mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
* server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
(cmd_encrypt): Add all enrypt-to marked certs to the list. * encrypt.c (gpgsm_encrypt): Check that real recipients are available. * gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to options work. Pass the list of recients to gpgsm_server. * gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO. (opt): Add NO_ENCRYPT_TO. * certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO. Changed all callers and ignore duplicate entries. (is_cert_in_certlist): New. (gpgsm_add_cert_to_certlist): New.
This commit is contained in:
parent
aac9cea6da
commit
711c4853d6
9
NEWS
9
NEWS
@ -1,8 +1,8 @@
|
|||||||
Noteworthy changes in version 1.9.3 (unreleased)
|
Noteworthy changes in version 1.9.3 (unreleased)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|
||||||
* New options --{enable,disable}-ocsp to validate keys using OCSP
|
* New gpgsm options --{enable,disable}-ocsp to validate keys using
|
||||||
This requires a not yet released DirMngr 0.5.1. Default is
|
OCSP. This requires a not yet released DirMngr 0.5.1. Default is
|
||||||
disabled.
|
disabled.
|
||||||
|
|
||||||
* The --log-file option may now be used to print logs to a socket.
|
* The --log-file option may now be used to print logs to a socket.
|
||||||
@ -10,6 +10,11 @@ Noteworthy changes in version 1.9.3 (unreleased)
|
|||||||
not work on all systems and falls back to stderr if there is a
|
not work on all systems and falls back to stderr if there is a
|
||||||
problem with the socket.
|
problem with the socket.
|
||||||
|
|
||||||
|
* The options --encrypt-to and --no-encrypt-to now work the same in
|
||||||
|
gpgsm as in gpg. Note, they are also used in server mode.
|
||||||
|
|
||||||
|
* Duplicated recipients are now silently removed in gpgsm.
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 1.9.2 (2003-11-17)
|
Noteworthy changes in version 1.9.2 (2003-11-17)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
13
sm/ChangeLog
13
sm/ChangeLog
@ -1,5 +1,18 @@
|
|||||||
2003-12-17 Werner Koch <wk@gnupg.org>
|
2003-12-17 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
|
||||||
|
(cmd_encrypt): Add all enrypt-to marked certs to the list.
|
||||||
|
* encrypt.c (gpgsm_encrypt): Check that real recipients are
|
||||||
|
available.
|
||||||
|
* gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
|
||||||
|
options work. Pass the list of recients to gpgsm_server.
|
||||||
|
* gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
|
||||||
|
(opt): Add NO_ENCRYPT_TO.
|
||||||
|
* certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
|
||||||
|
Changed all callers and ignore duplicate entries.
|
||||||
|
(is_cert_in_certlist): New.
|
||||||
|
(gpgsm_add_cert_to_certlist): New.
|
||||||
|
|
||||||
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
|
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
|
||||||
(gpgsm_dump_serial): Ditto.
|
(gpgsm_dump_serial): Ditto.
