security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Removed some set but unused variables.

Browse Source
This commit is contained in:
Werner Koch 2011-08-04 12:22:04 +02:00
parent 60d8c901ce
commit e306c18624
25 changed files with 811 additions and 788 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -1,6 +1,7 @@
2011-08-04 Werner Koch <wk@g10code.com> 2011-08-04 Werner Koch <wk@g10code.com>
* configure.ac: Fix usage of AC_LANG_PROGRAM. * configure.ac: Fix usage of AC_LANG_PROGRAM.
(AC_CHECK_HEADERS): Check for utmp.h.
2011-02-04 Werner Koch <wk@g10code.com> 2011-02-04 Werner Koch <wk@g10code.com>

9
agent/ChangeLog
View File

@ -1,3 +1,12 @@
2011-08-04 Werner Koch <wk@g10code.com>
* genkey.c (check_passphrase_pattern): Use gpg_strerror.
* command-ssh.c (ssh_receive_mpint_list): Remove set but unused
var ELEMS_PUBLIC_N.
* gpg-agent.c (main): Remove set but unused var MAY_COREDUMP.
2011-07-22 Werner Koch <wk@g10code.com> 2011-07-22 Werner Koch <wk@g10code.com>
* command-ssh.c (ssh_receive_key): Do not init comment to an empty * command-ssh.c (ssh_receive_key): Do not init comment to an empty

2
agent/command-ssh.c
View File

@ -875,7 +875,6 @@ static gpg_error_t
ssh_receive_mpint_list (estream_t stream, int secret, ssh_receive_mpint_list (estream_t stream, int secret,
ssh_key_type_spec_t key_spec, gcry_mpi_t **mpi_list) ssh_key_type_spec_t key_spec, gcry_mpi_t **mpi_list)
{ {
unsigned int elems_public_n;
const char *elems_public; const char *elems_public;
unsigned int elems_n; unsigned int elems_n;
const char *elems; const char *elems;
@ -894,7 +893,6 @@ ssh_receive_mpint_list (estream_t stream, int secret,
elems_n = strlen (elems); elems_n = strlen (elems);
elems_public = key_spec.elems_key_public; elems_public = key_spec.elems_key_public;
elems_public_n = strlen (elems_public);
mpis = xtrycalloc (elems_n + 1, sizeof *mpis ); mpis = xtrycalloc (elems_n + 1, sizeof *mpis );
if (!mpis) if (!mpis)

36
agent/genkey.c
View File

@ -37,7 +37,7 @@ store_key (gcry_sexp_t private, const char *passphrase, int force)
unsigned char *buf; unsigned char *buf;
size_t len; size_t len;
unsigned char grip[20]; unsigned char grip[20];
if ( !gcry_pk_get_keygrip (private, grip) ) if ( !gcry_pk_get_keygrip (private, grip) )
{ {
log_error ("can't calculate keygrip\n"); log_error ("can't calculate keygrip\n");
@ -105,7 +105,7 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw)
if (!infp) if (!infp)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
log_error (_("error creating temporary file: %s\n"), strerror (errno)); log_error (_("error creating temporary file: %s\n"), gpg_strerror (err));
return 1; /* Error - assume password should not be used. */ return 1; /* Error - assume password should not be used. */
} }
@ -113,7 +113,7 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
log_error (_("error writing to temporary file: %s\n"), log_error (_("error writing to temporary file: %s\n"),
strerror (errno)); gpg_strerror (err));
fclose (infp); fclose (infp);
return 1; /* Error - assume password should not be used. */ return 1; /* Error - assume password should not be used. */
} }
@ -143,7 +143,7 @@ check_passphrase_pattern (ctrl_t ctrl, const char *pw)
} }
static int static int
take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn) take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn)
{ {
gpg_error_t err; gpg_error_t err;
@ -161,7 +161,7 @@ take_this_one_anyway2 (ctrl_t ctrl, const char *desc, const char *anyway_btn)
} }
static int static int
take_this_one_anyway (ctrl_t ctrl, const char *desc) take_this_one_anyway (ctrl_t ctrl, const char *desc)
{ {
return take_this_one_anyway2 (ctrl, desc, _("Take this one anyway")); return take_this_one_anyway2 (ctrl, desc, _("Take this one anyway"));
@ -182,18 +182,18 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
if (!pw) if (!pw)
pw = ""; pw = "";
if (utf8_charcount (pw) < minlen ) if (utf8_charcount (pw) < minlen )
{ {
char *desc; char *desc;
if (silent) if (silent)
return gpg_error (GPG_ERR_INV_PASSPHRASE); return gpg_error (GPG_ERR_INV_PASSPHRASE);
desc = xtryasprintf desc = xtryasprintf
( ngettext ("Warning: You have entered an insecure passphrase.%%0A" ( ngettext ("Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should be at least %u character long.", "A passphrase should be at least %u character long.",
"Warning: You have entered an insecure passphrase.%%0A" "Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should be at least %u characters long.", "A passphrase should be at least %u characters long.",
minlen), minlen ); minlen), minlen );
if (!desc) if (!desc)
return gpg_error_from_syserror (); return gpg_error_from_syserror ();
@ -203,17 +203,17 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
return err; return err;
} }
if (nonalpha_count (pw) < minnonalpha ) if (nonalpha_count (pw) < minnonalpha )
{ {
char *desc; char *desc;
if (silent) if (silent)
return gpg_error (GPG_ERR_INV_PASSPHRASE); return gpg_error (GPG_ERR_INV_PASSPHRASE);
desc = xtryasprintf desc = xtryasprintf
( ngettext ("Warning: You have entered an insecure passphrase.%%0A" ( ngettext ("Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should contain at least %u digit or%%0A" "A passphrase should contain at least %u digit or%%0A"
"special character.", "special character.",
"Warning: You have entered an insecure passphrase.%%0A" "Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should contain at least %u digits or%%0A" "A passphrase should contain at least %u digits or%%0A"
"special characters.", "special characters.",
@ -256,7 +256,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
"this is in general a bad idea!%0A" "this is in general a bad idea!%0A"
"Please confirm that you do not want to " "Please confirm that you do not want to "
"have any protection on your key.")); "have any protection on your key."));
if (silent) if (silent)
return gpg_error (GPG_ERR_INV_PASSPHRASE); return gpg_error (GPG_ERR_INV_PASSPHRASE);
@ -288,7 +288,7 @@ reenter_compare_cb (struct pin_entry_info_s *pi)
KEYPARAM */ KEYPARAM */
int int
agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen, agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
membuf_t *outbuf) membuf_t *outbuf)
{ {
gcry_sexp_t s_keyparam, s_key, s_private, s_public; gcry_sexp_t s_keyparam, s_key, s_private, s_public;
struct pin_entry_info_s *pi, *pi2; struct pin_entry_info_s *pi, *pi2;
@ -347,7 +347,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
xfree (pi); xfree (pi);
return rc; return rc;
} }
if (!*pi->pin) if (!*pi->pin)
{ {
xfree (pi); xfree (pi);
@ -383,7 +383,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
return gpg_error (GPG_ERR_INV_DATA); return gpg_error (GPG_ERR_INV_DATA);
} }
gcry_sexp_release (s_key); s_key = NULL; gcry_sexp_release (s_key); s_key = NULL;
/* store the secret key */ /* store the secret key */
if (DBG_CRYPTO) if (DBG_CRYPTO)
log_debug ("storing private key\n"); log_debug ("storing private key\n");
@ -422,7 +422,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen,
/* Apply a new passpahrse to the key S_SKEY and store it. */ /* Apply a new passpahrse to the key S_SKEY and store it. */
int int
agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey) agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey)
{ {
struct pin_entry_info_s *pi, *pi2; struct pin_entry_info_s *pi, *pi2;
int rc; int rc;

3
agent/gpg-agent.c
View File

@ -550,7 +550,6 @@ main (int argc, char **argv )
{ {
ARGPARSE_ARGS pargs; ARGPARSE_ARGS pargs;
int orig_argc; int orig_argc;
int may_coredump;
char **orig_argv; char **orig_argv;
FILE *configfp = NULL; FILE *configfp = NULL;
char *configname = NULL; char *configname = NULL;
@ -624,7 +623,7 @@ main (int argc, char **argv )
setup_libgcrypt_logging (); setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps (); disable_core_dumps ();
/* Set default options. */ /* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */ parse_rereadable_options (NULL, 0); /* Reset them to default values. */

7
common/ChangeLog
View File

@ -1,3 +1,10 @@
2011-08-04 Werner Koch <wk@g10code.com>
* pka.c (get_pka_info): Remove set but unused variables ARCOUNT
and NSCOUNT.
* estream.c (es_fwrite, es_fread): Remove set but unused variable
ERR.
2011-04-29 Werner Koch <wk@g10code.com> 2011-04-29 Werner Koch <wk@g10code.com>
* estream.c (es_pth_kill): New. * estream.c (es_pth_kill): New.

6
common/estream.c
View File

@ -2905,12 +2905,11 @@ es_fread (void *ES__RESTRICT ptr, size_t size, size_t nitems,
estream_t ES__RESTRICT stream) estream_t ES__RESTRICT stream)
{ {
size_t ret, bytes; size_t ret, bytes;
int err;
if (size * nitems) if (size * nitems)
{ {
ESTREAM_LOCK (stream); ESTREAM_LOCK (stream);
err = es_readn (stream, ptr, size * nitems, &bytes); es_readn (stream, ptr, size * nitems, &bytes);
ESTREAM_UNLOCK (stream); ESTREAM_UNLOCK (stream);
ret = bytes / size; ret = bytes / size;
@ -2927,12 +2926,11 @@ es_fwrite (const void *ES__RESTRICT ptr, size_t size, size_t nitems,
estream_t ES__RESTRICT stream) estream_t ES__RESTRICT stream)
{ {
size_t ret, bytes; size_t ret, bytes;
int err;
if (size * nitems) if (size * nitems)
{ {
ESTREAM_LOCK (stream); ESTREAM_LOCK (stream);
err = es_writen (stream, ptr, size * nitems, &bytes); es_writen (stream, ptr, size * nitems, &bytes);
ESTREAM_UNLOCK (stream); ESTREAM_UNLOCK (stream);
ret = bytes / size; ret = bytes / size;

18
common/pka.c
View File

@ -47,7 +47,7 @@
/* Parse the TXT resource record. Format is: /* Parse the TXT resource record. Format is:
v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string v=pka1;fpr=a4d94e92b0986ab5ee9dcd755de249965b0358a2;uri=string
For simplicity white spaces are not allowed. Because we expect to For simplicity white spaces are not allowed. Because we expect to
use a new RRTYPE for this in the future we define the TXT really use a new RRTYPE for this in the future we define the TXT really
strict for simplicity: No white spaces, case sensitivity of the strict for simplicity: No white spaces, case sensitivity of the
@ -70,7 +70,7 @@ parse_txt_record (char *buffer, unsigned char *fpr)
*pend++ = 0; *pend++ = 0;
if (strcmp (p, "v=pka1")) if (strcmp (p, "v=pka1"))
return -1; /* Wrong or missing version. */ return -1; /* Wrong or missing version. */
p = pend; p = pend;
pend = strchr (p, ';'); pend = strchr (p, ';');
if (pend) if (pend)
@ -82,11 +82,11 @@ parse_txt_record (char *buffer, unsigned char *fpr)
fpr[i] = xtoi_2 (p); fpr[i] = xtoi_2 (p);
if (i != 20) if (i != 20)
return -1; /* Fingerprint consists not of exactly 40 hexbytes. */ return -1; /* Fingerprint consists not of exactly 40 hexbytes. */
p = pend; p = pend;
if (!p || !*p) if (!p || !*p)
{ {
*buffer = 0; *buffer = 0;
return 0; /* Success (no URI given). */ return 0; /* Success (no URI given). */
} }
if (strncmp (p, "uri=", 4)) if (strncmp (p, "uri=", 4))
@ -119,7 +119,7 @@ get_pka_info (const char *address, unsigned char *fpr)
char *name; char *name;
adns_answer *answer = NULL; adns_answer *answer = NULL;
char *buffer = NULL; char *buffer = NULL;
domain = strrchr (address, '@'); domain = strrchr (address, '@');
if (!domain || domain == address || !domain[1]) if (!domain || domain == address || !domain[1])
return NULL; /* Invalid mail address given. */ return NULL; /* Invalid mail address given. */
@ -146,7 +146,7 @@ get_pka_info (const char *address, unsigned char *fpr)
adns_finish (state); adns_finish (state);
return NULL; return NULL;
} }
if (answer->status != adns_s_ok if (answer->status != adns_s_ok
|| answer->type != adns_r_txt || !answer->nrrs) || answer->type != adns_r_txt || !answer->nrrs)
{ {
/* log_error ("DNS query returned an error: %s (%s)\n", */ /* log_error ("DNS query returned an error: %s (%s)\n", */
@ -179,7 +179,7 @@ get_pka_info (const char *address, unsigned char *fpr)
HEADER h; HEADER h;
} answer; } answer;
int anslen; int anslen;
int qdcount, ancount, nscount, arcount; int qdcount, ancount;
int rc; int rc;
unsigned char *p, *pend; unsigned char *p, *pend;
const char *domain; const char *domain;
@ -210,8 +210,6 @@ get_pka_info (const char *address, unsigned char *fpr)
qdcount = ntohs (answer.h.qdcount); qdcount = ntohs (answer.h.qdcount);
ancount = ntohs (answer.h.ancount); ancount = ntohs (answer.h.ancount);
nscount = ntohs (answer.h.nscount);
arcount = ntohs (answer.h.arcount);
if (!ancount) if (!ancount)
return NULL; /* Got no answer. */ return NULL; /* Got no answer. */
@ -224,7 +222,7 @@ get_pka_info (const char *address, unsigned char *fpr)
rc = dn_skipname (p, pend); rc = dn_skipname (p, pend);
if (rc == -1) if (rc == -1)
return NULL; return NULL;
p += rc + QFIXEDSZ; p += rc + QFIXEDSZ;
} }
if (ancount > 1) if (ancount > 1)

2
configure.ac
View File

@ -1024,7 +1024,7 @@ fi
AC_MSG_NOTICE([checking for header files]) AC_MSG_NOTICE([checking for header files])
AC_HEADER_STDC AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h]) AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
AC_CHECK_HEADERS([pty.h pwd.h inttypes.h]) AC_CHECK_HEADERS([pty.h utmp.h pwd.h inttypes.h])
AC_HEADER_TIME AC_HEADER_TIME

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2011-08-04 Werner Koch <wk@g10code.com>
* keyedit.c (show_key_with_all_names): Remove set but unused var
PK_VERION.
* sig-check.c (do_check): Remove set but unused var CTX.
* build-packet.c (do_user_id): Return RC.
2011-07-29 Werner Koch <wk@g10code.com> 2011-07-29 Werner Koch <wk@g10code.com>
* tdbio.c (open_db): Do not print read-only warning in quiet mode. * tdbio.c (open_db): Do not print read-only warning in quiet mode.

64
g10/build-packet.c
View File

@ -214,11 +214,11 @@ calc_packet_length( PACKET *pkt )
static void static void
write_fake_data (IOBUF out, gcry_mpi_t a) write_fake_data (IOBUF out, gcry_mpi_t a)
{ {
if (a) if (a)
{ {
unsigned int n; unsigned int n;
void *p; void *p;
p = gcry_mpi_get_opaque ( a, &n ); p = gcry_mpi_get_opaque ( a, &n );
iobuf_write (out, p, (n+7)/8 ); iobuf_write (out, p, (n+7)/8 );
} }
@ -239,7 +239,7 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
write_header2( out, ctb, uid->len, 2 ); write_header2( out, ctb, uid->len, 2 );
rc = iobuf_write( out, uid->name, uid->len ); rc = iobuf_write( out, uid->name, uid->len );
} }
return 0; return rc;
} }
static int static int
@ -248,13 +248,13 @@ do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
int rc = 0; int rc = 0;
int n, i; int n, i;
IOBUF a = iobuf_temp(); IOBUF a = iobuf_temp();
if ( !pk->version ) if ( !pk->version )
iobuf_put( a, 3 ); iobuf_put( a, 3 );
else else
iobuf_put( a, pk->version ); iobuf_put( a, pk->version );
write_32(a, pk->timestamp ); write_32(a, pk->timestamp );
if ( pk->version < 4 ) if ( pk->version < 4 )
{ {
u16 ndays; u16 ndays;
if ( pk->expiredate ) if ( pk->expiredate )
@ -305,18 +305,18 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
ndays = 0; ndays = 0;
write_16(a, ndays); write_16(a, ndays);
} }
iobuf_put (a, sk->pubkey_algo ); iobuf_put (a, sk->pubkey_algo );
/* Get number of secret and public parameters. They are held in one /* Get number of secret and public parameters. They are held in one
array first the public ones, then the secret ones. */ array first the public ones, then the secret ones. */
nskey = pubkey_get_nskey ( sk->pubkey_algo ); nskey = pubkey_get_nskey ( sk->pubkey_algo );
npkey = pubkey_get_npkey ( sk->pubkey_algo ); npkey = pubkey_get_npkey ( sk->pubkey_algo );
/* If we don't have any public parameters - which is the case if we /* If we don't have any public parameters - which is the case if we
don't know the algorithm used - the parameters are stored as one don't know the algorithm used - the parameters are stored as one
blob in a faked (opaque) MPI. */ blob in a faked (opaque) MPI. */
if ( !npkey ) if ( !npkey )
{ {
write_fake_data( a, sk->skey[0] ); write_fake_data( a, sk->skey[0] );
goto leave; goto leave;
@ -327,11 +327,11 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
for (i=0; i < npkey; i++ ) for (i=0; i < npkey; i++ )
if ((rc = mpi_write (a, sk->skey[i]))) if ((rc = mpi_write (a, sk->skey[i])))
goto leave; goto leave;
/* Build the header for protected (encrypted) secret parameters. */ /* Build the header for protected (encrypted) secret parameters. */
if ( sk->is_protected ) if ( sk->is_protected )
{ {
if ( is_RSA(sk->pubkey_algo) if ( is_RSA(sk->pubkey_algo)
&& sk->version < 4 && sk->version < 4
&& !sk->protect.s2k.mode ) && !sk->protect.s2k.mode )
{ {
@ -351,12 +351,12 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
private/experimental extension (this is not specified private/experimental extension (this is not specified
in rfc2440 but the same scheme is used for all other in rfc2440 but the same scheme is used for all other
algorithm identifiers) */ algorithm identifiers) */
iobuf_put(a, 101 ); iobuf_put(a, 101 );
iobuf_put(a, sk->protect.s2k.hash_algo ); iobuf_put(a, sk->protect.s2k.hash_algo );
iobuf_write(a, "GNU", 3 ); iobuf_write(a, "GNU", 3 );
iobuf_put(a, sk->protect.s2k.mode - 1000 ); iobuf_put(a, sk->protect.s2k.mode - 1000 );
} }
else else
{ {
iobuf_put(a, sk->protect.s2k.mode ); iobuf_put(a, sk->protect.s2k.mode );
iobuf_put(a, sk->protect.s2k.hash_algo ); iobuf_put(a, sk->protect.s2k.hash_algo );
@ -366,10 +366,10 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_write (a, sk->protect.s2k.salt, 8 ); iobuf_write (a, sk->protect.s2k.salt, 8 );
if ( sk->protect.s2k.mode == 3 ) if ( sk->protect.s2k.mode == 3 )
iobuf_put (a, sk->protect.s2k.count ); iobuf_put (a, sk->protect.s2k.count );
/* For our special modes 1001, 1002 we do not need an IV. */ /* For our special modes 1001, 1002 we do not need an IV. */
if ( sk->protect.s2k.mode != 1001 if ( sk->protect.s2k.mode != 1001
&& sk->protect.s2k.mode != 1002 ) && sk->protect.s2k.mode != 1002 )
iobuf_write (a, sk->protect.iv, sk->protect.ivlen ); iobuf_write (a, sk->protect.iv, sk->protect.ivlen );
} }
@ -378,10 +378,10 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_put (a, 0 ); iobuf_put (a, 0 );
if ( sk->protect.s2k.mode == 1001 ) if ( sk->protect.s2k.mode == 1001 )
; /* GnuPG extension - don't write a secret key at all. */ ; /* GnuPG extension - don't write a secret key at all. */
else if ( sk->protect.s2k.mode == 1002 ) else if ( sk->protect.s2k.mode == 1002 )
{ {
/* GnuPG extension - divert to OpenPGP smartcard. */ /* GnuPG extension - divert to OpenPGP smartcard. */
iobuf_put(a, sk->protect.ivlen ); /* Length of the serial number iobuf_put(a, sk->protect.ivlen ); /* Length of the serial number
or 0 for no serial or 0 for no serial
number. */ number. */
@ -393,19 +393,19 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
/* The secret key is protected - write it out as it is. */ /* The secret key is protected - write it out as it is. */
byte *p; byte *p;
unsigned int ndatabits; unsigned int ndatabits;
assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE)); assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits ); p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
iobuf_write (a, p, (ndatabits+7)/8 ); iobuf_write (a, p, (ndatabits+7)/8 );
} }
else if ( sk->is_protected ) else if ( sk->is_protected )
{ {
/* The secret key is protected the old v4 way. */ /* The secret key is protected the old v4 way. */
for ( ; i < nskey; i++ ) for ( ; i < nskey; i++ )
{ {
byte *p; byte *p;
unsigned int ndatabits; unsigned int ndatabits;
assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE)); assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits); p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
iobuf_write (a, p, (ndatabits+7)/8); iobuf_write (a, p, (ndatabits+7)/8);
@ -473,9 +473,9 @@ do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
int rc = 0; int rc = 0;
int n, i; int n, i;
IOBUF a = iobuf_temp(); IOBUF a = iobuf_temp();
write_version( a, ctb ); write_version( a, ctb );
if ( enc->throw_keyid ) if ( enc->throw_keyid )
{ {
write_32(a, 0 ); /* Don't tell Eve who can decrypt the message. */ write_32(a, 0 ); /* Don't tell Eve who can decrypt the message. */
write_32(a, 0 ); write_32(a, 0 );
@ -529,7 +529,7 @@ do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
for(i=0; i < pt->namelen; i++ ) for(i=0; i < pt->namelen; i++ )
iobuf_put(out, pt->name[i] ); iobuf_put(out, pt->name[i] );
rc = write_32(out, pt->timestamp ); rc = write_32(out, pt->timestamp );
if (rc) if (rc)
return rc; return rc;
n = 0; n = 0;
@ -645,7 +645,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
} }
if( buflen < n ) if( buflen < n )
break; break;
type = *buffer & 0x7f; type = *buffer & 0x7f;
if( type == reqtype ) { if( type == reqtype ) {
buffer++; buffer++;
@ -679,7 +679,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
* Note: All pointers into sig->[un]hashed (e.g. returned by * Note: All pointers into sig->[un]hashed (e.g. returned by
* parse_sig_subpkt) are not valid after a call to this function. The * parse_sig_subpkt) are not valid after a call to this function. The
* data to put into the subpaket should be in a buffer with a length * data to put into the subpaket should be in a buffer with a length
* of buflen. * of buflen.
*/ */
void void
build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
@ -782,7 +782,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
case SIGSUBPKT_SIGNATURE: case SIGSUBPKT_SIGNATURE:
hashed = 0; hashed = 0;
break; break;
default: default:
hashed = 1; hashed = 1;
break; break;
} }
@ -833,7 +833,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
memcpy (p, buffer, buflen); memcpy (p, buffer, buflen);
} }
if (hashed) if (hashed)
sig->hashed = newarea; sig->hashed = newarea;
else else
sig->unhashed = newarea; sig->unhashed = newarea;
@ -1119,7 +1119,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
if ( sig->version < 4 ) if ( sig->version < 4 )
iobuf_put (a, 5 ); /* Constant */ iobuf_put (a, 5 ); /* Constant */
iobuf_put (a, sig->sig_class ); iobuf_put (a, sig->sig_class );
if ( sig->version < 4 ) if ( sig->version < 4 )
{ {
write_32(a, sig->timestamp ); write_32(a, sig->timestamp );
write_32(a, sig->keyid[0] ); write_32(a, sig->keyid[0] );
@ -1127,7 +1127,7 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
} }
iobuf_put(a, sig->pubkey_algo ); iobuf_put(a, sig->pubkey_algo );
iobuf_put(a, sig->digest_algo ); iobuf_put(a, sig->digest_algo );
if ( sig->version >= 4 ) if ( sig->version >= 4 )
{ {
size_t nn; size_t nn;
/* Timestamp and keyid must have been packed into the subpackets /* Timestamp and keyid must have been packed into the subpackets

