security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

* b64enc.c: Include stdio.h and string.h

Browse Source 
* gpgsm.c: New option --prefer-system-dirmngr.
* call-dirmngr.c (start_dirmngr): Implement this option.

* gpgconf-comp.c <dirmngr>: Add the proxy options.
<gpgsm>: Add --prefer-system-daemon.
This commit is contained in:
Werner Koch 2004-11-23 17:09:51 +00:00
parent a2ecb6285e
commit c7b97075aa
16 changed files with 131 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
TODO
View File

@ -25,6 +25,8 @@ might want to have an agent context for each service request
* sm/certlist.c * sm/certlist.c
** ocspSigning usage is not fully implemented ** ocspSigning usage is not fully implemented
We should review the entire CRL and OCSP validation system. We should review the entire CRL and OCSP validation system.
Okay. This has been fixed in dirmngr when running it in system
daemon mode.
* sm/decrypt.c * sm/decrypt.c
** replace leading zero in integer hack by a cleaner solution ** replace leading zero in integer hack by a cleaner solution
@ -93,12 +95,3 @@ might want to have an agent context for each service request
This needs support in libksba/src/cert.c as well as in sm/*.c. This needs support in libksba/src/cert.c as well as in sm/*.c.
Need test certs as well. Same goes for CRL authorityKeyIdentifier. Need test certs as well. Same goes for CRL authorityKeyIdentifier.
** Dirmngr: name subordination (nameRelativeToCRLIssuer)
is not yet supported by Dirmngr.
** Dirmngr: CRL DP URI
The CRL DP shall use an URI for LDAP without a host name. The host
name shall be looked by using the DN in the URI. We don't implement
this yet. Solution is to have a mapping DN->host in our ldapservers
configuration file.

4
common/ChangeLog
View File

@ -1,3 +1,7 @@
2004-11-23 Werner Koch <wk@g10code.com>
* b64enc.c: Include stdio.h and string.h
2004-08-18 Werner Koch <wk@g10code.de> 2004-08-18 Werner Koch <wk@g10code.de>
* simple-pwquery.c (simple_pwquery): Handle gpg-error style return * simple-pwquery.c (simple_pwquery): Handle gpg-error style return

2
common/b64enc.c
View File

@ -19,7 +19,9 @@
*/ */
#include <config.h> #include <config.h>
#include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h>
#include <errno.h> #include <errno.h>
#include <assert.h> #include <assert.h>

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2004-11-05 Werner Koch <wk@g10code.com>
* debugging.texi (Common Problems): Curses pinentry problem.
2004-10-22 Werner Koch <wk@g10code.com> 2004-10-22 Werner Koch <wk@g10code.com>
* tools.texi (Helper Tools): Document gpgsm-gencert.sh. * tools.texi (Helper Tools): Document gpgsm-gencert.sh.

17
doc/debugging.texi
View File

@ -5,7 +5,7 @@
@node Debugging @node Debugging
@chapter How to solve problems @chapter How to solve problems
Everone knows that software often does not do what it should do and thus Everyone knows that software often does not do what it should do and thus
there is a need to track down problems. We call this debugging in a there is a need to track down problems. We call this debugging in a
reminiscent to the moth jamming a relay in a Mark II box back in 1947. reminiscent to the moth jamming a relay in a Mark II box back in 1947.
@ -91,5 +91,20 @@ in a standard way and directly available from @command{gpgsm}.
but Dirmngr's OCSP feature has not been enabled using but Dirmngr's OCSP feature has not been enabled using
@option{allow-ocsp} in @file{dirmngr.conf}. @option{allow-ocsp} in @file{dirmngr.conf}.
@item The Curses based Pinentry does not work
The far most common reason for this is that the environment variable
@code{GPG_TTY} has not been set correctly. Make sure that it has been
set to a real tty devce and not just to @samp{/dev/tty};
i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is
@samp{GPG_TTY=`tty`} --- note the back ticks. Also make sure that
this environment variable gets exported, that is you should follow up
the setting with an @samp{export GPG_TTY} (assuming a Bourne style
shell). Even for GUI based Pinentries; you should have set
@code{GPG_TTY}. See the section on installing the @program{gpg-agent}
on how to do it.
@end itemize @end itemize

2
doc/gpg-agent.texi
View File

@ -43,7 +43,7 @@ fi
@end smallexample @end smallexample
@noindent @noindent
You should aleays add the following lines to your @code{.bashrc} or You should aleways add the following lines to your @code{.bashrc} or
whatever initialization file is used for all shell invocations: whatever initialization file is used for all shell invocations:
@smallexample @smallexample

