40 @@
# exstatus.awk - Extract status codes from status.h
# Copyright (C) 2007 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
# GnuPG is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
BEGIN {
print "# Created by exstatus.awk - DO NOT EDIT."
topheader = 0;
code = 0;
}
topheader == 0 && /^\/\*/ { topheader = 1 }
topheader == 1 { print $0 }
topheader == 1 && /\*\// { topheader = 2; print "" }
/^[ \t]+STATUS_[A-Za-z_]+/ {
sub (/[,\/\*]+/, "", $1);
desc = substr($1,8);
printf "%d\t%s\t%s\n", code, $1, desc;
code++;
}
END {
print "# end of status codes."
}

106
common/maperror.c
View File

@ -1,106 +0,0 @@
/* maperror.c - Error mapping
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#error This file is not anymore used.
#include <config.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
#include <assuan.h>
#include "util.h"
#include "errors.h"
/* Map Assuan error code ERR to an GPG_ERR_ code. We need to
distinguish between genuine (and legacy) Assuan error codes and
application error codes shared with all GnuPG modules. The rule is
simple: All errors with a gpg_err_source of UNKNOWN are genuine
Assuan codes all others are passed verbatim through. */
gpg_error_t
map_assuan_err_with_source (int source, int err)
{
gpg_err_code_t ec;
if (gpg_err_source (err))
return err;
switch (err)
{
case -1: ec = GPG_ERR_EOF; break;
case 0: ec = 0; break;
case ASSUAN_Canceled: ec = GPG_ERR_CANCELED; break;
case ASSUAN_Invalid_Index: ec = GPG_ERR_INV_INDEX; break;
case ASSUAN_Not_Implemented: ec = GPG_ERR_NOT_IMPLEMENTED; break;
case ASSUAN_Server_Fault: ec = GPG_ERR_ASSUAN_SERVER_FAULT; break;
case ASSUAN_No_Public_Key: ec = GPG_ERR_NO_PUBKEY; break;
case ASSUAN_No_Secret_Key: ec = GPG_ERR_NO_SECKEY; break;
case ASSUAN_Cert_Revoked: ec = GPG_ERR_CERT_REVOKED; break;
case ASSUAN_No_CRL_For_Cert: ec = GPG_ERR_NO_CRL_KNOWN; break;
case ASSUAN_CRL_Too_Old: ec = GPG_ERR_CRL_TOO_OLD; break;
case ASSUAN_Not_Trusted: ec = GPG_ERR_NOT_TRUSTED; break;
case ASSUAN_Card_Error: ec = GPG_ERR_CARD; break;
case ASSUAN_Invalid_Card: ec = GPG_ERR_INV_CARD; break;
case ASSUAN_No_PKCS15_App: ec = GPG_ERR_NO_PKCS15_APP; break;
case ASSUAN_Card_Not_Present: ec= GPG_ERR_CARD_NOT_PRESENT; break;
case ASSUAN_Not_Confirmed: ec = GPG_ERR_NOT_CONFIRMED; break;
case ASSUAN_Invalid_Id: ec = GPG_ERR_INV_ID; break;
case ASSUAN_Locale_Problem: ec = GPG_ERR_LOCALE_PROBLEM; break;
default:
ec = err < 100? GPG_ERR_ASSUAN_SERVER_FAULT : GPG_ERR_ASSUAN;
break;
}
return gpg_err_make (source, ec);
}
/* Map GPG_xERR_xx error codes to Assuan status codes */
int
map_to_assuan_status (int rc)
{
gpg_err_code_t ec = gpg_err_code (rc);
gpg_err_source_t es = gpg_err_source (rc);
if (!rc)
return 0;
if (!es)
{
es = GPG_ERR_SOURCE_USER_4; /* This should not happen, but we
need to make sure to pass a new
Assuan errorcode along. */
log_debug ("map_to_assuan_status called with no error source\n");
}
if (ec == -1)
ec = GPG_ERR_NO_DATA; /* That used to be ASSUAN_No_Data_Available. */
return gpg_err_make (es, ec);
}

185
common/mkstrtable.awk Normal file
View File

@ -0,0 +1,185 @@
# mkstrtable.awk
# Copyright (C) 2003, 2004 g10 Code GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#
# As a special exception, g10 Code GmbH gives unlimited permission to
# copy, distribute and modify the C source files that are the output
# of mkstrtable.awk. You need not follow the terms of the GNU General
# Public License when using or distributing such scripts, even though
# portions of the text of mkstrtable.awk appear in them. The GNU
# General Public License (GPL) does govern all other use of the material
# that constitutes the mkstrtable.awk program.
#
# Certain portions of the mkstrtable.awk source text are designed to be
# copied (in certain cases, depending on the input) into the output of
# mkstrtable.awk. We call these the "data" portions. The rest of the
# mkstrtable.awk source text consists of comments plus executable code
# that decides which of the data portions to output in any given case.
# We call these comments and executable code the "non-data" portions.
# mkstrtable.h never copies any of the non-data portions into its output.
#
# This special exception to the GPL applies to versions of mkstrtable.awk
# released by g10 Code GmbH. When you make and distribute a modified version
# of mkstrtable.awk, you may extend this special exception to the GPL to
# apply to your modified version as well, *unless* your modified version
# has the potential to copy into its output some of the text that was the
# non-data portion of the version that you started with. (In other words,
# unless your change moves or copies text from the non-data portions to the
# data portions.) If your modification has such potential, you must delete
# any notice of this special exception to the GPL from your modified version.
# This script outputs a source file that does define the following
# symbols:
#
# static const char msgstr[];
# A string containing all messages in the list.
#
# static const int msgidx[];
# A list of index numbers, one for each message, that points to the
# beginning of the string in msgstr.
#
# msgidxof (code);
# A macro that maps code numbers to idx numbers. If a DEFAULT MESSAGE
# is provided (see below), its index will be returned for unknown codes.
# Otherwise -1 is returned for codes that do not appear in the list.
# You can lookup the message with code CODE with:
# msgstr + msgidx[msgidxof (code)].
#
# The input file has the following format:
# CODE1 ... MESSAGE1 (code nr, <tab>, something, <tab>, msg)
# CODE2 ... MESSAGE2 (code nr, <tab>, something, <tab>, msg)
# ...
# CODEn ... MESSAGEn (code nr, <tab>, something, <tab>, msg)
# ... DEFAULT-MESSAGE (<tab>, something, <tab>, fall-back msg)
#
# Comments (starting with # and ending at the end of the line) are removed,
# as is trailing whitespace. The last line is optional; if no DEFAULT
# MESSAGE is given, msgidxof will return the number -1 for unknown
# index numbers.
#
# The field to be used is specified with the variable "textidx" on
# the command line. It defaults to 2.
#
# The variable nogettext can be set to 1 to suppress gettext markers.
#
# The variable prefix can be used to prepend a string to each message.
#
# The variable namespace can be used to prepend a string to each
# variable and macro name.
BEGIN {
FS = "[\t]+";
# cpos holds the current position in the message string.
cpos = 0;
# msg holds the number of messages.
msg = 0;
print "/* Output of mkstrtable.awk. DO NOT EDIT. */";
print "";
header = 1;
if (textidx == 0)
textidx = 2;
# nogettext can be set to 1 to suppress gettext noop markers.
}
/^#/ { next; }
header {
if ($1 ~ /^[0123456789]+$/)
{
print "/* The purpose of this complex string table is to produce";
print " optimal code with a minimum of relocations. */";
print "";
print "static const char " namespace "msgstr[] = ";
header = 0;
}
else
print;
}
!header {
sub (/\#.+/, "");
sub (/[ ]+$/, ""); # Strip trailing space and tab characters.
if (/^$/)
next;
# Print the string msgstr line by line. We delay output by one line to be able
# to treat the last line differently (see END).
if (last_msgstr)
{
if (nogettext)
print " \"" last_msgstr "\" \"\\0\"";
else
print " gettext_noop (\"" last_msgstr "\") \"\\0\"";
}
last_msgstr = prefix $textidx;
# Remember the error code and msgidx of each error message.
code[msg] = $1;
pos[msg] = cpos;
cpos += length (last_msgstr) + 1;
msg++;
if ($1 == "")
{
has_default = 1;
exit;
}
}
END {
if (has_default)
coded_msgs = msg - 1;
else
coded_msgs = msg;
if (nogettext)
print " \"" prefix last_msgstr "\";";
else
print " gettext_noop (\"" prefix last_msgstr "\");";
print "";
print "static const int " namespace "msgidx[] =";
print " {";
for (i = 0; i < coded_msgs; i++)
print " " pos[i] ",";
print " " pos[coded_msgs];
print " };";
print "";
print "#define " namespace "msgidxof(code) (0 ? -1 \\";
# Gather the ranges.
skip = code[0];
start = code[0];
stop = code[0];
for (i = 1; i < coded_msgs; i++)
{
if (code[i] == stop + 1)
stop++;
else
{
print " : ((code >= " start ") && (code <= " stop ")) ? (code - " \
skip ") \\";
skip += code[i] - stop - 1;
start = code[i];
stop = code[i];
}
}
print " : ((code >= " start ") && (code <= " stop ")) ? (code - " \
skip ") \\";
if (has_default)
print " : " stop + 1 " - " skip ")";
else
print " : -1)";
}