102
g10/keyedit.c
View File

@ -116,7 +116,7 @@ find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
KBNODE node = pub_keyblock; KBNODE node = pub_keyblock;
PKT_secret_key *sk; PKT_secret_key *sk;
PKT_public_key *pk; PKT_public_key *pk;
if (sec_node->pkt->pkttype == PKT_SECRET_KEY if (sec_node->pkt->pkttype == PKT_SECRET_KEY
&& node->pkt->pkttype == PKT_PUBLIC_KEY) && node->pkt->pkttype == PKT_PUBLIC_KEY)
return node->pkt->pkt.public_key; return node->pkt->pkt.public_key;
@ -130,7 +130,7 @@ find_pk_from_sknode (KBNODE pub_keyblock, KBNODE sec_node)
if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1]) if (pk->keyid[0] == sk->keyid[0] && pk->keyid[1] == sk->keyid[1])
return pk; return pk;
} }
return NULL; return NULL;
} }
#endif /* ENABLE_CARD_SUPPORT */ #endif /* ENABLE_CARD_SUPPORT */
@ -528,7 +528,7 @@ sign_uids( KBNODE keyblock, strlist_t locusr, int *ret_modified,
} }
/* build a list of all signators. /* build a list of all signators.
* *
* We use the CERT flag to request the primary which must always * We use the CERT flag to request the primary which must always
* be one which is capable of signing keys. I can't see a reason * be one which is capable of signing keys. I can't see a reason
* why to sign keys using a subkey. Implementation of USAGE_CERT * why to sign keys using a subkey. Implementation of USAGE_CERT
@ -705,7 +705,7 @@ sign_uids( KBNODE keyblock, strlist_t locusr, int *ret_modified,
{ {
tty_printf(_("The self-signature on \"%s\"\n" tty_printf(_("The self-signature on \"%s\"\n"
"is a PGP 2.x-style signature.\n"),user); "is a PGP 2.x-style signature.\n"),user);
/* Note that the regular PGP2 warning below /* Note that the regular PGP2 warning below
still applies if there are no v4 sigs on still applies if there are no v4 sigs on
this key at all. */ this key at all. */
@ -1116,11 +1116,11 @@ change_passphrase (KBNODE keyblock, int *r_err)
sk = node->pkt->pkt.secret_key; sk = node->pkt->pkt.secret_key;
for (any = 0, node=keyblock; node; node = node->next) { for (any = 0, node=keyblock; node; node = node->next) {
if (node->pkt->pkttype == PKT_SECRET_KEY if (node->pkt->pkttype == PKT_SECRET_KEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY) { || node->pkt->pkttype == PKT_SECRET_SUBKEY) {
PKT_secret_key *tmpsk = node->pkt->pkt.secret_key; PKT_secret_key *tmpsk = node->pkt->pkt.secret_key;
if (!(tmpsk->is_protected if (!(tmpsk->is_protected
&& (tmpsk->protect.s2k.mode == 1001 && (tmpsk->protect.s2k.mode == 1001
|| tmpsk->protect.s2k.mode == 1002))) { || tmpsk->protect.s2k.mode == 1002))) {
any = 1; any = 1;
break; break;
@ -1132,7 +1132,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
"no passphrase to change.\n")); "no passphrase to change.\n"));
goto leave; goto leave;
} }
/* See how to handle this key. */ /* See how to handle this key. */
switch( is_secret_key_protected( sk ) ) { switch( is_secret_key_protected( sk ) ) {
case -1: case -1:
@ -1154,7 +1154,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
u32 keyid[2]; u32 keyid[2];
tty_printf(_("Key is protected.\n")); tty_printf(_("Key is protected.\n"));
/* Clear the passphrase cache so that the user is required /* Clear the passphrase cache so that the user is required
to enter the old passphrase. */ to enter the old passphrase. */
keyid_from_sk (sk, keyid); keyid_from_sk (sk, keyid);
@ -1172,7 +1172,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key; PKT_secret_key *subsk = node->pkt->pkt.secret_key;
if ( !(subsk->is_protected if ( !(subsk->is_protected
&& (subsk->protect.s2k.mode == 1001 && (subsk->protect.s2k.mode == 1001
|| subsk->protect.s2k.mode == 1002))) { || subsk->protect.s2k.mode == 1002))) {
set_next_passphrase( passphrase ); set_next_passphrase( passphrase );
rc = check_secret_key( subsk, 0 ); rc = check_secret_key( subsk, 0 );
@ -1229,7 +1229,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key; PKT_secret_key *subsk = node->pkt->pkt.secret_key;
if ( !(subsk->is_protected if ( !(subsk->is_protected
&& (subsk->protect.s2k.mode == 1001 && (subsk->protect.s2k.mode == 1001
|| subsk->protect.s2k.mode == 1002))) { || subsk->protect.s2k.mode == 1002))) {
subsk->protect.algo = dek->algo; subsk->protect.algo = dek->algo;
subsk->protect.s2k = *s2k; subsk->protect.s2k = *s2k;
@ -1243,7 +1243,7 @@ change_passphrase (KBNODE keyblock, int *r_err)
else else
{ {
u32 keyid[2]; u32 keyid[2];
/* Clear the cahce again so that the user is /* Clear the cahce again so that the user is
required to enter the new passphrase at the required to enter the new passphrase at the
next operation. */ next operation. */
@ -1378,7 +1378,7 @@ static struct
int flags; int flags;
const char *desc; const char *desc;
} cmds[] = } cmds[] =
{ {
{ "quit" , cmdQUIT , 0, N_("quit this menu") }, { "quit" , cmdQUIT , 0, N_("quit this menu") },
{ "q" , cmdQUIT , 0, NULL }, { "q" , cmdQUIT , 0, NULL },
{ "save" , cmdSAVE , 0, N_("save and quit") }, { "save" , cmdSAVE , 0, N_("save and quit") },
@ -1421,9 +1421,9 @@ static struct
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
{ "addcardkey", cmdADDCARDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, { "addcardkey", cmdADDCARDKEY , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK,
N_("add a key to a smartcard") }, N_("add a key to a smartcard") },
{ "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, { "keytocard", cmdKEYTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK,
N_("move a key to a smartcard")}, N_("move a key to a smartcard")},
{ "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK, { "bkuptocard", cmdBKUPTOCARD , KEYEDIT_NEED_SK|KEYEDIT_ONLY_SK,
N_("move a backup key to a smartcard")}, N_("move a backup key to a smartcard")},
#endif /*ENABLE_CARD_SUPPORT*/ #endif /*ENABLE_CARD_SUPPORT*/
@ -1589,7 +1589,7 @@ keyedit_menu( const char *username, strlist_t locusr,
size_t an; size_t an;
fingerprint_from_pk (pk, afp, &an); fingerprint_from_pk (pk, afp, &an);
while (an < MAX_FINGERPRINT_LEN) while (an < MAX_FINGERPRINT_LEN)
afp[an++] = 0; afp[an++] = 0;
rc = keydb_search_fpr (sec_kdbhd, afp); rc = keydb_search_fpr (sec_kdbhd, afp);
} }
@ -1746,7 +1746,7 @@ keyedit_menu( const char *username, strlist_t locusr,
redisplay=menu_select_uid_namehash(cur_keyblock,arg_string); redisplay=menu_select_uid_namehash(cur_keyblock,arg_string);
else else
{ {
if (*arg_string == '*' if (*arg_string == '*'
&& (!arg_string[1] || spacep (arg_string+1))) && (!arg_string[1] || spacep (arg_string+1)))
arg_number = -1; /* Select all. */ arg_number = -1; /* Select all. */
redisplay = menu_select_uid (cur_keyblock, arg_number); redisplay = menu_select_uid (cur_keyblock, arg_number);
@ -1755,7 +1755,7 @@ keyedit_menu( const char *username, strlist_t locusr,
case cmdSELKEY: case cmdSELKEY:
{ {
if (*arg_string == '*' if (*arg_string == '*'
&& (!arg_string[1] || spacep (arg_string+1))) && (!arg_string[1] || spacep (arg_string+1)))
arg_number = -1; /* Select all. */ arg_number = -1; /* Select all. */
if (menu_select_key( cur_keyblock, arg_number)) if (menu_select_key( cur_keyblock, arg_number))
@ -1910,7 +1910,7 @@ keyedit_menu( const char *username, strlist_t locusr,
switch ( count_selected_keys (sec_keyblock) ) switch ( count_selected_keys (sec_keyblock) )
{ {
case 0: case 0:
if (cpr_get_answer_is_yes if (cpr_get_answer_is_yes
("keyedit.keytocard.use_primary", ("keyedit.keytocard.use_primary",
/* TRANSLATORS: Please take care: This is about /* TRANSLATORS: Please take care: This is about
moving the key and not about removing it. */ moving the key and not about removing it. */
@ -1920,7 +1920,7 @@ keyedit_menu( const char *username, strlist_t locusr,
case 1: case 1:
for (node = sec_keyblock; node; node = node->next ) for (node = sec_keyblock; node; node = node->next )
{ {
if (node->pkt->pkttype == PKT_SECRET_SUBKEY if (node->pkt->pkttype == PKT_SECRET_SUBKEY
&& node->flag & NODFLG_SELKEY) && node->flag & NODFLG_SELKEY)
break; break;
} }
@ -1972,15 +1972,15 @@ keyedit_menu( const char *username, strlist_t locusr,
fname, strerror(errno)); fname, strerror(errno));
break; break;
} }
/* Parse and check that file. */ /* Parse and check that file. */
pkt = xmalloc (sizeof *pkt); pkt = xmalloc (sizeof *pkt);
init_packet (pkt); init_packet (pkt);
rc = parse_packet (a, pkt); rc = parse_packet (a, pkt);
iobuf_close (a); iobuf_close (a);
iobuf_ioctl (NULL, 2, 0, (char*)fname); /* (invalidate cache). */ iobuf_ioctl (NULL, 2, 0, (char*)fname); /* (invalidate cache). */
if (!rc if (!rc
&& pkt->pkttype != PKT_SECRET_KEY && pkt->pkttype != PKT_SECRET_KEY
&& pkt->pkttype != PKT_SECRET_SUBKEY) && pkt->pkttype != PKT_SECRET_SUBKEY)
rc = G10ERR_NO_SECKEY; rc = G10ERR_NO_SECKEY;
if (rc) if (rc)
@ -2323,9 +2323,9 @@ keyedit_passwd (const char *username)
if (err) if (err)
goto leave; goto leave;
fingerprint_from_pk (pk, fpr, &fprlen); fingerprint_from_pk (pk, fpr, &fprlen);
while (fprlen < MAX_FINGERPRINT_LEN) while (fprlen < MAX_FINGERPRINT_LEN)
fpr[fprlen++] = 0; fpr[fprlen++] = 0;
kdh = keydb_new (1); kdh = keydb_new (1);
if (!kdh) if (!kdh)
{ {
@ -2340,7 +2340,7 @@ keyedit_passwd (const char *username)
goto leave; goto leave;
err = keydb_get_keyblock (kdh, &keyblock); err = keydb_get_keyblock (kdh, &keyblock);
if (err) if (err)
goto leave; goto leave;
if (!change_passphrase (keyblock, &err)) if (!change_passphrase (keyblock, &err))
@ -2357,7 +2357,7 @@ keyedit_passwd (const char *username)
keydb_release (kdh); keydb_release (kdh);
if (err) if (err)
{ {
log_info ("error changing the passphrase for `%s': %s\n", log_info ("error changing the passphrase for `%s': %s\n",
username, gpg_strerror (err)); username, gpg_strerror (err));
write_status_error ("keyedit.passwd", gpg_err_code (err)); write_status_error ("keyedit.passwd", gpg_err_code (err));
} }
@ -2435,7 +2435,7 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
tty_printf ("[%d]", prefs[i].value); tty_printf ("[%d]", prefs[i].value);
if (prefs[i].value == CIPHER_ALGO_3DES ) if (prefs[i].value == CIPHER_ALGO_3DES )
des_seen = 1; des_seen = 1;
} }
} }
if (!des_seen) { if (!des_seen) {
if (any) if (any)
@ -2469,7 +2469,7 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
for(i=any=0; prefs[i].type; i++ ) { for(i=any=0; prefs[i].type; i++ ) {
if( prefs[i].type == PREFTYPE_ZIP ) { if( prefs[i].type == PREFTYPE_ZIP ) {
const char *s=compress_algo_to_string(prefs[i].value); const char *s=compress_algo_to_string(prefs[i].value);
if (any) if (any)
tty_printf (", "); tty_printf (", ");
any = 1; any = 1;
@ -2614,15 +2614,15 @@ show_key_with_all_names_colon (KBNODE keyblock)
if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) ) if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
putchar ('a'); putchar ('a');
putchar('\n'); putchar('\n');
print_fingerprint (pk, NULL, 0); print_fingerprint (pk, NULL, 0);
print_revokers(pk); print_revokers(pk);
} }
} }
/* the user ids */ /* the user ids */
i = 0; i = 0;
for (node = keyblock; node; node = node->next) for (node = keyblock; node; node = node->next)
{ {
if ( node->pkt->pkttype == PKT_USER_ID ) if ( node->pkt->pkttype == PKT_USER_ID )
{ {
@ -2666,7 +2666,7 @@ show_key_with_all_names_colon (KBNODE keyblock)
if (pk_version>3 || uid->selfsigversion>3) if (pk_version>3 || uid->selfsigversion>3)
{ {
const prefitem_t *prefs = uid->prefs; const prefitem_t *prefs = uid->prefs;
for (j=0; prefs && prefs[j].type; j++) for (j=0; prefs && prefs[j].type; j++)
{ {
if (j) if (j)
@ -2675,12 +2675,12 @@ show_key_with_all_names_colon (KBNODE keyblock)
prefs[j].type == PREFTYPE_HASH ? 'H' : prefs[j].type == PREFTYPE_HASH ? 'H' :
prefs[j].type == PREFTYPE_ZIP ? 'Z':'?', prefs[j].type == PREFTYPE_ZIP ? 'Z':'?',
prefs[j].value); prefs[j].value);
} }
if (uid->flags.mdc) if (uid->flags.mdc)
printf (",mdc"); printf (",mdc");
if (!uid->flags.ks_modify) if (!uid->flags.ks_modify)
printf (",no-ks-modify"); printf (",no-ks-modify");
} }
putchar (':'); putchar (':');
/* flags */ /* flags */
printf ("%d,", i); printf ("%d,", i);
@ -2769,7 +2769,6 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
KBNODE node; KBNODE node;
int i; int i;
int do_warn = 0; int do_warn = 0;
byte pk_version=0;
PKT_public_key *primary=NULL; PKT_public_key *primary=NULL;
if (opt.with_colons) if (opt.with_colons)
@ -2801,7 +2800,6 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
do_warn = 1; do_warn = 1;
} }
pk_version=pk->version;
primary=pk; primary=pk;
} }
@ -2880,7 +2878,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
tty_printf(_("trust: %s"), otrust); tty_printf(_("trust: %s"), otrust);
tty_printf("%*s",width,""); tty_printf("%*s",width,"");
} }
tty_printf(_("validity: %s"), trust ); tty_printf(_("validity: %s"), trust );
tty_printf("\n"); tty_printf("\n");
} }
@ -2916,7 +2914,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
if (sk->is_protected && sk->protect.s2k.mode == 1002) if (sk->is_protected && sk->protect.s2k.mode == 1002)
{ {
tty_printf(" "); tty_printf(" ");
tty_printf(_("card-no: ")); tty_printf(_("card-no: "));
if (sk->protect.ivlen == 16 if (sk->protect.ivlen == 16
&& !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6)) && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
{ /* This is an OpenPGP card. */ { /* This is an OpenPGP card. */
@ -2942,7 +2940,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
if (do_warn) if (do_warn)
tty_printf (_("Please note that the shown key validity" tty_printf (_("Please note that the shown key validity"
" is not necessarily correct\n" " is not necessarily correct\n"
"unless you restart the program.\n")); "unless you restart the program.\n"));
} }
@ -2962,7 +2960,7 @@ show_basic_key_info ( KBNODE keyblock )
if (node->pkt->pkttype == PKT_PUBLIC_KEY) if (node->pkt->pkttype == PKT_PUBLIC_KEY)
{ {
PKT_public_key *pk = node->pkt->pkt.public_key; PKT_public_key *pk = node->pkt->pkt.public_key;
/* Note, we use the same format string as in other show /* Note, we use the same format string as in other show
functions to make the translation job easier. */ functions to make the translation job easier. */
tty_printf ("%s %4u%c/%s ", tty_printf ("%s %4u%c/%s ",
@ -3001,7 +2999,7 @@ show_basic_key_info ( KBNODE keyblock )
{ {
PKT_user_id *uid = node->pkt->pkt.user_id; PKT_user_id *uid = node->pkt->pkt.user_id;
++i; ++i;
tty_printf (" "); tty_printf (" ");
if (uid->is_revoked) if (uid->is_revoked)
tty_printf("[%s] ",_("revoked")); tty_printf("[%s] ",_("revoked"));
@ -3938,7 +3936,7 @@ change_primary_uid_cb ( PKT_signature *sig, void *opaque )
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID); delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PRIMARY_UID);
/* if opaque is set,we want to set the primary id */ /* if opaque is set,we want to set the primary id */
if (opaque) { if (opaque) {
buf[0] = 1; buf[0] = 1;
build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, buf, 1 ); build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, buf, 1 );
} }
@ -4071,7 +4069,7 @@ menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
} }
/* /*
* Set preferences to new values for the selected user IDs * Set preferences to new values for the selected user IDs
*/ */
static int static int
@ -4122,7 +4120,7 @@ menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock )
xfree(user); xfree(user);
} }
else { else {
/* This is a selfsignature which is to be replaced /* This is a selfsignature which is to be replaced
* We have to ignore v3 signatures because they are * We have to ignore v3 signatures because they are
* not able to carry the preferences */ * not able to carry the preferences */
PKT_signature *newsig; PKT_signature *newsig;
@ -4152,7 +4150,7 @@ menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock )
} }
} }
} }
free_secret_key( sk ); free_secret_key( sk );
return modified; return modified;
} }
@ -4524,10 +4522,10 @@ menu_select_uid (KBNODE keyblock, int idx)
{ {
KBNODE node; KBNODE node;
int i; int i;
if (idx == -1) /* Select all. */ if (idx == -1) /* Select all. */
{ {
for (node = keyblock; node; node = node->next) for (node = keyblock; node; node = node->next)
if (node->pkt->pkttype == PKT_USER_ID) if (node->pkt->pkttype == PKT_USER_ID)
node->flag |= NODFLG_SELUID; node->flag |= NODFLG_SELUID;
return 1; return 1;
@ -4566,7 +4564,7 @@ menu_select_uid (KBNODE keyblock, int idx)
if (node->pkt->pkttype == PKT_USER_ID) if (node->pkt->pkttype == PKT_USER_ID)
node->flag &= ~NODFLG_SELUID; node->flag &= ~NODFLG_SELUID;
} }
return 1; return 1;
} }
@ -4646,7 +4644,7 @@ menu_select_key (KBNODE keyblock, int idx)
{ {
if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) || node->pkt->pkttype == PKT_SECRET_SUBKEY )
if (++i == idx) if (++i == idx)
{ {
if ((node->flag & NODFLG_SELKEY)) if ((node->flag & NODFLG_SELKEY))
node->flag &= ~NODFLG_SELKEY; node->flag &= ~NODFLG_SELKEY;
@ -4818,7 +4816,7 @@ menu_revsig( KBNODE keyblock )
/* First check whether we have any signatures at all. */ /* First check whether we have any signatures at all. */
any = 0; any = 0;
for (node = keyblock; node; node = node->next ) for (node = keyblock; node; node = node->next )
{ {
node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A); node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
if (node->pkt->pkttype == PKT_USER_ID) { if (node->pkt->pkttype == PKT_USER_ID) {
@ -4844,7 +4842,7 @@ menu_revsig( KBNODE keyblock )
tty_printf (_("Not signed by you.\n")); tty_printf (_("Not signed by you.\n"));
return 0; return 0;
} }
/* FIXME: detect duplicates here */ /* FIXME: detect duplicates here */
tty_printf(_("You have signed these user IDs on key %s:\n"), tty_printf(_("You have signed these user IDs on key %s:\n"),

23
g10/sig-check.c
View File

@ -60,7 +60,7 @@ signature_check (PKT_signature *sig, gcry_md_hd_t digest)
} }
int int
signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
int *r_expired, int *r_revoked, PKT_public_key *ret_pk ) int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
{ {
PKT_public_key *pk = xmalloc_clear( sizeof *pk ); PKT_public_key *pk = xmalloc_clear( sizeof *pk );
@ -130,8 +130,8 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
* and the timestamp, but the drawback of this is, that it is * and the timestamp, but the drawback of this is, that it is
* not possible to sign more than one identical document within * not possible to sign more than one identical document within
* one second. Some remote batch processing applications might * one second. Some remote batch processing applications might
* like this feature here. * like this feature here.
* *
* Note that before 2.0.10, we used RIPE-MD160 for the hash * Note that before 2.0.10, we used RIPE-MD160 for the hash
* and accidently didn't include the timestamp and algorithm * and accidently didn't include the timestamp and algorithm
* information in the hash. Given that this feature is not * information in the hash. Given that this feature is not
@ -265,7 +265,6 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
{ {
gcry_mpi_t result = NULL; gcry_mpi_t result = NULL;
int rc = 0; int rc = 0;
struct cmp_help_context_s ctx;
if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) ) if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc; return rc;
@ -318,8 +317,6 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
result = encode_md_value( pk, NULL, digest, sig->digest_algo ); result = encode_md_value( pk, NULL, digest, sig->digest_algo );
if (!result) if (!result)
return G10ERR_GENERAL; return G10ERR_GENERAL;
ctx.sig = sig;
ctx.md = digest;
rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey ); rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
gcry_mpi_release (result); gcry_mpi_release (result);
@ -434,13 +431,13 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
for(i=0;i<pk->numrevkeys;i++) for(i=0;i<pk->numrevkeys;i++)
{ {
u32 keyid[2]; u32 keyid[2];
keyid_from_fingerprint(pk->revkey[i].fpr,MAX_FINGERPRINT_LEN,keyid); keyid_from_fingerprint(pk->revkey[i].fpr,MAX_FINGERPRINT_LEN,keyid);
if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1]) if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
{ {
gcry_md_hd_t md; gcry_md_hd_t md;
if (gcry_md_open (&md, sig->digest_algo, 0)) if (gcry_md_open (&md, sig->digest_algo, 0))
BUG (); BUG ();
hash_public_key(md,pk); hash_public_key(md,pk);
@ -454,7 +451,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
busy=0; busy=0;
return rc; return rc;
} }
/* Backsigs (0x19) have the same format as binding sigs (0x18), but /* Backsigs (0x19) have the same format as binding sigs (0x18), but
this function is simpler than check_key_signature in a few ways. this function is simpler than check_key_signature in a few ways.
@ -539,8 +536,8 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
cache refresh detects and clears these cases. */ cache refresh detects and clears these cases. */
if ( !opt.no_sig_cache ) { if ( !opt.no_sig_cache ) {
if (sig->flags.checked) { /*cached status available*/ if (sig->flags.checked) { /*cached status available*/
if( is_selfsig ) { if( is_selfsig ) {
u32 keyid[2]; u32 keyid[2];
keyid_from_pk( pk, keyid ); keyid_from_pk( pk, keyid );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
@ -560,7 +557,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
return rc; return rc;
if( sig->sig_class == 0x20 ) { /* key revocation */ if( sig->sig_class == 0x20 ) { /* key revocation */
u32 keyid[2]; u32 keyid[2];
keyid_from_pk( pk, keyid ); keyid_from_pk( pk, keyid );
/* is it a designated revoker? */ /* is it a designated revoker? */

