* b64enc.c: Include stdio.h and string.h

* gpgsm.c: New option --prefer-system-dirmngr.
* call-dirmngr.c (start_dirmngr): Implement this option.

* gpgconf-comp.c <dirmngr>: Add the proxy options.
<gpgsm>: Add --prefer-system-daemon.

TODO

@@ -25,6 +25,8 @@ might want to have an agent context for each service request
 * sm/certlist.c
 ** ocspSigning usage is not fully implemented
    We should review the entire CRL and OCSP validation system.
+   Okay.  This has been fixed in dirmngr when running it in system
+   daemon mode.
 
 * sm/decrypt.c
 ** replace leading zero in integer hack by a cleaner solution
@@ -93,12 +95,3 @@ might want to have an agent context for each service request
    This needs support in libksba/src/cert.c as well as in sm/*.c.
    Need test certs as well.  Same goes for CRL authorityKeyIdentifier.
 
-** Dirmngr:  name subordination (nameRelativeToCRLIssuer) 
-   is not yet supported by Dirmngr.
-
-** Dirmngr: CRL DP URI
-  The CRL DP shall use an URI for LDAP without a host name.  The host
-  name shall be looked by using the DN in the URI.  We don't implement
-  this yet.  Solution is to have a mapping DN->host in our ldapservers
-  configuration file.
-

common/ChangeLog

@@ -1,3 +1,7 @@
+2004-11-23  Werner Koch  <wk@g10code.com>
+
+	* b64enc.c: Include stdio.h and string.h
+
 2004-08-18  Werner Koch  <wk@g10code.de>
 
 	* simple-pwquery.c (simple_pwquery): Handle gpg-error style return

common/b64enc.c

@@ -19,7 +19,9 @@
  */
 
 #include <config.h>
+#include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <errno.h>
 #include <assert.h>
 

doc/ChangeLog

@@ -1,3 +1,7 @@
+2004-11-05  Werner Koch  <wk@g10code.com>
+
+	* debugging.texi (Common Problems): Curses pinentry problem.
+
 2004-10-22  Werner Koch  <wk@g10code.com>
 
 	* tools.texi (Helper Tools): Document gpgsm-gencert.sh.

doc/debugging.texi

@@ -5,7 +5,7 @@
 @node Debugging
 @chapter How to solve problems
 
-Everone knows that software often does not do what it should do and thus
+Everyone knows that software often does not do what it should do and thus
 there is a need to track down problems.  We call this debugging in a
 reminiscent to the moth jamming a relay in a Mark II box back in 1947.
 
@@ -87,9 +87,24 @@ in a standard way and directly available from @command{gpgsm}.
 @itemize @bullet
 @item Error code @samp{Not supported} from Dirmngr
 
-  Most likely the option @option{enable-ocsp} is active for gpgsm
+Most likely the option @option{enable-ocsp} is active for gpgsm
-  but Dirmngr's OCSP feature has not been enabled using
+but Dirmngr's OCSP feature has not been enabled using
-  @option{allow-ocsp} in @file{dirmngr.conf}.
+@option{allow-ocsp} in @file{dirmngr.conf}.
+
+@item The Curses based Pinentry does not work
+
+The far most common reason for this is that the environment variable
+@code{GPG_TTY} has not been set correctly.  Make sure that it has been
+set to a real tty devce and not just to @samp{/dev/tty};
+i.e. @samp{GPG_TTY=tty} is plainly wrong; what you want is
+@samp{GPG_TTY=`tty`} --- note the back ticks.  Also make sure that
+this environment variable gets exported, that is you should follow up
+the setting with an @samp{export GPG_TTY} (assuming a Bourne style
+shell). Even for GUI based Pinentries; you should have set
+@code{GPG_TTY}. See the section on installing the @program{gpg-agent}
+on how to do it.
+
+
 
 @end itemize
 

doc/gpg-agent.texi

@@ -43,7 +43,7 @@ fi
 @end smallexample
 
 @noindent
-You should aleays add the following lines to your @code{.bashrc} or
+You should aleways add the following lines to your @code{.bashrc} or
 whatever initialization file is used for all shell invocations:
 
 @smallexample

doc/gpgsm.texi

@@ -262,6 +262,12 @@ default value is @file{/usr/sbin/dirmngr}.  This is only used as a
 fallback when the environment variable @code{DIRMNGR_INFO} is not set or
 a running dirmngr can't be connected.
 