38
common/status.c Normal file
View File

@ -0,0 +1,38 @@
/* status.c - status code helper functions
* Copyright (C) 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdlib.h>
#include "util.h"
#include "status.h"
#include "status-codes.h"
/* Return the status string for code NO. */
const char *
get_status_string ( int no )
{
int idx = statusstr_msgidxof (no);
if (idx == -1)
return "?";
else
return statusstr_msgstr + statusstr_msgidx[idx];
}

132
common/status.h Normal file
View File

@ -0,0 +1,132 @@
/* status.h - Status codes
* Copyright (C) 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef GNUPG_COMMON_STATUS_H
#define GNUPG_COMMON_STATUS_H
enum
{
STATUS_ENTER,
STATUS_LEAVE,
STATUS_ABORT,
STATUS_GOODSIG,
STATUS_BADSIG,
STATUS_ERRSIG,
STATUS_BADARMOR,
STATUS_RSA_OR_IDEA,
STATUS_TRUST_UNDEFINED,
STATUS_TRUST_NEVER,
STATUS_TRUST_MARGINAL,
STATUS_TRUST_FULLY,
STATUS_TRUST_ULTIMATE,
STATUS_NEED_PASSPHRASE,
STATUS_VALIDSIG,
STATUS_SIG_ID,
STATUS_ENC_TO,
STATUS_NODATA,
STATUS_BAD_PASSPHRASE,
STATUS_NO_PUBKEY,
STATUS_NO_SECKEY,
STATUS_NEED_PASSPHRASE_SYM,
STATUS_DECRYPTION_FAILED,
STATUS_DECRYPTION_OKAY,
STATUS_MISSING_PASSPHRASE,
STATUS_GOOD_PASSPHRASE,
STATUS_GOODMDC,
STATUS_BADMDC,
STATUS_ERRMDC,
STATUS_IMPORTED,
STATUS_IMPORT_OK,
STATUS_IMPORT_PROBLEM,
STATUS_IMPORT_RES,
STATUS_IMPORT_CHECK,
STATUS_FILE_START,
STATUS_FILE_DONE,
STATUS_FILE_ERROR,
STATUS_BEGIN_DECRYPTION,
STATUS_END_DECRYPTION,
STATUS_BEGIN_ENCRYPTION,
STATUS_END_ENCRYPTION,
STATUS_BEGIN_SIGNING,
STATUS_DELETE_PROBLEM,
STATUS_GET_BOOL,
STATUS_GET_LINE,
STATUS_GET_HIDDEN,
STATUS_GOT_IT,
STATUS_PROGRESS,
STATUS_SIG_CREATED,
STATUS_SESSION_KEY,
STATUS_NOTATION_NAME,
STATUS_NOTATION_DATA,
STATUS_POLICY_URL,
STATUS_BEGIN_STREAM,
STATUS_END_STREAM,
STATUS_KEY_CREATED,
STATUS_USERID_HINT,
STATUS_UNEXPECTED,
STATUS_INV_RECP,
STATUS_NO_RECP,
STATUS_ALREADY_SIGNED,
STATUS_KEYEXPIRED,
STATUS_KEYREVOKED,
STATUS_SIGEXPIRED,
STATUS_EXPSIG,
STATUS_EXPKEYSIG,
STATUS_ATTRIBUTE,
STATUS_REVKEYSIG,
STATUS_NEWSIG,
STATUS_SIG_SUBPACKET,
STATUS_PLAINTEXT,
STATUS_PLAINTEXT_LENGTH,
STATUS_KEY_NOT_CREATED,
STATUS_NEED_PASSPHRASE_PIN,
STATUS_CARDCTRL,
STATUS_SC_OP_FAILURE,
STATUS_SC_OP_SUCCESS,
STATUS_BACKUP_KEY_CREATED,
STATUS_PKA_TRUST_BAD,
STATUS_PKA_TRUST_GOOD,
STATUS_TRUNCATED,
STATUS_ERROR
};
const char *get_status_string (int code);
#endif /*GNUPG_COMMON_STATUS_H*/

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2007-11-15 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA.
* gpg-agent.texi (Agent Options): Add xauthority.
2007-10-31 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.texi (Agent Options): Fix typos, by Bernhard Reiter.

12
doc/gpg-agent.texi
View File

@ -94,10 +94,10 @@ required.
Please make sure that a proper pinentry program has been installed
under the default filename (which is system dependant) or use the
option @code{pinentry-program} to specify the full name of that
program. It is often useful to install a symbolic link from the
actual used pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the
expected one (e.g. @file{/usr/bin/pinentry}).
option @option{pinentry-program} to specify the full name of that program.
It is often useful to install a symbolic link from the actual used
pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the expected
one (e.g. @file{/usr/bin/pinentry}).
@manpause
@noindent
@ -291,7 +291,7 @@ eval `cut -d= -f 1 < @var{file} | xargs echo export`
@item --no-grab
@opindex no-grab
Tell the pinentryo not to grab the keyboard and mouse. This option
Tell the pinentry not to grab the keyboard and mouse. This option
should in general not be used to avoid X-sniffing attacks.
@item --log-file @var{file}
@ -422,11 +422,13 @@ default on Windows systems.
@itemx --ttytype @var{string}
@itemx --lc-type @var{string}
@itemx --lc-messages @var{string}
@itemx --xauthority @var{string}
@opindex display
@opindex ttyname
@opindex ttytype
@opindex lc-type
@opindex lc-messages
@opindex xauthority
These options are used with the server mode to pass localization
information.

4
doc/gpg.texi
View File

@ -2617,6 +2617,10 @@ protocol version which should be set to 1. When starting the gpg-agent
as described in its documentation, this variable is set to the correct
value. The option @option{--gpg-agent-info} can be used to override it.
@item PINENTRY_USER_DATA
This value is passed via gpg-agent to pinentry. It is useful to convey
extra information to a custom pinentry
@item COLUMNS
@itemx LINES
Used to size some displays to the full size of the screen.