25
kbx/ChangeLog
View File

@ -1,3 +1,8 @@
2011-08-04 Werner Koch <wk@g10code.com>
* keybox-openpgp.c (parse_key): Remove set but unused vars
EXPIREDATE and NDAYS.
2010-07-23 Werner Koch <wk@g10code.com> 2010-07-23 Werner Koch <wk@g10code.com>
* keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug. * keybox-blob.c (_keybox_create_x509_blob): Fix reallocation bug.
@ -40,7 +45,7 @@
* keybox-init.c (keybox_new, keybox_release): Track used handles. * keybox-init.c (keybox_new, keybox_release): Track used handles.
(_keybox_close_file): New. (_keybox_close_file): New.
* keybox-update.c (keybox_insert_cert, keybox_set_flags) * keybox-update.c (keybox_insert_cert, keybox_set_flags)
(keybox_delete, keybox_compress): Use the new close function. (keybox_delete, keybox_compress): Use the new close function.
2008-03-13 Werner Koch <wk@g10code.com> 2008-03-13 Werner Koch <wk@g10code.com>
@ -123,7 +128,7 @@
2005-06-15 Werner Koch <wk@g10code.com> 2005-06-15 Werner Koch <wk@g10code.com>
* keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned. * keybox-file.c (_keybox_read_blob2): Make IMAGE unsigned.
(_keybox_write_blob): (_keybox_write_blob):
* keybox-blob.c (create_blob_finish, _keybox_create_x509_blob): * keybox-blob.c (create_blob_finish, _keybox_create_x509_blob):
Fixed warnings about signed/unsigned pointer mismatches. Fixed warnings about signed/unsigned pointer mismatches.
@ -180,7 +185,7 @@
* keybox-blob.c (_keybox_update_header_blob): New. * keybox-blob.c (_keybox_update_header_blob): New.
* keybox-update.c (blob_filecopy): Handle header blob. * keybox-update.c (blob_filecopy): Handle header blob.
* keybox-file.c (_keybox_read_blob2): New. Moved code from * keybox-file.c (_keybox_read_blob2): New. Moved code from
_keybox_read_blob to there. _keybox_read_blob to there.
* keybox-dump.c (dump_header_blob): Print header info. * keybox-dump.c (dump_header_blob): Print header info.
2004-04-21 Werner Koch <wk@gnupg.org> 2004-04-21 Werner Koch <wk@gnupg.org>
@ -189,11 +194,11 @@
KEYBOX_FLAG_CREATED_AT. KEYBOX_FLAG_CREATED_AT.
* keybox-update.c (keybox_compress): New. * keybox-update.c (keybox_compress): New.
* keybox-search.c (get32, get16, blob_get_type) * keybox-search.c (get32, get16, blob_get_type)
(blob_get_blob_flags, has_short_kid, has_long_kid) (blob_get_blob_flags, has_short_kid, has_long_kid)
(has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject) (has_fingerprint, has_issuer, has_issuer_sn, has_sn, has_subject)
(has_subject_or_alt, has_mail): inline them. (has_subject_or_alt, has_mail): inline them.
* keybox-update.c (blob_filecopy): Fixed an error/eof check * keybox-update.c (blob_filecopy): Fixed an error/eof check
(s/if(fread)/if(nread)/). (s/if(fread)/if(nread)/).
@ -217,17 +222,17 @@
* keybox-blob.c: Include time.h * keybox-blob.c: Include time.h
2003-06-03 Werner Koch <wk@gnupg.org> 2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme. Changed all error codes in all files to the new libgpg-error scheme.
* keybox-defs.h: Include gpg-error.h . * keybox-defs.h: Include gpg-error.h .
(KeyboxError): Removed. (KeyboxError): Removed.
* Makefile.am: Removed keybox-error.c stuff. * Makefile.am: Removed keybox-error.c stuff.
2002-11-14 Werner Koch <wk@gnupg.org> 2002-11-14 Werner Koch <wk@gnupg.org>
* keybox-search.c (blob_cmp_name) <compare all names>: Fixed * keybox-search.c (blob_cmp_name) <compare all names>: Fixed
length compare; there is no 0 stored since nearly a year. length compare; there is no 0 stored since nearly a year.
2002-10-31 Neal H. Walfield <neal@g10code.de> 2002-10-31 Neal H. Walfield <neal@g10code.de>

53
kbx/keybox-openpgp.c
View File

@ -72,8 +72,8 @@ enum packet_types
follwing data on success: follwing data on success:
R_DATAPKT = Pointer to the begin of the packet data. R_DATAPKT = Pointer to the begin of the packet data.
R_DATALEN = Length of this data. This has already been checked to fit R_DATALEN = Length of this data. This has already been checked to fit
into the buffer. into the buffer.
R_PKTTYPE = The packet type. R_PKTTYPE = The packet type.
R_NTOTAL = The total number of bytes of this packet R_NTOTAL = The total number of bytes of this packet
@ -91,11 +91,11 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
if (!len) if (!len)
return gpg_error (GPG_ERR_NO_DATA); return gpg_error (GPG_ERR_NO_DATA);
ctb = *buf++; len--; ctb = *buf++; len--;
if ( !(ctb & 0x80) ) if ( !(ctb & 0x80) )
return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */ return gpg_error (GPG_ERR_INV_PACKET); /* Invalid CTB. */
pktlen = 0; pktlen = 0;
if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */ if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */
{ {
@ -108,7 +108,7 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
if ( c < 192 ) if ( c < 192 )
pktlen = c; pktlen = c;
else if ( c < 224 ) else if ( c < 224 )
{ {
pktlen = (c - 192) * 256; pktlen = (c - 192) * 256;
if (!len) if (!len)
return gpg_error (GPG_ERR_INV_PACKET); /* No 2nd length byte. */ return gpg_error (GPG_ERR_INV_PACKET); /* No 2nd length byte. */
@ -150,7 +150,7 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
switch (pkttype) switch (pkttype)
{ {
case PKT_SIGNATURE: case PKT_SIGNATURE:
case PKT_SECRET_KEY: case PKT_SECRET_KEY:
case PKT_PUBLIC_KEY: case PKT_PUBLIC_KEY:
case PKT_SECRET_SUBKEY: case PKT_SECRET_SUBKEY:
case PKT_MARKER: case PKT_MARKER:
@ -166,9 +166,9 @@ next_packet (unsigned char const **bufptr, size_t *buflen,
return gpg_error (GPG_ERR_UNEXPECTED); return gpg_error (GPG_ERR_UNEXPECTED);
} }
if (pktlen == 0xffffffff) if (pktlen == 0xffffffff)
return gpg_error (GPG_ERR_INV_PACKET); return gpg_error (GPG_ERR_INV_PACKET);
if (pktlen > len) if (pktlen > len)
return gpg_error (GPG_ERR_INV_PACKET); /* Packet length header too long. */ return gpg_error (GPG_ERR_INV_PACKET); /* Packet length header too long. */
@ -195,7 +195,7 @@ parse_key (const unsigned char *data, size_t datalen,
const unsigned char *data_start = data; const unsigned char *data_start = data;
int i, version, algorithm; int i, version, algorithm;
size_t n; size_t n;
unsigned long timestamp, expiredate; /*unsigned long timestamp;*/
int npkey; int npkey;
unsigned char hashbuffer[768]; unsigned char hashbuffer[768];
const unsigned char *mpi_n = NULL; const unsigned char *mpi_n = NULL;
@ -207,23 +207,16 @@ parse_key (const unsigned char *data, size_t datalen,
version = *data++; datalen--; version = *data++; datalen--;
if (version < 2 || version > 4 ) if (version < 2 || version > 4 )
return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */ return gpg_error (GPG_ERR_INV_PACKET); /* Invalid version. */
timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3])); /*timestamp = ((data[0]<<24)|(data[1]<<16)|(data[2]<<8)|(data[3]));*/
data +=4; datalen -=4; data +=4; datalen -=4;
if (version < 4) if (version < 4)
{ {
unsigned short ndays;
if (datalen < 2) if (datalen < 2)
return gpg_error (GPG_ERR_INV_PACKET); return gpg_error (GPG_ERR_INV_PACKET);
ndays = ((data[0]<<8)|(data[1])); data += 2; datalen -= 2;
data +=2; datalen -= 2;
if (ndays)
expiredate = ndays? (timestamp + ndays * 86400L) : 0;
} }
else
expiredate = 0; /* This is stored in the self-signature. */
if (!datalen) if (!datalen)
return gpg_error (GPG_ERR_INV_PACKET); return gpg_error (GPG_ERR_INV_PACKET);
@ -234,7 +227,7 @@ parse_key (const unsigned char *data, size_t datalen,
case 1: case 1:
case 2: case 2:
case 3: /* RSA */ case 3: /* RSA */
npkey = 2; npkey = 2;
break; break;
case 16: case 16:
case 20: /* Elgamal */ case 20: /* Elgamal */
@ -250,7 +243,7 @@ parse_key (const unsigned char *data, size_t datalen,
for (i=0; i < npkey; i++ ) for (i=0; i < npkey; i++ )
{ {
unsigned int nbits, nbytes; unsigned int nbits, nbytes;
if (datalen < 2) if (datalen < 2)
return gpg_error (GPG_ERR_INV_PACKET); return gpg_error (GPG_ERR_INV_PACKET);
nbits = ((data[0]<<8)|(data[1])); nbits = ((data[0]<<8)|(data[1]));
@ -260,14 +253,14 @@ parse_key (const unsigned char *data, size_t datalen,
return gpg_error (GPG_ERR_INV_PACKET); return gpg_error (GPG_ERR_INV_PACKET);
/* For use by v3 fingerprint calculation we need to know the RSA /* For use by v3 fingerprint calculation we need to know the RSA
modulus and exponent. */ modulus and exponent. */
if (i==0) if (i==0)
{ {
mpi_n = data; mpi_n = data;
mpi_n_len = nbytes; mpi_n_len = nbytes;
} }
else if (i==1) else if (i==1)
mpi_e_len = nbytes; mpi_e_len = nbytes;
data += nbytes; datalen -= nbytes; data += nbytes; datalen -= nbytes;
} }
n = data - data_start; n = data - data_start;
@ -287,12 +280,12 @@ parse_key (const unsigned char *data, size_t datalen,
memcpy (ki->fpr, gcry_md_read (md, 0), 16); memcpy (ki->fpr, gcry_md_read (md, 0), 16);
gcry_md_close (md); gcry_md_close (md);
ki->fprlen = 16; ki->fprlen = 16;
if (mpi_n_len < 8) if (mpi_n_len < 8)
{ {
/* Moduli less than 64 bit are out of the specs scope. Zero /* Moduli less than 64 bit are out of the specs scope. Zero
them out becuase this is what gpg does too. */ them out becuase this is what gpg does too. */
memset (ki->keyid, 0, 8); memset (ki->keyid, 0, 8);
} }
else else
memcpy (ki->keyid, mpi_n + mpi_n_len - 8, 8); memcpy (ki->keyid, mpi_n + mpi_n_len - 8, 8);
@ -353,7 +346,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
int first = 1; int first = 1;
struct _keybox_openpgp_key_info *k, **ktail = NULL; struct _keybox_openpgp_key_info *k, **ktail = NULL;
struct _keybox_openpgp_uid_info *u, **utail = NULL; struct _keybox_openpgp_uid_info *u, **utail = NULL;
memset (info, 0, sizeof *info); memset (info, 0, sizeof *info);
if (nparsed) if (nparsed)
*nparsed = 0; *nparsed = 0;
@ -380,7 +373,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
} }
else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY) else if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
break; /* Next keyblock encountered - ready. */ break; /* Next keyblock encountered - ready. */
if (nparsed) if (nparsed)
*nparsed += n; *nparsed += n;
@ -418,7 +411,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
if (err) if (err)
break; break;
} }
else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' ) else if( pkttype == PKT_PUBLIC_SUBKEY && datalen && *data == '#' )
{ {
/* Early versions of GnuPG used old PGP comment packets; /* Early versions of GnuPG used old PGP comment packets;
* luckily all those comments are prefixed by a hash * luckily all those comments are prefixed by a hash
@ -482,7 +475,7 @@ _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY) if (pkttype == PKT_PUBLIC_KEY || pkttype == PKT_SECRET_KEY)
break; /* Next keyblock encountered - ready. */ break; /* Next keyblock encountered - ready. */
if (nparsed) if (nparsed)
*nparsed += n; *nparsed += n;
} }