+@item --prefer-system-dirmngr
+@opindex prefer-system-dirmngr
+If a system wide @command{dirmngr} is running in daemon mode, first try
+to connect to this one.  Fallback to a pipe based server if this does
+not work.
+
 @item --no-secmem-warning
 @opindex no-secmem-warning
 Don't print a warning when the so called "secure memory" can't be used.

jnlib/ChangeLog

@@ -1,3 +1,12 @@
+2004-11-22  Werner Koch  <wk@g10code.com>
+
+	* logging.c (log_test_fd): Add test on LOGSTREAM.  Reported by
+	Barry Schwartz.
+
+2004-11-18  Werner Koch  <wk@g10code.com>
+
+	* logging.c: Explicitly include sys/stat.h for the S_I* constants.
+
 2004-10-21  Werner Koch  <wk@g10code.com>
 
 	* logging.c (do_logv): Use set_log_stream to setup a default.

jnlib/logging.c

@@ -35,6 +35,7 @@
 #include <time.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #include <sys/un.h>
 #include <unistd.h>
 #include <fcntl.h>
@@ -411,9 +412,12 @@ log_get_prefix (unsigned int *flags)
 int
 log_test_fd (int fd)
 {
-  int tmp = fileno (logstream);
+  if (logstream)
-  if ( tmp != -1 && tmp == fd)
+    {
-    return 1;
+      int tmp = fileno (logstream);
+      if ( tmp != -1 && tmp == fd)
+        return 1;
+    }
   if (log_socket != -1 && log_socket == fd)
     return 1;
   return 0;

sm/ChangeLog

@@ -1,3 +1,8 @@
+2004-11-23  Werner Koch  <wk@g10code.com>
+
+	* gpgsm.c: New option --prefer-system-dirmngr.
+	* call-dirmngr.c (start_dirmngr): Implement this option.
+
 2004-10-22  Werner Koch  <wk@g10code.com>
 
 	* certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate

sm/call-dirmngr.c

@@ -35,6 +35,8 @@
 #include "i18n.h"
 #include "keydb.h"
 
+/* The name of the socket for a system daemon.  */
+#define DEFAULT_SOCKET_NAME "/var/run/dirmngr/socket"
 
 struct membuf {
   size_t len;
@@ -145,6 +147,7 @@ start_dirmngr (void)
   int rc;
   char *infostr, *p;
   ASSUAN_CONTEXT ctx;
+  int try_default = 0;
 
   if (dirmngr_ctx)
     return 0; /* fixme: We need a context for each thread or serialize
@@ -153,6 +156,12 @@ start_dirmngr (void)
      to take care of the implicit option sending caching. */
 
   infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO");
+  if (opt.prefer_system_dirmngr && !force_pipe_server
+      &&(!infostr || !*infostr))
+    {
+      infostr = DEFAULT_SOCKET_NAME;
+      try_default = 1;
+    }
   if (!infostr || !*infostr)
     {
       const char *pgmname;
@@ -197,26 +206,31 @@ start_dirmngr (void)
       int pid;
 
       infostr = xstrdup (infostr);
-      if ( !(p = strchr (infostr, ':')) || p == infostr)
+      if (!try_default && *infostr)
         {
-          log_error (_("malformed DIRMNGR_INFO environment variable\n"));
+          if ( !(p = strchr (infostr, ':')) || p == infostr)
-          xfree (infostr);
+            {
-          force_pipe_server = 1;
+              log_error (_("malformed DIRMNGR_INFO environment variable\n"));
-          return start_dirmngr ();
+              xfree (infostr);
-        }
+              force_pipe_server = 1;
-      *p++ = 0;
+              return start_dirmngr ();
-      pid = atoi (p);
+            }
-      while (*p && *p != ':')
+          *p++ = 0;
-        p++;
+          pid = atoi (p);
-      prot = *p? atoi (p+1) : 0;
+          while (*p && *p != ':')
-      if (prot != 1)
+            p++;
-        {
+          prot = *p? atoi (p+1) : 0;
-          log_error (_("dirmngr protocol version %d is not supported\n"),
+          if (prot != 1)
-                     prot);
+            {
-          xfree (infostr);
+              log_error (_("dirmngr protocol version %d is not supported\n"),
-          force_pipe_server = 1;
+                         prot);
-          return start_dirmngr ();
+              xfree (infostr);
+              force_pipe_server = 1;
+              return start_dirmngr ();
+            }
         }
+      else
+        pid = -1;
 