|
||||||
|
|
||||||
|
@ -131,14 +131,54 @@ same_subject_issuer (const char *subject, const char *issuer, ksba_cert_t cert)
|
|||||||
return tmp;
|
return tmp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Return true if CERT is already contained in CERTLIST. */
|
||||||
|
static int
|
||||||
|
is_cert_in_certlist (ksba_cert_t cert, certlist_t certlist)
|
||||||
|
{
|
||||||
|
const unsigned char *img_a, *img_b;
|
||||||
|
size_t len_a, len_b;
|
||||||
|
|
||||||
|
img_a = ksba_cert_get_image (cert, &len_a);
|
||||||
|
if (img_a)
|
||||||
|
{
|
||||||
|
for ( ; certlist; certlist = certlist->next)
|
||||||
|
{
|
||||||
|
img_b = ksba_cert_get_image (certlist->cert, &len_b);
|
||||||
|
if (img_b && len_a == len_b && !memcmp (img_a, img_b, len_a))
|
||||||
|
return 1; /* Already contained. */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Add CERT to the list of certificates at CERTADDR but avoid
|
||||||
|
duplicates. */
|
||||||
|
int
|
||||||
|
gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
|
||||||
|
certlist_t *listaddr, int is_encrypt_to)
|
||||||
|
{
|
||||||
|
if (!is_cert_in_certlist (cert, *listaddr))
|
||||||
|
{
|
||||||
|
certlist_t cl = xtrycalloc (1, sizeof *cl);
|
||||||
|
if (!cl)
|
||||||
|
return OUT_OF_CORE (errno);
|
||||||
|
cl->cert = cert;
|
||||||
|
ksba_cert_ref (cert);
|
||||||
|
cl->next = *listaddr;
|
||||||
|
cl->is_encrypt_to = is_encrypt_to;
|
||||||
|
*listaddr = cl;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* Add a certificate to a list of certificate and make sure that it is
|
/* Add a certificate to a list of certificate and make sure that it is
|
||||||
a valid certificate. With SECRET set to true a secret key must be
|
a valid certificate. With SECRET set to true a secret key must be
|
||||||
available for the certificate. */
|
available for the certificate. IS_ENCRYPT_TO sets the corresponding
|
||||||
|
flag in the new create LISTADDR item. */
|
||||||
int
|
int
|
||||||
gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
||||||
CERTLIST *listaddr)
|
CERTLIST *listaddr, int is_encrypt_to)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
KEYDB_SEARCH_DESC desc;
|
KEYDB_SEARCH_DESC desc;
|
||||||
@ -224,6 +264,8 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
|||||||
xfree (subject);
|
xfree (subject);
|
||||||
xfree (issuer);
|
xfree (issuer);
|
||||||
|
|
||||||
|
if (!rc && !is_cert_in_certlist (cert, *listaddr))
|
||||||
|
{
|
||||||
if (!rc && secret)
|
if (!rc && secret)
|
||||||
{
|
{
|
||||||
char *p;
|
char *p;
|
||||||
@ -248,11 +290,13 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
|||||||
{
|
{
|
||||||
cl->cert = cert; cert = NULL;
|
cl->cert = cert; cert = NULL;
|
||||||
cl->next = *listaddr;
|
cl->next = *listaddr;
|
||||||
|
cl->is_encrypt_to = is_encrypt_to;
|
||||||
*listaddr = cl;
|
*listaddr = cl;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
keydb_release (kh);
|
keydb_release (kh);
|
||||||
ksba_cert_release (cert);
|
ksba_cert_release (cert);
|
||||||
|
12
sm/encrypt.c
12
sm/encrypt.c
@ -306,7 +306,13 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
|||||||
|
|
||||||
memset (&encparm, 0, sizeof encparm);
|
memset (&encparm, 0, sizeof encparm);
|
||||||
|
|
||||||
if (!recplist)
|
/* Check that the certificate list is not empty and that at least
|
||||||
|
one certificate is not flagged as encrypt_to; i.e. is a real
|
||||||
|
recipient. */
|
||||||
|
for (cl = recplist; cl; cl = cl->next)