116
scd/ChangeLog
View File

@ -1,9 +1,15 @@
2011-08-04 Werner Koch <wk@g10code.com>
* pcsc-wrapper.c (handle_open): Remove unused var LISTLEN.
* scdaemon.c (main): Remove var MAY_COREDUMP.
2011-01-25 NIIBE Yutaka <gniibe@fsij.org>, 2011-01-25 NIIBE Yutaka <gniibe@fsij.org>,
Grant Olson <kgo@grant-olson.net> (wk) Grant Olson <kgo@grant-olson.net> (wk)
* command.c (do_reset, get_reader_slot) * command.c (do_reset, get_reader_slot)
(update_reader_status_file): Fix handling of the VALID flag for (update_reader_status_file): Fix handling of the VALID flag for
unplugged readers. unplugged readers.
2010-03-17 Werner Koch <wk@g10code.com> 2010-03-17 Werner Koch <wk@g10code.com>
@ -123,7 +129,7 @@
* app-openpgp.c (change_keyattr): New. * app-openpgp.c (change_keyattr): New.
(do_writekey): Call it. (do_writekey): Call it.
* app-openpgp.c (does_key_exist): Add arg GENERATING. Change * app-openpgp.c (does_key_exist): Add arg GENERATING. Change
callers. callers.
@ -226,7 +232,7 @@
* app-nks.c (do_decipher): Make it work for TCOS 3. * app-nks.c (do_decipher): Make it work for TCOS 3.
* iso7816.c (iso7816_decipher): Add arg EXTENDED_MODE. * iso7816.c (iso7816_decipher): Add arg EXTENDED_MODE.
* apdu.c (apdu_send): Add arg EXTENDED_MODE and change all callers. * apdu.c (apdu_send): Add arg EXTENDED_MODE and change all callers.
(apdu_send_le): Ditto. (apdu_send_le): Ditto.
(apdu_send_direct): Ditto, but not yet functional. (apdu_send_direct): Ditto, but not yet functional.
(send_le): Fix command chaining. Implement extended length option. (send_le): Fix command chaining. Implement extended length option.
* ccid-driver.c (ccid_transceive): Remove restriction on apdu length. * ccid-driver.c (ccid_transceive): Remove restriction on apdu length.
@ -310,7 +316,7 @@
(aid_nks): .. new. (aid_nks): .. new.
(aid_sigg): New. (aid_sigg): New.
(switch_application): New. (switch_application): New.
(do_getattr, do_learn_status, do_readcert, do_sign, do_decipher) (do_getattr, do_learn_status, do_readcert, do_sign, do_decipher)
(do_change_pin, do_check_pin): Make sure we are in NKS mode. (do_change_pin, do_check_pin): Make sure we are in NKS mode.
2009-03-03 Werner Koch <wk@g10code.com> 2009-03-03 Werner Koch <wk@g10code.com>
@ -342,22 +348,22 @@
* ccid-driver.c (ccid_get_atr): Move debug output to .. * ccid-driver.c (ccid_get_atr): Move debug output to ..
(print_r2p_parameters): .. new. (print_r2p_parameters): .. new.
(print_r2p_header, print_pr_data, print_r2p_unknown) (print_r2p_header, print_pr_data, print_r2p_unknown)
(print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape) (print_r2p_datablock, print_r2p_slotstatus, print_r2p_escape)
(print_r2p_datarate): New. (print_r2p_datarate): New.
(bulk_in): Call parameter printing. (bulk_in): Call parameter printing.
(ccid_set_debug_level): Add debug level 3. (ccid_set_debug_level): Add debug level 3.
(convert_le_u16): New. (convert_le_u16): New.
(print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff) (print_p2r_header, print_p2r_iccpoweron, print_p2r_iccpoweroff)
(print_p2r_getslotstatus, print_p2r_xfrblock) (print_p2r_getslotstatus, print_p2r_xfrblock)
(print_p2r_getparameters, print_p2r_resetparameters) (print_p2r_getparameters, print_p2r_resetparameters)
(print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock) (print_p2r_setparameters, print_p2r_escape, print_p2r_iccclock)
(print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical) (print_p2r_to0apdu, print_p2r_secure, print_p2r_mechanical)
(print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New. (print_p2r_abort, print_p2r_setdatarate, print_r2p_unknown): New.
(bulk_out): Add arg NO_DEBUG and change all callers to pass 0. (bulk_out): Add arg NO_DEBUG and change all callers to pass 0.
Call parameter printing. Call parameter printing.
(ccid_slot_status): Call with NO_DEBUG set. (ccid_slot_status): Call with NO_DEBUG set.
(abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr) (abort_cmd, send_escape_cmd, ccid_get_atr, ccid_get_atr)
(ccid_transceive_apdu_level, ccid_transceive) (ccid_transceive_apdu_level, ccid_transceive)
(ccid_transceive_secure): Remove old debug print code. (ccid_transceive_secure): Remove old debug print code.
2009-02-12 Werner Koch <wk@g10code.com> 2009-02-12 Werner Koch <wk@g10code.com>
@ -408,7 +414,7 @@
2008-12-18 Werner Koch <wk@g10code.com> 2008-12-18 Werner Koch <wk@g10code.com>
* ccid-driver.c (abort_cmd): New. * ccid-driver.c (abort_cmd): New.
(bulk_in): Call abort_cmd after severe errors. (bulk_in): Call abort_cmd after severe errors.
* apdu.c (reader_table_s): Add field ANY_STATUS. * apdu.c (reader_table_s): Add field ANY_STATUS.
@ -455,7 +461,7 @@
(update_reader_status_file): Disconnect if allowed. (update_reader_status_file): Disconnect if allowed.
* app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT * app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT
unsigned. unsigned.
* app.c (select_application): Remove INITIALIZED. * app.c (select_application): Remove INITIALIZED.
(app_write_learn_status, app_readcert, app_readkey, app_getattr) (app_write_learn_status, app_readcert, app_readkey, app_getattr)
(app_setattr, app_sign, app_decipher, app_writecert) (app_setattr, app_sign, app_decipher, app_writecert)
@ -472,7 +478,7 @@
* app.c (app_get_serial_and_stamp): Use bin2hex. * app.c (app_get_serial_and_stamp): Use bin2hex.
* app-help.c (app_help_get_keygrip_string): Ditto. * app-help.c (app_help_get_keygrip_string): Ditto.
* app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto. * app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto.
* app-openpgp.c (send_fpr_if_not_null, send_key_data) * app-openpgp.c (send_fpr_if_not_null, send_key_data)
(retrieve_fpr_from_card, send_keypair_info): Ditto. (retrieve_fpr_from_card, send_keypair_info): Ditto.
* app-nks.c (keygripstr_from_pk_file): Ditto. * app-nks.c (keygripstr_from_pk_file): Ditto.
* command.c (cmd_apdu): Ditto. * command.c (cmd_apdu): Ditto.
@ -579,7 +585,7 @@
(do_change_pin): Do not change CHV2. Add reset code logic for v2 (do_change_pin): Do not change CHV2. Add reset code logic for v2
cards. cards.
* iso7816.c (iso7816_reset_retry_counter_with_rc): New. * iso7816.c (iso7816_reset_retry_counter_with_rc): New.
* app-openpgp.c (add_tlv, build_privkey_template): New. * app-openpgp.c (add_tlv, build_privkey_template): New.
(do_writekey): Support v2 keys and other key lengths than 1024. (do_writekey): Support v2 keys and other key lengths than 1024.
* iso7816.c (iso7816_put_data_odd): New. * iso7816.c (iso7816_put_data_odd): New.
@ -697,7 +703,7 @@
* scdaemon.c (main): Pass STANDARD_SOCKET flag to * scdaemon.c (main): Pass STANDARD_SOCKET flag to
create_server_socket. create_server_socket.
2007-11-13 Werner Koch <wk@g10code.com> 2007-11-13 Werner Koch <wk@g10code.com>
* scdaemon.c (start_connection_thread): Do not call * scdaemon.c (start_connection_thread): Do not call
@ -938,7 +944,7 @@
2006-09-06 Werner Koch <wk@g10code.com> 2006-09-06 Werner Koch <wk@g10code.com>
* apdu.c (pcsc_end_transaction): * apdu.c (pcsc_end_transaction):
* pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration. * pcsc-wrapper.c (pcsc_end_transaction: Fixed dclaration.
Reported by Bob Dunlop. Reported by Bob Dunlop.
@ -947,7 +953,7 @@
Replaced all Assuan error codes by libgpg-error codes. Removed Replaced all Assuan error codes by libgpg-error codes. Removed
all map_to_assuan_status and map_assuan_err. all map_to_assuan_status and map_assuan_err.
* scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan * scdaemon.c (main): Call assuan_set_assuan_err_source to have Assuan
switch to gpg-error codes. switch to gpg-error codes.
* command.c (set_error): Adjusted. * command.c (set_error): Adjusted.
@ -1026,7 +1032,7 @@
2006-02-09 Werner Koch <wk@g10code.com> 2006-02-09 Werner Koch <wk@g10code.com>
* command.c (get_reader_slot, do_reset) * command.c (get_reader_slot, do_reset)
(scd_update_reader_status_file): Rewrote. (scd_update_reader_status_file): Rewrote.
* app.c (release_application): Factored code out to .. * app.c (release_application): Factored code out to ..
@ -1091,12 +1097,12 @@
* iso7816.h (struct iso7816_pininfo_s): New. * iso7816.h (struct iso7816_pininfo_s): New.
* iso7816.c (map_sw): Support new code. * iso7816.c (map_sw): Support new code.
(iso7816_check_keypad): New. (iso7816_check_keypad): New.
(iso7816_verify_kp, iso7816_change_reference_data_kp) (iso7816_verify_kp, iso7816_change_reference_data_kp)
(iso7816_reset_retry_counter_kp): New. Extended versions of the (iso7816_reset_retry_counter_kp): New. Extended versions of the
original functions. original functions.
* apdu.c (host_sw_string): Support new code. * apdu.c (host_sw_string): Support new code.
(reader_table_s): New field CHECK_KEYPAD. (reader_table_s): New field CHECK_KEYPAD.
(new_reader_slot, open_ct_reader, open_pcsc_reader) (new_reader_slot, open_ct_reader, open_pcsc_reader)
(open_ccid_reader, open_rapdu_reader): Initialize it. (open_ccid_reader, open_rapdu_reader): Initialize it.
(check_ccid_keypad): New. (check_ccid_keypad): New.
(apdu_check_keypad): New. (apdu_check_keypad): New.
@ -1105,7 +1111,7 @@
of the orginal function to use this one with a NULL for the new of the orginal function to use this one with a NULL for the new
arg. arg.
(apdu_send_simple_kp): New. (apdu_send_simple_kp): New.
(ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu) (ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu)
(send_apdu_ccid): New arg PININFO. (send_apdu_ccid): New arg PININFO.
(send_apdu_ccid): Use the new arg. (send_apdu_ccid): Use the new arg.
@ -1161,7 +1167,7 @@
* iso7816.c (iso7816_read_binary): Use Le=0 when reading all * iso7816.c (iso7816_read_binary): Use Le=0 when reading all
data. Handle 6C00 error and take 6B00 as indication for EOF. data. Handle 6C00 error and take 6B00 as indication for EOF.
* apdu.h (SW_EXACT_LENGTH_P): New. * apdu.h (SW_EXACT_LENGTH_P): New.
* apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status) * apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status)
(open_pcsc_reader): Set new reader state IS_T0. (open_pcsc_reader): Set new reader state IS_T0.
(apdu_send_le): When doing T=0 make sure not to send Lc and Le. (apdu_send_le): When doing T=0 make sure not to send Lc and Le.
Problem reported by Carl Meijer. Problem reported by Carl Meijer.
@ -1188,7 +1194,7 @@
2005-06-06 Werner Koch <wk@g10code.com> 2005-06-06 Werner Koch <wk@g10code.com>
* scdaemon.c (main): New option --debug-allow-core-dump. * scdaemon.c (main): New option --debug-allow-core-dump.
2005-06-03 Werner Koch <wk@g10code.com> 2005-06-03 Werner Koch <wk@g10code.com>
@ -1334,9 +1340,9 @@
variant. variant.
* app-openpgp.c (get_one_do, dump_all_do): Ditto. * app-openpgp.c (get_one_do, dump_all_do): Ditto.
Removal of the old OpenSC based code. Removal of the old OpenSC based code.
* app-p15.c: New. Basic support for pkcs15 cards without OpenSC. * app-p15.c: New. Basic support for pkcs15 cards without OpenSC.
There are quite a couple of things missing but at least I can use There are quite a couple of things missing but at least I can use
my old TCOS cards from the Aegypten-1 development for signing. my old TCOS cards from the Aegypten-1 development for signing.
@ -1344,7 +1350,7 @@
* Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h * Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h
and card-p15.c because they are now obsolete. Added app-p15.c. and card-p15.c because they are now obsolete. Added app-p15.c.
Removed all OpenSC stuff. Removed all OpenSC stuff.
* command.c (do_reset, open_card, cmd_serialno, cmd_learn) * command.c (do_reset, open_card, cmd_serialno, cmd_learn)
(cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed (cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed
all special cases for the old card.c based mechanisms. all special cases for the old card.c based mechanisms.
* scdaemon.c, apdu.c: Removed all special cases for OpenSC. * scdaemon.c, apdu.c: Removed all special cases for OpenSC.
@ -1365,7 +1371,7 @@
2005-04-12 Werner Koch <wk@g10code.com> 2005-04-12 Werner Koch <wk@g10code.com>
Basic support for several sessions. Basic support for several sessions.
* command.c (scd_command_handler): Replace the primary_connection * command.c (scd_command_handler): Replace the primary_connection
stuff by a real connection list. Release the local context on stuff by a real connection list. Release the local context on
exit. exit.
@ -1373,7 +1379,7 @@
to all connections who registered an event signal. to all connections who registered an event signal.
(cmd_lock, cmd_unlock, register_commands): New commands LOCK and (cmd_lock, cmd_unlock, register_commands): New commands LOCK and
UNLOCK. UNLOCK.
(cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr) (cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr)
(cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader (cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader
is locked. is locked.
(do_reset): Handle locking. (do_reset): Handle locking.
@ -1443,7 +1449,7 @@
* apdu.c: Added some PCSC error codes. * apdu.c: Added some PCSC error codes.
(pcsc_error_to_sw): New. (pcsc_error_to_sw): New.
(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
(open_pcsc_reader): Do proper error code mapping. (open_pcsc_reader): Do proper error code mapping.
2005-03-16 Werner Koch <wk@g10code.com> 2005-03-16 Werner Koch <wk@g10code.com>
@ -1524,7 +1530,7 @@
* apdu.c [W32]: Disable use of pcsc_wrapper. * apdu.c [W32]: Disable use of pcsc_wrapper.
* Makefile.am (scdaemon_LDADD): Reorder libs. * Makefile.am (scdaemon_LDADD): Reorder libs.
(sc_copykeys_LDADD): Add libassuan because it is needed for W32. (sc_copykeys_LDADD): Add libassuan because it is needed for W32.
2004-12-06 Werner Koch <wk@g10code.com> 2004-12-06 Werner Koch <wk@g10code.com>
@ -1541,17 +1547,17 @@
This avoids problems with missing vasprintf implementations in This avoids problems with missing vasprintf implementations in
gnupg 1.4. gnupg 1.4.
* app-common.h (app_openpgp_storekey: Add prototype. * app-common.h (app_openpgp_storekey: Add prototype.
2004-10-20 Werner Koch <wk@g10code.com> 2004-10-20 Werner Koch <wk@g10code.com>
* sc-investigate: Removed. * sc-investigate: Removed.
* Makefile.am (sc_investigate): Removed. * Makefile.am (sc_investigate): Removed.
* pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func. * pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func.
(handle_open): Succeed even without a present card. (handle_open): Succeed even without a present card.
(handle_status, handle_reset): New. (handle_status, handle_reset): New.
* apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion. * apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion.
(pcsc_get_status): Implemented. (pcsc_get_status): Implemented.
(reset_pcsc_reader): Implemented. (reset_pcsc_reader): Implemented.
@ -1566,7 +1572,7 @@
2004-10-14 Werner Koch <wk@g10code.com> 2004-10-14 Werner Koch <wk@g10code.com>
* app-openpgp.c (parse_login_data): New. * app-openpgp.c (parse_login_data): New.
(app_select_openpgp): Call it. (app_select_openpgp): Call it.
(do_setattr): Reparse it after change. (do_setattr): Reparse it after change.
@ -1593,7 +1599,7 @@
* app-openpgp.c: Made all strings translatable. * app-openpgp.c: Made all strings translatable.
(verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin (verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin
available for use in gnupg 2. available for use in gnupg 2.
(verify_chv3): Reimplemented countdown showing to use only (verify_chv3): Reimplemented countdown showing to use only
functions from this module. Flush the CVH status cache on a functions from this module. Flush the CVH status cache on a
successful read. successful read.
@ -1604,7 +1610,7 @@
(get_cached_data): Move local data initialization to .. (get_cached_data): Move local data initialization to ..
(app_select_openpgp): .. here. Read some flags for later use. (app_select_openpgp): .. here. Read some flags for later use.
(do_getattr): New read-only attribute EXTCAP. (do_getattr): New read-only attribute EXTCAP.
* apdu.c (open_pcsc_reader): Do not print empty reader string. * apdu.c (open_pcsc_reader): Do not print empty reader string.
* ccid-driver.c (do_close_reader): Factored some code out from ... * ccid-driver.c (do_close_reader): Factored some code out from ...
@ -1689,21 +1695,21 @@
* Makefile.am: Make OpenSC lib link after libgcrypt. Do not link * Makefile.am: Make OpenSC lib link after libgcrypt. Do not link
to pth. to pth.
* apdu.c: Don't use Pth if we use OpenSC. * apdu.c: Don't use Pth if we use OpenSC.
* sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used. * sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used.
* scdaemon.c (main): Bumbed thread stack size up to 512k. * scdaemon.c (main): Bumbed thread stack size up to 512k.
2004-07-16 Werner Koch <wk@gnupg.org> 2004-07-16 Werner Koch <wk@gnupg.org>
* apdu.c (reader_table_s): Add function pointers for the backends. * apdu.c (reader_table_s): Add function pointers for the backends.
(apdu_close_reader, apdu_get_status, apdu_activate) (apdu_close_reader, apdu_get_status, apdu_activate)
(send_apdu): Make use of them. (send_apdu): Make use of them.
(new_reader_slot): Intialize them to NULL. (new_reader_slot): Intialize them to NULL.
(dump_ccid_reader_status, ct_dump_reader_status): New. (dump_ccid_reader_status, ct_dump_reader_status): New.
(dump_pcsc_reader_status): New. (dump_pcsc_reader_status): New.
(open_ct_reader, open_pcsc_reader, open_ccid_reader) (open_ct_reader, open_pcsc_reader, open_ccid_reader)
(open_osc_reader, open_rapdu_reader): Intialize function pointers. (open_osc_reader, open_rapdu_reader): Intialize function pointers.
(ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu) (ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu)
(error_string): Removed. Replaced by apdu_strerror. (error_string): Removed. Replaced by apdu_strerror.
(get_ccid_error_string): Removed. (get_ccid_error_string): Removed.
(ct_activate_card): Remove the unused loop. (ct_activate_card): Remove the unused loop.
@ -1834,7 +1840,7 @@
* apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED, * apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED,
SW_HOST_LOCKING_FAILED and SW_HOST_BUSY. SW_HOST_LOCKING_FAILED and SW_HOST_BUSY.
* iso7816.c (map_sw): Map it. * iso7816.c (map_sw): Map it.
* ccid-driver.c (ccid_slot_status): Add arg STATUSBITS. * ccid-driver.c (ccid_slot_status): Add arg STATUSBITS.
* apdu.c (apdu_get_status): New. * apdu.c (apdu_get_status): New.
(ct_get_status, pcsc_get_status, ocsc_get_status): New stubs. (ct_get_status, pcsc_get_status, ocsc_get_status): New stubs.
@ -1843,7 +1849,7 @@
(reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs. (reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs.
(reset_ccid_reader): New. (reset_ccid_reader): New.
(apdu_enum_reader): New. (apdu_enum_reader): New.
* apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers. * apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers.
(new_reader_slot) [USE_GNU_PTH]: Init mutex. (new_reader_slot) [USE_GNU_PTH]: Init mutex.
(apdu_reset, apdu_get_status, apdu_send_le): Run functions (apdu_reset, apdu_get_status, apdu_send_le): Run functions
@ -1936,7 +1942,7 @@
(cmd_serialno): Allow optional argument to select the desired (cmd_serialno): Allow optional argument to select the desired
application. application.
* app-nks.c: New. * app-nks.c: New.
* scdaemon.h (opt): Add READER_PORT. * scdaemon.h (opt): Add READER_PORT.
* scdaemon.c (main): Set it here. * scdaemon.c (main): Set it here.
@ -2107,12 +2113,12 @@
* ccid-driver.c, ccid-driver.h: New but far from being useful. * ccid-driver.c, ccid-driver.h: New but far from being useful.
* Makefile.am: Add above. * Makefile.am: Add above.
* apdu.c: Add support for that ccid driver. * apdu.c: Add support for that ccid driver.
2003-08-26 Timo Schulz <twoaday@freakmail.de> 2003-08-26 Timo Schulz <twoaday@freakmail.de>
* apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC * apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC
is used. is used.
2003-08-25 Werner Koch <wk@gnupg.org> 2003-08-25 Werner Koch <wk@gnupg.org>
* command.c (cmd_setattr): Use a copy of LINE. * command.c (cmd_setattr): Use a copy of LINE.
@ -2128,7 +2134,7 @@
2003-08-18 Werner Koch <wk@gnupg.org> 2003-08-18 Werner Koch <wk@gnupg.org>
* Makefile.am: Add OPENSC_LIBS to all programs. * Makefile.am: Add OPENSC_LIBS to all programs.
* scdaemon.c, scdaemon.h: New option --disable-opensc. * scdaemon.c, scdaemon.h: New option --disable-opensc.
* card.c (card_open): Implement it. * card.c (card_open): Implement it.
@ -2168,7 +2174,7 @@
* scdaemon.c, scdaemon.h: New option --ctapi-driver. * scdaemon.c, scdaemon.h: New option --ctapi-driver.
* sc-investigate.c, sc-copykeys.c: Ditto. * sc-investigate.c, sc-copykeys.c: Ditto.
2003-07-31 Werner Koch <wk@gnupg.org> 2003-07-31 Werner Koch <wk@gnupg.org>
* Makefile.am (scdaemon_LDADD): Added INTLLIBS. * Makefile.am (scdaemon_LDADD): Added INTLLIBS.
@ -2244,7 +2250,7 @@
* app-openpgp.c (get_sig_counter): New. * app-openpgp.c (get_sig_counter): New.
(do_sign): Print the signature counter and enable the PIN callback. (do_sign): Print the signature counter and enable the PIN callback.
(do_genkey): Implement the PIN callback. (do_genkey): Implement the PIN callback.
2003-07-01 Werner Koch <wk@gnupg.org> 2003-07-01 Werner Koch <wk@gnupg.org>
@ -2315,7 +2321,7 @@
* apdu.c, apdu.h: New * apdu.c, apdu.h: New
* card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC. * card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC.
* Makefile.am (LDFLAGS): Removed. * Makefile.am (LDFLAGS): Removed.
* command.c (register_commands): Adjusted for new Assuan semantics. * command.c (register_commands): Adjusted for new Assuan semantics.
@ -2348,7 +2354,7 @@
2002-07-30 Werner Koch <wk@gnupg.org> 2002-07-30 Werner Koch <wk@gnupg.org>
Changes to cope with OpenSC 0.7.0: Changes to cope with OpenSC 0.7.0:
* card.c: Removed the check for the packed opensc version. * card.c: Removed the check for the packed opensc version.
Changed include file names of opensc. Changed include file names of opensc.
(map_sc_err): Adjusted error codes for new opensc version. (map_sc_err): Adjusted error codes for new opensc version.
@ -2356,7 +2362,7 @@
* card-dinsig.c: Ditto. * card-dinsig.c: Ditto.
* card-p15.c (p15_decipher): Add flags argument to OpenSC call. * card-p15.c (p15_decipher): Add flags argument to OpenSC call.
2002-07-24 Werner Koch <wk@gnupg.org> 2002-07-24 Werner Koch <wk@gnupg.org>
* card.c (find_simple_tlv, find_iccsn): New. * card.c (find_simple_tlv, find_iccsn): New.
@ -2402,7 +2408,7 @@
* scdaemon.c scdaemon.h, command.c: New. Based on the code from * scdaemon.c scdaemon.h, command.c: New. Based on the code from
the gpg-agent. the gpg-agent.
Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc. Copyright 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives This file is free software; as a special exception the author gives

55
scd/apdu.c
View File

@ -344,7 +344,7 @@ new_reader_slot (void)
reader_table[reader].dump_status_reader = NULL; reader_table[reader].dump_status_reader = NULL;
reader_table[reader].set_progress_cb = NULL; reader_table[reader].set_progress_cb = NULL;
reader_table[reader].used = 1; reader_table[reader].used = 1;
reader_table[reader].any_status = 0; reader_table[reader].any_status = 0;
reader_table[reader].last_status = 0; reader_table[reader].last_status = 0;
reader_table[reader].is_t0 = 1; reader_table[reader].is_t0 = 1;
@ -395,8 +395,8 @@ host_sw_string (long err)
case SW_HOST_GENERAL_ERROR: return "general error"; case SW_HOST_GENERAL_ERROR: return "general error";
case SW_HOST_NO_READER: return "no reader"; case SW_HOST_NO_READER: return "no reader";
case SW_HOST_ABORTED: return "aborted"; case SW_HOST_ABORTED: return "aborted";
case SW_HOST_NO_KEYPAD: return "no keypad"; case SW_HOST_NO_KEYPAD: return "no keypad";
case SW_HOST_ALREADY_CONNECTED: return "already connected"; case SW_HOST_ALREADY_CONNECTED: return "already connected";
default: return "unknown host status error"; default: return "unknown host status error";
} }
} }
@ -772,7 +772,7 @@ pcsc_error_to_sw (long ec)
case PCSC_E_INVALID_TARGET: case PCSC_E_INVALID_TARGET:
case PCSC_E_INVALID_VALUE: case PCSC_E_INVALID_VALUE:
case PCSC_E_INVALID_HANDLE: case PCSC_E_INVALID_HANDLE:
case PCSC_E_INVALID_PARAMETER: case PCSC_E_INVALID_PARAMETER:
case PCSC_E_INSUFFICIENT_BUFFER: rc = SW_HOST_INV_VALUE; break; case PCSC_E_INSUFFICIENT_BUFFER: rc = SW_HOST_INV_VALUE; break;
@ -986,7 +986,7 @@ pcsc_get_status (int slot, unsigned int *status)
#ifndef NEED_PCSC_WRAPPER #ifndef NEED_PCSC_WRAPPER
static int static int
pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen, pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen, unsigned char *buffer, size_t *buflen,
struct pininfo_s *pininfo) struct pininfo_s *pininfo)
{ {
long err; long err;
@ -1022,7 +1022,7 @@ pcsc_send_apdu_direct (int slot, unsigned char *apdu, size_t apdulen,
#ifdef NEED_PCSC_WRAPPER #ifdef NEED_PCSC_WRAPPER
static int static int
pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen, pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen, unsigned char *buffer, size_t *buflen,
struct pininfo_s *pininfo) struct pininfo_s *pininfo)
{ {
long err; long err;
@ -1141,7 +1141,7 @@ pcsc_send_apdu_wrapped (int slot, unsigned char *apdu, size_t apdulen,
BUFLEN. Returns: A status word. */ BUFLEN. Returns: A status word. */
static int static int
pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen, unsigned char *buffer, size_t *buflen,
struct pininfo_s *pininfo) struct pininfo_s *pininfo)
{ {
#ifdef NEED_PCSC_WRAPPER #ifdef NEED_PCSC_WRAPPER
@ -1270,7 +1270,7 @@ connect_pcsc_card (int slot)
if (err) if (err)
{ {
reader_table[slot].pcsc.card = 0; reader_table[slot].pcsc.card = 0;
if (err != PCSC_E_NO_SMARTCARD) if (err != PCSC_E_NO_SMARTCARD)
log_error ("pcsc_connect failed: %s (0x%lx)\n", log_error ("pcsc_connect failed: %s (0x%lx)\n",
pcsc_error_string (err), err); pcsc_error_string (err), err);
} }
@ -1320,7 +1320,7 @@ disconnect_pcsc_card (int slot)
assert (slot >= 0 && slot < MAX_READER); assert (slot >= 0 && slot < MAX_READER);
if (!reader_table[slot].pcsc.card) if (!reader_table[slot].pcsc.card)
return 0; return 0;
err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD); err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD);
if (err) if (err)
@ -1584,7 +1584,8 @@ open_pcsc_reader_wrapped (const char *portstr)
unsigned char msgbuf[9]; unsigned char msgbuf[9];
int err; int err;
unsigned int dummy_status; unsigned int dummy_status;
int sw = SW_HOST_CARD_IO_ERROR; /*int sw = SW_HOST_CARD_IO_ERROR;*/
/* Note that we use the constant and not the fucntion because this /* Note that we use the constant and not the fucntion because this
code won't be be used under Windows. */ code won't be be used under Windows. */
const char *wrapperpgm = GNUPG_LIBEXECDIR "/gnupg-pcsc-wrapper"; const char *wrapperpgm = GNUPG_LIBEXECDIR "/gnupg-pcsc-wrapper";
@ -1728,7 +1729,7 @@ open_pcsc_reader_wrapped (const char *portstr)
if (err) if (err)
{ {
log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err)); log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err));
sw = pcsc_error_to_sw (err); /*sw = pcsc_error_to_sw (err);*/
goto command_failed; goto command_failed;
} }
@ -2618,7 +2619,7 @@ apdu_connect (int slot)
} }
else else
sw = 0; sw = 0;
/* We need to call apdu_get_status_internal, so that the last-status /* We need to call apdu_get_status_internal, so that the last-status
machinery gets setup properly even if a card is inserted while machinery gets setup properly even if a card is inserted while
scdaemon is fired up and apdu_get_status has not yet been called. scdaemon is fired up and apdu_get_status has not yet been called.
@ -2876,7 +2877,7 @@ send_apdu (int slot, unsigned char *apdu, size_t apdulen,
if (reader_table[slot].send_apdu_reader) if (reader_table[slot].send_apdu_reader)
return reader_table[slot].send_apdu_reader (slot, return reader_table[slot].send_apdu_reader (slot,
apdu, apdulen, apdu, apdulen,
buffer, buflen, buffer, buflen,
pininfo); pininfo);
else else
return SW_HOST_NOT_SUPPORTED; return SW_HOST_NOT_SUPPORTED;
@ -2904,7 +2905,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
{ {
#define SHORT_RESULT_BUFFER_SIZE 258 #define SHORT_RESULT_BUFFER_SIZE 258
/* We allocate 8 extra bytes as a safety margin towards a driver bug. */ /* We allocate 8 extra bytes as a safety margin towards a driver bug. */
unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10]; unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
unsigned char *result_buffer = NULL; unsigned char *result_buffer = NULL;
size_t result_buffer_size; size_t result_buffer_size;
unsigned char *result; unsigned char *result;
@ -2942,16 +2943,16 @@ send_le (int slot, int class, int ins, int p0, int p1,
if (lc > 16384) if (lc > 16384)
return SW_WRONG_LENGTH; /* Sanity check. */ return SW_WRONG_LENGTH; /* Sanity check. */
if ((class&0xf0) != 0) if ((class&0xf0) != 0)
return SW_HOST_INV_VALUE; /* Upper 4 bits need to be 0. */ return SW_HOST_INV_VALUE; /* Upper 4 bits need to be 0. */
use_chaining = extended_mode == -1? 255 : -extended_mode; use_chaining = extended_mode == -1? 255 : -extended_mode;
use_chaining &= 0xff; use_chaining &= 0xff;
} }
else else
return SW_HOST_INV_VALUE; return SW_HOST_INV_VALUE;
} }
else if (lc == -1 && extended_mode > 0) else if (lc == -1 && extended_mode > 0)
use_extended_length = 1; use_extended_length = 1;
if (le != -1 && (le > (extended_mode > 0? 255:256) || le < 0)) if (le != -1 && (le > (extended_mode > 0? 255:256) || le < 0))
{ {
/* Expected Data does not fit into an APDU. What we do now /* Expected Data does not fit into an APDU. What we do now
@ -2964,7 +2965,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
; /* We are already using extended length. */ ; /* We are already using extended length. */
else if (extended_mode > 0) else if (extended_mode > 0)
use_extended_length = 1; use_extended_length = 1;
else else
return SW_HOST_INV_VALUE; return SW_HOST_INV_VALUE;
} }
@ -3035,8 +3036,8 @@ send_le (int slot, int class, int ins, int p0, int p1,
} }
if (le != -1) if (le != -1)
{ {
apdu[apdulen++] = ((le >> 8) & 0xff); apdu[apdulen++] = ((le >> 8) & 0xff);
apdu[apdulen++] = (le & 0xff); apdu[apdulen++] = (le & 0xff);
} }
} }
else else
@ -3090,7 +3091,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE;
} }
sw = (result[resultlen-2] << 8) | result[resultlen-1]; sw = (result[resultlen-2] << 8) | result[resultlen-1];
if (!use_extended_length if (!use_extended_length
&& !did_exact_length_hack && SW_EXACT_LENGTH_P (sw)) && !did_exact_length_hack && SW_EXACT_LENGTH_P (sw))
{ {
apdu[apdulen-1] = (sw & 0x00ff); apdu[apdulen-1] = (sw & 0x00ff);
@ -3106,7 +3107,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
apdu_buffer = NULL; apdu_buffer = NULL;
apdu_buffer_size = 0; apdu_buffer_size = 0;
} }
/* Store away the returned data but strip the statusword. */ /* Store away the returned data but strip the statusword. */
resultlen -= 2; resultlen -= 2;
if (DBG_CARD_IO) if (DBG_CARD_IO)
@ -3249,7 +3250,7 @@ send_le (int slot, int class, int ins, int p0, int p1,
that data will be put into *RETBUFLEN. The caller is reponsible that data will be put into *RETBUFLEN. The caller is reponsible
for releasing the buffer even in case of errors. */ for releasing the buffer even in case of errors. */
int int
apdu_send_le(int slot, int extended_mode, apdu_send_le(int slot, int extended_mode,
int class, int ins, int p0, int p1, int class, int ins, int p0, int p1,
int lc, const char *data, int le, int lc, const char *data, int le,
unsigned char **retbuf, size_t *retbuflen) unsigned char **retbuf, size_t *retbuflen)
@ -3292,7 +3293,7 @@ apdu_send_simple (int slot, int extended_mode,
int class, int ins, int p0, int p1, int class, int ins, int p0, int p1,
int lc, const char *data) int lc, const char *data)
{ {
return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL, return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL,
extended_mode); extended_mode);
} }
@ -3300,7 +3301,7 @@ apdu_send_simple (int slot, int extended_mode,
/* Same as apdu_send_simple but uses the keypad of the reader. */ /* Same as apdu_send_simple but uses the keypad of the reader. */
int int
apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1,
int lc, const char *data, int lc, const char *data,
int pin_mode, int pin_mode,
int pinlen_min, int pinlen_max, int pin_padlen) int pinlen_min, int pinlen_max, int pin_padlen)
{ {
@ -3332,7 +3333,7 @@ apdu_send_direct (int slot, size_t extended_length,
unsigned char **retbuf, size_t *retbuflen) unsigned char **retbuf, size_t *retbuflen)
{ {
#define SHORT_RESULT_BUFFER_SIZE 258 #define SHORT_RESULT_BUFFER_SIZE 258
unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10]; unsigned char short_result_buffer[SHORT_RESULT_BUFFER_SIZE+10];
unsigned char *result_buffer = NULL; unsigned char *result_buffer = NULL;
size_t result_buffer_size; size_t result_buffer_size;
unsigned char *result; unsigned char *result;

