security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Fix dirmngr problems on CE.

Browse Source 
Add new dirmngr commands.
Minor other fixes.
This commit is contained in:
Werner Koch 2010-08-12 11:43:46 +00:00
parent 8a61c30207
commit d4d61b87f1
9 changed files with 125 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
agent/ChangeLog
View File

@ -1,5 +1,8 @@
2010-08-11 Werner Koch <wk@g10code.com> 2010-08-11 Werner Koch <wk@g10code.com>
* call-pinentry.c (agent_get_passphrase, agent_askpin): Fix
setting of confidential flag.
* call-scd.c (agent_card_scd): Pass assuan comment lines to the * call-scd.c (agent_card_scd): Pass assuan comment lines to the
caller. caller.
(ASSUAN_CONVEY_COMMENTS): Provide replacement if needed. (ASSUAN_CONVEY_COMMENTS): Provide replacement if needed.

7
agent/call-pinentry.c
View File

@ -705,6 +705,7 @@ agent_askpin (ctrl_t ctrl,
struct entry_parm_s parm; struct entry_parm_s parm;
const char *errtext = NULL; const char *errtext = NULL;
int is_pin = 0; int is_pin = 0;
int saveflag;
if (opt.batch) if (opt.batch)
return 0; /* fixme: we should return BAD PIN */ return 0; /* fixme: we should return BAD PIN */
@ -782,8 +783,11 @@ agent_askpin (ctrl_t ctrl,
errtext = NULL; errtext = NULL;
} }
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx, NULL, NULL); inq_quality, entry_ctx, NULL, NULL);
assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code /* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and for canceled which gets translated to an assuan Cancel error and
not to the code for a user cancel. Fix this here. */ not to the code for a user cancel. Fix this here. */
@ -845,6 +849,7 @@ agent_get_passphrase (ctrl_t ctrl,
int rc; int rc;
char line[ASSUAN_LINELENGTH]; char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm; struct entry_parm_s parm;
int saveflag;
*retpass = NULL; *retpass = NULL;
if (opt.batch) if (opt.batch)
@ -895,9 +900,11 @@ agent_get_passphrase (ctrl_t ctrl,
if (!parm.buffer) if (!parm.buffer)
return unlock_pinentry (out_of_core ()); return unlock_pinentry (out_of_core ());
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx); assuan_begin_confidential (entry_ctx);
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx, NULL, NULL); inq_quality, entry_ctx, NULL, NULL);
assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code /* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and for canceled which gets translated to an assuan Cancel error and
not to the code for a user cancel. Fix this here. */ not to the code for a user cancel. Fix this here. */

4
common/ChangeLog
View File

@ -1,3 +1,7 @@
2010-08-12 Werner Koch <wk@g10code.com>
* sysutils.c (gnupg_remove) [W32CE]: Fix returned error.
2010-08-09 Werner Koch <wk@g10code.com> 2010-08-09 Werner Koch <wk@g10code.com>
* logging.c (WITH_IPV6): New macro. * logging.c (WITH_IPV6): New macro.

4
common/sysutils.c
View File

@ -530,8 +530,8 @@ gnupg_remove (const char *fname)
xfree (wfname); xfree (wfname);
} }
if (!rc) if (!rc)
gpg_err_set_errno (EIO); return -1; /* ERRNO is automagically provided by gpg-error.h. */
return !rc; return 0;
#else #else
return remove (fname); return remove (fname);
#endif #endif

11
dirmngr/ChangeLog
View File

@ -1,9 +1,18 @@
2010-08-12 Werner Koch <wk@g10code.com>
* crlcache.c (update_dir, crl_cache_insert): s/unlink/gnupg_remove/.
* dirmngr.c (dirmngr_sighup_action): New.
* server.c (cmd_killdirmngr, cmd_reloaddirmngr): New.
(struct server_local_s): Add field STOPME.
(start_command_handler): Act on STOPME.
2010-08-06 Werner Koch <wk@g10code.com> 2010-08-06 Werner Koch <wk@g10code.com>
* dirmngr.c (JNLIB_NEED_AFLOCAL): Define macro. * dirmngr.c (JNLIB_NEED_AFLOCAL): Define macro.
(main): Use SUN_LEN macro. (main): Use SUN_LEN macro.
(main) [W32]: Allow EEXIST in addition to EADDRINUSE. (main) [W32]: Allow EEXIST in addition to EADDRINUSE.
(JNLIB_NEED_AFLOCAL):
2010-08-05 Werner Koch <wk@g10code.com> 2010-08-05 Werner Koch <wk@g10code.com>

6
dirmngr/crlcache.c
View File

@ -274,7 +274,7 @@ cleanup_cache_dir (int force)
if (okay) if (okay)
{ {
log_info (_("removing cache file `%s'\n"), cdbname); log_info (_("removing cache file `%s'\n"), cdbname);
if (unlink (cdbname)) if (gnupg_remove (cdbname))
{ {
log_error ("failed to remove `%s': %s\n", log_error ("failed to remove `%s': %s\n",
cdbname, strerror (errno)); cdbname, strerror (errno));
@ -934,7 +934,7 @@ update_dir (crl_cache_t cache)
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
/* No atomic mv on W32 systems. */ /* No atomic mv on W32 systems. */
unlink (fname); gnupg_remove (fname);
#endif #endif
if (rename (tmpfname, fname)) if (rename (tmpfname, fname))
{ {
@ -2166,7 +2166,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
if (opt.verbose) if (opt.verbose)
log_info (_("creating cache file `%s'\n"), newfname); log_info (_("creating cache file `%s'\n"), newfname);
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
unlink (newfname); gnupg_remove (newfname);
#endif #endif
if (rename (fname, newfname)) if (rename (fname, newfname))
{ {