24
g10/ChangeLog
View File

@ -1,3 +1,27 @@
2007-11-19 Werner Koch <wk@g10code.com>
* keyedit.c (keyedit_menu): String grammar fix.
2007-11-15 Werner Koch <wk@g10code.com>
* gpg.c (main): New option --xauthority.
* call-agent.c (start_agent): Adjust changed start_new_gpg_agent.
2007-11-12 Werner Koch <wk@g10code.com>
* cpr.c (do_get_from_fd): s/bool/getbool/ to overcome problems
with Mac OS 10.5 which seems to include stdbool.h silently.
2007-11-07 Werner Koch <wk@g10code.com>
Replace all includes of errors.h by status.h (found in common/).
* status.h: Remove.
* status.h: Move prototypes to main.h.
* status.c: Rename to ..
* cpr.c: .. this.
(get_status_string): Remove. We take this now from common/.
2007-10-25 David Shaw <dshaw@jabberwocky.com> (wk)
From 1.4 (October):

3
g10/Makefile.am
View File

@ -62,8 +62,7 @@ common_source = \
keyid.c \
packet.h \
parse-packet.c \
status.c \
status.h \
cpr.c \
plaintext.c \
sig-check.c \
keylist.c \

2
g10/armor.c
View File

@ -27,7 +27,7 @@
#include <ctype.h>
#include "gpg.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "util.h"
#include "filter.h"

2
g10/build-packet.c
View File

@ -27,7 +27,7 @@
#include "gpg.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "util.h"
#include "cipher.h"

1
g10/call-agent.c
View File

@ -82,6 +82,7 @@ start_agent (void)
opt.agent_program,
opt.display, opt.ttyname, opt.ttytype,
opt.lc_ctype, opt.lc_messages,
opt.xauthority, opt.pinentry_user_data,
opt.verbose, DBG_ASSUAN,
NULL, NULL);
}

2
g10/cipher.c
View File

@ -26,7 +26,7 @@
#include <assert.h>
#include "gpg.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "util.h"
#include "filter.h"

2
g10/comment.c
View File

@ -26,7 +26,7 @@
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "util.h"
#include "main.h"

168
g10/status.c → g10/cpr.c
View File

@ -56,102 +56,6 @@ progress_cb (void *ctx, const char *what, int printchar,
write_status_text (STATUS_PROGRESS, buf);
}
static const char *
get_status_string ( int no )
{
const char *s;
switch( no )
{
case STATUS_ENTER : s = "ENTER"; break;
case STATUS_LEAVE : s = "LEAVE"; break;
case STATUS_ABORT : s = "ABORT"; break;
case STATUS_NEWSIG : s = "NEWSIG"; break;
case STATUS_GOODSIG: s = "GOODSIG"; break;
case STATUS_KEYEXPIRED: s = "KEYEXPIRED"; break;
case STATUS_KEYREVOKED: s = "KEYREVOKED"; break;
case STATUS_BADSIG : s = "BADSIG"; break;
case STATUS_ERRSIG : s = "ERRSIG"; break;
case STATUS_BADARMOR : s = "BADARMOR"; break;
case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA"; break;
case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED"; break;
case STATUS_TRUST_NEVER : s = "TRUST_NEVER"; break;
case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL"; break;
case STATUS_TRUST_FULLY : s = "TRUST_FULLY"; break;
case STATUS_TRUST_ULTIMATE : s = "TRUST_ULTIMATE"; break;
case STATUS_GET_BOOL : s = "GET_BOOL"; break;
case STATUS_GET_LINE : s = "GET_LINE"; break;
case STATUS_GET_HIDDEN : s = "GET_HIDDEN"; break;
case STATUS_GOT_IT : s = "GOT_IT"; break;
case STATUS_SHM_INFO : s = "SHM_INFO"; break;
case STATUS_SHM_GET : s = "SHM_GET"; break;
case STATUS_SHM_GET_BOOL : s = "SHM_GET_BOOL"; break;
case STATUS_SHM_GET_HIDDEN : s = "SHM_GET_HIDDEN"; break;
case STATUS_NEED_PASSPHRASE: s = "NEED_PASSPHRASE"; break;
case STATUS_VALIDSIG : s = "VALIDSIG"; break;
case STATUS_SIG_ID : s = "SIG_ID"; break;
case STATUS_ENC_TO : s = "ENC_TO"; break;
case STATUS_NODATA : s = "NODATA"; break;
case STATUS_BAD_PASSPHRASE : s = "BAD_PASSPHRASE"; break;
case STATUS_NO_PUBKEY : s = "NO_PUBKEY"; break;
case STATUS_NO_SECKEY : s = "NO_SECKEY"; break;
case STATUS_NEED_PASSPHRASE_SYM: s = "NEED_PASSPHRASE_SYM"; break;
case STATUS_NEED_PASSPHRASE_PIN: s = "NEED_PASSPHRASE_PIN"; break;
case STATUS_DECRYPTION_FAILED: s = "DECRYPTION_FAILED"; break;
case STATUS_DECRYPTION_OKAY: s = "DECRYPTION_OKAY"; break;
case STATUS_MISSING_PASSPHRASE: s = "MISSING_PASSPHRASE"; break;
case STATUS_GOOD_PASSPHRASE : s = "GOOD_PASSPHRASE"; break;
case STATUS_GOODMDC : s = "GOODMDC"; break;
case STATUS_BADMDC : s = "BADMDC"; break;
case STATUS_ERRMDC : s = "ERRMDC"; break;
case STATUS_IMPORTED : s = "IMPORTED"; break;
case STATUS_IMPORT_OK : s = "IMPORT_OK"; break;
case STATUS_IMPORT_CHECK : s = "IMPORT_CHECK"; break;
case STATUS_IMPORT_RES : s = "IMPORT_RES"; break;
case STATUS_FILE_START : s = "FILE_START"; break;
case STATUS_FILE_DONE : s = "FILE_DONE"; break;
case STATUS_FILE_ERROR : s = "FILE_ERROR"; break;
case STATUS_BEGIN_DECRYPTION:s = "BEGIN_DECRYPTION"; break;
case STATUS_END_DECRYPTION : s = "END_DECRYPTION"; break;
case STATUS_BEGIN_ENCRYPTION:s = "BEGIN_ENCRYPTION"; break;
case STATUS_END_ENCRYPTION : s = "END_ENCRYPTION"; break;
case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM"; break;
case STATUS_PROGRESS : s = "PROGRESS"; break;
case STATUS_SIG_CREATED : s = "SIG_CREATED"; break;
case STATUS_SESSION_KEY : s = "SESSION_KEY"; break;
case STATUS_NOTATION_NAME : s = "NOTATION_NAME" ; break;
case STATUS_NOTATION_DATA : s = "NOTATION_DATA" ; break;
case STATUS_POLICY_URL : s = "POLICY_URL" ; break;
case STATUS_BEGIN_STREAM : s = "BEGIN_STREAM"; break;
case STATUS_END_STREAM : s = "END_STREAM"; break;
case STATUS_KEY_CREATED : s = "KEY_CREATED"; break;
case STATUS_KEY_NOT_CREATED: s = "KEY_NOT_CREATED"; break;
case STATUS_USERID_HINT : s = "USERID_HINT"; break;
case STATUS_UNEXPECTED : s = "UNEXPECTED"; break;
case STATUS_INV_RECP : s = "INV_RECP"; break;
case STATUS_NO_RECP : s = "NO_RECP"; break;
case STATUS_ALREADY_SIGNED : s = "ALREADY_SIGNED"; break;
case STATUS_SIGEXPIRED : s = "SIGEXPIRED deprecated-use-keyexpired-instead"; break;
case STATUS_EXPSIG : s = "EXPSIG"; break;
case STATUS_EXPKEYSIG : s = "EXPKEYSIG"; break;
case STATUS_REVKEYSIG : s = "REVKEYSIG"; break;
case STATUS_ATTRIBUTE : s = "ATTRIBUTE"; break;
case STATUS_CARDCTRL : s = "CARDCTRL"; break;
case STATUS_PLAINTEXT : s = "PLAINTEXT"; break;
case STATUS_PLAINTEXT_LENGTH:s = "PLAINTEXT_LENGTH"; break;
case STATUS_SIG_SUBPACKET : s = "SIG_SUBPACKET"; break;
case STATUS_SC_OP_SUCCESS : s = "SC_OP_SUCCESS"; break;
case STATUS_SC_OP_FAILURE : s = "SC_OP_FAILURE"; break;
case STATUS_BACKUP_KEY_CREATED:s="BACKUP_KEY_CREATED"; break;
case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break;
case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break;
case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break;
case STATUS_ERROR : s = "ERROR"; break;
default: s = "?"; break;
}
return s;
}
/* Return true if the status message NO may currently be issued. We
need this to avoid syncronisation problem while auto retrieving a
@ -383,50 +287,52 @@ myread(int fd, void *buf, size_t count)
/****************
* Request a string from the client over the command-fd
* If bool, returns static string on true (do not free) or NULL for false
*/
/* Request a string from the client over the command-fd. If GETBOOL
is set the function returns a static string (do not free) if the
netered value was true or NULL if the entered value was false. */
static char *
do_get_from_fd( const char *keyword, int hidden, int bool )
do_get_from_fd ( const char *keyword, int hidden, int getbool )
{
int i, len;
char *string;
int i, len;
char *string;
if (statusfp != stdout)
fflush (stdout);
write_status_text (getbool? STATUS_GET_BOOL :
hidden? STATUS_GET_HIDDEN : STATUS_GET_LINE, keyword);
if(statusfp!=stdout)
fflush(stdout);
write_status_text( bool? STATUS_GET_BOOL :
hidden? STATUS_GET_HIDDEN : STATUS_GET_LINE, keyword );
for( string = NULL, i = len = 200; ; i++ ) {
if( i >= len-1 ) {
char *save = string;
len += 100;
string = hidden? xmalloc_secure ( len ) : xmalloc ( len );
if( save )
memcpy(string, save, i );
else
i=0;
for (string = NULL, i = len = 200; ; i++ )
{
if (i >= len-1 )
{
char *save = string;
len += 100;
string = hidden? xmalloc_secure ( len ) : xmalloc ( len );
if (save)
memcpy (string, save, i );
else
i = 0;
}
/* Hmmm: why not use our read_line function here */
if( myread( opt.command_fd, string+i, 1) != 1 || string[i] == '\n' )
break;
else if ( string[i] == CONTROL_D ) {
/* found ETX - cancel the line and return a sole ETX */
string[0] = CONTROL_D;
i=1;
break;
/* Fixme: why not use our read_line function here? */
if ( myread( opt.command_fd, string+i, 1) != 1 || string[i] == '\n' )
break;
else if ( string[i] == CONTROL_D )
{
/* Found ETX - Cancel the line and return a sole ETX. */
string[0] = CONTROL_D;
i = 1;
break;
}
}
string[i] = 0;
string[i] = 0;
write_status( STATUS_GOT_IT );
write_status (STATUS_GOT_IT);
if( bool ) /* Fixme: is this correct??? */
return (string[0] == 'Y' || string[0] == 'y') ? "" : NULL;
if (getbool) /* Fixme: is this correct??? */
return (string[0] == 'Y' || string[0] == 'y') ? "" : NULL;
return string;
return string;
}