127
scd/pcsc-wrapper.c
View File

@ -27,7 +27,7 @@
pcsc interface but to a higher level one which resembles the code pcsc interface but to a higher level one which resembles the code
used in scdaemon (apdu.c) when not using Pth or while running under used in scdaemon (apdu.c) when not using Pth or while running under
Windows. Windows.
The interface is binary consisting of a command tag and the length The interface is binary consisting of a command tag and the length
of the parameter list. The calling process needs to pass the of the parameter list. The calling process needs to pass the
version number of the interface on the command line to make sure version number of the interface on the command line to make sure
@ -56,7 +56,7 @@
#define MYVERSION_LINE PGM " (GnuPG) " VERSION #define MYVERSION_LINE PGM " (GnuPG) " VERSION
#define BUGREPORT_LINE "\nReport bugs to <bug-gnupg@gnu.org>.\n" #define BUGREPORT_LINE "\nReport bugs to <bug-gnupg@gnu.org>.\n"
#else #else
#define MYVERSION_LINE PGM #define MYVERSION_LINE PGM
#define BUGREPORT_LINE "" #define BUGREPORT_LINE ""
#endif #endif
@ -67,14 +67,14 @@ static int verbose;
/* PC/SC constants and function pointer. */ /* PC/SC constants and function pointer. */
#define PCSC_SCOPE_USER 0 #define PCSC_SCOPE_USER 0
#define PCSC_SCOPE_TERMINAL 1 #define PCSC_SCOPE_TERMINAL 1
#define PCSC_SCOPE_SYSTEM 2 #define PCSC_SCOPE_SYSTEM 2
#define PCSC_SCOPE_GLOBAL 3 #define PCSC_SCOPE_GLOBAL 3
#define PCSC_PROTOCOL_T0 1 #define PCSC_PROTOCOL_T0 1
#define PCSC_PROTOCOL_T1 2 #define PCSC_PROTOCOL_T1 2
#define PCSC_PROTOCOL_RAW 4 #define PCSC_PROTOCOL_RAW 4
#define PCSC_SHARE_EXCLUSIVE 1 #define PCSC_SHARE_EXCLUSIVE 1
#define PCSC_SHARE_SHARED 2 #define PCSC_SHARE_SHARED 2
@ -85,7 +85,7 @@ static int verbose;
#define PCSC_UNPOWER_CARD 2 #define PCSC_UNPOWER_CARD 2
#define PCSC_EJECT_CARD 3 #define PCSC_EJECT_CARD 3
#define PCSC_UNKNOWN 0x0001 #define PCSC_UNKNOWN 0x0001
#define PCSC_ABSENT 0x0002 /* Card is absent. */ #define PCSC_ABSENT 0x0002 /* Card is absent. */
#define PCSC_PRESENT 0x0004 /* Card is present. */ #define PCSC_PRESENT 0x0004 /* Card is present. */
#define PCSC_SWALLOWED 0x0008 /* Card is present and electrical connected. */ #define PCSC_SWALLOWED 0x0008 /* Card is present and electrical connected. */
@ -106,7 +106,7 @@ static int verbose;
#define PCSC_STATE_MUTE 0x0200 /* Unresponsive card. */ #define PCSC_STATE_MUTE 0x0200 /* Unresponsive card. */
struct pcsc_io_request_s { struct pcsc_io_request_s {
unsigned long protocol; unsigned long protocol;
unsigned long pci_len; unsigned long pci_len;
}; };
@ -235,7 +235,7 @@ request_succeeded (const void *buffer, size_t buflen)
fflush (stdout); fflush (stdout);
} }
static unsigned long static unsigned long
@ -271,40 +271,40 @@ pcsc_error_string (long err)
{ {
case 0x0002: s = "cancelled"; break; case 0x0002: s = "cancelled"; break;
case 0x000e: s = "can't dispose"; break; case 0x000e: s = "can't dispose"; break;
case 0x0008: s = "insufficient buffer"; break; case 0x0008: s = "insufficient buffer"; break;
case 0x0015: s = "invalid ATR"; break; case 0x0015: s = "invalid ATR"; break;
case 0x0003: s = "invalid handle"; break; case 0x0003: s = "invalid handle"; break;
case 0x0004: s = "invalid parameter"; break; case 0x0004: s = "invalid parameter"; break;
case 0x0005: s = "invalid target"; break; case 0x0005: s = "invalid target"; break;
case 0x0011: s = "invalid value"; break; case 0x0011: s = "invalid value"; break;
case 0x0006: s = "no memory"; break; case 0x0006: s = "no memory"; break;
case 0x0013: s = "comm error"; break; case 0x0013: s = "comm error"; break;
case 0x0001: s = "internal error"; break; case 0x0001: s = "internal error"; break;
case 0x0014: s = "unknown error"; break; case 0x0014: s = "unknown error"; break;
case 0x0007: s = "waited too long"; break; case 0x0007: s = "waited too long"; break;
case 0x0009: s = "unknown reader"; break; case 0x0009: s = "unknown reader"; break;
case 0x000a: s = "timeout"; break; case 0x000a: s = "timeout"; break;
case 0x000b: s = "sharing violation"; break; case 0x000b: s = "sharing violation"; break;
case 0x000c: s = "no smartcard"; break; case 0x000c: s = "no smartcard"; break;
case 0x000d: s = "unknown card"; break; case 0x000d: s = "unknown card"; break;
case 0x000f: s = "proto mismatch"; break; case 0x000f: s = "proto mismatch"; break;
case 0x0010: s = "not ready"; break; case 0x0010: s = "not ready"; break;
case 0x0012: s = "system cancelled"; break; case 0x0012: s = "system cancelled"; break;
case 0x0016: s = "not transacted"; break; case 0x0016: s = "not transacted"; break;
case 0x0017: s = "reader unavailable"; break; case 0x0017: s = "reader unavailable"; break;
case 0x0065: s = "unsupported card"; break; case 0x0065: s = "unsupported card"; break;
case 0x0066: s = "unresponsive card"; break; case 0x0066: s = "unresponsive card"; break;
case 0x0067: s = "unpowered card"; break; case 0x0067: s = "unpowered card"; break;
case 0x0068: s = "reset card"; break; case 0x0068: s = "reset card"; break;
case 0x0069: s = "removed card"; break; case 0x0069: s = "removed card"; break;
case 0x006a: s = "inserted card"; break; case 0x006a: s = "inserted card"; break;
case 0x001f: s = "unsupported feature"; break; case 0x001f: s = "unsupported feature"; break;
case 0x0019: s = "PCI too small"; break; case 0x0019: s = "PCI too small"; break;
case 0x001a: s = "reader unsupported"; break; case 0x001a: s = "reader unsupported"; break;
case 0x001b: s = "duplicate reader"; break; case 0x001b: s = "duplicate reader"; break;
case 0x001c: s = "card unsupported"; break; case 0x001c: s = "card unsupported"; break;
case 0x001d: s = "no service"; break; case 0x001d: s = "no service"; break;
case 0x001e: s = "service stopped"; break; case 0x001e: s = "service stopped"; break;
default: s = "unknown PC/SC error code"; break; default: s = "unknown PC/SC error code"; break;
} }
return s; return s;
@ -337,16 +337,16 @@ load_pcsc_driver (const char *libname)
pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout");
if (!pcsc_establish_context if (!pcsc_establish_context
|| !pcsc_release_context || !pcsc_release_context
|| !pcsc_list_readers || !pcsc_list_readers
|| !pcsc_get_status_change || !pcsc_get_status_change
|| !pcsc_connect || !pcsc_connect
|| !pcsc_reconnect || !pcsc_reconnect
|| !pcsc_disconnect || !pcsc_disconnect
|| !pcsc_status || !pcsc_status
|| !pcsc_begin_transaction || !pcsc_begin_transaction
|| !pcsc_end_transaction || !pcsc_end_transaction
|| !pcsc_transmit || !pcsc_transmit
/* || !pcsc_set_timeout */) /* || !pcsc_set_timeout */)
{ {
/* Note that set_timeout is currently not used and also not /* Note that set_timeout is currently not used and also not
@ -355,22 +355,22 @@ load_pcsc_driver (const char *libname)
"apdu_open_reader: invalid PC/SC driver " "apdu_open_reader: invalid PC/SC driver "
"(%d%d%d%d%d%d%d%d%d%d%d%d)\n", "(%d%d%d%d%d%d%d%d%d%d%d%d)\n",
!!pcsc_establish_context, !!pcsc_establish_context,
!!pcsc_release_context, !!pcsc_release_context,
!!pcsc_list_readers, !!pcsc_list_readers,
!!pcsc_get_status_change, !!pcsc_get_status_change,
!!pcsc_connect, !!pcsc_connect,
!!pcsc_reconnect, !!pcsc_reconnect,
!!pcsc_disconnect, !!pcsc_disconnect,
!!pcsc_status, !!pcsc_status,
!!pcsc_begin_transaction, !!pcsc_begin_transaction,
!!pcsc_end_transaction, !!pcsc_end_transaction,
!!pcsc_transmit, !!pcsc_transmit,
!!pcsc_set_timeout ); !!pcsc_set_timeout );
dlclose (handle); dlclose (handle);
exit (1); exit (1);
} }
} }
@ -384,7 +384,7 @@ handle_open (unsigned char *argbuf, size_t arglen)
long err; long err;
const char * portstr; const char * portstr;
char *list = NULL; char *list = NULL;
unsigned long nreader, listlen, atrlen; unsigned long nreader, atrlen;
char *p; char *p;
unsigned long card_state, card_protocol; unsigned long card_state, card_protocol;
unsigned char atr[33]; unsigned char atr[33];
@ -409,7 +409,7 @@ handle_open (unsigned char *argbuf, size_t arglen)
request_failed (err); request_failed (err);
return; return;
} }
err = pcsc_list_readers (pcsc_context, NULL, NULL, &nreader); err = pcsc_list_readers (pcsc_context, NULL, NULL, &nreader);
if (!err) if (!err)
{ {
@ -431,7 +431,6 @@ handle_open (unsigned char *argbuf, size_t arglen)
return; return;
} }
listlen = nreader;
p = list; p = list;
while (nreader) while (nreader)
{ {
@ -477,8 +476,8 @@ handle_open (unsigned char *argbuf, size_t arglen)
pcsc_protocol = 0; pcsc_protocol = 0;
request_failed (err); request_failed (err);
return; return;
} }
current_atrlen = 0; current_atrlen = 0;
if (!err) if (!err)
{ {
@ -658,9 +657,9 @@ handle_reset (unsigned char *argbuf, size_t arglen)
pcsc_card = 0; pcsc_card = 0;
request_failed (err); request_failed (err);
return; return;
} }
atrlen = 33; atrlen = 33;
nreader = sizeof reader - 1; nreader = sizeof reader - 1;
err = pcsc_status (pcsc_card, err = pcsc_status (pcsc_card,
@ -731,7 +730,7 @@ print_version (int with_help)
"This is free software, and you are welcome to redistribute it\n" "This is free software, and you are welcome to redistribute it\n"
"under certain conditions. See the file COPYING for details.\n", "under certain conditions. See the file COPYING for details.\n",
stdout); stdout);
if (with_help) if (with_help)
fputs ("\n" fputs ("\n"
"Usage: " PGM " [OPTIONS] API-NUMBER [LIBNAME]\n" "Usage: " PGM " [OPTIONS] API-NUMBER [LIBNAME]\n"
@ -741,7 +740,7 @@ print_version (int with_help)
" --version print version of the program and exit\n" " --version print version of the program and exit\n"
" --help display this help and exit\n" " --help display this help and exit\n"
BUGREPORT_LINE, stdout ); BUGREPORT_LINE, stdout );
exit (0); exit (0);
} }
@ -752,7 +751,7 @@ main (int argc, char **argv)
int last_argc = -1; int last_argc = -1;
int api_number = 0; int api_number = 0;
int c; int c;
if (argc) if (argc)
{ {
argc--; argv++; argc--; argv++;
@ -774,7 +773,7 @@ main (int argc, char **argv)
verbose = 1; verbose = 1;
argc--; argv++; argc--; argv++;
} }
} }
if (argc != 1 && argc != 2) if (argc != 1 && argc != 2)
{ {
fprintf (stderr, "usage: " PGM " API-NUMBER [LIBNAME]\n"); fprintf (stderr, "usage: " PGM " API-NUMBER [LIBNAME]\n");
@ -795,7 +794,7 @@ main (int argc, char **argv)
{ {
size_t arglen; size_t arglen;
unsigned char argbuffer[2048]; unsigned char argbuffer[2048];
arglen = read_32 (stdin); arglen = read_32 (stdin);
if (arglen >= sizeof argbuffer - 1) if (arglen >= sizeof argbuffer - 1)
{ {

123
scd/scdaemon.c
View File

@ -1,5 +1,5 @@
/* scdaemon.c - The GnuPG Smartcard Daemon /* scdaemon.c - The GnuPG Smartcard Daemon
* Copyright (C) 2001, 2002, 2004, 2005, * Copyright (C) 2001, 2002, 2004, 2005,
* 2007, 2008, 2009 Free Software Foundation, Inc. * 2007, 2008, 2009 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
@ -53,13 +53,13 @@
#include "mkdtemp.h" #include "mkdtemp.h"
#include "gc-opt-flags.h" #include "gc-opt-flags.h"
enum cmd_and_opt_values enum cmd_and_opt_values
{ aNull = 0, { aNull = 0,
oCsh = 'c', oCsh = 'c',
oQuiet = 'q', oQuiet = 'q',
oSh = 's', oSh = 's',
oVerbose = 'v', oVerbose = 'v',
oNoVerbose = 500, oNoVerbose = 500,
aGPGConfList, aGPGConfList,
aGPGConfTest, aGPGConfTest,
@ -99,11 +99,11 @@ enum cmd_and_opt_values
static ARGPARSE_OPTS opts[] = { static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"), ARGPARSE_c (aGPGConfList, "gpgconf-list", "@"),
ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"), ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@"),
ARGPARSE_group (301, N_("@Options:\n ")), ARGPARSE_group (301, N_("@Options:\n ")),
ARGPARSE_s_n (oServer,"server", N_("run in server mode (foreground)")), ARGPARSE_s_n (oServer,"server", N_("run in server mode (foreground)")),
ARGPARSE_s_n (oMultiServer, "multi-server", ARGPARSE_s_n (oMultiServer, "multi-server",
N_("run in multi server mode (foreground)")), N_("run in multi server mode (foreground)")),
ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")), ARGPARSE_s_n (oDaemon, "daemon", N_("run in daemon mode (background)")),
ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
@ -122,11 +122,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"), ARGPARSE_s_n (oDebugLogTid, "debug-log-tid", "@"),
ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")), ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
ARGPARSE_s_s (oLogFile, "log-file", N_("|FILE|write a log to FILE")), ARGPARSE_s_s (oLogFile, "log-file", N_("|FILE|write a log to FILE")),
ARGPARSE_s_s (oReaderPort, "reader-port", ARGPARSE_s_s (oReaderPort, "reader-port",
N_("|N|connect to reader at port N")), N_("|N|connect to reader at port N")),
ARGPARSE_s_s (octapiDriver, "ctapi-driver", ARGPARSE_s_s (octapiDriver, "ctapi-driver",
N_("|NAME|use NAME as ct-API driver")), N_("|NAME|use NAME as ct-API driver")),
ARGPARSE_s_s (opcscDriver, "pcsc-driver", ARGPARSE_s_s (opcscDriver, "pcsc-driver",
N_("|NAME|use NAME as PC/SC driver")), N_("|NAME|use NAME as PC/SC driver")),
ARGPARSE_s_n (oDisableCCID, "disable-ccid", ARGPARSE_s_n (oDisableCCID, "disable-ccid",
#ifdef HAVE_LIBUSB #ifdef HAVE_LIBUSB
@ -135,15 +135,15 @@ static ARGPARSE_OPTS opts[] = {
"@" "@"
#endif #endif
/* end --disable-ccid */), /* end --disable-ccid */),
ARGPARSE_s_u (oCardTimeout, "card-timeout", ARGPARSE_s_u (oCardTimeout, "card-timeout",
N_("|N|disconnect the card after N seconds of inactivity")), N_("|N|disconnect the card after N seconds of inactivity")),
ARGPARSE_s_n (oDisableKeypad, "disable-keypad", ARGPARSE_s_n (oDisableKeypad, "disable-keypad",
N_("do not use a reader's keypad")), N_("do not use a reader's keypad")),
ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"), ARGPARSE_s_n (oAllowAdmin, "allow-admin", "@"),
ARGPARSE_s_n (oDenyAdmin, "deny-admin", ARGPARSE_s_n (oDenyAdmin, "deny-admin",
N_("deny the use of admin card commands")), N_("deny the use of admin card commands")),
ARGPARSE_s_s (oDisableApplication, "disable-application", "@"), ARGPARSE_s_s (oDisableApplication, "disable-application", "@"),
ARGPARSE_end () ARGPARSE_end ()
}; };
@ -218,7 +218,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*))
{ {
const char *s; const char *s;
char *result; char *result;
if (maybe_setuid) if (maybe_setuid)
{ {
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
@ -261,7 +261,7 @@ my_strusage (int level)
case 41: p = _("Syntax: scdaemon [options] [command [args]]\n" case 41: p = _("Syntax: scdaemon [options] [command [args]]\n"
"Smartcard daemon for GnuPG\n"); "Smartcard daemon for GnuPG\n");
break; break;
default: p = NULL; default: p = NULL;
} }
return p; return p;
@ -309,7 +309,7 @@ set_debug (const char *level)
/* Unless the "guru" string has been used we don't want to allow /* Unless the "guru" string has been used we don't want to allow
hashing debugging. The rationale is that people tend to hashing debugging. The rationale is that people tend to
select the highest debug value and would then clutter their select the highest debug value and would then clutter their
disk with debug files which may reveal confidential data. */ disk with debug files which may reveal confidential data. */
if (numok) if (numok)
opt.debug &= ~(DBG_HASHING_VALUE); opt.debug &= ~(DBG_HASHING_VALUE);
} }
@ -333,17 +333,17 @@ set_debug (const char *level)
if (opt.debug) if (opt.debug)
log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s\n", log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s\n",
(opt.debug & DBG_COMMAND_VALUE)? " command":"", (opt.debug & DBG_COMMAND_VALUE)? " command":"",
(opt.debug & DBG_MPI_VALUE )? " mpi":"", (opt.debug & DBG_MPI_VALUE )? " mpi":"",
(opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
(opt.debug & DBG_MEMORY_VALUE )? " memory":"", (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
(opt.debug & DBG_CACHE_VALUE )? " cache":"", (opt.debug & DBG_CACHE_VALUE )? " cache":"",
(opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
(opt.debug & DBG_HASHING_VALUE)? " hashing":"", (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
(opt.debug & DBG_ASSUAN_VALUE )? " assuan":"", (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"",
(opt.debug & DBG_CARD_IO_VALUE)? " cardio":""); (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"");
} }
static void static void
@ -373,7 +373,6 @@ main (int argc, char **argv )
ARGPARSE_ARGS pargs; ARGPARSE_ARGS pargs;
int orig_argc; int orig_argc;
gpg_error_t err; gpg_error_t err;
int may_coredump;
char **orig_argv; char **orig_argv;
FILE *configfp = NULL; FILE *configfp = NULL;
char *configname = NULL; char *configname = NULL;
@ -395,13 +394,13 @@ main (int argc, char **argv )
int allow_coredump = 0; int allow_coredump = 0;
int standard_socket = 0; int standard_socket = 0;
struct assuan_malloc_hooks malloc_hooks; struct assuan_malloc_hooks malloc_hooks;
set_strusage (my_strusage); set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
/* Please note that we may running SUID(ROOT), so be very CAREFUL /* Please note that we may running SUID(ROOT), so be very CAREFUL
when adding any stuff between here and the call to INIT_SECMEM() when adding any stuff between here and the call to INIT_SECMEM()
somewhere after the option parsing */ somewhere after the option parsing */
log_set_prefix ("scdaemon", 1|4); log_set_prefix ("scdaemon", 1|4);
/* Make sure that our subsystems are ready. */ /* Make sure that our subsystems are ready. */
i18n_init (); i18n_init ();
@ -440,11 +439,11 @@ main (int argc, char **argv )
setup_libgcrypt_logging (); setup_libgcrypt_logging ();
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps (); disable_core_dumps ();
/* Set default options. */ /* Set default options. */
opt.allow_admin = 1; opt.allow_admin = 1;
opt.pcsc_driver = DEFAULT_PCSC_DRIVER; opt.pcsc_driver = DEFAULT_PCSC_DRIVER;
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
standard_socket = 1; /* Under Windows we always use a standard standard_socket = 1; /* Under Windows we always use a standard
@ -455,7 +454,7 @@ main (int argc, char **argv )
shell = getenv ("SHELL"); shell = getenv ("SHELL");
if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") ) if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
csh_style = 1; csh_style = 1;
opt.homedir = default_homedir (); opt.homedir = default_homedir ();
/* Check whether we have a config file on the commandline */ /* Check whether we have a config file on the commandline */
@ -484,15 +483,15 @@ main (int argc, char **argv )
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
maybe_setuid = 0; maybe_setuid = 0;
/* /*
Now we are working under our real uid Now we are working under our real uid
*/ */
if (default_config) if (default_config)
configname = make_filename (opt.homedir, "scdaemon.conf", NULL ); configname = make_filename (opt.homedir, "scdaemon.conf", NULL );
argc = orig_argc; argc = orig_argc;
argv = orig_argv; argv = orig_argv;
pargs.argc = &argc; pargs.argc = &argc;
@ -517,7 +516,7 @@ main (int argc, char **argv )
configname, strerror(errno) ); configname, strerror(errno) );
exit(2); exit(2);
} }
xfree (configname); xfree (configname);
configname = NULL; configname = NULL;
} }
if (parse_debug && configname ) if (parse_debug && configname )
@ -543,13 +542,13 @@ main (int argc, char **argv )
enable_core_dumps (); enable_core_dumps ();
allow_coredump = 1; allow_coredump = 1;
break; break;
case oDebugCCIDDriver: case oDebugCCIDDriver:
#ifdef HAVE_LIBUSB #ifdef HAVE_LIBUSB
ccid_set_debug_level (ccid_set_debug_level (-1)+1); ccid_set_debug_level (ccid_set_debug_level (-1)+1);
#endif /*HAVE_LIBUSB*/ #endif /*HAVE_LIBUSB*/
break; break;
case oDebugDisableTicker: ticker_disabled = 1; break; case oDebugDisableTicker: ticker_disabled = 1; break;
case oDebugLogTid: case oDebugLogTid:
log_set_get_tid_callback (tid_log_callback); log_set_get_tid_callback (tid_log_callback);
break; break;
@ -585,15 +584,15 @@ main (int argc, char **argv )
case oAllowAdmin: /* Dummy because allow is now the default. */ case oAllowAdmin: /* Dummy because allow is now the default. */
break; break;
case oDenyAdmin: opt.allow_admin = 0; break; case oDenyAdmin: opt.allow_admin = 0; break;
case oCardTimeout: opt.card_timeout = pargs.r.ret_ulong; break; case oCardTimeout: opt.card_timeout = pargs.r.ret_ulong; break;
case oDisableApplication: case oDisableApplication:
add_to_strlist (&opt.disabled_applications, pargs.r.ret_str); add_to_strlist (&opt.disabled_applications, pargs.r.ret_str);
break; break;
default: default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
break; break;
} }
} }
@ -623,7 +622,7 @@ main (int argc, char **argv )
log_info ("NOTE: this is a development version!\n"); log_info ("NOTE: this is a development version!\n");
#endif #endif
if (atexit (cleanup)) if (atexit (cleanup))
{ {
log_error ("atexit failed\n"); log_error ("atexit failed\n");
@ -691,9 +690,9 @@ main (int argc, char **argv )
gnupg_sleep (debug_wait); gnupg_sleep (debug_wait);
log_debug ("... okay\n"); log_debug ("... okay\n");
} }
if (pipe_server) if (pipe_server)
{ {
/* This is the simple pipe based server */ /* This is the simple pipe based server */
ctrl_t ctrl; ctrl_t ctrl;
pth_attr_t tattr; pth_attr_t tattr;
@ -702,7 +701,7 @@ main (int argc, char **argv )
#ifndef HAVE_W32_SYSTEM #ifndef HAVE_W32_SYSTEM
{ {
struct sigaction sa; struct sigaction sa;
sa.sa_handler = SIG_IGN; sa.sa_handler = SIG_IGN;
sigemptyset (&sa.sa_mask); sigemptyset (&sa.sa_mask);
sa.sa_flags = 0; sa.sa_flags = 0;
@ -730,7 +729,7 @@ main (int argc, char **argv )
socket_name = create_socket_name (standard_socket, socket_name = create_socket_name (standard_socket,
"S.scdaemon", "S.scdaemon",
"/tmp/gpg-XXXXXX/S.scdaemon"); "/tmp/gpg-XXXXXX/S.scdaemon");
fd = FD2INT(create_server_socket (standard_socket, fd = FD2INT(create_server_socket (standard_socket,
socket_name, &socket_nonce)); socket_name, &socket_nonce));
} }
@ -787,17 +786,17 @@ main (int argc, char **argv )
fflush (NULL); fflush (NULL);
#ifndef HAVE_W32_SYSTEM #ifndef HAVE_W32_SYSTEM
pid = fork (); pid = fork ();
if (pid == (pid_t)-1) if (pid == (pid_t)-1)
{ {
log_fatal ("fork failed: %s\n", strerror (errno) ); log_fatal ("fork failed: %s\n", strerror (errno) );
exit (1); exit (1);
} }
else if (pid) else if (pid)
{ /* we are the parent */ { /* we are the parent */
char *infostr; char *infostr;
close (fd); close (fd);
/* create the info string: <name>:<pid>:<protocol_version> */ /* create the info string: <name>:<pid>:<protocol_version> */
if (estream_asprintf (&infostr, "SCDAEMON_INFO=%s:%lu:1", if (estream_asprintf (&infostr, "SCDAEMON_INFO=%s:%lu:1",
socket_name, (ulong) pid) < 0) socket_name, (ulong) pid) < 0)
@ -808,7 +807,7 @@ main (int argc, char **argv )
} }
*socket_name = 0; /* don't let cleanup() remove the socket - *socket_name = 0; /* don't let cleanup() remove the socket -
the child should do this from now on */ the child should do this from now on */
if (argc) if (argc)
{ /* run the program given on the commandline */ { /* run the program given on the commandline */
if (putenv (infostr)) if (putenv (infostr))
{ {
@ -836,18 +835,18 @@ main (int argc, char **argv )
printf ( "%s; export SCDAEMON_INFO;\n", infostr); printf ( "%s; export SCDAEMON_INFO;\n", infostr);
} }
xfree (infostr); xfree (infostr);
exit (0); exit (0);
} }
/* NOTREACHED */ /* NOTREACHED */
} /* end parent */ } /* end parent */
/* This is the child. */ /* This is the child. */
/* Detach from tty and put process into a new session. */ /* Detach from tty and put process into a new session. */
if (!nodetach ) if (!nodetach )
{ {
/* Close stdin, stdout and stderr unless it is the log stream. */ /* Close stdin, stdout and stderr unless it is the log stream. */
for (i=0; i <= 2; i++) for (i=0; i <= 2; i++)
{ {
if ( log_test_fd (i) && i != fd) if ( log_test_fd (i) && i != fd)
close (i); close (i);
@ -862,7 +861,7 @@ main (int argc, char **argv )
{ {
struct sigaction sa; struct sigaction sa;
sa.sa_handler = SIG_IGN; sa.sa_handler = SIG_IGN;
sigemptyset (&sa.sa_mask); sigemptyset (&sa.sa_mask);
sa.sa_flags = 0; sa.sa_flags = 0;
@ -881,7 +880,7 @@ main (int argc, char **argv )
close (fd); close (fd);
} }
return 0; return 0;
} }
@ -944,7 +943,7 @@ handle_signal (int signo)
"re-reading configuration and resetting cards\n"); "re-reading configuration and resetting cards\n");
/* reread_configuration (); */ /* reread_configuration (); */
break; break;
case SIGUSR1: case SIGUSR1:
log_info ("SIGUSR1 received - printing internal information:\n"); log_info ("SIGUSR1 received - printing internal information:\n");
pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ()); pth_ctrl (PTH_CTRL_DUMPSTATE, log_get_stream ());
@ -970,7 +969,7 @@ handle_signal (int signo)
scd_exit (0); scd_exit (0);
} }
break; break;
case SIGINT: case SIGINT:
log_info ("SIGINT received - immediate shutdown\n"); log_info ("SIGINT received - immediate shutdown\n");
log_info( "%s %s stopped\n", strusage(11), strusage(13)); log_info( "%s %s stopped\n", strusage(11), strusage(13));
@ -1059,7 +1058,7 @@ create_server_socket (int is_standard_name, const char *name,
scd_exit (2); scd_exit (2);
} }
serv_addr = xmalloc (sizeof (*serv_addr)); serv_addr = xmalloc (sizeof (*serv_addr));
memset (serv_addr, 0, sizeof *serv_addr); memset (serv_addr, 0, sizeof *serv_addr);
serv_addr->sun_family = AF_UNIX; serv_addr->sun_family = AF_UNIX;
assert (strlen (name) + 1 < sizeof (serv_addr->sun_path)); assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));
@ -1072,7 +1071,7 @@ create_server_socket (int is_standard_name, const char *name,
remove (name); remove (name);
rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
} }
if (rc != -1 if (rc != -1
&& (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce))) && (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce)))
log_error (_("error getting nonce for the socket\n")); log_error (_("error getting nonce for the socket\n"));
if (rc == -1) if (rc == -1)
@ -1091,7 +1090,7 @@ create_server_socket (int is_standard_name, const char *name,
assuan_sock_close (fd); assuan_sock_close (fd);
scd_exit (2); scd_exit (2);
} }
if (opt.verbose) if (opt.verbose)
log_info (_("listening on socket `%s'\n"), serv_addr->sun_path); log_info (_("listening on socket `%s'\n"), serv_addr->sun_path);
@ -1109,7 +1108,7 @@ start_connection_thread (void *arg)
if (ctrl->thread_startup.fd != GNUPG_INVALID_FD if (ctrl->thread_startup.fd != GNUPG_INVALID_FD
&& assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce)) && assuan_sock_check_nonce (ctrl->thread_startup.fd, &socket_nonce))
{ {
log_info (_("error reading nonce on fd %d: %s\n"), log_info (_("error reading nonce on fd %d: %s\n"),
FD2INT(ctrl->thread_startup.fd), strerror (errno)); FD2INT(ctrl->thread_startup.fd), strerror (errno));
assuan_sock_close (ctrl->thread_startup.fd); assuan_sock_close (ctrl->thread_startup.fd);
xfree (ctrl); xfree (ctrl);
@ -1187,7 +1186,7 @@ handle_connections (int listen_fd)
for (;;) for (;;)
{ {
sigset_t oldsigs; sigset_t oldsigs;
if (shutdown_pending) if (shutdown_pending)
{ {
if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1) if (pth_ctrl (PTH_CTRL_GETTHREADS) == 1)