23
dirmngr/dirmngr.c
View File

@ -1578,6 +1578,21 @@ reread_configuration (void)
} }
/* A global function which allows us to trigger the reload stuff from
other places. */
void
dirmngr_sighup_action (void)
{
log_info (_("SIGHUP received - "
"re-reading configuration and flushing caches\n"));
reread_configuration ();
cert_cache_deinit (0);
crl_cache_deinit ();
cert_cache_init ();
crl_cache_init ();
}
/* The signal handler. */ /* The signal handler. */
static void static void
@ -1587,13 +1602,7 @@ handle_signal (int signo)
{ {
#ifndef HAVE_W32_SYSTEM #ifndef HAVE_W32_SYSTEM
case SIGHUP: case SIGHUP:
log_info (_("SIGHUP received - " dirmngr_sighup_action ();
"re-reading configuration and flushing caches\n"));
reread_configuration ();
cert_cache_deinit (0);
crl_cache_deinit ();
cert_cache_init ();
crl_cache_init ();
break; break;
case SIGUSR1: case SIGUSR1:

1
dirmngr/dirmngr.h
View File

@ -169,6 +169,7 @@ struct server_control_s
/*-- dirmngr.c --*/ /*-- dirmngr.c --*/
void dirmngr_exit( int ); /* Wrapper for exit() */ void dirmngr_exit( int ); /* Wrapper for exit() */
void dirmngr_init_default_ctrl (ctrl_t ctrl); void dirmngr_init_default_ctrl (ctrl_t ctrl);
void dirmngr_sighup_action (void);
/*-- server.c --*/ /*-- server.c --*/
ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl); ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl);

80
dirmngr/server.c
View File

@ -60,6 +60,10 @@ struct server_local_s
/* Per-session LDAP serfver. */ /* Per-session LDAP serfver. */
ldap_server_t ldapservers; ldap_server_t ldapservers;
/* If this flag is set to true this dirmngr process will be
terminated after the end of this session. */
int stopme;
}; };
@ -1218,7 +1222,7 @@ static const char hlp_cachecert[] =
"\n" "\n"
"Put a certificate into the internal cache. This command might be\n" "Put a certificate into the internal cache. This command might be\n"
"useful if a client knows in advance certificates required for a\n" "useful if a client knows in advance certificates required for a\n"
"test and wnats to make sure they get added to the internal cache.\n" "test and wants to make sure they get added to the internal cache.\n"
"It is also helpful for debugging. To get the actual certificate,\n" "It is also helpful for debugging. To get the actual certificate,\n"
"this command immediately inquires it using\n" "this command immediately inquires it using\n"
"\n" "\n"
@ -1376,6 +1380,75 @@ cmd_getinfo (assuan_context_t ctx, char *line)
} }
static const char hlp_killdirmngr[] =
"KILLDIRMNGR\n"
"\n"
"This command allows a user - given sufficient permissions -\n"
"to kill this dirmngr process.\n";
static gpg_error_t
cmd_killdirmngr (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
(void)line;
if (opt.system_daemon)
{
if (opt.system_service)
return set_error (GPG_ERR_NOT_SUPPORTED,
"can't do that whilst running as system service");
#ifndef HAVE_W32_SYSTEM
{
gpg_err_code_t ec;
assuan_peercred_t cred;
ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
if (!ec && cred.uid)
ec = GPG_ERR_EPERM; /* Only root may terminate. */
if (ec)
return set_error (ec, "no permission to kill this process");
}
#endif
}
ctrl->server_local->stopme = 1;
return gpg_error (GPG_ERR_EOF);
}
static const char hlp_reloaddirmngr[] =
"RELOADDIRMNGR\n"
"\n"
"This command is an alternative to SIGHUP\n"
"to reload the configuration.";
static gpg_error_t
cmd_reloaddirmngr (assuan_context_t ctx, char *line)
{
(void)ctx;
(void)line;
if (opt.system_daemon)
{
#ifndef HAVE_W32_SYSTEM
{
gpg_err_code_t ec;
assuan_peercred_t cred;
ec = gpg_err_code (assuan_get_peercred (ctx, &cred));
if (!ec && cred.uid)
ec = GPG_ERR_EPERM; /* Only root may terminate. */
if (ec)
return set_error (ec, "no permission to reload this process");
}
#endif
}
dirmngr_sighup_action ();
return 0;
}
/* Tell the assuan library about our commands. */ /* Tell the assuan library about our commands. */
@ -1397,6 +1470,8 @@ register_commands (assuan_context_t ctx)
{ "CACHECERT", cmd_cachecert, hlp_cachecert }, { "CACHECERT", cmd_cachecert, hlp_cachecert },
{ "VALIDATE", cmd_validate, hlp_validate }, { "VALIDATE", cmd_validate, hlp_validate },
{ "GETINFO", cmd_getinfo, hlp_getinfo }, { "GETINFO", cmd_getinfo, hlp_getinfo },
{ "KILLDIRMNGR",cmd_killdirmngr,hlp_killdirmngr },
{ "RELOADDIRMNGR",cmd_reloaddirmngr,hlp_reloaddirmngr },
{ NULL, NULL } { NULL, NULL }
}; };
int i, j, rc; int i, j, rc;
@ -1552,6 +1627,9 @@ start_command_handler (assuan_fd_t fd)
ctrl->server_local->assuan_ctx = NULL; ctrl->server_local->assuan_ctx = NULL;
assuan_release (ctx); assuan_release (ctx);
if (ctrl->server_local->stopme)
dirmngr_exit (0);
if (ctrl->refcount) if (ctrl->refcount)
log_error ("oops: connection control structure still referenced (%d)\n", log_error ("oops: connection control structure still referenced (%d)\n",
ctrl->refcount); ctrl->refcount);