6
doc/gpgsm.texi
View File

@ -262,6 +262,12 @@ default value is @file{/usr/sbin/dirmngr}. This is only used as a
fallback when the environment variable @code{DIRMNGR_INFO} is not set or fallback when the environment variable @code{DIRMNGR_INFO} is not set or
a running dirmngr can't be connected. a running dirmngr can't be connected.
@item --prefer-system-dirmngr
@opindex prefer-system-dirmngr
If a system wide @command{dirmngr} is running in daemon mode, first try
to connect to this one. Fallback to a pipe based server if this does
not work.
@item --no-secmem-warning @item --no-secmem-warning
@opindex no-secmem-warning @opindex no-secmem-warning
Don't print a warning when the so called "secure memory" can't be used. Don't print a warning when the so called "secure memory" can't be used.

9
jnlib/ChangeLog
View File

@ -1,3 +1,12 @@
2004-11-22 Werner Koch <wk@g10code.com>
* logging.c (log_test_fd): Add test on LOGSTREAM. Reported by
Barry Schwartz.
2004-11-18 Werner Koch <wk@g10code.com>
* logging.c: Explicitly include sys/stat.h for the S_I* constants.
2004-10-21 Werner Koch <wk@g10code.com> 2004-10-21 Werner Koch <wk@g10code.com>
* logging.c (do_logv): Use set_log_stream to setup a default. * logging.c (do_logv): Use set_log_stream to setup a default.

4
jnlib/logging.c
View File

@ -35,6 +35,7 @@
#include <time.h> #include <time.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/stat.h>
#include <sys/un.h> #include <sys/un.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h> #include <fcntl.h>
@ -410,10 +411,13 @@ log_get_prefix (unsigned int *flags)
it allows the logging code to use more then one file descriptor. */ it allows the logging code to use more then one file descriptor. */
int int
log_test_fd (int fd) log_test_fd (int fd)
{
if (logstream)
{ {
int tmp = fileno (logstream); int tmp = fileno (logstream);
if ( tmp != -1 && tmp == fd) if ( tmp != -1 && tmp == fd)
return 1; return 1;
}
if (log_socket != -1 && log_socket == fd) if (log_socket != -1 && log_socket == fd)
return 1; return 1;
return 0; return 0;

5
sm/ChangeLog
View File

@ -1,3 +1,8 @@
2004-11-23 Werner Koch <wk@g10code.com>
* gpgsm.c: New option --prefer-system-dirmngr.
* call-dirmngr.c (start_dirmngr): Implement this option.
2004-10-22 Werner Koch <wk@g10code.com> 2004-10-22 Werner Koch <wk@g10code.com>
* certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate * certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate

14
sm/call-dirmngr.c
View File

@ -35,6 +35,8 @@
#include "i18n.h" #include "i18n.h"
#include "keydb.h" #include "keydb.h"
/* The name of the socket for a system daemon. */
#define DEFAULT_SOCKET_NAME "/var/run/dirmngr/socket"
struct membuf { struct membuf {
size_t len; size_t len;
@ -145,6 +147,7 @@ start_dirmngr (void)
int rc; int rc;
char *infostr, *p; char *infostr, *p;
ASSUAN_CONTEXT ctx; ASSUAN_CONTEXT ctx;
int try_default = 0;
if (dirmngr_ctx) if (dirmngr_ctx)
return 0; /* fixme: We need a context for each thread or serialize return 0; /* fixme: We need a context for each thread or serialize
@ -153,6 +156,12 @@ start_dirmngr (void)
to take care of the implicit option sending caching. */ to take care of the implicit option sending caching. */
infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO"); infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO");
if (opt.prefer_system_dirmngr && !force_pipe_server
&&(!infostr || !*infostr))
{
infostr = DEFAULT_SOCKET_NAME;
try_default = 1;
}
if (!infostr || !*infostr) if (!infostr || !*infostr)
{ {
const char *pgmname; const char *pgmname;
@ -197,6 +206,8 @@ start_dirmngr (void)
int pid; int pid;
infostr = xstrdup (infostr); infostr = xstrdup (infostr);
if (!try_default && *infostr)
{
if ( !(p = strchr (infostr, ':')) || p == infostr) if ( !(p = strchr (infostr, ':')) || p == infostr)
{ {
log_error (_("malformed DIRMNGR_INFO environment variable\n")); log_error (_("malformed DIRMNGR_INFO environment variable\n"));
@ -217,6 +228,9 @@ start_dirmngr (void)
force_pipe_server = 1; force_pipe_server = 1;
return start_dirmngr (); return start_dirmngr ();
} }
}
else
pid = -1;
rc = assuan_socket_connect (&ctx, infostr, pid); rc = assuan_socket_connect (&ctx, infostr, pid);
xfree (infostr); xfree (infostr);