6
sm/ChangeLog
View File

@ -1,3 +1,9 @@
2011-08-04 Werner Koch <wk@g10code.com>
* keydb.c (keydb_add_resource): Remove set but unused var
CREATED_FNAME.
* gpgsm.c (main): Remove set but used var FNAME.
2011-07-21 Werner Koch <wk@g10code.com> 2011-07-21 Werner Koch <wk@g10code.com>
* call-dirmngr.c (get_cached_cert, get_cached_cert_data_cb): New. * call-dirmngr.c (get_cached_cert, get_cached_cert_data_cb): New.

255
sm/gpgsm.c
View File

@ -1,4 +1,4 @@
/* gpgsm.c - GnuPG for S/MIME /* gpgsm.c - GnuPG for S/MIME
* Copyright (C) 2001, 2002, 2003, 2004, 2005, * Copyright (C) 2001, 2002, 2003, 2004, 2005,
* 2006, 2007, 2008 Free Software Foundation, Inc. * 2006, 2007, 2008 Free Software Foundation, Inc.
* *
@ -72,7 +72,7 @@ enum cmd_and_opt_values {
aRecvKeys, aRecvKeys,
aExport, aExport,
aExportSecretKeyP12, aExportSecretKeyP12,
aServer, aServer,
aLearnCard, aLearnCard,
aCallDirmngr, aCallDirmngr,
aCallProtectTool, aCallProtectTool,
@ -140,7 +140,7 @@ enum cmd_and_opt_values {
oDisablePolicyChecks, oDisablePolicyChecks,
oEnablePolicyChecks, oEnablePolicyChecks,
oAutoIssuerKeyRetrieve, oAutoIssuerKeyRetrieve,
oWithFingerprint, oWithFingerprint,
oWithMD5Fingerprint, oWithMD5Fingerprint,
oAnswerYes, oAnswerYes,
@ -193,22 +193,22 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")), ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
ARGPARSE_c (aVerify, "verify", N_("verify a signature")), ARGPARSE_c (aVerify, "verify", N_("verify a signature")),
ARGPARSE_c (aListKeys, "list-keys", N_("list keys")), ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
ARGPARSE_c (aListExternalKeys, "list-external-keys", ARGPARSE_c (aListExternalKeys, "list-external-keys",
N_("list external keys")), N_("list external keys")),
ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")), ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
ARGPARSE_c (aListChain, "list-chain", N_("list certificate chain")), ARGPARSE_c (aListChain, "list-chain", N_("list certificate chain")),
ARGPARSE_c (aFingerprint, "fingerprint", N_("list keys and fingerprints")), ARGPARSE_c (aFingerprint, "fingerprint", N_("list keys and fingerprints")),
ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")), ARGPARSE_c (aKeygen, "gen-key", N_("generate a new key pair")),
ARGPARSE_c (aDeleteKey, "delete-keys", ARGPARSE_c (aDeleteKey, "delete-keys",
N_("remove keys from the public keyring")), N_("remove keys from the public keyring")),
ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a key server")), ARGPARSE_c (aSendKeys, "send-keys", N_("export keys to a key server")),
ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")), ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")),
ARGPARSE_c (aImport, "import", N_("import certificates")), ARGPARSE_c (aImport, "import", N_("import certificates")),
ARGPARSE_c (aExport, "export", N_("export certificates")), ARGPARSE_c (aExport, "export", N_("export certificates")),
ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"), ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"),
ARGPARSE_c (aLearnCard, "learn-card", N_("register a smartcard")), ARGPARSE_c (aLearnCard, "learn-card", N_("register a smartcard")),
ARGPARSE_c (aServer, "server", N_("run in server mode")), ARGPARSE_c (aServer, "server", N_("run in server mode")),
ARGPARSE_c (aCallDirmngr, "call-dirmngr", ARGPARSE_c (aCallDirmngr, "call-dirmngr",
N_("pass a command to the dirmngr")), N_("pass a command to the dirmngr")),
ARGPARSE_c (aCallProtectTool, "call-protect-tool", ARGPARSE_c (aCallProtectTool, "call-protect-tool",
N_("invoke gpg-protect-tool")), N_("invoke gpg-protect-tool")),
@ -231,11 +231,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oP12Charset, "p12-charset", "@"), ARGPARSE_s_s (oP12Charset, "p12-charset", "@"),
ARGPARSE_s_n (oAssumeArmor, "assume-armor", ARGPARSE_s_n (oAssumeArmor, "assume-armor",
N_("assume input is in PEM format")), N_("assume input is in PEM format")),
ARGPARSE_s_n (oAssumeBase64, "assume-base64", ARGPARSE_s_n (oAssumeBase64, "assume-base64",
N_("assume input is in base-64 format")), N_("assume input is in base-64 format")),
ARGPARSE_s_n (oAssumeBinary, "assume-binary", ARGPARSE_s_n (oAssumeBinary, "assume-binary",
N_("assume input is in binary format")), N_("assume input is in binary format")),
ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")), ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
@ -243,12 +243,12 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oPreferSystemDirmngr,"prefer-system-dirmngr", ARGPARSE_s_n (oPreferSystemDirmngr,"prefer-system-dirmngr",
N_("use system's dirmngr if available")), N_("use system's dirmngr if available")),
ARGPARSE_s_n (oDisableCRLChecks, "disable-crl-checks", ARGPARSE_s_n (oDisableCRLChecks, "disable-crl-checks",
N_("never consult a CRL")), N_("never consult a CRL")),
ARGPARSE_s_n (oEnableCRLChecks, "enable-crl-checks", "@"), ARGPARSE_s_n (oEnableCRLChecks, "enable-crl-checks", "@"),
ARGPARSE_s_n (oDisableTrustedCertCRLCheck, ARGPARSE_s_n (oDisableTrustedCertCRLCheck,
"disable-trusted-cert-crl-check", "@"), "disable-trusted-cert-crl-check", "@"),
ARGPARSE_s_n (oEnableTrustedCertCRLCheck, ARGPARSE_s_n (oEnableTrustedCertCRLCheck,
"enable-trusted-cert-crl-check", "@"), "enable-trusted-cert-crl-check", "@"),
ARGPARSE_s_n (oForceCRLRefresh, "force-crl-refresh", "@"), ARGPARSE_s_n (oForceCRLRefresh, "force-crl-refresh", "@"),
@ -258,7 +258,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oValidationModel, "validation-model", "@"), ARGPARSE_s_s (oValidationModel, "validation-model", "@"),
ARGPARSE_s_i (oIncludeCerts, "include-certs", ARGPARSE_s_i (oIncludeCerts, "include-certs",
N_("|N|number of certificates to include") ), N_("|N|number of certificates to include") ),
ARGPARSE_s_s (oPolicyFile, "policy-file", ARGPARSE_s_s (oPolicyFile, "policy-file",
@ -286,7 +286,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoLogFile, "no-log-file", "@"), ARGPARSE_s_n (oNoLogFile, "no-log-file", "@"),
ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"), ARGPARSE_s_i (oLoggerFD, "logger-fd", "@"),
ARGPARSE_s_s (oAuditLog, "audit-log", ARGPARSE_s_s (oAuditLog, "audit-log",
N_("|FILE|write an audit log to FILE")), N_("|FILE|write an audit log to FILE")),
ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"), ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
@ -325,12 +325,12 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_i (oStatusFD, "status-fd", ARGPARSE_s_i (oStatusFD, "status-fd",
N_("|FD|write status info to this FD")), N_("|FD|write status info to this FD")),
ARGPARSE_s_s (oCipherAlgo, "cipher-algo", ARGPARSE_s_s (oCipherAlgo, "cipher-algo",
N_("|NAME|use cipher algorithm NAME")), N_("|NAME|use cipher algorithm NAME")),
ARGPARSE_s_s (oDigestAlgo, "digest-algo", ARGPARSE_s_s (oDigestAlgo, "digest-algo",
N_("|NAME|use message digest algorithm NAME")), N_("|NAME|use message digest algorithm NAME")),
ARGPARSE_s_s (oExtraDigestAlgo, "extra-digest-algo", "@"), ARGPARSE_s_s (oExtraDigestAlgo, "extra-digest-algo", "@"),
ARGPARSE_group (302, N_( ARGPARSE_group (302, N_(
"@\n(See the man page for a complete listing of all commands and options)\n" "@\n(See the man page for a complete listing of all commands and options)\n"
@ -346,13 +346,13 @@ static ARGPARSE_OPTS opts[] = {
/* Hidden options. */ /* Hidden options. */
ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"), ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"), ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"), ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
ARGPARSE_s_n (oNoArmor, "no-armor", "@"), ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
ARGPARSE_s_n (oNoArmor, "no-armour", "@"), ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"), ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"), ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_n (oNoOptions, "no-options", "@"), ARGPARSE_s_n (oNoOptions, "no-options", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"), ARGPARSE_s_s (oHomedir, "homedir", "@"),
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"), ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
ARGPARSE_s_s (oDisplay, "display", "@"), ARGPARSE_s_s (oDisplay, "display", "@"),
ARGPARSE_s_s (oTTYname, "ttyname", "@"), ARGPARSE_s_s (oTTYname, "ttyname", "@"),
@ -380,11 +380,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"), ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"),
/* Command aliases. */ /* Command aliases. */
ARGPARSE_c (aListKeys, "list-key", "@"), ARGPARSE_c (aListKeys, "list-key", "@"),
ARGPARSE_c (aListChain, "list-sig", "@"), ARGPARSE_c (aListChain, "list-sig", "@"),
ARGPARSE_c (aListChain, "list-sigs", "@"), ARGPARSE_c (aListChain, "list-sigs", "@"),
ARGPARSE_c (aListChain, "check-sig", "@"), ARGPARSE_c (aListChain, "check-sig", "@"),
ARGPARSE_c (aListChain, "check-sigs", "@"), ARGPARSE_c (aListChain, "check-sigs", "@"),
ARGPARSE_c (aDeleteKey, "delete-key", "@"), ARGPARSE_c (aDeleteKey, "delete-key", "@"),
ARGPARSE_end () ARGPARSE_end ()
@ -410,7 +410,7 @@ static int allow_special_filenames;
gpgconf-list because the variable will be changed by the command gpgconf-list because the variable will be changed by the command
line option. */ line option. */
#define DEFAULT_INCLUDE_CERTS -2 /* Include all certs but root. */ #define DEFAULT_INCLUDE_CERTS -2 /* Include all certs but root. */
static int default_include_certs = DEFAULT_INCLUDE_CERTS; static int default_include_certs = DEFAULT_INCLUDE_CERTS;
/* Whether the chain mode shall be used for validation. */ /* Whether the chain mode shall be used for validation. */
static int default_validation_model; static int default_validation_model;
@ -490,7 +490,7 @@ make_libversion (const char *libname, const char *(*getfnc)(const char*))
{ {
const char *s; const char *s;
char *result; char *result;
if (maybe_setuid) if (maybe_setuid)
{ {
gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */
@ -558,7 +558,7 @@ my_strusage( int level )
digests = build_list("Hash: ", gcry_md_algo_name, our_md_test_algo ); digests = build_list("Hash: ", gcry_md_algo_name, our_md_test_algo );
p = digests; p = digests;
break; break;
default: p = NULL; break; default: p = NULL; break;
} }
return p; return p;
@ -571,7 +571,7 @@ build_list (const char *text, const char * (*mapf)(int), int (*chkf)(int))
int i; int i;
size_t n=strlen(text)+2; size_t n=strlen(text)+2;
char *list, *p; char *list, *p;
if (maybe_setuid) { if (maybe_setuid) {
gcry_control (GCRYCTL_DROP_PRIVS); /* drop setuid */ gcry_control (GCRYCTL_DROP_PRIVS); /* drop setuid */
} }
@ -625,7 +625,7 @@ static void
set_opt_session_env (const char *name, const char *value) set_opt_session_env (const char *name, const char *value)
{ {
gpg_error_t err; gpg_error_t err;
err = session_env_setenv (opt.session_env, name, value); err = session_env_setenv (opt.session_env, name, value);
if (err) if (err)
log_fatal ("error setting session environment: %s\n", log_fatal ("error setting session environment: %s\n",
@ -660,7 +660,7 @@ set_debug (void)
/* Unless the "guru" string has been used we don't want to allow /* Unless the "guru" string has been used we don't want to allow
hashing debugging. The rationale is that people tend to hashing debugging. The rationale is that people tend to
select the highest debug value and would then clutter their select the highest debug value and would then clutter their
disk with debug files which may reveal confidential data. */ disk with debug files which may reveal confidential data. */
if (numok) if (numok)
opt.debug &= ~(DBG_HASHING_VALUE); opt.debug &= ~(DBG_HASHING_VALUE);
} }
@ -685,16 +685,16 @@ set_debug (void)
if (opt.debug) if (opt.debug)
log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n", log_info ("enabled debug flags:%s%s%s%s%s%s%s%s\n",
(opt.debug & DBG_X509_VALUE )? " x509":"", (opt.debug & DBG_X509_VALUE )? " x509":"",
(opt.debug & DBG_MPI_VALUE )? " mpi":"", (opt.debug & DBG_MPI_VALUE )? " mpi":"",
(opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
(opt.debug & DBG_MEMORY_VALUE )? " memory":"", (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
(opt.debug & DBG_CACHE_VALUE )? " cache":"", (opt.debug & DBG_CACHE_VALUE )? " cache":"",
(opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
(opt.debug & DBG_HASHING_VALUE)? " hashing":"", (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
(opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" ); (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" );
} }
static void static void
@ -711,7 +711,7 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
else if ( (cmd == aSign && new_cmd == aClearsign) else if ( (cmd == aSign && new_cmd == aClearsign)
|| (cmd == aClearsign && new_cmd == aSign) ) || (cmd == aClearsign && new_cmd == aSign) )
cmd = aClearsign; cmd = aClearsign;
else else
{ {
log_error(_("conflicting commands\n")); log_error(_("conflicting commands\n"));
gpgsm_exit(2); gpgsm_exit(2);
@ -803,39 +803,39 @@ parse_keyserver_line (char *line,
fail = 1; fail = 1;
} }
break; break;
case 2: case 2:
if (*p) if (*p)
server->port = atoi (p); server->port = atoi (p);
break; break;
case 3: case 3:
if (*p) if (*p)
server->user = xstrdup (p); server->user = xstrdup (p);
break; break;
case 4: case 4:
if (*p && !server->user) if (*p && !server->user)
{ {
log_error (_("%s:%u: password given without user\n"), log_error (_("%s:%u: password given without user\n"),
filename, lineno); filename, lineno);
fail = 1; fail = 1;
} }
else if (*p) else if (*p)
server->pass = xstrdup (p); server->pass = xstrdup (p);
break; break;
case 5: case 5:
if (*p) if (*p)
server->base = xstrdup (p); server->base = xstrdup (p);
break; break;
default: default:
/* (We silently ignore extra fields.) */ /* (We silently ignore extra fields.) */
break; break;
} }
} }
if (fail) if (fail)
{ {
log_info (_("%s:%u: skipping this line\n"), filename, lineno); log_info (_("%s:%u: skipping this line\n"), filename, lineno);
@ -852,7 +852,6 @@ main ( int argc, char **argv)
ARGPARSE_ARGS pargs; ARGPARSE_ARGS pargs;
int orig_argc; int orig_argc;
char **orig_argv; char **orig_argv;
const char *fname;
/* char *username;*/ /* char *username;*/
int may_coredump; int may_coredump;
strlist_t sl, remusr= NULL, locusr=NULL; strlist_t sl, remusr= NULL, locusr=NULL;
@ -909,7 +908,7 @@ main ( int argc, char **argv)
/* Check that the libraries are suitable. Do it here because the /* Check that the libraries are suitable. Do it here because the
option parse may need services of the library */ option parse may need services of the library */
if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
if (!ksba_check_version (NEED_KSBA_VERSION) ) if (!ksba_check_version (NEED_KSBA_VERSION) )
log_fatal (_("%s is too old (need %s, have %s)\n"), "libksba", log_fatal (_("%s is too old (need %s, have %s)\n"), "libksba",
@ -919,9 +918,9 @@ main ( int argc, char **argv)
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps (); may_coredump = disable_core_dumps ();
gnupg_init_signals (0, emergency_cleanup); gnupg_init_signals (0, emergency_cleanup);
create_dotlock (NULL); /* register locking cleanup */ create_dotlock (NULL); /* register locking cleanup */
opt.session_env = session_env_new (); opt.session_env = session_env_new ();
@ -959,14 +958,14 @@ main ( int argc, char **argv)
break; /* This break makes sure that --version and --help are break; /* This break makes sure that --version and --help are
passed to the protect-tool. */ passed to the protect-tool. */
} }
/* Initialize the secure memory. */ /* Initialize the secure memory. */
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
maybe_setuid = 0; maybe_setuid = 0;
/* /*
Now we are now working under our real uid Now we are now working under our real uid
*/ */
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free ); ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
@ -992,7 +991,7 @@ main ( int argc, char **argv)
configname = make_filename (opt.homedir, "gpgsm.conf", NULL); configname = make_filename (opt.homedir, "gpgsm.conf", NULL);
/* Set the default policy file */ /* Set the default policy file */
opt.policy_file = make_filename (opt.homedir, "policies.txt", NULL); opt.policy_file = make_filename (opt.homedir, "policies.txt", NULL);
argc = orig_argc; argc = orig_argc;
argv = orig_argv; argv = orig_argv;
pargs.argc = &argc; pargs.argc = &argc;
@ -1010,7 +1009,7 @@ main ( int argc, char **argv)
if (parse_debug) if (parse_debug)
log_info (_("NOTE: no default option file `%s'\n"), configname); log_info (_("NOTE: no default option file `%s'\n"), configname);
} }
else else
{ {
log_error (_("option file `%s': %s\n"), configname, strerror(errno)); log_error (_("option file `%s': %s\n"), configname, strerror(errno));
gpgsm_exit(2); gpgsm_exit(2);
@ -1023,19 +1022,19 @@ main ( int argc, char **argv)
default_config = 0; default_config = 0;
} }