|
||||||
|
if (!cl->is_encrypt_to)
|
||||||
|
break;
|
||||||
|
if (!cl)
|
||||||
{
|
{
|
||||||
log_error(_("no valid recipients given\n"));
|
log_error(_("no valid recipients given\n"));
|
||||||
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
|
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
|
||||||
@ -412,7 +418,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* gather certificates of recipients, encrypt the session key for
|
/* Gather certificates of recipients, encrypt the session key for
|
||||||
each and store them in the CMS object */
|
each and store them in the CMS object */
|
||||||
for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
|
for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
|
||||||
{
|
{
|
||||||
@ -447,7 +453,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* main control loop for encryption */
|
/* Main control loop for encryption. */
|
||||||
recpno = 0;
|
recpno = 0;
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
|
66
sm/gpgsm.c
66
sm/gpgsm.c
@ -277,10 +277,10 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oDefRecipientSelf, "default-recipient-self" ,0,
|
{ oDefRecipientSelf, "default-recipient-self" ,0,
|
||||||
N_("use the default key as default recipient")},
|
N_("use the default key as default recipient")},
|
||||||
{ oNoDefRecipient, "no-default-recipient", 0, "@" },
|
{ oNoDefRecipient, "no-default-recipient", 0, "@" },
|
||||||
|
#endif
|
||||||
{ oEncryptTo, "encrypt-to", 2, "@" },
|
{ oEncryptTo, "encrypt-to", 2, "@" },
|
||||||
{ oNoEncryptTo, "no-encrypt-to", 0, "@" },
|
{ oNoEncryptTo, "no-encrypt-to", 0, "@" },
|
||||||
|
|
||||||
#endif
|
|
||||||
{ oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
|
{ oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
@ -585,6 +585,31 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Helper to add recipients to a list. */
|
||||||
|
static void
|
||||||
|
do_add_recipient (ctrl_t ctrl, const char *name,
|
||||||
|
certlist_t *recplist, int is_encrypt_to)
|
||||||
|
{
|
||||||
|
int rc = gpgsm_add_to_certlist (ctrl, name, 0, recplist, is_encrypt_to);
|
||||||
|
if (rc)
|
||||||
|
{
|
||||||
|
log_error (_("can't encrypt to `%s': %s\n"), name, gpg_strerror (rc));
|
||||||
|
gpgsm_status2 (ctrl, STATUS_INV_RECP,
|
||||||
|
gpg_err_code (rc) == -1? "1":
|
||||||
|
gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
|
||||||
|
gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME? "2":
|
||||||
|
gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
|
||||||
|
gpg_err_code (rc) == GPG_ERR_CERT_REVOKED? "4":
|
||||||
|
gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED? "5":
|
||||||
|
gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN? "6":
|
||||||
|
gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD? "7":
|
||||||
|
gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
|
||||||
|
"0",
|
||||||
|
name, NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
main ( int argc, char **argv)
|
main ( int argc, char **argv)
|
||||||
{
|
{
|
||||||
@ -953,8 +978,8 @@ main ( int argc, char **argv)
|
|||||||
|
|
||||||
case oSkipVerify: opt.skip_verify=1; break;
|
case oSkipVerify: opt.skip_verify=1; break;
|
||||||
|
|
||||||
case oNoEncryptTo: /*fixme: opt.no_encrypt_to = 1;*/ break;
|
case oNoEncryptTo: opt.no_encrypt_to = 1; break;
|
||||||
case oEncryptTo: /* store the recipient in the second list */
|