2
g10/dearmor.c
View File

@ -25,7 +25,7 @@
#include <assert.h>
#include "gpg.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "util.h"
#include "filter.h"

2
g10/decrypt.c
View File

@ -28,7 +28,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "keydb.h"
#include "util.h"

2
g10/delkey.c
View File

@ -29,7 +29,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "keydb.h"
#include "util.h"

2
g10/encode.c
View File

@ -28,7 +28,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "keydb.h"
#include "util.h"

2
g10/export.c
View File

@ -28,7 +28,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "keydb.h"
#include "util.h"
#include "main.h"

5
g10/gpg.c
View File

@ -338,6 +338,7 @@ enum cmd_and_opt_values
oTTYtype,
oLCctype,
oLCmessages,
oXauthority,
oGroup,
oUnGroup,
oNoGroups,
@ -465,7 +466,7 @@ static ARGPARSE_OPTS opts[] = {
{ oMinCertLevel, "min-cert-level", 1, "@"},
{ oAskCertLevel, "ask-cert-level", 0, "@"},
{ oNoAskCertLevel, "no-ask-cert-level", 0, "@"},
{ oOutput, "output", 2, N_("use as output file")},
{ oOutput, "output", 2, N_("|FILE|write output to FILE")},
{ oMaxOutput, "max-output", 16|4, "@" },
{ oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, "@"},
@ -679,6 +680,7 @@ static ARGPARSE_OPTS opts[] = {
{ oTTYtype, "ttytype", 2, "@" },
{ oLCctype, "lc-ctype", 2, "@" },
{ oLCmessages, "lc-messages", 2, "@" },
{ oXauthority, "xauthority", 2, "@" },
{ oGroup, "group", 2, "@" },
{ oUnGroup, "ungroup", 2, "@" },
{ oNoGroups, "no-groups", 0, "@" },
@ -2800,6 +2802,7 @@ main (int argc, char **argv )
case oTTYtype: opt.ttytype = pargs.r.ret_str; break;
case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
case oXauthority: opt.xauthority = pargs.r.ret_str; break;
case oGroup: add_group(pargs.r.ret_str); break;
case oUnGroup: rm_group(pargs.r.ret_str); break;
case oNoGroups:

2
g10/import.c
View File

@ -28,7 +28,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "keydb.h"
#include "util.h"
#include "trustdb.h"

6
g10/keyedit.c
View File

@ -33,7 +33,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "keydb.h"
#include "photoid.h"
@ -2095,8 +2095,8 @@ keyedit_menu( const char *username, strlist_t locusr,
case cmdTRUST:
if(opt.trust_model==TM_EXTERNAL)
{
tty_printf(_("Owner trust may not be set while "
"using an user provided trust database\n"));
tty_printf (_("Owner trust may not be set while "
"using a user provided trust database\n"));
break;
}

2
g10/keylist.c
View File

@ -28,7 +28,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "keydb.h"
#include "photoid.h"
#include "util.h"

24
g10/main.h
View File

@ -145,6 +145,30 @@ int pubkey_get_nenc( int algo );
unsigned int pubkey_nbits( int algo, gcry_mpi_t *pkey );
int mpi_print( FILE *fp, gcry_mpi_t a, int mode );
/*-- status.c --*/
void set_status_fd ( int fd );
int is_status_enabled ( void );
void write_status ( int no );
void write_status_text ( int no, const char *text );
void write_status_buffer ( int no,
const char *buffer, size_t len, int wrap );
void write_status_text_and_buffer ( int no, const char *text,
const char *buffer, size_t len, int wrap );
void write_status_begin_signing (gcry_md_hd_t md);
int cpr_enabled(void);
char *cpr_get( const char *keyword, const char *prompt );
char *cpr_get_no_help( const char *keyword, const char *prompt );
char *cpr_get_utf8( const char *keyword, const char *prompt );
char *cpr_get_hidden( const char *keyword, const char *prompt );
void cpr_kill_prompt(void);
int cpr_get_answer_is_yes( const char *keyword, const char *prompt );
int cpr_get_answer_yes_no_quit( const char *keyword, const char *prompt );
int cpr_get_answer_okay_cancel (const char *keyword,
const char *prompt,
int def_answer);
/*-- helptext.c --*/
void display_online_help( const char *keyword );

2
g10/mdfilter.c
View File

@ -25,7 +25,7 @@
#include <assert.h>
#include "gpg.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "util.h"
#include "filter.h"

2
g10/misc.c
View File

@ -55,7 +55,7 @@
#include "gpg.h"
#ifdef HAVE_W32_SYSTEM
# include "errors.h"
# include "status.h"
#endif /*HAVE_W32_SYSTEM*/
#include "util.h"
#include "main.h"

2
g10/options.h
View File

@ -90,6 +90,8 @@ struct
char *ttytype;
char *lc_ctype;
char *lc_messages;
char *xauthority;
char *pinentry_user_data;
int skip_verify;
int compress_keys;

2
g10/pkclist.c
View File

@ -28,7 +28,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "keydb.h"
#include "util.h"
#include "main.h"

2
g10/revoke.c
View File

@ -29,7 +29,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "keydb.h"
#include "util.h"
#include "main.h"

6
g10/server.c
View File

@ -85,6 +85,12 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
else if (!strcmp (key, "lc-messages"))
{
}
else if (!strcmp (key, "xauthority"))
{
}
else if (!strcmp (key, "pinentry_user_data"))
{
}
else if (!strcmp (key, "list-mode"))
{
/* This is for now a dummy option. */

2
g10/sign.c
View File

@ -28,7 +28,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "keydb.h"
#include "util.h"

