mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
Do not run the setuid test if running under as root proper.
Documentation fixes. Some enhancements for the new OpenPGP Card.
This commit is contained in:
parent
e253f0cb55
commit
9d5a10a453
@ -1,3 +1,8 @@
|
|||||||
|
2008-07-17 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* exechelp.c (gnupg_spawn_process_detached): Do not run the setuid
|
||||||
|
test for root.
|
||||||
|
|
||||||
2008-06-26 Werner Koch <wk@g10code.com>
|
2008-06-26 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* estream.c (es_write_sanitized): Loose check for control
|
* estream.c (es_write_sanitized): Loose check for control
|
||||||
|
@ -826,7 +826,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
|
|||||||
pid_t pid;
|
pid_t pid;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (getuid() != geteuid())
|
if (getuid() && getuid() != geteuid())
|
||||||
return gpg_error (GPG_ERR_BUG);
|
return gpg_error (GPG_ERR_BUG);
|
||||||
|
|
||||||
if (access (pgmname, X_OK))
|
if (access (pgmname, X_OK))
|
||||||
|
@ -338,7 +338,11 @@ more arguments in future versions.
|
|||||||
|
|
||||||
KEYEXPIRED <expire-timestamp>
|
KEYEXPIRED <expire-timestamp>
|
||||||
The key has expired. expire-timestamp is the expiration time
|
The key has expired. expire-timestamp is the expiration time
|
||||||
in seconds after the epoch.
|
in seconds sice Epoch. This status line is not very useful
|
||||||
|
because it will also be emitted for expired subkeys even if
|
||||||
|
this subkey is not used. To check whether a key used to sign
|
||||||
|
a message has expired, the EXPKEYSIG status line is to be
|
||||||
|
used.
|
||||||
|
|
||||||
Note, that TIMESTAMP may either be a number with seconds since
|
Note, that TIMESTAMP may either be a number with seconds since
|
||||||
epoch or an ISO 8601 string which can be detected by the
|
epoch or an ISO 8601 string which can be detected by the
|
||||||
|
@ -470,11 +470,12 @@ returned in @var{hexstring_with_keygrip}.
|
|||||||
@subsection Return a certificate
|
@subsection Return a certificate
|
||||||
|
|
||||||
@example
|
@example
|
||||||
READCERT @var{hexified_certid}
|
READCERT @var{hexified_certid}|@var{keyid}
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
This function is used to read a certificate identified by
|
This function is used to read a certificate identified by
|
||||||
@var{hexified_certid} from the card.
|
@var{hexified_certid} from the card. With OpenPGP cards the keyid
|
||||||
|
@code{OpenPGP.3} may be used to rad the certticate of version 2 cards.
|
||||||
|
|
||||||
|
|
||||||
@node Scdaemon READKEY
|
@node Scdaemon READKEY
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
2008-07-17 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* gpg.c (main): Do not run the setuid test for root.
|
||||||
|
* exec.c (exec_write): Ditto.
|
||||||
|
|
||||||
2008-06-25 Marcus Brinkmann <marcus@g10code.de>
|
2008-06-25 Marcus Brinkmann <marcus@g10code.de>
|
||||||
|
|
||||||
* gpg.c (enum cmd_and_opt_values): Remove option
|
* gpg.c (enum cmd_and_opt_values): Remove option
|
||||||
|
@ -318,8 +318,8 @@ int exec_write(struct exec_info **info,const char *program,
|
|||||||
|
|
||||||
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
|
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
|
||||||
/* There should be no way to get to this spot while still carrying
|
/* There should be no way to get to this spot while still carrying
|
||||||
setuid privs. Just in case, bomb out if we are. */
|
setuid privs. Just in case, bomb out if we are (and are not root). */
|
||||||
if(getuid()!=geteuid())
|
if (getuid () && getuid () != geteuid ())
|
||||||
BUG ();
|
BUG ();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -2015,8 +2015,8 @@ main (int argc, char **argv)
|
|||||||
got_secmem = 1;
|
got_secmem = 1;
|
||||||
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
|
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
|
||||||
/* There should be no way to get to this spot while still carrying
|
/* There should be no way to get to this spot while still carrying
|
||||||
setuid privs. Just in case, bomb out if we are. */
|
setuid privs. Just in case, bomb out if we are (and are not root). */
|
||||||
if(getuid()!=geteuid())
|
if (getuid () && getuid () != geteuid ())
|
||||||
BUG ();
|
BUG ();
|
||||||
#endif
|
#endif
|
||||||
maybe_setuid = 0;
|
maybe_setuid = 0;
|
||||||
|
519
po/pt_BR.po
519
po/pt_BR.po
File diff suppressed because it is too large
Load Diff
513
po/zh_CN.po
513
po/zh_CN.po
File diff suppressed because it is too large
Load Diff
515
po/zh_TW.po
515
po/zh_TW.po
File diff suppressed because it is too large
Load Diff
@ -1,3 +1,10 @@
|
|||||||
|
2008-07-03 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* app-openpgp.c (do_readcert): New.