case oEncryptTo: /* Store the recipient in the second list */
|
||||||
sl = add_to_strlist (&remusr, pargs.r.ret_str);
|
sl = add_to_strlist (&remusr, pargs.r.ret_str);
|
||||||
sl->flags = 1;
|
sl->flags = 1;
|
||||||
break;
|
break;
|
||||||
@ -1107,7 +1132,7 @@ main ( int argc, char **argv)
|
|||||||
|
|
||||||
for (sl = locusr; sl; sl = sl->next)
|
for (sl = locusr; sl; sl = sl->next)
|
||||||
{
|
{
|
||||||
int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist);
|
int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error (_("can't sign using `%s': %s\n"),
|
log_error (_("can't sign using `%s': %s\n"),
|
||||||
@ -1127,27 +1152,22 @@ main ( int argc, char **argv)
|
|||||||
sl->d, NULL);
|
sl->d, NULL);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Build the recipient list. We first add the regular ones and then
|
||||||
|
the encrypt-to ones because the underlying function will silenty
|
||||||
|
ignore duplicates and we can't allow to keep a duplicate which is
|
||||||
|
flagged as encrypt-to as the actually encrypt function would then
|
||||||
|
complain about no (regular) recipients. */
|
||||||
for (sl = remusr; sl; sl = sl->next)
|
for (sl = remusr; sl; sl = sl->next)
|
||||||
|
if (!(sl->flags & 1))
|
||||||
|
do_add_recipient (&ctrl, sl->d, &recplist, 0);
|
||||||
|
if (!opt.no_encrypt_to)
|
||||||
{
|
{
|
||||||
int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 0, &recplist);
|
for (sl = remusr; sl; sl = sl->next)
|
||||||
if (rc)
|
if ((sl->flags & 1))
|
||||||
{
|
do_add_recipient (&ctrl, sl->d, &recplist, 1);
|
||||||
log_error (_("can't encrypt to `%s': %s\n"),
|
|
||||||
sl->d, gpg_strerror (rc));
|
|
||||||
gpgsm_status2 (&ctrl, STATUS_INV_RECP,
|
|
||||||
gpg_err_code (rc) == -1? "1":
|
|
||||||
gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
|
|
||||||
gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME? "2":
|
|
||||||
gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
|
|
||||||
gpg_err_code (rc) == GPG_ERR_CERT_REVOKED? "4":
|
|
||||||
gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED? "5":
|
|
||||||
gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN? "6":
|
|
||||||
gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD? "7":
|
|
||||||
gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
|
|
||||||
"0",
|
|
||||||
sl->d, NULL);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (log_get_errorcount(0))
|
if (log_get_errorcount(0))
|
||||||
gpgsm_exit(1); /* must stop for invalid recipients */
|
gpgsm_exit(1); /* must stop for invalid recipients */
|
||||||
|
|
||||||
@ -1165,7 +1185,7 @@ main ( int argc, char **argv)
|
|||||||
sleep (debug_wait);
|
sleep (debug_wait);
|
||||||
log_debug ("... okay\n");
|
log_debug ("... okay\n");
|
||||||
}
|
}
|
||||||
gpgsm_server ();
|
gpgsm_server (recplist);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case aCallDirmngr:
|
case aCallDirmngr:
|
||||||
|
56
sm/gpgsm.h
56
sm/gpgsm.h
@ -72,6 +72,8 @@ struct {
|
|||||||
char *def_recipient; /* userID of the default recipient */
|
char *def_recipient; /* userID of the default recipient */
|
||||||
int def_recipient_self; /* The default recipient is the default key */
|
int def_recipient_self; /* The default recipient is the default key */
|
||||||
|
|
||||||
|
int no_encrypt_to; /* Ignore all as encrypt to marked recipients. */
|
||||||
|
|
||||||
char *local_user; /* NULL or argument to -u */
|
char *local_user; /* NULL or argument to -u */
|
||||||