2
g10/signal.c
View File

@ -29,7 +29,7 @@
#include "gpg.h"
#include "options.h"
#include "errors.h"
#include "status.h"
#include "util.h"
#include "main.h"
#include "ttyio.h"

2
g10/skclist.c
View File

@ -27,7 +27,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "keydb.h"
#include "util.h"
#include "i18n.h"

149
g10/status.h
View File

@ -1,149 +0,0 @@
/* status.h
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
* 2004 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef G10_STATUS_H
#define G10_STATUS_H
#define STATUS_ENTER 1
#define STATUS_LEAVE 2
#define STATUS_ABORT 3
#define STATUS_GOODSIG 4
#define STATUS_BADSIG 5
#define STATUS_ERRSIG 6
#define STATUS_BADARMOR 7
#define STATUS_RSA_OR_IDEA 8
#define STATUS_KEYEXPIRED 9
#define STATUS_KEYREVOKED 10
#define STATUS_TRUST_UNDEFINED 11
#define STATUS_TRUST_NEVER 12
#define STATUS_TRUST_MARGINAL 13
#define STATUS_TRUST_FULLY 14
#define STATUS_TRUST_ULTIMATE 15
#define STATUS_SHM_INFO 16
#define STATUS_SHM_GET 17
#define STATUS_SHM_GET_BOOL 18
#define STATUS_SHM_GET_HIDDEN 19
#define STATUS_NEED_PASSPHRASE 20
#define STATUS_VALIDSIG 21
#define STATUS_SIG_ID 22
#define STATUS_ENC_TO 23
#define STATUS_NODATA 24
#define STATUS_BAD_PASSPHRASE 25
#define STATUS_NO_PUBKEY 26
#define STATUS_NO_SECKEY 27
#define STATUS_NEED_PASSPHRASE_SYM 28
#define STATUS_DECRYPTION_FAILED 29
#define STATUS_DECRYPTION_OKAY 30
#define STATUS_MISSING_PASSPHRASE 31
#define STATUS_GOOD_PASSPHRASE 32
#define STATUS_GOODMDC 33
#define STATUS_BADMDC 34
#define STATUS_ERRMDC 35
#define STATUS_IMPORTED 36
#define STATUS_IMPORT_RES 37
#define STATUS_FILE_START 38
#define STATUS_FILE_DONE 39
#define STATUS_FILE_ERROR 40
#define STATUS_BEGIN_DECRYPTION 41
#define STATUS_END_DECRYPTION 42
#define STATUS_BEGIN_ENCRYPTION 43
#define STATUS_END_ENCRYPTION 44
#define STATUS_DELETE_PROBLEM 45
#define STATUS_GET_BOOL 46
#define STATUS_GET_LINE 47
#define STATUS_GET_HIDDEN 48
#define STATUS_GOT_IT 49
#define STATUS_PROGRESS 50
#define STATUS_SIG_CREATED 51
#define STATUS_SESSION_KEY 52
#define STATUS_NOTATION_NAME 53
#define STATUS_NOTATION_DATA 54
#define STATUS_POLICY_URL 55
#define STATUS_BEGIN_STREAM 56
#define STATUS_END_STREAM 57
#define STATUS_KEY_CREATED 58
#define STATUS_USERID_HINT 59
#define STATUS_UNEXPECTED 60
#define STATUS_INV_RECP 61
#define STATUS_NO_RECP 62
#define STATUS_ALREADY_SIGNED 63
#define STATUS_SIGEXPIRED 64
#define STATUS_EXPSIG 65
#define STATUS_EXPKEYSIG 66
#define STATUS_ATTRIBUTE 67
#define STATUS_IMPORT_OK 68
#define STATUS_IMPORT_CHECK 69
#define STATUS_REVKEYSIG 70
#define STATUS_CARDCTRL 71
#define STATUS_NEWSIG 72
#define STATUS_PLAINTEXT 73
#define STATUS_PLAINTEXT_LENGTH 74
#define STATUS_KEY_NOT_CREATED 75
#define STATUS_NEED_PASSPHRASE_PIN 76
#define STATUS_SIG_SUBPACKET 77
/* Extra status codes for certain smartcard operations. Primary
useful to double check that change PIN worked as expected. */
#define STATUS_SC_OP_FAILURE 79
#define STATUS_SC_OP_SUCCESS 80
#define STATUS_BACKUP_KEY_CREATED 81
#define STATUS_PKA_TRUST_BAD 82
#define STATUS_PKA_TRUST_GOOD 83
#define STATUS_BEGIN_SIGNING 84
#define STATUS_ERROR 85
/*-- status.c --*/
void set_status_fd ( int fd );
int is_status_enabled ( void );
void write_status ( int no );
void write_status_text ( int no, const char *text );
void write_status_buffer ( int no,
const char *buffer, size_t len, int wrap );
void write_status_text_and_buffer ( int no, const char *text,
const char *buffer, size_t len, int wrap );
void write_status_begin_signing (gcry_md_hd_t md);
int cpr_enabled(void);
char *cpr_get( const char *keyword, const char *prompt );
char *cpr_get_no_help( const char *keyword, const char *prompt );
char *cpr_get_utf8( const char *keyword, const char *prompt );
char *cpr_get_hidden( const char *keyword, const char *prompt );
void cpr_kill_prompt(void);
int cpr_get_answer_is_yes( const char *keyword, const char *prompt );
int cpr_get_answer_yes_no_quit( const char *keyword, const char *prompt );
int cpr_get_answer_okay_cancel (const char *keyword,
const char *prompt,
int def_answer);
#endif /*G10_STATUS_H*/

2
g10/tdbdump.c
View File

@ -30,7 +30,7 @@
#include <unistd.h>
#include "gpg.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "keydb.h"
#include "util.h"

2
g10/tdbio.c
View File

@ -29,7 +29,7 @@
#include <unistd.h>
#include "gpg.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "util.h"
#include "options.h"

2
g10/textfilter.c
View File

@ -25,7 +25,7 @@
#include <assert.h>
#include "gpg.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "util.h"
#include "filter.h"

2
g10/trustdb.c
View File

@ -30,7 +30,7 @@
#endif /* !DISABLE_REGEX */
#include "gpg.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "keydb.h"
#include "util.h"

2
g10/verify.c
View File

@ -28,7 +28,7 @@
#include "gpg.h"
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "status.h"
#include "iobuf.h"
#include "keydb.h"
#include "util.h"

6
jnlib/ChangeLog
View File

@ -1,3 +1,9 @@
2007-11-19 Werner Koch <wk@g10code.com>
* stringhelp.c (percent_escape): Factor code out to
(do_percent_escape): .. new.
(try_percent_escape): New.
2007-10-01 Werner Koch <wk@g10code.com>
* w32-afunix.c: Only keep the client related code.

31
jnlib/stringhelp.c
View File

@ -856,9 +856,9 @@ memrchr (const void *buffer, int c, size_t n)
/* Percent-escape the string STR by replacing colons with '%3a'. If
EXTRA is not NULL all characters in it are also escaped. */
char *
percent_escape (const char *str, const char *extra)
EXTRA is not NULL all characters in EXTRA are also escaped. */
static char *
do_percent_escape (const char *str, const char *extra, int die)
{
int i, j;
char *ptr;
@ -869,7 +869,14 @@ percent_escape (const char *str, const char *extra)
for (i=j=0; str[i]; i++)
if (str[i] == ':' || str[i] == '%' || (extra && strchr (extra, str[i])))
j++;
ptr = jnlib_xmalloc (i + 2 * j + 1);
if (die)
ptr = jnlib_xmalloc (i + 2 * j + 1);
else
{
ptr = jnlib_malloc (i + 2 * j + 1);
if (!ptr)
return NULL;
}
i = 0;
while (*str)
{
@ -899,3 +906,19 @@ percent_escape (const char *str, const char *extra)
return ptr;
}
/* Percent-escape the string STR by replacing colons with '%3a'. If
EXTRA is not NULL all characters in EXTRA are also escaped. */
char *
percent_escape (const char *str, const char *extra)
{
return do_percent_escape (str, extra, 1);
}
/* Same as percent_escape but return NULL instead of exiting on memory
error. */
char *
try_percent_escape (const char *str, const char *extra)
{
return do_percent_escape (str, extra, 0);
}