       rc = assuan_socket_connect (&ctx, infostr, pid);
       xfree (infostr);

sm/gpgsm.c

@@ -107,6 +107,7 @@ enum cmd_and_opt_values {
   oLCctype,
   oLCmessages,
 
+  oPreferSystemDirmngr,
   oDirmngrProgram,
   oProtectToolProgram,
   oFakedSystemTime,
@@ -272,7 +273,8 @@ static ARGPARSE_OPTS opts[] = {
 
     { oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")},
 
-
+    { oPreferSystemDirmngr,"prefer-system-dirmngr", 0,
+      N_("use system's dirmngr if available")},
     { oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")},
     { oEnableCRLChecks, "enable-crl-checks", 0, "@"},
     { oForceCRLRefresh, "force-crl-refresh", 0, "@"},
@@ -1047,6 +1049,7 @@ main ( int argc, char **argv)
         case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
         case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
         case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str;  break;
+        case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
         case oProtectToolProgram:
           opt.protect_tool_program = pargs.r.ret_str; 
           break;
@@ -1333,6 +1336,8 @@ main ( int argc, char **argv)
                 GC_OPT_FLAG_NONE );
         printf ("auto-issuer-key-retrieve:%lu:\n",
                 GC_OPT_FLAG_NONE );
+        printf ("prefer-system-dirmngr:%lu:\n",
+                GC_OPT_FLAG_NONE );
 
       }
       break;

sm/gpgsm.h

@@ -55,6 +55,7 @@ struct {
   char *lc_messages;
 
   const char *dirmngr_program;
+  int prefer_system_dirmngr;  /* Prefer using a system wide drimngr.  */
   const char *protect_tool_program;
   char *outfile;    /* name of output file */
 

tools/ChangeLog

@@ -1,3 +1,12 @@
+2004-11-23  Werner Koch  <wk@g10code.com>
+
+	* gpgconf-comp.c <dirmngr>: Add the proxy options.
+	<gpgsm>: Add --prefer-system-daemon.
+
+2004-11-11  Werner Koch  <wk@g10code.com>
+
+	* watchgnupg.c (main): Fixed test for read error.
+
 2004-10-22  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am (bin_SCRIPTS): Add gpgsm-gencert.sh

tools/gpgconf-comp.c

@@ -628,6 +628,9 @@ static gc_option_t gc_options_gpgsm[] =
    { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
      "gnupg", "|FILE|read options from FILE",
      GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPGSM },
+   { "prefer-system-dirmngr", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+     "gnupg", "use system's dirmngr if available",
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
 
    { "Debug",
      GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
@@ -731,10 +734,29 @@ static gc_option_t gc_options_dirmngr[] =
      "dirmngr", "force loading of outdated CRLs",
      GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
 
+   { "HTTP",
+     GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
+     "gnupg", N_("Configuration for HTTP servers") },
+   { "disable-http", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+     "dirmngr", "inhibit the use of HTTP",
+      GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+   { "http-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+     "dirmngr", "|URL|redirect all HTTP requests to URL",
+     GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+
    { "LDAP",
      GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
      "gnupg", N_("Configuration of LDAP servers to use") },
-   { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+   { "disable-ldap", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+     "dirmngr", "inhibit the use of LDAP",
+      GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+   { "ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+     "dirmngr", "|HOST|use HOST for LDAP queries",
+     GC_ARG_TYPE_STRING, GC_BACKEND_DIRMNGR },
+   { "only-ldap-proxy", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+     "dirmngr", "do not use fallback hosts with --ldap-proxy",
+      GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
+   { "add-servers", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      "dirmngr", "add new servers discovered in CRL distribution points"
      " to serverlist", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
    { "ldaptimeout", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,

tools/watchgnupg.c

@@ -354,7 +354,7 @@ main (int argc, char **argv)
             int n;
             
             n = read (client->fd, line, sizeof line - 1);
-            if (n == 1)
+            if (n < 0)
               {
                 int save_errno = errno;
                 print_line (client, NULL); /* flush */