|
|
||||||
int always_trust; /* Trust the given keys even if there is no
|
int always_trust; /* Trust the given keys even if there is no
|
||||||
@ -135,6 +137,7 @@ struct server_control_s {
|
|||||||
int use_ocsp; /* Set to true if OCSP should be used. */
|
int use_ocsp; /* Set to true if OCSP should be used. */
|
||||||
};
|
};
|
||||||
typedef struct server_control_s *CTRL;
|
typedef struct server_control_s *CTRL;
|
||||||
|
typedef struct server_control_s *ctrl_t;
|
||||||
|
|
||||||
/* data structure used in base64.c */
|
/* data structure used in base64.c */
|
||||||
typedef struct base64_context_s *Base64Context;
|
typedef struct base64_context_s *Base64Context;
|
||||||
@ -143,22 +146,26 @@ typedef struct base64_context_s *Base64Context;
|
|||||||
struct certlist_s {
|
struct certlist_s {
|
||||||
struct certlist_s *next;
|
struct certlist_s *next;
|
||||||
ksba_cert_t cert;
|
ksba_cert_t cert;
|
||||||
|
int is_encrypt_to; /* True if the certificate has been set through
|
||||||
|
the --encrypto-to option. */
|
||||||
};
|
};
|
||||||
typedef struct certlist_s *CERTLIST;
|
typedef struct certlist_s *CERTLIST;
|
||||||
|
typedef struct certlist_s *certlist_t;
|
||||||
|
|
||||||
/*-- gpgsm.c --*/
|
/*-- gpgsm.c --*/
|
||||||
void gpgsm_exit (int rc);
|
void gpgsm_exit (int rc);
|
||||||
void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
|
void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
|
||||||
|
|
||||||
/*-- server.c --*/
|
/*-- server.c --*/
|
||||||
void gpgsm_server (void);
|
void gpgsm_server (certlist_t default_recplist);
|
||||||
void gpgsm_status (CTRL ctrl, int no, const char *text);
|
void gpgsm_status (ctrl_t ctrl, int no, const char *text);
|
||||||
void gpgsm_status2 (CTRL ctrl, int no, ...);
|
void gpgsm_status2 (ctrl_t ctrl, int no, ...);
|
||||||
void gpgsm_status_with_err_code (CTRL ctrl, int no, const char *text,
|
void gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
|
||||||
gpg_err_code_t ec);
|
gpg_err_code_t ec);
|
||||||
|
|
||||||
/*-- fingerprint --*/
|
/*-- fingerprint --*/
|
||||||
char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo, char *array, int *r_len);
|
char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
|
||||||
|
char *array, int *r_len);
|
||||||
char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
|
char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
|
||||||
char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
|
char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
|
||||||
unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
|
unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
|
||||||
@ -169,10 +176,10 @@ char *gpgsm_get_certid (ksba_cert_t cert);
|
|||||||
|
|
||||||
/*-- base64.c --*/
|
/*-- base64.c --*/
|
||||||
int gpgsm_create_reader (Base64Context *ctx,
|
int gpgsm_create_reader (Base64Context *ctx,
|
||||||
CTRL ctrl, FILE *fp, ksba_reader_t *r_reader);
|
ctrl_t ctrl, FILE *fp, ksba_reader_t *r_reader);
|
||||||
void gpgsm_destroy_reader (Base64Context ctx);
|
void gpgsm_destroy_reader (Base64Context ctx);
|
||||||
int gpgsm_create_writer (Base64Context *ctx,
|
int gpgsm_create_writer (Base64Context *ctx,
|
||||||
CTRL ctrl, FILE *fp, ksba_writer_t *r_writer);
|
ctrl_t ctrl, FILE *fp, ksba_writer_t *r_writer);
|
||||||
int gpgsm_finish_writer (Base64Context ctx);
|
int gpgsm_finish_writer (Base64Context ctx);
|
||||||
void gpgsm_destroy_writer (Base64Context ctx);
|
