From c7b97075aa213a7ac54b8c56679719679816b3fa Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 23 Nov 2004 17:09:51 +0000 Subject: [PATCH] * b64enc.c: Include stdio.h and string.h * gpgsm.c: New option --prefer-system-dirmngr. * call-dirmngr.c (start_dirmngr): Implement this option. * gpgconf-comp.c : Add the proxy options. : Add --prefer-system-daemon. --- TODO | 11 ++-------- common/ChangeLog | 4 ++++ common/b64enc.c | 2 ++ doc/ChangeLog | 4 ++++ doc/debugging.texi | 23 ++++++++++++++++---- doc/gpg-agent.texi | 2 +- doc/gpgsm.texi | 6 ++++++ jnlib/ChangeLog | 9 ++++++++ jnlib/logging.c | 10 ++++++--- sm/ChangeLog | 5 +++++ sm/call-dirmngr.c | 50 ++++++++++++++++++++++++++++---------------- sm/gpgsm.c | 7 ++++++- sm/gpgsm.h | 1 + tools/ChangeLog | 9 ++++++++ tools/gpgconf-comp.c | 24 ++++++++++++++++++++- tools/watchgnupg.c | 2 +- 16 files changed, 131 insertions(+), 38 deletions(-) diff --git a/TODO b/TODO index a80dfa453..138f9bade 100644 --- a/TODO +++ b/TODO @@ -25,6 +25,8 @@ might want to have an agent context for each service request * sm/certlist.c ** ocspSigning usage is not fully implemented We should review the entire CRL and OCSP validation system. + Okay. This has been fixed in dirmngr when running it in system + daemon mode. * sm/decrypt.c ** replace leading zero in integer hack by a cleaner solution @@ -93,12 +95,3 @@ might want to have an agent context for each service request This needs support in libksba/src/cert.c as well as in sm/*.c. Need test certs as well. Same goes for CRL authorityKeyIdentifier. -** Dirmngr: name subordination (nameRelativeToCRLIssuer) - is not yet supported by Dirmngr. - -** Dirmngr: CRL DP URI - The CRL DP shall use an URI for LDAP without a host name. The host - name shall be looked by using the DN in the URI. We don't implement - this yet. Solution is to have a mapping DN->host in our ldapservers - configuration file. - diff --git a/common/ChangeLog b/common/ChangeLog index f0e7bf67a..d5ded50c9 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,7 @@ +2004-11-23 Werner Koch + + * b64enc.c: Include stdio.h and string.h + 2004-08-18 Werner Koch * simple-pwquery.c (simple_pwquery): Handle gpg-error style return diff --git a/common/b64enc.c b/common/b64enc.c index edcf6e3ad..5b7a42ab3 100644 --- a/common/b64enc.c +++ b/common/b64enc.c @@ -19,7 +19,9 @@ */ #include +#include #include +#include #include #include diff --git a/doc/ChangeLog b/doc/ChangeLog index 4262865a5..9a9e213a3 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2004-11-05 Werner Koch + + * debugging.texi (Common Problems): Curses pinentry problem. + 2004-10-22 Werner Koch * tools.texi (Helper Tools): Document gpgsm-gencert.sh. diff --git a/doc/debugging.texi b/doc/debugging.texi index 9406ba567..b9ae06e2b 100644 --- a/doc/debugging.texi +++ b/doc/debugging.texi @@ -5,7 +5,7 @@ @node Debugging @chapter How to solve problems -Everone knows that software often does not do what it should do and thus +Everyone knows that software often does not do what it should do and thus there is a need to track down problems. We call this debugging in a reminiscent to the moth jamming a relay in a Mark II box back in 1947. @@ -87,9 +87,24 @@ in a standard way and directly available from @command{gpgsm}. @itemize @bullet @item Error code @samp{Not supported} from Dirmngr - Most likely the option @option{enable-ocsp} is active for gpgsm - but Dirmngr's OCSP feature has not been enabled using - @option{allow-ocsp} in @file{dirmngr.conf}. +Most likely the option @option{enable-ocsp} is active for gpgsm +but Dirmngr's OCSP feature has not been enabled using +@option{allow-ocsp} in @file{dirmngr.conf}. + +@item The Curses based Pinentry does not work + +The far most common reason for this is that the environment variable +@code{GPG_TTY} has not been set correctly. Make sure that it has been +set to a real tty devce and not just to @samp{/dev/tty}; +i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is +@samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that +this environment variable gets exported, that is you should follow up +the setting with an @samp{export GPG_TTY} (assuming a Bourne style +shell). Even for GUI based Pinentries; you should have set +@code{GPG_TTY}. See