7
sm/gpgsm.c
View File

@ -107,6 +107,7 @@ enum cmd_and_opt_values {
oLCctype, oLCctype,
oLCmessages, oLCmessages,
oPreferSystemDirmngr,
oDirmngrProgram, oDirmngrProgram,
oProtectToolProgram, oProtectToolProgram,
oFakedSystemTime, oFakedSystemTime,
@ -272,7 +273,8 @@ static ARGPARSE_OPTS opts[] = {
{ oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")}, { oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
{ oPreferSystemDirmngr,"prefer-system-dirmngr", 0,
N_("use system's dirmngr if available")},
{ oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")}, { oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")},
{ oEnableCRLChecks, "enable-crl-checks", 0, "@"}, { oEnableCRLChecks, "enable-crl-checks", 0, "@"},
{ oForceCRLRefresh, "force-crl-refresh", 0, "@"}, { oForceCRLRefresh, "force-crl-refresh", 0, "@"},
@ -1047,6 +1049,7 @@ main ( int argc, char **argv)
case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break; case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break; case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break; case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
case oProtectToolProgram: case oProtectToolProgram:
opt.protect_tool_program = pargs.r.ret_str; opt.protect_tool_program = pargs.r.ret_str;
break; break;
@ -1333,6 +1336,8 @@ main ( int argc, char **argv)
GC_OPT_FLAG_NONE ); GC_OPT_FLAG_NONE );
printf ("auto-issuer-key-retrieve:%lu:\n", printf ("auto-issuer-key-retrieve:%lu:\n",
GC_OPT_FLAG_NONE ); GC_OPT_FLAG_NONE );
printf ("prefer-system-dirmngr:%lu:\n",
GC_OPT_FLAG_NONE );
} }
break; break;

1
sm/gpgsm.h
View File

@ -55,6 +55,7 @@ struct {
char *lc_messages; char *lc_messages;
const char *dirmngr_program; const char *dirmngr_program;
int prefer_system_dirmngr; /* Prefer using a system wide drimngr. */
const char *protect_tool_program; const char *protect_tool_program;
char *outfile; /* name of output file */ char *outfile; /* name of output file */

9
tools/ChangeLog
View File

@ -1,3 +1,12 @@
2004-11-23 Werner Koch <wk@g10code.com>
* gpgconf-comp.c <dirmngr>: Add the proxy options.
<gpgsm>: Add --prefer-system-daemon.
2004-11-11 Werner Koch <wk@g10code.com>
* watchgnupg.c (main): Fixed test for read error.
2004-10-22 Werner Koch <wk@g10code.com> 2004-10-22 Werner Koch <wk@g10code.com>
* Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh * Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh

24
tools/gpgconf-comp.c
View File

@ -628,6 +628,9 @@ static gc_option_t gc_options_gpgsm[] =
{ "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT, { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
"gnupg", "|FILE|read options from FILE", "gnupg", "|FILE|read options from FILE",
GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPGSM }, GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPGSM },
{ "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", "use system's dirmngr if available",
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
{ "Debug", { "Debug",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
@ -731,10 +734,29 @@ static gc_option_t gc_options_dirmngr[] =
"dirmngr", "force loading of outdated CRLs", "dirmngr", "force loading of outdated CRLs",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "HTTP",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
"gnupg", N_("Configuration for HTTP servers") },
{ "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"dirmngr", "inhibit the use of HTTP",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"dirmngr", "|URL|redirect all HTTP requests to URL",
GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
{ "LDAP", { "LDAP",
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC, GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
"gnupg", N_("Configuration of LDAP servers to use") }, "gnupg", N_("Configuration of LDAP servers to use") },
{ "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"dirmngr", "inhibit the use of LDAP",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"dirmngr", "|HOST|use HOST for LDAP queries",
GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
{ "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"dirmngr", "do not use fallback hosts with --ldap-proxy",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"dirmngr", "add new servers discovered in CRL distribution points" "dirmngr", "add new servers discovered in CRL distribution points"
" to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,

2
tools/watchgnupg.c
View File

@ -354,7 +354,7 @@ main (int argc, char **argv)
int n; int n;
n = read (client->fd, line, sizeof line - 1); n = read (client->fd, line, sizeof line - 1);
if (n == 1) if (n < 0)
{ {
int save_errno = errno; int save_errno = errno;
print_line (client, NULL); /* flush */ print_line (client, NULL); /* flush */