void gpgsm_destroy_writer (Base64Context ctx);
|
||||||
|
|
||||||
@ -201,7 +208,8 @@ int gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
|
|||||||
/*-- certchain.c --*/
|
/*-- certchain.c --*/
|
||||||
int gpgsm_walk_cert_chain (ksba_cert_t start, ksba_cert_t *r_next);
|
int gpgsm_walk_cert_chain (ksba_cert_t start, ksba_cert_t *r_next);
|
||||||
int gpgsm_is_root_cert (ksba_cert_t cert);
|
int gpgsm_is_root_cert (ksba_cert_t cert);
|
||||||
int gpgsm_validate_chain (CTRL ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime);
|
int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
|
||||||
|
ksba_isotime_t r_exptime);
|
||||||
int gpgsm_basic_cert_check (ksba_cert_t cert);
|
int gpgsm_basic_cert_check (ksba_cert_t cert);
|
||||||
|
|
||||||
/*-- certlist.c --*/
|
/*-- certlist.c --*/
|
||||||
@ -210,41 +218,43 @@ int gpgsm_cert_use_encrypt_p (ksba_cert_t cert);
|
|||||||
int gpgsm_cert_use_verify_p (ksba_cert_t cert);
|
int gpgsm_cert_use_verify_p (ksba_cert_t cert);
|
||||||
int gpgsm_cert_use_decrypt_p (ksba_cert_t cert);
|
int gpgsm_cert_use_decrypt_p (ksba_cert_t cert);
|
||||||
int gpgsm_cert_use_cert_p (ksba_cert_t cert);
|
int gpgsm_cert_use_cert_p (ksba_cert_t cert);
|
||||||
int gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
|
||||||
CERTLIST *listaddr);
|
certlist_t *listaddr, int is_encrypt_to);
|
||||||
void gpgsm_release_certlist (CERTLIST list);
|
int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
|
||||||
|
certlist_t *listaddr, int is_encrypt_to);
|
||||||
|
void gpgsm_release_certlist (certlist_t list);
|
||||||
int gpgsm_find_cert (const char *name, ksba_cert_t *r_cert);
|
int gpgsm_find_cert (const char *name, ksba_cert_t *r_cert);
|
||||||
|
|
||||||
/*-- keylist.c --*/
|
/*-- keylist.c --*/
|
||||||
void gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode);
|
void gpgsm_list_keys (ctrl_t ctrl, STRLIST names, FILE *fp, unsigned int mode);
|
||||||
|
|
||||||
/*-- import.c --*/
|
/*-- import.c --*/
|
||||||
int gpgsm_import (CTRL ctrl, int in_fd);
|
int gpgsm_import (ctrl_t ctrl, int in_fd);
|
||||||
int gpgsm_import_files (CTRL ctrl, int nfiles, char **files,
|
int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
|
||||||
int (*of)(const char *fname));
|
int (*of)(const char *fname));
|
||||||
|
|
||||||
/*-- export.c --*/
|
/*-- export.c --*/
|
||||||
void gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp);
|
void gpgsm_export (ctrl_t ctrl, STRLIST names, FILE *fp);
|
||||||
|
|
||||||
/*-- delete.c --*/
|
/*-- delete.c --*/
|
||||||
int gpgsm_delete (CTRL ctrl, STRLIST names);
|
int gpgsm_delete (ctrl_t ctrl, STRLIST names);
|
||||||
|
|
||||||
/*-- verify.c --*/
|
/*-- verify.c --*/
|
||||||
int gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp);
|
int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp);
|
||||||
|
|
||||||
/*-- sign.c --*/
|
/*-- sign.c --*/
|
||||||
int gpgsm_get_default_cert (ksba_cert_t *r_cert);
|
int gpgsm_get_default_cert (ksba_cert_t *r_cert);
|
||||||
int gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
|
int gpgsm_sign (ctrl_t ctrl, CERTLIST signerlist,
|
||||||
int data_fd, int detached, FILE *out_fp);
|
int data_fd, int detached, FILE *out_fp);
|
||||||
|
|
||||||
/*-- encrypt.c --*/
|
/*-- encrypt.c --*/
|
||||||
int gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int in_fd, FILE *out_fp);
|
int gpgsm_encrypt (ctrl_t ctrl, CERTLIST recplist, int in_fd, FILE *out_fp);
|
||||||