5
jnlib/stringhelp.h
View File

@ -116,8 +116,11 @@ isascii (int c)
#define STR2(v) STR(v)
/* Percent-escape the string STR by replacing colons with '%3a'. If
EXTRA is not NULL, also replace all characters given in EXTRA. */
EXTRA is not NULL, also replace all characters given in EXTRA. The
"try_" variant fails with NULL if not enough memory can be
allocated. */
char *percent_escape (const char *str, const char *extra);
char *try_percent_escape (const char *str, const char *extra);
#endif /*LIBJNLIB_STRINGHELP_H*/

10
po/ChangeLog
View File

@ -1,6 +1,14 @@
2007-11-15 Werner Koch <wk@g10code.com>
* de.po: Type fix.
2007-11-12 Daniel Nylander <po@danielnylander.se> (wk)
* sv.po: Updated.
2007-09-14 Werner Koch <wk@g10code.com>
* de.po: Chnaged translation of --honor-http-proxy.
* de.po: Changed translation of --honor-http-proxy.
2007-08-29 Werner Koch <wk@g10code.com>

1148
po/be.po
View File

File diff suppressed because it is too large Load Diff

1177
po/ca.po
View File

File diff suppressed because it is too large Load Diff

1169
po/cs.po
View File

File diff suppressed because it is too large Load Diff

1152
po/da.po
View File

File diff suppressed because it is too large Load Diff

1191
po/de.po
View File

File diff suppressed because it is too large Load Diff

1173
po/el.po
View File

File diff suppressed because it is too large Load Diff

1152
po/eo.po
View File

File diff suppressed because it is too large Load Diff

1168
po/es.po
View File

File diff suppressed because it is too large Load Diff

1165
po/et.po
View File

File diff suppressed because it is too large Load Diff

1175
po/fi.po
View File

File diff suppressed because it is too large Load Diff

1181
po/fr.po
View File

File diff suppressed because it is too large Load Diff

1176
po/gl.po
View File

File diff suppressed because it is too large Load Diff

1167
po/hu.po
View File

File diff suppressed because it is too large Load Diff

1169
po/id.po
View File

File diff suppressed because it is too large Load Diff

1173
po/it.po
View File

File diff suppressed because it is too large Load Diff

1165
po/ja.po
View File

File diff suppressed because it is too large Load Diff

1153
po/nb.po
View File

File diff suppressed because it is too large Load Diff

1173
po/pl.po
View File

File diff suppressed because it is too large Load Diff

1167
po/pt.po
View File

File diff suppressed because it is too large Load Diff

1152
po/pt_BR.po
View File

File diff suppressed because it is too large Load Diff

1167
po/ro.po
View File

File diff suppressed because it is too large Load Diff

1162
po/ru.po
View File

File diff suppressed because it is too large Load Diff

1165
po/sk.po
View File

File diff suppressed because it is too large Load Diff

634
po/sv.po
View File

File diff suppressed because it is too large Load Diff

1162
po/tr.po
View File

File diff suppressed because it is too large Load Diff

1165
po/zh_CN.po
View File

File diff suppressed because it is too large Load Diff

1165
po/zh_TW.po
View File

File diff suppressed because it is too large Load Diff

14
scd/ChangeLog
View File

@ -1,3 +1,17 @@
2007-11-14 Werner Koch <wk@g10code.com>
* scdaemon.c (main): Pass STANDARD_SOCKET flag to
create_server_socket.
2007-11-13 Werner Koch <wk@g10code.com>
* scdaemon.c (start_connection_thread): Do not call
assuan_sock_check_nonce if we are running in --server mode.
2007-11-07 Werner Koch <wk@g10code.com>
* scdaemon.h: Remove errors.h.
2007-10-02 Werner Koch <wk@g10code.com>
* command.c (cmd_getinfo): Add "pid" subcommand.

17
scd/scdaemon.c
View File

@ -632,7 +632,8 @@ main (int argc, char **argv )
"S.scdaemon",
"/tmp/gpg-XXXXXX/S.scdaemon");
fd = FD2INT(create_server_socket (0, socket_name, &socket_nonce));
fd = FD2INT(create_server_socket (standard_socket,
socket_name, &socket_nonce));
}
tattr = pth_attr_new();
@ -656,6 +657,8 @@ main (int argc, char **argv )
scd_exit (2);
}
/* We run handle_connection to wait for the shutdown signal and
to run the ticker stuff. */
handle_connections (fd);
if (fd != -1)
close (fd);
@ -678,7 +681,8 @@ main (int argc, char **argv )
"S.scdaemon",
"/tmp/gpg-XXXXXX/S.scdaemon");
fd = FD2INT (create_server_socket (0, socket_name, &socket_nonce));
fd = FD2INT (create_server_socket (standard_socket,
socket_name, &socket_nonce));
fflush (NULL);
@ -975,14 +979,16 @@ create_server_socket (int is_standard_name, const char *name,
if (rc == -1)
{
log_error (_("error binding socket to `%s': %s\n"),
serv_addr->sun_path, strerror (errno));
serv_addr->sun_path,
gpg_strerror (gpg_error_from_syserror ()));
assuan_sock_close (fd);
scd_exit (2);
}
if (listen (FD2INT(fd), 5 ) == -1)
{
log_error (_("listen() failed: %s\n"), strerror (errno));
log_error (_("listen() failed: %s\n"),
gpg_strerror (gpg_error_from_syserror ()));
assuan_sock_close (fd);
scd_exit (2);
}
@ -1001,7 +1007,8 @@ start_connection_thread (void *arg)
{
ctrl_t ctrl = arg;
if (assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce))
if (ctrl->thread_startup.fd != GNUPG_INVALID_FD
&& assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce))
{
log_info (_("error reading nonce on fd %d: %s\n"),
FD2INT(ctrl->thread_startup.fd), strerror (errno));

1
scd/scdaemon.h
View File

@ -29,7 +29,6 @@
#include <time.h>
#include <gcrypt.h>
#include "../common/util.h"
#include "../common/errors.h"
#include "../common/sysutils.h"
/* To convey some special hash algorithms we use algorithm numbers

29
sm/ChangeLog
View File

@ -1,3 +1,32 @@
2007-11-19 Werner Koch <wk@g10code.com>
* gpgsm.c (main): Print a warning if --audit-log is used.
2007-11-15 Werner Koch <wk@g10code.com>
* gpgsm.h (struct): Add XAUTHORITY and PINENTRY_USER_DATA.
* misc.c (setup_pinentry_env): Add XAUTHORITY and PINENTRY_USER_DATA.
* gpgsm.c (main): New option --xauthority.
* call-agent.c (start_agent): Adjust for changed start_new_gpg_agent.
* server.c (option_handler): Ad the new options.
2007-11-07 Werner Koch <wk@g10code.com>
* gpgsm.c (main): New option --audit-log.
* server.c (option_handler): New option enable-audit-log.
(start_audit_session): New.
(cmd_verify): Create audit context.
(gpgsm_server): Release the context.
* gpgsm.h (struct server_control_s): Add member AUDIT, include
audit.h.
* certdump.c (gpgsm_format_sn_issuer): New.
* verify.c (hash_data): Return an error code.
(gpgsm_verify): Add calls to audit_log.
* gpgsm.c (get_status_string): Remove.
* gpgsm.h: Include status.h instead of errors.h.
2007-10-19 Werner Koch <wk@g10code.com>
* qualified.c (gpgsm_qualified_consent): Use i18N-swicth functions.