|
||||||
|
(app_local_s): Add fields IS_V2 and MAX_CERTLEN_3.
|
||||||
|
(app_select_openpgp): Set them and register do_readcert.
|
||||||
|
(do_setattr): Allow storing of the certificate.
|
||||||
|
|
||||||
2008-06-25 Werner Koch <wk@g10code.com>
|
2008-06-25 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* app-dinsig.c (do_sign): Allow for SHA256.
|
* app-dinsig.c (do_sign): Allow for SHA256.
|
||||||
|
@ -85,6 +85,7 @@ static struct {
|
|||||||
{ 0x0102, 0, 0, 0, 0, 0, 0, "Private DO 2"},
|
{ 0x0102, 0, 0, 0, 0, 0, 0, "Private DO 2"},
|
||||||
{ 0x0103, 0, 0, 0, 0, 0, 0, "Private DO 3"},
|
{ 0x0103, 0, 0, 0, 0, 0, 0, "Private DO 3"},
|
||||||
{ 0x0104, 0, 0, 0, 0, 0, 0, "Private DO 4"},
|
{ 0x0104, 0, 0, 0, 0, 0, 0, "Private DO 4"},
|
||||||
|
{ 0x7F21, 1, 0, 1, 0, 0, 0, "Cardholder certificate"},
|
||||||
{ 0 }
|
{ 0 }
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -120,10 +121,12 @@ struct app_local_s {
|
|||||||
/* Keep track of card capabilities. */
|
/* Keep track of card capabilities. */
|
||||||
struct
|
struct
|
||||||
{
|
{
|
||||||
|
unsigned int is_v2:1; /* This is a v2.0 compatible card. */
|
||||||
unsigned int get_challenge:1;
|
unsigned int get_challenge:1;
|
||||||
unsigned int key_import:1;
|
unsigned int key_import:1;
|
||||||
unsigned int change_force_chv:1;
|
unsigned int change_force_chv:1;
|
||||||
unsigned int private_dos:1;
|
unsigned int private_dos:1;
|
||||||
|
unsigned int max_certlen_3:16;
|
||||||
} extcap;
|
} extcap;
|
||||||
|
|
||||||
/* Flags used to control the application. */
|
/* Flags used to control the application. */
|
||||||
@ -740,11 +743,12 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
|
|||||||
{
|
{
|
||||||
char tmp[50];
|
char tmp[50];
|
||||||
|
|
||||||
sprintf (tmp, "gc=%d ki=%d fc=%d pd=%d",
|
sprintf (tmp, "gc=%d ki=%d fc=%d pd=%d mcl3=%u",
|
||||||
app->app_local->extcap.get_challenge,
|
app->app_local->extcap.get_challenge,
|
||||||
app->app_local->extcap.key_import,
|
app->app_local->extcap.key_import,
|
||||||
app->app_local->extcap.change_force_chv,
|
app->app_local->extcap.change_force_chv,
|
||||||
app->app_local->extcap.private_dos);
|
app->app_local->extcap.private_dos,
|
||||||
|
app->app_local->extcap.max_certlen_3);
|
||||||
send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
|
send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1274,6 +1278,47 @@ do_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Read the statdard certificate of an OpenPGP v2 card. It is
|
||||||
|
returned in a freshly allocated buffer with that address stored at
|
||||||
|
CERT and the length of the certificate stored at CERTLEN. CERTID
|
||||||
|
needs to be set to "OpenPGP.3". */
|
||||||
|
static gpg_error_t
|
||||||
|
do_readcert (app_t app, const char *certid,
|
||||||
|
unsigned char **cert, size_t *certlen)
|
||||||
|
{
|
||||||
|
#if GNUPG_MAJOR_VERSION > 1
|
||||||
|
gpg_error_t err;
|
||||||
|
unsigned char *buffer;
|
||||||
|
size_t buflen;
|
||||||
|
void *relptr;
|
||||||
|
|
||||||
|
*cert = NULL;
|
||||||
|
*certlen = 0;
|
||||||
|
if (strcmp (certid, "OPENPGP.3"))
|
||||||
|
return gpg_error (GPG_ERR_INV_ID);
|
||||||
|
if (app->app_local->extcap.is_v2)
|
||||||
|
return gpg_error (GPG_ERR_NOT_FOUND);
|
||||||
|
|
||||||
|
relptr = get_one_do (app, 0x00C4, &buffer, &buflen, NULL);
|
||||||
|
if (!relptr)
|
||||||
|
return gpg_error (GPG_ERR_NOT_FOUND);
|
||||||
|
|
||||||
|
*cert = xtrymalloc (buflen);
|
||||||
|
if (!*cert)
|
||||||
|
err = gpg_error_from_syserror ();
|
||||||
|
else
|
||||||
|
{
|
||||||
|
memcpy (*cert, buffer, buflen);
|
||||||
|
*certlen = buflen;
|