|
|
||||||
/*-- decrypt.c --*/
|
/*-- decrypt.c --*/
|
||||||
int gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp);
|
int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
|
||||||
|
|
||||||
/*-- certreqgen.c --*/
|
/*-- certreqgen.c --*/
|
||||||
int gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp);
|
int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);
|
||||||
|
|
||||||
/*-- call-agent.c --*/
|
/*-- call-agent.c --*/
|
||||||
int gpgsm_agent_pksign (const char *keygrip,
|
int gpgsm_agent_pksign (const char *keygrip,
|
||||||
@ -264,9 +274,9 @@ int gpgsm_agent_passwd (const char *hexkeygrip);
|
|||||||
|
|
||||||
/*-- call-dirmngr.c --*/
|
/*-- call-dirmngr.c --*/
|
||||||
int gpgsm_dirmngr_isvalid (ksba_cert_t cert, int use_ocsp);
|
int gpgsm_dirmngr_isvalid (ksba_cert_t cert, int use_ocsp);
|
||||||
int gpgsm_dirmngr_lookup (CTRL ctrl, STRLIST names,
|
int gpgsm_dirmngr_lookup (ctrl_t ctrl, STRLIST names,
|
||||||
void (*cb)(void*, ksba_cert_t), void *cb_value);
|
void (*cb)(void*, ksba_cert_t), void *cb_value);
|
||||||
int gpgsm_dirmngr_run_command (CTRL ctrl, const char *command,
|
int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
|
||||||
int argc, char **argv);
|
int argc, char **argv);
|
||||||
|
|
||||||
|
|
||||||
|
36
sm/server.c
36
sm/server.c
@ -39,12 +39,13 @@ static FILE *statusfp;
|
|||||||
|
|
||||||
/* Data used to assuciate an Assuan context with local server data */
|
/* Data used to assuciate an Assuan context with local server data */
|
||||||
struct server_local_s {
|
struct server_local_s {
|
||||||
ASSUAN_CONTEXT assuan_ctx;
|
assuan_context_t assuan_ctx;
|
||||||
int message_fd;
|
int message_fd;
|
||||||
int list_internal;
|
int list_internal;
|
||||||
int list_external;
|
int list_external;
|
||||||
CERTLIST recplist;
|
certlist_t recplist;
|
||||||
CERTLIST signerlist;
|
certlist_t signerlist;
|
||||||
|
certlist_t default_recplist; /* As set by main() - don't release. */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -233,7 +234,7 @@ output_notify (ASSUAN_CONTEXT ctx, const char *line)
|
|||||||
way of specification [we will support this]. If this is a valid and
|
way of specification [we will support this]. If this is a valid and
|
||||||
trusted recipient the server does respond with OK, otherwise the
|
trusted recipient the server does respond with OK, otherwise the
|
||||||
return is an ERR with the reason why the recipient can't be used,
|
return is an ERR with the reason why the recipient can't be used,
|
||||||
the encryption will then not be done for this recipient. IF the
|
the encryption will then not be done for this recipient. If the
|
||||||
policy is not to encrypt at all if not all recipients are valid, the
|
policy is not to encrypt at all if not all recipients are valid, the
|
||||||
client has to take care of this. All RECIPIENT commands are
|
client has to take care of this. All RECIPIENT commands are
|
||||||
cumulative until a RESET or an successful ENCRYPT command. */
|
cumulative until a RESET or an successful ENCRYPT command. */
|
||||||
@ -243,7 +244,7 @@ cmd_recipient (ASSUAN_CONTEXT ctx, char *line)
|
|||||||
CTRL ctrl = assuan_get_pointer (ctx);
|
CTRL ctrl = assuan_get_pointer (ctx);
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist);
|
rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist, 0);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
gpg_err_code_t r = gpg_err_code (rc);