1
sm/call-agent.c
View File

@ -81,6 +81,7 @@ start_agent (ctrl_t ctrl)
opt.agent_program,
opt.display, opt.ttyname, opt.ttytype,
opt.lc_ctype, opt.lc_messages,
opt.xauthority, opt.pinentry_user_data,
opt.verbose, DBG_ASSUAN,
gpgsm_status2, ctrl);

17
sm/certchain.c
View File

@ -1561,6 +1561,21 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
}
}
/* If auditing has been enabled, record what is in the chain. */
if (ctrl->audit)
{
chain_item_t ci;
audit_log (ctrl->audit, AUDIT_CHAIN_BEGIN);
for (ci = chain; ci; ci = ci->next)
{
audit_log_cert (ctrl->audit,
ci->is_root? AUDIT_CHAIN_ROOTCERT : AUDIT_CHAIN_CERT,
ci->cert, 0);
}
audit_log (ctrl->audit, AUDIT_CHAIN_END);
}
if (r_exptime)
gnupg_copy_time (r_exptime, exptime);
xfree (issuer);
@ -1579,7 +1594,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
}
/* Validate a certifcate chain. For a description see the
/* Validate a certificate chain. For a description see
do_validate_chain. This function is a wrapper to handle a root
certificate with the chain_model flag set. If RETFLAGS is not
NULL, flags indicating now the verification was done are stored

33
sm/certdump.c
View File

@ -242,6 +242,37 @@ gpgsm_dump_cert (const char *text, ksba_cert_t cert)
}
/* Return a new string holding the format serial number and issuer
("#SN/issuer"). No filtering on invalid characters is done.
Caller must release the string. On memory failure NULL is
returned. */
char *
gpgsm_format_sn_issuer (ksba_sexp_t sn, const char *issuer)
{
char *p, *p1;
if (sn && issuer)
{
p1 = gpgsm_format_serial (sn);
if (!p1)
p = xtrystrdup ("[invalid SN]");
else
{
p = xtrymalloc (strlen (p1) + strlen (issuer) + 2 + 1);
if (p)
{
*p = '#';
strcpy (stpcpy (stpcpy (p+1, p1),"/"), issuer);
}
xfree (p1);
}
}
else
p = xtrystrdup ("[invalid SN/issuer]");
return p;
}
/* Log the certificate's name in "#SN/ISSUERDN" format along with
TEXT. */
void
@ -272,6 +303,8 @@ gpgsm_cert_log_name (const char *text, ksba_cert_t cert)
/* helper for the rfc2253 string parser */
static const unsigned char *

34
sm/gpgsm.c
View File

@ -108,6 +108,7 @@ enum cmd_and_opt_values {
oFixedPassphrase,
oLogFile,
oNoLogFile,
oAuditLog,
oEnableSpecialFilenames,
@ -117,6 +118,7 @@ enum cmd_and_opt_values {
oTTYtype,
oLCctype,
oLCmessages,
oXauthority,
oPreferSystemDirmngr,
oDirmngrProgram,
@ -336,12 +338,13 @@ static ARGPARSE_OPTS opts[] = {
{ oTextmode, "textmode", 0, N_("use canonical text mode")},
#endif
{ oOutput, "output", 2, N_("use as output file")},
{ oOutput, "output", 2, N_("|FILE|write output to FILE")},
{ oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
{ oNoTTY, "no-tty", 0, N_("don't use the terminal at all") },
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
{ oLogFile, "log-file" ,2, N_("|FILE|write a server mode log to FILE")},
{ oNoLogFile, "no-log-file" ,0, "@"},
{ oAuditLog, "audit-log", 2, N_("|FILE|write an audit log to FILE")},
#if 0
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
{ oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
@ -424,6 +427,7 @@ static ARGPARSE_OPTS opts[] = {
{ oTTYtype, "ttytype", 2, "@" },
{ oLCctype, "lc-ctype", 2, "@" },
{ oLCmessages, "lc-messages", 2, "@" },
{ oXauthority, "xauthority", 2, "@" },
{ oDirmngrProgram, "dirmngr-program", 2 , "@" },
{ oProtectToolProgram, "protect-tool-program", 2 , "@" },
{ oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */
@ -831,6 +835,7 @@ main ( int argc, char **argv)
int default_config =1;
int default_keyring = 1;
char *logfile = NULL;
char *auditlog = NULL;
int greeting = 0;
int nogreeting = 0;
int debug_wait = 0;
@ -1151,6 +1156,8 @@ main ( int argc, char **argv)
case oLogFile: logfile = pargs.r.ret_str; break;
case oNoLogFile: logfile = NULL; break;
case oAuditLog: auditlog = pargs.r.ret_str; break;
case oBatch:
opt.batch = 1;
greeting = 0;
@ -1201,6 +1208,7 @@ main ( int argc, char **argv)
case oTTYtype: opt.ttytype = xstrdup (pargs.r.ret_str); break;
case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
case oXauthority: opt.xauthority = xstrdup (pargs.r.ret_str); break;
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
case oProtectToolProgram:
@ -1343,6 +1351,11 @@ main ( int argc, char **argv)
}
# endif
if (auditlog)
log_info ("NOTE: The audit log feature (--audit-log) is "
"WORK IN PRORESS and not ready for use!\n");
if (may_coredump && !opt.quiet)
log_info (_("WARNING: program may create a core file!\n"));
@ -1636,6 +1649,7 @@ main ( int argc, char **argv)
case aVerify:
{
FILE *fp = NULL;
FILE *auditfp = NULL;
set_binary (stdin);
if (argc == 2 && opt.outfile)
@ -1643,6 +1657,13 @@ main ( int argc, char **argv)
else if (opt.outfile)
fp = open_fwrite (opt.outfile);
if (auditlog)
{
audit_release (ctrl.audit);
ctrl.audit = audit_new ();
auditfp = open_fwrite (auditlog);
}
if (!argc)
gpgsm_verify (&ctrl, 0, -1, fp); /* normal signature from stdin */
else if (argc == 1)
@ -1652,8 +1673,17 @@ main ( int argc, char **argv)
else
wrong_args ("--verify [signature [detached_data]]");
if (auditlog)
{
audit_print_result (ctrl.audit, auditfp);
audit_release (ctrl.audit);
ctrl.audit = NULL;
}
if (fp && fp != stdout)
fclose (fp);
if (auditfp && auditfp != stdout)
fclose (auditfp);
}
break;

9
sm/gpgsm.h
View File

@ -29,8 +29,9 @@
#include <ksba.h>
#include "../common/util.h"
#include "../common/errors.h"
#include "../common/status.h"
#include "../common/estream.h"
#include "../common/audit.h"
#define MAX_DIGEST_LEN 24
@ -53,6 +54,8 @@ struct
char *ttytype;
char *lc_ctype;
char *lc_messages;
char *xauthority;
char *pinentry_user_data;
const char *dirmngr_program;
int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */
@ -147,6 +150,9 @@ struct server_control_s
int no_server; /* We are not running under server control */
int status_fd; /* Only for non-server mode */
struct server_local_s *server_local;
audit_ctx_t audit; /* NULL or a context for the audit subsystem. */
int with_colons; /* Use column delimited output format */
int with_chain; /* Include the certifying certs in a listing */
int with_validation;/* Validate each key while listing. */
@ -248,6 +254,7 @@ void gpgsm_dump_string (const char *string);
char *gpgsm_format_serial (ksba_const_sexp_t p);
char *gpgsm_format_name2 (const char *name, int translate);
char *gpgsm_format_name (const char *name);
char *gpgsm_format_sn_issuer (ksba_sexp_t sn, const char *issuer);
char *gpgsm_fpr_and_name_for_status (ksba_cert_t cert);

7
sm/misc.c
View File

@ -76,6 +76,13 @@ setup_pinentry_env (void)
else if ( (lc = setlocale (LC_MESSAGES, "")) )
setenv ("LC_MESSAGES", lc, 1);
#endif
if (opt.xauthority)
setenv ("XAUTHORITY", opt.xauthority, 1);
if (opt.pinentry_user_data)
setenv ("PINENTRY_USER_DATA", opt.pinentry_user_data, 1);
#endif /*!HAVE_W32_SYSTEM*/
}