the section on installing the @program{gpg-agent} +on how to do it. + + @end itemize diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index f361cbf6b..cccbef02a 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -43,7 +43,7 @@ fi @end smallexample @noindent -You should aleays add the following lines to your @code{.bashrc} or +You should aleways add the following lines to your @code{.bashrc} or whatever initialization file is used for all shell invocations: @smallexample diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 94e6936ad..beedab7b7 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -262,6 +262,12 @@ default value is @file{/usr/sbin/dirmngr}. This is only used as a fallback when the environment variable @code{DIRMNGR_INFO} is not set or a running dirmngr can't be connected. +@item --prefer-system-dirmngr +@opindex prefer-system-dirmngr +If a system wide @command{dirmngr} is running in daemon mode, first try +to connect to this one. Fallback to a pipe based server if this does +not work. + @item --no-secmem-warning @opindex no-secmem-warning Don't print a warning when the so called "secure memory" can't be used. diff --git a/jnlib/ChangeLog b/jnlib/ChangeLog index 3c2d6d84a..517cfb73f 100644 --- a/jnlib/ChangeLog +++ b/jnlib/ChangeLog @@ -1,3 +1,12 @@ +2004-11-22 Werner Koch + + * logging.c (log_test_fd): Add test on LOGSTREAM. Reported by + Barry Schwartz. + +2004-11-18 Werner Koch + + * logging.c: Explicitly include sys/stat.h for the S_I* constants. + 2004-10-21 Werner Koch * logging.c (do_logv): Use set_log_stream to setup a default. diff --git a/jnlib/logging.c b/jnlib/logging.c index 7a5e1552e..5397a1184 100644 --- a/jnlib/logging.c +++ b/jnlib/logging.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -411,9 +412,12 @@ log_get_prefix (unsigned int *flags) int log_test_fd (int fd) { - int tmp = fileno (logstream); - if ( tmp != -1 && tmp == fd) - return 1; + if (logstream) + { + int tmp = fileno (logstream); + if ( tmp != -1 && tmp == fd) + return 1; + } if (log_socket != -1 && log_socket == fd) return 1; return 0; diff --git a/sm/ChangeLog b/sm/ChangeLog index 6dd5a28f3..acfa7f3bd 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,8 @@ +2004-11-23 Werner Koch + + * gpgsm.c: New option --prefer-system-dirmngr. + * call-dirmngr.c (start_dirmngr): Implement this option. + 2004-10-22 Werner Koch * certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 849b8a04c..c70f56580 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -35,6 +35,8 @@ #include "i18n.h" #include "keydb.h" +/* The name of the socket for a system daemon. */ +#define DEFAULT_SOCKET_NAME "/var/run/dirmngr/socket" struct membuf { size_t len; @@ -145,6 +147,7 @@ start_dirmngr (void) int rc; char *infostr, *p; ASSUAN_CONTEXT ctx; + int try_default = 0; if (dirmngr_ctx) return 0; /* fixme: We need a context for each thread or serialize @@ -153,6 +156,12 @@ start_dirmngr (void) to take care of the implicit option sending caching. */ infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO"); + if (opt.prefer_system_dirmngr && !force_pipe_server + &&(!infostr || !*infostr)) + { + infostr = DEFAULT_SOCKET_NAME; + try_default = 1; + } if (!infostr || !*infostr) { const char *pgmname; @@ -197,26 +206,31 @@ start_dirmngr (void) int pid; infostr = xstrdup (infostr); - if ( !(p = strchr (infostr, ':')) || p == infostr) + if (!try_default && *infostr) { - log_error (_("malformed DIRMNGR_INFO environment variable\n")); - xfree (infostr); - force_pipe_server = 1; - return start_dirmngr (); - } - *p++ = 0; - pid = atoi (p); - while (*p && *p != ':') - p++; - prot = *p? atoi (p+1) : 0; - if (prot != 1) - { - log_error (_("dirmngr protocol version %d is not supported\n"), - prot); - xfree (infostr); - force_pipe_server = 1; - return start_dirmngr (); + if ( !