||||||
|
err = 0;
|
||||||
|
}
|
||||||
|
xfree (relptr);
|
||||||
|
return err;
|
||||||
|
#else
|
||||||
|
return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Verify a CHV either using using the pinentry or if possibile by
|
/* Verify a CHV either using using the pinentry or if possibile by
|
||||||
using a keypad. PINCB and PINCB_ARG describe the usual callback
|
using a keypad. PINCB and PINCB_ARG describe the usual callback
|
||||||
@ -1588,6 +1633,7 @@ do_setattr (app_t app, const char *name,
|
|||||||
int tag;
|
int tag;
|
||||||
int need_chv;
|
int need_chv;
|
||||||
int special;
|
int special;
|
||||||
|
unsigned int need_v2:1;
|
||||||
} table[] = {
|
} table[] = {
|
||||||
{ "DISP-NAME", 0x005B, 3 },
|
{ "DISP-NAME", 0x005B, 3 },
|
||||||
{ "LOGIN-DATA", 0x005E, 3, 2 },
|
{ "LOGIN-DATA", 0x005E, 3, 2 },
|
||||||
@ -1602,6 +1648,7 @@ do_setattr (app_t app, const char *name,
|
|||||||
{ "PRIVATE-DO-2", 0x0102, 3 },
|
{ "PRIVATE-DO-2", 0x0102, 3 },
|
||||||
{ "PRIVATE-DO-3", 0x0103, 2 },
|
{ "PRIVATE-DO-3", 0x0103, 2 },
|
||||||
{ "PRIVATE-DO-4", 0x0104, 3 },
|
{ "PRIVATE-DO-4", 0x0104, 3 },
|
||||||
|
{ "CERT-3", 0x7F21, 3, 0, 1 },
|
||||||
{ NULL, 0 }
|
{ NULL, 0 }
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -1610,6 +1657,8 @@ do_setattr (app_t app, const char *name,
|
|||||||
;
|
;
|
||||||
if (!table[idx].name)
|
if (!table[idx].name)
|
||||||
return gpg_error (GPG_ERR_INV_NAME);
|
return gpg_error (GPG_ERR_INV_NAME);
|
||||||
|
if (!table[idx].need_v2)
|
||||||
|
return gpg_error (GPG_ERR_NOT_SUPPORTED);
|
||||||
|
|
||||||
switch (table[idx].need_chv)
|
switch (table[idx].need_chv)
|
||||||
{
|
{
|
||||||
@ -2719,6 +2768,9 @@ app_select_openpgp (app_t app)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (app->card_version >= 0x0200)
|
||||||
|
app->app_local->extcap.is_v2 = 1;
|
||||||
|
|
||||||
relptr = get_one_do (app, 0x00C4, &buffer, &buflen, NULL);
|
relptr = get_one_do (app, 0x00C4, &buffer, &buflen, NULL);
|
||||||
if (!relptr)
|
if (!relptr)
|
||||||
{
|
{
|
||||||
@ -2743,6 +2795,11 @@ app_select_openpgp (app_t app)
|
|||||||
app->app_local->extcap.change_force_chv = !!(*buffer & 0x10);
|
app->app_local->extcap.change_force_chv = !!(*buffer & 0x10);
|
||||||
app->app_local->extcap.private_dos = !!(*buffer & 0x08);
|
app->app_local->extcap.private_dos = !!(*buffer & 0x08);
|
||||||
}
|
}
|
||||||
|
if (buflen >= 10)
|
||||||
|
{
|
||||||
|
/* Available with v2 cards. */
|
||||||
|
app->app_local->extcap.max_certlen_3 = (buffer[4] << 8 | buffer[5]);
|
||||||
|
}
|
||||||
xfree (relptr);
|
xfree (relptr);
|
||||||
|
|
||||||
/* Some of the first cards accidently don't set the
|
/* Some of the first cards accidently don't set the
|
||||||
@ -2757,6 +2814,7 @@ app_select_openpgp (app_t app)
|
|||||||
|
|
||||||
app->fnc.deinit = do_deinit;
|
app->fnc.deinit = do_deinit;
|
||||||
app->fnc.learn_status = do_learn_status;
|
app->fnc.learn_status = do_learn_status;
|
||||||
|
app->fnc.readcert = do_readcert;
|
||||||
app->fnc.readkey = do_readkey;
|
app->fnc.readkey = do_readkey;
|
||||||
app->fnc.getattr = do_getattr;
|
app->fnc.getattr = do_getattr;
|
||||||
app->fnc.setattr = do_setattr;
|
app->fnc.setattr = do_setattr;
|
||||||
|
@ -611,7 +611,7 @@ cmd_learn (assuan_context_t ctx, char *line)
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* READCERT <hexified_certid>
|
/* READCERT <hexified_certid>|<keyid>
|
||||||
|
|
||||||
Note, that this function may even be used on a locked card.
|
Note, that this function may even be used on a locked card.
|
||||||
*/
|
*/
|
||||||
|
Loading…
x
Reference in New Issue
Block a user