128
sm/server.c
View File

@ -1,5 +1,6 @@
/* server.c - Server mode and main entry point
* Copyright (C) 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006,
* 2007 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -44,6 +45,7 @@ struct server_local_s {
int list_internal;
int list_external;
int list_to_output; /* Write keylistings to the output fd. */
int enable_audit_log; /* Use an audit log. */
certlist_t recplist;
certlist_t signerlist;
certlist_t default_recplist; /* As set by main() - don't release. */
@ -161,6 +163,19 @@ close_message_fd (ctrl_t ctrl)
}
/* Start a new audit session if this has been enabled. */
static gpg_error_t
start_audit_session (ctrl_t ctrl)
{
audit_release (ctrl->audit);
ctrl->audit = NULL;
if (ctrl->server_local->enable_audit_log && !(ctrl->audit = audit_new ()) )
return gpg_error_from_syserror ();
return 0;
}
static int
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
@ -213,6 +228,22 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
if (!opt.lc_messages)
return out_of_core ();
}
else if (!strcmp (key, "xauthority"))
{
if (opt.xauthority)
free (opt.xauthority);
opt.xauthority = strdup (value);
if (!opt.xauthority)
return out_of_core ();
}
else if (!strcmp (key, "pinentry-user-data"))
{
if (opt.pinentry_user_data)
free (opt.pinentry_user_data);
opt.pinentry_user_data = strdup (value);
if (!opt.pinentry_user_data)
return out_of_core ();
}
else if (!strcmp (key, "list-mode"))
{
int i = *value? atoi (value) : 0;
@ -256,6 +287,11 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
{
opt.with_key_data = 1;
}
else if (!strcmp (key, "enable-audit-log"))
{
int i = *value? atoi (value) : 0;
ctrl->server_local->enable_audit_log = i;
}
else
return gpg_error (GPG_ERR_UNKNOWN_OPTION);
@ -519,8 +555,10 @@ cmd_verify (assuan_context_t ctx, char *line)
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
}
rc = gpgsm_verify (assuan_get_pointer (ctx), fd,
ctrl->server_local->message_fd, out_fp);
rc = start_audit_session (ctrl);
if (!rc)
rc = gpgsm_verify (assuan_get_pointer (ctx), fd,
ctrl->server_local->message_fd, out_fp);
if (out_fp)
fclose (out_fp);
@ -1037,91 +1075,13 @@ gpgsm_server (certlist_t default_recplist)
ctrl.server_local->signerlist = NULL;
xfree (ctrl.server_local);
audit_release (ctrl.audit);
ctrl.audit = NULL;
assuan_deinit_server (ctx);
}
static const char *
get_status_string ( int no )
{
const char *s;
switch (no)
{
case STATUS_ENTER : s = "ENTER"; break;
case STATUS_LEAVE : s = "LEAVE"; break;
case STATUS_ABORT : s = "ABORT"; break;
case STATUS_NEWSIG : s = "NEWSIG"; break;
case STATUS_GOODSIG: s = "GOODSIG"; break;
case STATUS_SIGEXPIRED: s = "SIGEXPIRED"; break;
case STATUS_KEYREVOKED: s = "KEYREVOKED"; break;
case STATUS_BADSIG : s = "BADSIG"; break;
case STATUS_ERRSIG : s = "ERRSIG"; break;
case STATUS_BADARMOR : s = "BADARMOR"; break;
case STATUS_RSA_OR_IDEA : s= "RSA_OR_IDEA"; break;
case STATUS_TRUST_UNDEFINED: s = "TRUST_UNDEFINED"; break;
case STATUS_TRUST_NEVER : s = "TRUST_NEVER"; break;
case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL"; break;
case STATUS_TRUST_FULLY : s = "TRUST_FULLY"; break;
case STATUS_TRUST_ULTIMATE : s = "TRUST_ULTIMATE"; break;
case STATUS_GET_BOOL : s = "GET_BOOL"; break;
case STATUS_GET_LINE : s = "GET_LINE"; break;
case STATUS_GET_HIDDEN : s = "GET_HIDDEN"; break;
case STATUS_GOT_IT : s = "GOT_IT"; break;
case STATUS_SHM_INFO : s = "SHM_INFO"; break;
case STATUS_SHM_GET : s = "SHM_GET"; break;
case STATUS_SHM_GET_BOOL : s = "SHM_GET_BOOL"; break;
case STATUS_SHM_GET_HIDDEN : s = "SHM_GET_HIDDEN"; break;
case STATUS_NEED_PASSPHRASE: s = "NEED_PASSPHRASE"; break;
case STATUS_VALIDSIG : s = "VALIDSIG"; break;
case STATUS_SIG_ID : s = "SIG_ID"; break;
case STATUS_ENC_TO : s = "ENC_TO"; break;
case STATUS_NODATA : s = "NODATA"; break;
case STATUS_BAD_PASSPHRASE : s = "BAD_PASSPHRASE"; break;
case STATUS_NO_PUBKEY : s = "NO_PUBKEY"; break;
case STATUS_NO_SECKEY : s = "NO_SECKEY"; break;
case STATUS_NEED_PASSPHRASE_SYM: s = "NEED_PASSPHRASE_SYM"; break;
case STATUS_DECRYPTION_FAILED: s = "DECRYPTION_FAILED"; break;
case STATUS_DECRYPTION_OKAY: s = "DECRYPTION_OKAY"; break;
case STATUS_MISSING_PASSPHRASE: s = "MISSING_PASSPHRASE"; break;
case STATUS_GOOD_PASSPHRASE : s = "GOOD_PASSPHRASE"; break;
case STATUS_GOODMDC : s = "GOODMDC"; break;
case STATUS_BADMDC : s = "BADMDC"; break;
case STATUS_ERRMDC : s = "ERRMDC"; break;
case STATUS_IMPORTED : s = "IMPORTED"; break;
case STATUS_IMPORT_OK : s = "IMPORT_OK"; break;
case STATUS_IMPORT_RES : s = "IMPORT_RES"; break;
case STATUS_FILE_START : s = "FILE_START"; break;
case STATUS_FILE_DONE : s = "FILE_DONE"; break;
case STATUS_FILE_ERROR : s = "FILE_ERROR"; break;
case STATUS_BEGIN_DECRYPTION:s = "BEGIN_DECRYPTION"; break;
case STATUS_END_DECRYPTION : s = "END_DECRYPTION"; break;
case STATUS_BEGIN_ENCRYPTION:s = "BEGIN_ENCRYPTION"; break;
case STATUS_END_ENCRYPTION : s = "END_ENCRYPTION"; break;
case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM"; break;
case STATUS_PROGRESS : s = "PROGRESS"; break;
case STATUS_SIG_CREATED : s = "SIG_CREATED"; break;
case STATUS_SESSION_KEY : s = "SESSION_KEY"; break;
case STATUS_NOTATION_NAME : s = "NOTATION_NAME" ; break;
case STATUS_NOTATION_DATA : s = "NOTATION_DATA" ; break;
case STATUS_POLICY_URL : s = "POLICY_URL" ; break;
case STATUS_BEGIN_STREAM : s = "BEGIN_STREAM"; break;
case STATUS_END_STREAM : s = "END_STREAM"; break;
case STATUS_KEY_CREATED : s = "KEY_CREATED"; break;
case STATUS_UNEXPECTED : s = "UNEXPECTED"; break;
case STATUS_INV_RECP : s = "INV_RECP"; break;
case STATUS_NO_RECP : s = "NO_RECP"; break;
case STATUS_ALREADY_SIGNED : s = "ALREADY_SIGNED"; break;
case STATUS_EXPSIG : s = "EXPSIG"; break;
case STATUS_EXPKEYSIG : s = "EXPKEYSIG"; break;
case STATUS_TRUNCATED : s = "TRUNCATED"; break;
case STATUS_ERROR : s = "ERROR"; break;
case STATUS_IMPORT_PROBLEM : s = "IMPORT_PROBLEM"; break;
default: s = "?"; break;
}
return s;
}
gpg_error_t
gpgsm_status2 (ctrl_t ctrl, int no, ...)

Some files were not shown because too many files have changed in this diff Show More