(p = strchr (infostr, ':')) || p == infostr) + { + log_error (_("malformed DIRMNGR_INFO environment variable\n")); + xfree (infostr); + force_pipe_server = 1; + return start_dirmngr (); + } + *p++ = 0; + pid = atoi (p); + while (*p && *p != ':') + p++; + prot = *p? atoi (p+1) : 0; + if (prot != 1) + { + log_error (_("dirmngr protocol version %d is not supported\n"), + prot); + xfree (infostr); + force_pipe_server = 1; + return start_dirmngr (); + } } + else + pid = -1; rc = assuan_socket_connect (&ctx, infostr, pid); xfree (infostr); diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 0f620c091..c9ce8fd9f 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -107,6 +107,7 @@ enum cmd_and_opt_values { oLCctype, oLCmessages, + oPreferSystemDirmngr, oDirmngrProgram, oProtectToolProgram, oFakedSystemTime, @@ -272,7 +273,8 @@ static ARGPARSE_OPTS opts[] = { { oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")}, - + { oPreferSystemDirmngr,"prefer-system-dirmngr", 0, + N_("use system's dirmngr if available")}, { oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")}, { oEnableCRLChecks, "enable-crl-checks", 0, "@"}, { oForceCRLRefresh, "force-crl-refresh", 0, "@"}, @@ -1047,6 +1049,7 @@ main ( int argc, char **argv) case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break; case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break; case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break; + case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break; case oProtectToolProgram: opt.protect_tool_program = pargs.r.ret_str; break; @@ -1333,6 +1336,8 @@ main ( int argc, char **argv) GC_OPT_FLAG_NONE ); printf ("auto-issuer-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE ); + printf ("prefer-system-dirmngr:%lu:\n", + GC_OPT_FLAG_NONE ); } break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 18f50e9fe..faa6e8b5c 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -55,6 +55,7 @@ struct { char *lc_messages; const char *dirmngr_program; + int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */ const char *protect_tool_program; char *outfile; /* name of output file */ diff --git a/tools/ChangeLog b/tools/ChangeLog index 18412753c..9158d7ca5 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,3 +1,12 @@ +2004-11-23 Werner Koch + + * gpgconf-comp.c : Add the proxy options. + : Add --prefer-system-daemon. + +2004-11-11 Werner Koch + + * watchgnupg.c (main): Fixed test for read error. + 2004-10-22 Werner Koch * Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 67623ccfd..ec606ea2b 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -628,6 +628,9 @@ static gc_option_t gc_options_gpgsm[] = { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT, "gnupg", "|FILE|read options from FILE", GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPGSM }, + { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, + "gnupg", "use system's dirmngr if available", + GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM }, { "Debug", GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, @@ -731,10 +734,29 @@ static gc_option_t gc_options_dirmngr[] = "dirmngr", "force loading of outdated CRLs", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + { "HTTP", + GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, + "gnupg", N_("Configuration for HTTP servers") }, + { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, + "dirmngr", "inhibit the use of HTTP", + GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, + "dirmngr", "|URL|redirect all HTTP requests to URL", + GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR }, + { "LDAP", GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC, "gnupg", N_("Configuration of LDAP servers to use") }, - { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, + { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, + "dirmngr", "inhibit the use of LDAP", + GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, + "dirmngr", "|HOST|use HOST for LDAP queries", + GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR }, + { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, + "dirmngr", "do not use fallback hosts with --ldap-proxy", + GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, + { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, "dirmngr", "add new servers discovered in CRL distribution points" " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c index 7f79f2f18..50f9d7274 100644 --- a/tools/watchgnupg.c +++ b/tools/watchgnupg.c @@ -354,7 +354,7 @@ main (int argc, char **argv) int n; n = read (client->fd, line, sizeof line - 1); - if (n == 1) + if (n < 0) { int save_errno = errno; print_line (client, NULL); /* flush */