while (!no_more_options while (!no_more_options
&& optfile_parse (configfp, configname, &configlineno, &pargs, opts)) && optfile_parse (configfp, configname, &configlineno, &pargs, opts))
{ {
switch (pargs.r_opt) switch (pargs.r_opt)
{ {
case aGPGConfList: case aGPGConfList:
case aGPGConfTest: case aGPGConfTest:
set_cmd (&cmd, pargs.r_opt); set_cmd (&cmd, pargs.r_opt);
do_not_setup_keys = 1; do_not_setup_keys = 1;
nogreeting = 1; nogreeting = 1;
break; break;
case aServer: case aServer:
opt.batch = 1; opt.batch = 1;
set_cmd (&cmd, aServer); set_cmd (&cmd, aServer);
break; break;
@ -1052,7 +1051,7 @@ main ( int argc, char **argv)
no_more_options = 1; /* Stop parsing. */ no_more_options = 1; /* Stop parsing. */
do_not_setup_keys = 1; do_not_setup_keys = 1;
break; break;
case aDeleteKey: case aDeleteKey:
set_cmd (&cmd, aDeleteKey); set_cmd (&cmd, aDeleteKey);
/*greeting=1;*/ /*greeting=1;*/
@ -1061,45 +1060,45 @@ main ( int argc, char **argv)
case aDetachedSign: case aDetachedSign:
detached_sig = 1; detached_sig = 1;
set_cmd (&cmd, aSign ); set_cmd (&cmd, aSign );
break; break;
case aKeygen: case aKeygen:
set_cmd (&cmd, aKeygen); set_cmd (&cmd, aKeygen);
greeting=1; greeting=1;
do_not_setup_keys = 1; do_not_setup_keys = 1;
break; break;
case aImport: case aImport:
case aSendKeys: case aSendKeys:
case aRecvKeys: case aRecvKeys:
case aExport: case aExport:
case aExportSecretKeyP12: case aExportSecretKeyP12:
case aDumpKeys: case aDumpKeys:
case aDumpChain: case aDumpChain:
case aDumpExternalKeys: case aDumpExternalKeys:
case aDumpSecretKeys: case aDumpSecretKeys:
case aListKeys: case aListKeys:
case aListExternalKeys: case aListExternalKeys:
case aListSecretKeys: case aListSecretKeys:
case aListChain: case aListChain:
case aLearnCard: case aLearnCard:
case aPasswd: case aPasswd:
case aKeydbClearSomeCertFlags: case aKeydbClearSomeCertFlags:
do_not_setup_keys = 1; do_not_setup_keys = 1;
set_cmd (&cmd, pargs.r_opt); set_cmd (&cmd, pargs.r_opt);
break; break;
case aEncr: case aEncr:
recp_required = 1; recp_required = 1;
set_cmd (&cmd, pargs.r_opt); set_cmd (&cmd, pargs.r_opt);
break; break;
case aSym: case aSym:
case aDecrypt: case aDecrypt:
case aSign: case aSign:
case aClearsign: case aClearsign:
case aVerify: case aVerify:
set_cmd (&cmd, pargs.r_opt); set_cmd (&cmd, pargs.r_opt);
break; break;
@ -1107,15 +1106,15 @@ main ( int argc, char **argv)
case oArmor: case oArmor:
ctrl.create_pem = 1; ctrl.create_pem = 1;
break; break;
case oBase64: case oBase64:
ctrl.create_pem = 0; ctrl.create_pem = 0;
ctrl.create_base64 = 1; ctrl.create_base64 = 1;
break; break;
case oNoArmor: case oNoArmor:
ctrl.create_pem = 0; ctrl.create_pem = 0;
ctrl.create_base64 = 0; ctrl.create_base64 = 0;
break; break;
case oP12Charset: case oP12Charset:
opt.p12_charset = pargs.r.ret_str; opt.p12_charset = pargs.r.ret_str;
break; break;
@ -1160,8 +1159,8 @@ main ( int argc, char **argv)
ctrl.use_ocsp = opt.enable_ocsp = 1; ctrl.use_ocsp = opt.enable_ocsp = 1;
break; break;
case oIncludeCerts: case oIncludeCerts:
ctrl.include_certs = default_include_certs = pargs.r.ret_int; ctrl.include_certs = default_include_certs = pargs.r.ret_int;
break; break;
case oPolicyFile: case oPolicyFile:
@ -1178,14 +1177,14 @@ main ( int argc, char **argv)
case oEnablePolicyChecks: case oEnablePolicyChecks:
opt.no_policy_check = 0; opt.no_policy_check = 0;
break; break;
case oAutoIssuerKeyRetrieve: case oAutoIssuerKeyRetrieve:
opt.auto_issuer_key_retrieve = 1; opt.auto_issuer_key_retrieve = 1;
break; break;
case oOutput: opt.outfile = pargs.r.ret_str; break; case oOutput: opt.outfile = pargs.r.ret_str; break;
case oQuiet: opt.quiet = 1; break; case oQuiet: opt.quiet = 1; break;
case oNoTTY: /* fixme:tty_no_terminal(1);*/ break; case oNoTTY: /* fixme:tty_no_terminal(1);*/ break;
case oDryRun: opt.dry_run = 1; break; case oDryRun: opt.dry_run = 1; break;
@ -1200,17 +1199,17 @@ main ( int argc, char **argv)
break; break;
case oLogFile: logfile = pargs.r.ret_str; break; case oLogFile: logfile = pargs.r.ret_str; break;
case oNoLogFile: logfile = NULL; break; case oNoLogFile: logfile = NULL; break;
case oAuditLog: auditlog = pargs.r.ret_str; break; case oAuditLog: auditlog = pargs.r.ret_str; break;
case oHtmlAuditLog: htmlauditlog = pargs.r.ret_str; break; case oHtmlAuditLog: htmlauditlog = pargs.r.ret_str; break;
case oBatch: case oBatch:
opt.batch = 1; opt.batch = 1;
greeting = 0; greeting = 0;
break; break;
case oNoBatch: opt.batch = 0; break; case oNoBatch: opt.batch = 0; break;
case oAnswerYes: opt.answer_yes = 1; break; case oAnswerYes: opt.answer_yes = 1; break;
case oAnswerNo: opt.answer_no = 1; break; case oAnswerNo: opt.answer_no = 1; break;
@ -1271,12 +1270,12 @@ main ( int argc, char **argv)
case oDisableDirmngr: opt.disable_dirmngr = 1; break; case oDisableDirmngr: opt.disable_dirmngr = 1; break;
case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break; case oPreferSystemDirmngr: opt.prefer_system_dirmngr = 1; break;
case oProtectToolProgram: case oProtectToolProgram:
opt.protect_tool_program = pargs.r.ret_str; opt.protect_tool_program = pargs.r.ret_str;
break; break;
case oFakedSystemTime: case oFakedSystemTime:
{ {
time_t faked_time = isotime2epoch (pargs.r.ret_str); time_t faked_time = isotime2epoch (pargs.r.ret_str);
if (faked_time == (time_t)(-1)) if (faked_time == (time_t)(-1))
faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10); faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
gnupg_set_time (faked_time, 0); gnupg_set_time (faked_time, 0);
@ -1332,20 +1331,20 @@ main ( int argc, char **argv)
break; break;
case oNoSecmemWarn: case oNoSecmemWarn:
gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
break; break;
case oCipherAlgo: case oCipherAlgo:
opt.def_cipher_algoid = pargs.r.ret_str; opt.def_cipher_algoid = pargs.r.ret_str;
break; break;
case oDisableCipherAlgo: case oDisableCipherAlgo:
{ {
int algo = gcry_cipher_map_name (pargs.r.ret_str); int algo = gcry_cipher_map_name (pargs.r.ret_str);
gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo); gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
} }
break; break;
case oDisablePubkeyAlgo: case oDisablePubkeyAlgo:
{ {
int algo = gcry_pk_map_name (pargs.r.ret_str); int algo = gcry_pk_map_name (pargs.r.ret_str);
gcry_pk_ctl (GCRYCTL_DISABLE_ALGO,&algo, sizeof algo ); gcry_pk_ctl (GCRYCTL_DISABLE_ALGO,&algo, sizeof algo );
@ -1356,7 +1355,7 @@ main ( int argc, char **argv)
forced_digest_algo = pargs.r.ret_str; forced_digest_algo = pargs.r.ret_str;
break; break;
case oExtraDigestAlgo: case oExtraDigestAlgo:
extra_digest_algo = pargs.r.ret_str; extra_digest_algo = pargs.r.ret_str;
break; break;
@ -1390,8 +1389,8 @@ main ( int argc, char **argv)
add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str); add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str);
break; break;
default: default:
pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
break; break;
} }
} }
@ -1420,7 +1419,7 @@ main ( int argc, char **argv)
if (nogreeting) if (nogreeting)
greeting = 0; greeting = 0;
if (greeting) if (greeting)
{ {
fprintf(stderr, "%s %s; %s\n", fprintf(stderr, "%s %s; %s\n",
@ -1459,7 +1458,7 @@ main ( int argc, char **argv)
dump_isotime (tbuf); dump_isotime (tbuf);
log_printf ("\n"); log_printf ("\n");
} }
/*FIXME if (opt.batch) */ /*FIXME if (opt.batch) */
/* tty_batchmode (1); */ /* tty_batchmode (1); */
@ -1497,7 +1496,7 @@ main ( int argc, char **argv)
opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.42"; opt.def_cipher_algoid = "1.3.6.1.4.1.11591.13.2.42";
else if (!strcmp (opt.def_cipher_algoid, "SEED") ) else if (!strcmp (opt.def_cipher_algoid, "SEED") )
opt.def_cipher_algoid = "1.2.410.200004.1.4"; opt.def_cipher_algoid = "1.2.410.200004.1.4";
else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA") else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA")
|| !strcmp (opt.def_cipher_algoid, "CAMELLIA128") ) || !strcmp (opt.def_cipher_algoid, "CAMELLIA128") )
opt.def_cipher_algoid = "1.2.392.200011.61.1.1.1.2"; opt.def_cipher_algoid = "1.2.392.200011.61.1.1.1.2";
else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA192") ) else if (!strcmp (opt.def_cipher_algoid, "CAMELLIA192") )
@ -1527,18 +1526,18 @@ main ( int argc, char **argv)
if (log_get_errorcount(0)) if (log_get_errorcount(0))
gpgsm_exit(2); gpgsm_exit(2);
/* Set the random seed file. */ /* Set the random seed file. */
if (use_random_seed) if (use_random_seed)
{ {
char *p = make_filename (opt.homedir, "random_seed", NULL); char *p = make_filename (opt.homedir, "random_seed", NULL);
gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p); gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
xfree(p); xfree(p);
} }
if (!cmd && opt.fingerprint && !with_fpr) if (!cmd && opt.fingerprint && !with_fpr)
set_cmd (&cmd, aListKeys); set_cmd (&cmd, aListKeys);
/* Add default keybox. */ /* Add default keybox. */
if (!nrings && default_keyring) if (!nrings && default_keyring)
{ {
@ -1549,7 +1548,7 @@ main ( int argc, char **argv)
{ {
/* Import the standard certificates for a new default keybox. */ /* Import the standard certificates for a new default keybox. */
char *filelist[2]; char *filelist[2];
filelist[0] = make_filename (gnupg_datadir (),"com-certs.pem", NULL); filelist[0] = make_filename (gnupg_datadir (),"com-certs.pem", NULL);
filelist[1] = NULL; filelist[1] = NULL;
if (!access (filelist[0], F_OK)) if (!access (filelist[0], F_OK))
@ -1571,7 +1570,7 @@ main ( int argc, char **argv)
{ {
switch (cmd) switch (cmd)
{ {
case aEncr: case aEncr:
case aSign: case aSign:
case aDecrypt: case aDecrypt:
case aVerify: case aVerify:
@ -1603,7 +1602,7 @@ main ( int argc, char **argv)
get_inv_recpsgnr_code (rc), sl->d, NULL); get_inv_recpsgnr_code (rc), sl->d, NULL);
} }
} }
/* Build the recipient list. We first add the regular ones and then /* Build the recipient list. We first add the regular ones and then
the encrypt-to ones because the underlying function will silently the encrypt-to ones because the underlying function will silently
ignore duplicates and we can't allow to keep a duplicate which is ignore duplicates and we can't allow to keep a duplicate which is
@ -1622,13 +1621,11 @@ main ( int argc, char **argv)
if (log_get_errorcount(0)) if (log_get_errorcount(0))
gpgsm_exit(1); /* Must stop for invalid recipients. */ gpgsm_exit(1); /* Must stop for invalid recipients. */
fname = argc? *argv : NULL;
/* Dispatch command. */ /* Dispatch command. */
switch (cmd) switch (cmd)
{ {
case aGPGConfList: case aGPGConfList:
{ /* List options and default values in the GPG Conf format. */ { /* List options and default values in the GPG Conf format. */
char *config_filename_esc = percent_escape (opt.config_filename, NULL); char *config_filename_esc = percent_escape (opt.config_filename, NULL);
@ -1698,7 +1695,7 @@ main ( int argc, char **argv)
set_binary (stdin); set_binary (stdin);
if (!argc) /* Source is stdin. */ if (!argc) /* Source is stdin. */
gpgsm_encrypt (&ctrl, recplist, 0, fp); gpgsm_encrypt (&ctrl, recplist, 0, fp);
else if (argc == 1) /* Source is the given file. */ else if (argc == 1) /* Source is the given file. */
gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp); gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
else else
@ -1717,10 +1714,10 @@ main ( int argc, char **argv)
signing because that is what gpg does.*/ signing because that is what gpg does.*/
set_binary (stdin); set_binary (stdin);
if (!argc) /* Create from stdin. */ if (!argc) /* Create from stdin. */
gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp); gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
else if (argc == 1) /* From file. */ else if (argc == 1) /* From file. */
gpgsm_sign (&ctrl, signerlist, gpgsm_sign (&ctrl, signerlist,
open_read (*argv), detached_sig, fp); open_read (*argv), detached_sig, fp);
else else
wrong_args ("--sign [datafile]"); wrong_args ("--sign [datafile]");
@ -1728,7 +1725,7 @@ main ( int argc, char **argv)
fclose (fp); fclose (fp);
} }
break; break;
case aSignEncr: /* sign and encrypt the given file */ case aSignEncr: /* sign and encrypt the given file */
log_error ("this command has not yet been implemented\n"); log_error ("this command has not yet been implemented\n");
break; break;
@ -1752,7 +1749,7 @@ main ( int argc, char **argv)
else if (argc == 1) else if (argc == 1)
gpgsm_verify (&ctrl, open_read (*argv), -1, fp); /* std signature */ gpgsm_verify (&ctrl, open_read (*argv), -1, fp); /* std signature */
else if (argc == 2) /* detached signature (sig, detached) */ else if (argc == 2) /* detached signature (sig, detached) */
gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL); gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL);
else else
wrong_args ("--verify [signature [detached_data]]"); wrong_args ("--verify [signature [detached_data]]");
@ -1801,7 +1798,7 @@ main ( int argc, char **argv)
{ {
case aListChain: case aListChain:
case aListKeys: mode = (0 | 0 | (1<<6)); break; case aListKeys: mode = (0 | 0 | (1<<6)); break;
case aDumpChain: case aDumpChain:
case aDumpKeys: mode = (256 | 0 | (1<<6)); break; case aDumpKeys: mode = (256 | 0 | (1<<6)); break;
case aListExternalKeys: mode = (0 | 0 | (1<<7)); break; case aListExternalKeys: mode = (0 | 0 | (1<<7)); break;
case aDumpExternalKeys: mode = (256 | 0 | (1<<7)); break; case aDumpExternalKeys: mode = (256 | 0 | (1<<7)); break;
@ -1828,13 +1825,13 @@ main ( int argc, char **argv)
if (opt.batch) if (opt.batch)
{ {
if (!argc) /* Create from stdin. */ if (!argc) /* Create from stdin. */
fpin = open_es_fread ("-"); fpin = open_es_fread ("-");
else if (argc == 1) /* From file. */ else if (argc == 1) /* From file. */
fpin = open_es_fread (*argv); fpin = open_es_fread (*argv);
else else
wrong_args ("--gen-key --batch [parmfile]"); wrong_args ("--gen-key --batch [parmfile]");
} }
fpout = open_fwrite (opt.outfile?opt.outfile:"-"); fpout = open_fwrite (opt.outfile?opt.outfile:"-");
if (fpin) if (fpin)
@ -1877,7 +1874,7 @@ main ( int argc, char **argv)
fclose (fp); fclose (fp);
} }
break; break;
case aSendKeys: case aSendKeys:
case aRecvKeys: case aRecvKeys:
log_error ("this command has not yet been implemented\n"); log_error ("this command has not yet been implemented\n");
@ -1909,7 +1906,7 @@ main ( int argc, char **argv)
; ;
else if (!(grip = gpgsm_get_keygrip_hexstring (cert))) else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
rc = gpg_error (GPG_ERR_BUG); rc = gpg_error (GPG_ERR_BUG);
else else
{ {
char *desc = gpgsm_format_keydesc (cert); char *desc = gpgsm_format_keydesc (cert);
rc = gpgsm_agent_passwd (&ctrl, grip, desc); rc = gpgsm_agent_passwd (&ctrl, grip, desc);
@ -1947,7 +1944,7 @@ main ( int argc, char **argv)
es_fclose (auditfp); es_fclose (auditfp);
es_fclose (htmlauditfp); es_fclose (htmlauditfp);
} }
/* cleanup */ /* cleanup */
keyserver_list_free (opt.keyserver); keyserver_list_free (opt.keyserver);
opt.keyserver = NULL; opt.keyserver = NULL;
@ -1995,7 +1992,7 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl)
int int
gpgsm_parse_validation_model (const char *model) gpgsm_parse_validation_model (const char *model)
{ {
if (!ascii_strcasecmp (model, "shell") ) if (!ascii_strcasecmp (model, "shell") )
return 0; return 0;
else if ( !ascii_strcasecmp (model, "chain") ) else if ( !ascii_strcasecmp (model, "chain") )
@ -2013,11 +2010,11 @@ check_special_filename (const char *fname, int for_write)
if (allow_special_filenames if (allow_special_filenames
&& fname && *fname == '-' && fname[1] == '&' ) { && fname && *fname == '-' && fname[1] == '&' ) {
int i; int i;
fname += 2; fname += 2;
for (i=0; isdigit (fname[i]); i++ ) for (i=0; isdigit (fname[i]); i++ )
; ;
if ( !fname[i] ) if ( !fname[i] )
return translate_sys2libc_fd_int (atoi (fname), for_write); return translate_sys2libc_fd_int (atoi (fname), for_write);
} }
return -1; return -1;
@ -2028,7 +2025,7 @@ check_special_filename (const char *fname, int for_write)
/* Open the FILENAME for read and return the filedescriptor. Stop /* Open the FILENAME for read and return the filedescriptor. Stop
with an error message in case of problems. "-" denotes stdin and with an error message in case of problems. "-" denotes stdin and
if special filenames are allowed the given fd is opened instead. */ if special filenames are allowed the given fd is opened instead. */
static int static int
open_read (const char *filename) open_read (const char *filename)
{ {
int fd; int fd;
@ -2177,7 +2174,7 @@ run_protect_tool (int argc, char **argv)
for (i=1; argc; i++, argc--, argv++) for (i=1; argc; i++, argc--, argv++)
av[i] = *argv; av[i] = *argv;
av[i] = NULL; av[i] = NULL;
execv (pgm, av); execv (pgm, av);
log_error ("error executing `%s': %s\n", pgm, strerror (errno)); log_error ("error executing `%s': %s\n", pgm, strerror (errno));
#endif /*HAVE_W32_SYSTEM*/ #endif /*HAVE_W32_SYSTEM*/
gpgsm_exit (2); gpgsm_exit (2);