|
gpg_err_code_t r = gpg_err_code (rc);
|
||||||
@ -286,7 +287,8 @@ cmd_signer (ASSUAN_CONTEXT ctx, char *line)
|
|||||||
CTRL ctrl = assuan_get_pointer (ctx);
|
CTRL ctrl = assuan_get_pointer (ctx);
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
rc = gpgsm_add_to_certlist (ctrl, line, 1, &ctrl->server_local->signerlist);
|
rc = gpgsm_add_to_certlist (ctrl, line, 1,
|
||||||
|
&ctrl->server_local->signerlist, 0);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
gpg_err_code_t r = gpg_err_code (rc);
|
gpg_err_code_t r = gpg_err_code (rc);
|
||||||
@ -325,6 +327,7 @@ static int
|
|||||||
cmd_encrypt (ASSUAN_CONTEXT ctx, char *line)
|
cmd_encrypt (ASSUAN_CONTEXT ctx, char *line)
|
||||||
{
|
{
|
||||||
CTRL ctrl = assuan_get_pointer (ctx);
|
CTRL ctrl = assuan_get_pointer (ctx);
|
||||||
|
certlist_t cl;
|
||||||
int inp_fd, out_fd;
|
int inp_fd, out_fd;
|
||||||
FILE *out_fp;
|
FILE *out_fp;
|
||||||
int rc;
|
int rc;
|
||||||
@ -339,6 +342,18 @@ cmd_encrypt (ASSUAN_CONTEXT ctx, char *line)
|
|||||||
out_fp = fdopen ( dup(out_fd), "w");
|
out_fp = fdopen ( dup(out_fd), "w");
|
||||||
if (!out_fp)
|
if (!out_fp)
|
||||||
return set_error (General_Error, "fdopen() failed");
|
return set_error (General_Error, "fdopen() failed");
|
||||||
|
|
||||||
|
/* Now add all encrypt-to marked recipients from the default
|
||||||
|
list. */
|
||||||
|
rc = 0;
|
||||||
|
if (!opt.no_encrypt_to)
|
||||||
|
{
|
||||||
|
for (cl=ctrl->server_local->recplist; !rc && cl; cl = cl->next)
|
||||||
|
if (cl->is_encrypt_to)
|
||||||
|
rc = gpgsm_add_cert_to_certlist (ctrl, cl->cert,
|
||||||
|
&ctrl->server_local->recplist, 1);
|
||||||
|
}
|
||||||
|
if (!rc)
|
||||||
rc = gpgsm_encrypt (assuan_get_pointer (ctx),
|
rc = gpgsm_encrypt (assuan_get_pointer (ctx),
|
||||||
ctrl->server_local->recplist,
|
ctrl->server_local->recplist,
|
||||||
inp_fd, out_fp);
|
inp_fd, out_fp);
|
||||||
@ -346,7 +361,7 @@ cmd_encrypt (ASSUAN_CONTEXT ctx, char *line)
|
|||||||
|
|
||||||
gpgsm_release_certlist (ctrl->server_local->recplist);
|
gpgsm_release_certlist (ctrl->server_local->recplist);
|
||||||
ctrl->server_local->recplist = NULL;
|
ctrl->server_local->recplist = NULL;
|
||||||
/* close and reset the fd */
|
/* Close and reset the fd */
|
||||||
close_message_fd (ctrl);
|
close_message_fd (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
@ -755,9 +770,11 @@ register_commands (ASSUAN_CONTEXT ctx)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Startup the server */
|
/* Startup the server. DEFAULT_RECPLIST is the list of recipients as
|
||||||
|
set from the command line or config file. We only require those
|
||||||
|
marked as encrypt-to. */
|
||||||
void
|
void
|
||||||
gpgsm_server (void)
|
gpgsm_server (certlist_t default_recplist)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
int filedes[2];
|
int filedes[2];
|
||||||
@ -799,6 +816,7 @@ gpgsm_server (void)
|
|||||||
ctrl.server_local->message_fd = -1;
|
ctrl.server_local->message_fd = -1;
|
||||||
ctrl.server_local->list_internal = 1;
|
ctrl.server_local->list_internal = 1;
|
||||||
ctrl.server_local->list_external = 0;
|
ctrl.server_local->list_external = 0;
|
||||||
|
ctrl.server_local->default_recplist = default_recplist;
|
||||||
|
|
||||||
if (DBG_ASSUAN)
|
if (DBG_ASSUAN)
|
||||||
assuan_set_log_stream (ctx, log_get_stream ());
|
assuan_set_log_stream (ctx, log_get_stream ());
|
||||||
|
Loading…
x
Reference in New Issue
Block a user