324
sm/keydb.c
View File

@ -29,7 +29,7 @@
#include "gpgsm.h" #include "gpgsm.h"
#include "../kbx/keybox.h" #include "../kbx/keybox.h"
#include "keydb.h" #include "keydb.h"
#include "i18n.h" #include "i18n.h"
static int active_handles; static int active_handles;
@ -71,7 +71,7 @@ static void unlock_all (KEYDB_HANDLE hd);
* Register a resource (which currently may only be a keybox file). * Register a resource (which currently may only be a keybox file).
* The first keybox which is added by this function is created if it * The first keybox which is added by this function is created if it
* does not exist. If AUTO_CREATED is not NULL it will be set to true * does not exist. If AUTO_CREATED is not NULL it will be set to true
* if the function has created a a new keybox. * if the function has created a a new keybox.
*/ */
int int
keydb_add_resource (const char *url, int force, int secret, int *auto_created) keydb_add_resource (const char *url, int force, int secret, int *auto_created)
@ -79,10 +79,9 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
static int any_secret, any_public; static int any_secret, any_public;
const char *resname = url; const char *resname = url;
char *filename = NULL; char *filename = NULL;
int rc = 0; int rc = 0;
FILE *fp; FILE *fp;
KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE; KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
const char *created_fname = NULL;
if (auto_created) if (auto_created)
*auto_created = 0; *auto_created = 0;
@ -91,7 +90,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
gnupg-kbx:filename := this is a plain keybox gnupg-kbx:filename := this is a plain keybox
filename := See what is is, but create as plain keybox. filename := See what is is, but create as plain keybox.
*/ */
if (strlen (resname) > 10) if (strlen (resname) > 10)
{ {
if (!strncmp (resname, "gnupg-kbx:", 10) ) if (!strncmp (resname, "gnupg-kbx:", 10) )
{ {
@ -117,20 +116,20 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
} }
else else
filename = xstrdup (resname); filename = xstrdup (resname);
if (!force) if (!force)
force = secret? !any_secret : !any_public; force = secret? !any_secret : !any_public;
/* see whether we can determine the filetype */ /* see whether we can determine the filetype */
if (rt == KEYDB_RESOURCE_TYPE_NONE) if (rt == KEYDB_RESOURCE_TYPE_NONE)
{ {
FILE *fp2 = fopen( filename, "rb" ); FILE *fp2 = fopen( filename, "rb" );
if (fp2) { if (fp2) {
u32 magic; u32 magic;
/* FIXME: check for the keybox magic */ /* FIXME: check for the keybox magic */
if (fread( &magic, 4, 1, fp2) == 1 ) if (fread( &magic, 4, 1, fp2) == 1 )
{ {
if (magic == 0x13579ace || magic == 0xce9a5713) if (magic == 0x13579ace || magic == 0xce9a5713)
; /* GDBM magic - no more support */ ; /* GDBM magic - no more support */
@ -144,14 +143,14 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
else /* no file yet: create ring */ else /* no file yet: create ring */
rt = KEYDB_RESOURCE_TYPE_KEYBOX; rt = KEYDB_RESOURCE_TYPE_KEYBOX;
} }
switch (rt) switch (rt)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
log_error ("unknown type of key resource `%s'\n", url ); log_error ("unknown type of key resource `%s'\n", url );
rc = gpg_error (GPG_ERR_GENERAL); rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
case KEYDB_RESOURCE_TYPE_KEYBOX: case KEYDB_RESOURCE_TYPE_KEYBOX:
fp = fopen (filename, "rb"); fp = fopen (filename, "rb");
if (!fp && !force) if (!fp && !force)
@ -159,13 +158,13 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
rc = gpg_error (gpg_err_code_from_errno (errno)); rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
if (!fp) if (!fp)
{ /* no file */ { /* no file */
#if 0 /* no autocreate of the homedirectory yet */ #if 0 /* no autocreate of the homedirectory yet */
{ {
char *last_slash_in_filename; char *last_slash_in_filename;
last_slash_in_filename = strrchr (filename, DIRSEP_C); last_slash_in_filename = strrchr (filename, DIRSEP_C);
*last_slash_in_filename = 0; *last_slash_in_filename = 0;
if (access (filename, F_OK)) if (access (filename, F_OK))
@ -194,7 +193,6 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
if (!opt.quiet) if (!opt.quiet)
log_info (_("keybox `%s' created\n"), filename); log_info (_("keybox `%s' created\n"), filename);
created_fname = filename;
if (auto_created) if (auto_created)
*auto_created = 1; *auto_created = 1;
} }
@ -202,13 +200,13 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
fp = NULL; fp = NULL;
/* now register the file */ /* now register the file */
{ {
void *token = keybox_register_file (filename, secret); void *token = keybox_register_file (filename, secret);
if (!token) if (!token)
; /* already registered - ignore it */ ; /* already registered - ignore it */
else if (used_resources >= MAX_KEYDB_RESOURCES) else if (used_resources >= MAX_KEYDB_RESOURCES)
rc = gpg_error (GPG_ERR_RESOURCE_LIMIT); rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
else else
{ {
all_resources[used_resources].type = rt; all_resources[used_resources].type = rt;
all_resources[used_resources].u.kr = NULL; /* Not used here */ all_resources[used_resources].u.kr = NULL; /* Not used here */
@ -224,7 +222,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
if (!make_dotlock (all_resources[used_resources].lockhandle, 0)) if (!make_dotlock (all_resources[used_resources].lockhandle, 0))
{ {
KEYBOX_HANDLE kbxhd = keybox_new (token, secret); KEYBOX_HANDLE kbxhd = keybox_new (token, secret);
if (kbxhd) if (kbxhd)
{ {
keybox_compress (kbxhd); keybox_compress (kbxhd);
@ -232,7 +230,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
} }
release_dotlock (all_resources[used_resources].lockhandle); release_dotlock (all_resources[used_resources].lockhandle);
} }
used_resources++; used_resources++;
} }
} }
@ -264,10 +262,10 @@ keydb_new (int secret)
{ {
KEYDB_HANDLE hd; KEYDB_HANDLE hd;
int i, j; int i, j;
hd = xcalloc (1, sizeof *hd); hd = xcalloc (1, sizeof *hd);
hd->found = -1; hd->found = -1;
assert (used_resources <= MAX_KEYDB_RESOURCES); assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++) for (i=j=0; i < used_resources; i++)
{ {
@ -283,7 +281,7 @@ keydb_new (int secret)
hd->active[j].secret = all_resources[i].secret; hd->active[j].secret = all_resources[i].secret;
hd->active[j].lockhandle = all_resources[i].lockhandle; hd->active[j].lockhandle = all_resources[i].lockhandle;
hd->active[j].u.kr = keybox_new (all_resources[i].token, secret); hd->active[j].u.kr = keybox_new (all_resources[i].token, secret);
if (!hd->active[j].u.kr) if (!hd->active[j].u.kr)
{ {
xfree (hd); xfree (hd);
return NULL; /* fixme: release all previously allocated handles*/ return NULL; /* fixme: release all previously allocated handles*/
@ -293,16 +291,16 @@ keydb_new (int secret)
} }
} }
hd->used = j; hd->used = j;
active_handles++; active_handles++;
return hd; return hd;
} }
void void
keydb_release (KEYDB_HANDLE hd) keydb_release (KEYDB_HANDLE hd)
{ {
int i; int i;
if (!hd) if (!hd)
return; return;
assert (active_handles > 0); assert (active_handles > 0);
@ -311,7 +309,7 @@ keydb_release (KEYDB_HANDLE hd)
unlock_all (hd); unlock_all (hd);
for (i=0; i < hd->used; i++) for (i=0; i < hd->used; i++)
{ {
switch (hd->active[i].type) switch (hd->active[i].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
break; break;
@ -336,27 +334,27 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
{ {
int idx; int idx;
const char *s = NULL; const char *s = NULL;
if (!hd) if (!hd)
return NULL; return NULL;
if ( hd->found >= 0 && hd->found < hd->used) if ( hd->found >= 0 && hd->found < hd->used)
idx = hd->found; idx = hd->found;
else if ( hd->current >= 0 && hd->current < hd->used) else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current; idx = hd->current;
else else
idx = 0; idx = 0;
switch (hd->active[idx].type) switch (hd->active[idx].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
s = NULL; s = NULL;
break; break;
case KEYDB_RESOURCE_TYPE_KEYBOX: case KEYDB_RESOURCE_TYPE_KEYBOX:
s = keybox_get_resource_name (hd->active[idx].u.kr); s = keybox_get_resource_name (hd->active[idx].u.kr);
break; break;
} }
return s? s: ""; return s? s: "";
} }
@ -374,7 +372,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
{ {
for (i=0; i < hd->used; i++) for (i=0; i < hd->used; i++)
{ {
switch (hd->active[i].type) switch (hd->active[i].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
break; break;
@ -384,7 +382,7 @@ keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
} }
} }
} }
i = hd->is_ephemeral; i = hd->is_ephemeral;
hd->is_ephemeral = yes; hd->is_ephemeral = yes;
return i; return i;
@ -407,7 +405,7 @@ keydb_lock (KEYDB_HANDLE hd)
static int static int
lock_all (KEYDB_HANDLE hd) lock_all (KEYDB_HANDLE hd)
{ {
int i, rc = 0; int i, rc = 0;
@ -415,9 +413,9 @@ lock_all (KEYDB_HANDLE hd)
/* Fixme: This locking scheme may lead to deadlock if the resources /* Fixme: This locking scheme may lead to deadlock if the resources
are not added in the same order by all processes. We are are not added in the same order by all processes. We are
currently only allowing one resource so it is not a problem. */ currently only allowing one resource so it is not a problem. */
for (i=0; i < hd->used; i++) for (i=0; i < hd->used; i++)
{ {
switch (hd->active[i].type) switch (hd->active[i].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
break; break;
@ -430,12 +428,12 @@ lock_all (KEYDB_HANDLE hd)
break; break;
} }
if (rc) if (rc)
{ {
/* revert the already set locks */ /* revert the already set locks */
for (i--; i >= 0; i--) for (i--; i >= 0; i--)
{ {
switch (hd->active[i].type) switch (hd->active[i].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
break; break;
@ -459,13 +457,13 @@ static void
unlock_all (KEYDB_HANDLE hd) unlock_all (KEYDB_HANDLE hd)
{ {
int i; int i;
if (!hd->locked) if (!hd->locked)
return; return;
for (i=hd->used-1; i >= 0; i--) for (i=hd->used-1; i >= 0; i--)
{ {
switch (hd->active[i].type) switch (hd->active[i].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
break; break;
@ -483,7 +481,7 @@ unlock_all (KEYDB_HANDLE hd)
/* /*
* Return the last found keybox. Caller must free it. * Return the last found keybox. Caller must free it.
* The returned keyblock has the kbode flag bit 0 set for the node with * The returned keyblock has the kbode flag bit 0 set for the node with
* the public key used to locate the keyblock or flag bit 1 set for * the public key used to locate the keyblock or flag bit 1 set for
* the user ID node. * the user ID node.
*/ */
int int
@ -494,7 +492,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
switch (hd->active[hd->found].type) { switch (hd->active[hd->found].type) {
@ -509,7 +507,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
return rc; return rc;
} }
/* /*
* update the current keyblock with KB * update the current keyblock with KB
*/ */
int int
@ -520,7 +518,7 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
if( opt.dry_run ) if( opt.dry_run )
@ -543,8 +541,8 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
} }
/* /*
* Insert a new KB into one of the resources. * Insert a new KB into one of the resources.
*/ */
int int
keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb) keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
@ -552,15 +550,15 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
int rc = -1; int rc = -1;
int idx; int idx;
if (!hd) if (!hd)
return G10ERR_INV_ARG; return G10ERR_INV_ARG;
if( opt.dry_run ) if( opt.dry_run )
return 0; return 0;
if ( hd->found >= 0 && hd->found < hd->used) if ( hd->found >= 0 && hd->found < hd->used)
idx = hd->found; idx = hd->found;
else if ( hd->current >= 0 && hd->current < hd->used) else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current; idx = hd->current;
else else
return G10ERR_GENERAL; return G10ERR_GENERAL;
@ -598,11 +596,11 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
switch (hd->active[hd->found].type) switch (hd->active[hd->found].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
rc = gpg_error (GPG_ERR_GENERAL); /* oops */ rc = gpg_error (GPG_ERR_GENERAL); /* oops */
@ -611,7 +609,7 @@ keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert)
rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert); rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
break; break;
} }
return rc; return rc;
} }
@ -626,11 +624,11 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return gpg_error (GPG_ERR_NOTHING_FOUND); return gpg_error (GPG_ERR_NOTHING_FOUND);
switch (hd->active[hd->found].type) switch (hd->active[hd->found].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
err = gpg_error (GPG_ERR_GENERAL); /* oops */ err = gpg_error (GPG_ERR_GENERAL); /* oops */
@ -639,7 +637,7 @@ keydb_get_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int *value)
err = keybox_get_flags (hd->active[hd->found].u.kr, which, idx, value); err = keybox_get_flags (hd->active[hd->found].u.kr, which, idx, value);
break; break;
} }
return err; return err;
} }
@ -656,14 +654,14 @@ keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return gpg_error (GPG_ERR_NOTHING_FOUND); return gpg_error (GPG_ERR_NOTHING_FOUND);
if (!hd->locked) if (!hd->locked)
return gpg_error (GPG_ERR_NOT_LOCKED); return gpg_error (GPG_ERR_NOT_LOCKED);
switch (hd->active[hd->found].type) switch (hd->active[hd->found].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
err = gpg_error (GPG_ERR_GENERAL); /* oops */ err = gpg_error (GPG_ERR_GENERAL); /* oops */
@ -672,12 +670,12 @@ keydb_set_flags (KEYDB_HANDLE hd, int which, int idx, unsigned int value)
err = keybox_set_flags (hd->active[hd->found].u.kr, which, idx, value); err = keybox_set_flags (hd->active[hd->found].u.kr, which, idx, value);
break; break;
} }
return err; return err;
} }
/* /*
* Insert a new Certificate into one of the resources. * Insert a new Certificate into one of the resources.
*/ */
int int
keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert) keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
@ -685,16 +683,16 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
int rc = -1; int rc = -1;
int idx; int idx;
unsigned char digest[20]; unsigned char digest[20];
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
if (opt.dry_run) if (opt.dry_run)
return 0; return 0;
if ( hd->found >= 0 && hd->found < hd->used) if ( hd->found >= 0 && hd->found < hd->used)
idx = hd->found; idx = hd->found;
else if ( hd->current >= 0 && hd->current < hd->used) else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current; idx = hd->current;
else else
return gpg_error (GPG_ERR_GENERAL); return gpg_error (GPG_ERR_GENERAL);
@ -704,7 +702,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/ gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
switch (hd->active[idx].type) switch (hd->active[idx].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
rc = gpg_error (GPG_ERR_GENERAL); rc = gpg_error (GPG_ERR_GENERAL);
@ -713,7 +711,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest); rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
break; break;
} }
unlock_all (hd); unlock_all (hd);
return rc; return rc;
} }
@ -726,11 +724,11 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
{ {
int rc = 0; int rc = 0;
unsigned char digest[20]; unsigned char digest[20];
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
if (opt.dry_run) if (opt.dry_run)
@ -742,7 +740,7 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/ gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
switch (hd->active[hd->found].type) switch (hd->active[hd->found].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
rc = gpg_error (GPG_ERR_GENERAL); /* oops */ rc = gpg_error (GPG_ERR_GENERAL); /* oops */
@ -757,25 +755,25 @@ keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert)
} }
/* /*
* The current keyblock or cert will be deleted. * The current keyblock or cert will be deleted.
*/ */
int int
keydb_delete (KEYDB_HANDLE hd, int unlock) keydb_delete (KEYDB_HANDLE hd, int unlock)
{ {
int rc = -1; int rc = -1;
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
if( opt.dry_run ) if( opt.dry_run )
return 0; return 0;
if (!hd->locked) if (!hd->locked)
return gpg_error (GPG_ERR_NOT_LOCKED); return gpg_error (GPG_ERR_NOT_LOCKED);
switch (hd->active[hd->found].type) switch (hd->active[hd->found].type)
{ {
@ -797,7 +795,7 @@ keydb_delete (KEYDB_HANDLE hd, int unlock)
/* /*
* Locate the default writable key resource, so that the next * Locate the default writable key resource, so that the next
* operation (which is only relevant for inserts) will be done on this * operation (which is only relevant for inserts) will be done on this
* resource. * resource.
*/ */
int int
keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
@ -805,17 +803,17 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
int rc; int rc;
(void)reserved; (void)reserved;
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
rc = keydb_search_reset (hd); /* this does reset hd->current */ rc = keydb_search_reset (hd); /* this does reset hd->current */
if (rc) if (rc)
return rc; return rc;
for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++) for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
{ {
switch (hd->active[hd->current].type) switch (hd->active[hd->current].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
BUG(); BUG();
@ -826,7 +824,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
break; break;
} }
} }
return -1; return -1;
} }
@ -837,7 +835,7 @@ void
keydb_rebuild_caches (void) keydb_rebuild_caches (void)
{ {
int i; int i;
for (i=0; i < used_resources; i++) for (i=0; i < used_resources; i++)
{ {
if (all_resources[i].secret) if (all_resources[i].secret)
@ -858,23 +856,23 @@ keydb_rebuild_caches (void)
/* /*
* Start the next search on this handle right at the beginning * Start the next search on this handle right at the beginning
*/ */
int int
keydb_search_reset (KEYDB_HANDLE hd) keydb_search_reset (KEYDB_HANDLE hd)
{ {
int i, rc = 0; int i, rc = 0;
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
hd->current = 0; hd->current = 0;
hd->found = -1; hd->found = -1;
/* and reset all resources */ /* and reset all resources */
for (i=0; !rc && i < hd->used; i++) for (i=0; !rc && i < hd->used; i++)
{ {
switch (hd->active[i].type) switch (hd->active[i].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
break; break;
@ -887,21 +885,21 @@ keydb_search_reset (KEYDB_HANDLE hd)
all modules*/ all modules*/
} }
/* /*
* Search through all keydb resources, starting at the current position, * Search through all keydb resources, starting at the current position,
* for a keyblock which contains one of the keys described in the DESC array. * for a keyblock which contains one of the keys described in the DESC array.
*/ */
int int
keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc) keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
{ {
int rc = -1; int rc = -1;
if (!hd) if (!hd)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
while (rc == -1 && hd->current >= 0 && hd->current < hd->used) while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
{ {
switch (hd->active[hd->current].type) switch (hd->active[hd->current].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
BUG(); /* we should never see it here */ BUG(); /* we should never see it here */
@ -911,12 +909,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
break; break;
} }
if (rc == -1) /* EOF -> switch to next resource */ if (rc == -1) /* EOF -> switch to next resource */
hd->current++; hd->current++;
else if (!rc) else if (!rc)
hd->found = hd->current; hd->found = hd->current;
} }
return rc; return rc;
} }
@ -924,7 +922,7 @@ int
keydb_search_first (KEYDB_HANDLE hd) keydb_search_first (KEYDB_HANDLE hd)
{ {
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FIRST; desc.mode = KEYDB_SEARCH_MODE_FIRST;
return keydb_search (hd, &desc, 1); return keydb_search (hd, &desc, 1);
@ -934,7 +932,7 @@ int
keydb_search_next (KEYDB_HANDLE hd) keydb_search_next (KEYDB_HANDLE hd)
{ {
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_NEXT; desc.mode = KEYDB_SEARCH_MODE_NEXT;
return keydb_search (hd, &desc, 1); return keydb_search (hd, &desc, 1);
@ -946,7 +944,7 @@ keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
(void)kid; (void)kid;
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_LONG_KID; desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
/* desc.u.kid[0] = kid[0]; */ /* desc.u.kid[0] = kid[0]; */
@ -958,7 +956,7 @@ int
keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr) keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
{ {
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FPR; desc.mode = KEYDB_SEARCH_MODE_FPR;
memcpy (desc.u.fpr, fpr, 20); memcpy (desc.u.fpr, fpr, 20);
@ -970,7 +968,7 @@ keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
{ {
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
int rc; int rc;
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_ISSUER; desc.mode = KEYDB_SEARCH_MODE_ISSUER;
desc.u.name = issuer; desc.u.name = issuer;
@ -985,7 +983,7 @@ keydb_search_issuer_sn (KEYDB_HANDLE hd,
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
int rc; int rc;
const unsigned char *s; const unsigned char *s;
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN; desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
s = serial; s = serial;
@ -1007,7 +1005,7 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)
{ {
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
int rc; int rc;
memset (&desc, 0, sizeof desc); memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_SUBJECT; desc.mode = KEYDB_SEARCH_MODE_SUBJECT;
desc.u.name = name; desc.u.name = name;
@ -1017,15 +1015,15 @@ keydb_search_subject (KEYDB_HANDLE hd, const char *name)
static int static int
classify_user_id (const char *name, classify_user_id (const char *name,
KEYDB_SEARCH_DESC *desc, KEYDB_SEARCH_DESC *desc,
int *force_exact ) int *force_exact )
{ {
const char *s; const char *s;
int hexprefix = 0; int hexprefix = 0;
int hexlength; int hexlength;
int mode = 0; int mode = 0;
/* clear the structure so that the mode field is set to zero unless /* clear the structure so that the mode field is set to zero unless
* we set it to the correct value right at the end of this function */ * we set it to the correct value right at the end of this function */
memset (desc, 0, sizeof *desc); memset (desc, 0, sizeof *desc);
@ -1034,7 +1032,7 @@ classify_user_id (const char *name,
for(s = name; *s && spacep (s); s++ ) for(s = name; *s && spacep (s); s++ )
; ;
switch (*s) switch (*s)
{ {
case 0: /* empty string is an error */ case 0: /* empty string is an error */
return 0; return 0;
@ -1084,9 +1082,9 @@ classify_user_id (const char *name,
break; break;
case '#': case '#':
{ {
const char *si; const char *si;
s++; s++;
if ( *s == '/') if ( *s == '/')
{ /* "#/" indicates an issuer's DN */ { /* "#/" indicates an issuer's DN */
@ -1096,7 +1094,7 @@ classify_user_id (const char *name,
desc->u.name = s; desc->u.name = s;
mode = KEYDB_SEARCH_MODE_ISSUER; mode = KEYDB_SEARCH_MODE_ISSUER;
} }
else else
{ /* serialnumber + optional issuer ID */ { /* serialnumber + optional issuer ID */
for (si=s; *si && *si != '/'; si++) for (si=s; *si && *si != '/'; si++)
{ {
@ -1120,10 +1118,10 @@ classify_user_id (const char *name,
break; break;
case ':': /*Unified fingerprint */ case ':': /*Unified fingerprint */
{ {
const char *se, *si; const char *se, *si;
int i; int i;
se = strchr (++s,':'); se = strchr (++s,':');
if (!se) if (!se)
return 0; return 0;
@ -1134,21 +1132,21 @@ classify_user_id (const char *name,
} }
if (i != 32 && i != 40) if (i != 32 && i != 40)
return 0; /* invalid length of fpr*/ return 0; /* invalid length of fpr*/
for (i=0,si=s; si < se; i++, si +=2) for (i=0,si=s; si < se; i++, si +=2)
desc->u.fpr[i] = hextobyte(si); desc->u.fpr[i] = hextobyte(si);
for (; i < 20; i++) for (; i < 20; i++)
desc->u.fpr[i]= 0; desc->u.fpr[i]= 0;
s = se + 1; s = se + 1;
mode = KEYDB_SEARCH_MODE_FPR; mode = KEYDB_SEARCH_MODE_FPR;
} }
break; break;
case '&': /* Keygrip*/ case '&': /* Keygrip*/
{ {
if (hex2bin (s+1, desc->u.grip, 20) < 0) if (hex2bin (s+1, desc->u.grip, 20) < 0)
return 0; /* Invalid. */ return 0; /* Invalid. */
mode = KEYDB_SEARCH_MODE_KEYGRIP; mode = KEYDB_SEARCH_MODE_KEYGRIP;
} }
break; break;
default: default:
@ -1164,17 +1162,17 @@ classify_user_id (const char *name,
*force_exact = 1; *force_exact = 1;
hexlength++; /* just for the following check */ hexlength++; /* just for the following check */
} }
/* check if a hexadecimal number is terminated by EOS or blank */ /* check if a hexadecimal number is terminated by EOS or blank */
if (hexlength && s[hexlength] && !spacep (s+hexlength)) if (hexlength && s[hexlength] && !spacep (s+hexlength))
{ {
if (hexprefix) /* a "0x" prefix without correct */ if (hexprefix) /* a "0x" prefix without correct */
return 0; /* termination is an error */ return 0; /* termination is an error */
/* The first chars looked like a hex number, but really is /* The first chars looked like a hex number, but really is
not */ not */
hexlength = 0; hexlength = 0;
} }
if (*force_exact) if (*force_exact)
hexlength--; /* remove the bang */ hexlength--; /* remove the bang */
@ -1185,10 +1183,10 @@ classify_user_id (const char *name,
if (hexlength == 9) if (hexlength == 9)
s++; s++;
kid = strtoul( s, NULL, 16 ); kid = strtoul( s, NULL, 16 );
desc->u.kid[4] = kid >> 24; desc->u.kid[4] = kid >> 24;
desc->u.kid[5] = kid >> 16; desc->u.kid[5] = kid >> 16;
desc->u.kid[6] = kid >> 8; desc->u.kid[6] = kid >> 8;
desc->u.kid[7] = kid; desc->u.kid[7] = kid;
mode = KEYDB_SEARCH_MODE_SHORT_KID; mode = KEYDB_SEARCH_MODE_SHORT_KID;
} }
else if (hexlength == 16 else if (hexlength == 16
@ -1201,14 +1199,14 @@ classify_user_id (const char *name,
mem2str(buf, s, 9 ); mem2str(buf, s, 9 );
kid0 = strtoul (buf, NULL, 16); kid0 = strtoul (buf, NULL, 16);
kid1 = strtoul (s+8, NULL, 16); kid1 = strtoul (s+8, NULL, 16);
desc->u.kid[0] = kid0 >> 24; desc->u.kid[0] = kid0 >> 24;
desc->u.kid[1] = kid0 >> 16; desc->u.kid[1] = kid0 >> 16;
desc->u.kid[2] = kid0 >> 8; desc->u.kid[2] = kid0 >> 8;
desc->u.kid[3] = kid0; desc->u.kid[3] = kid0;
desc->u.kid[4] = kid1 >> 24; desc->u.kid[4] = kid1 >> 24;
desc->u.kid[5] = kid1 >> 16; desc->u.kid[5] = kid1 >> 16;
desc->u.kid[6] = kid1 >> 8; desc->u.kid[6] = kid1 >> 8;
desc->u.kid[7] = kid1; desc->u.kid[7] = kid1;
mode = KEYDB_SEARCH_MODE_LONG_KID; mode = KEYDB_SEARCH_MODE_LONG_KID;
} }
else if (hexlength == 32 else if (hexlength == 32
@ -1217,8 +1215,8 @@ classify_user_id (const char *name,
int i; int i;
if (hexlength == 33) if (hexlength == 33)
s++; s++;
memset(desc->u.fpr+16, 0, 4); memset(desc->u.fpr+16, 0, 4);
for (i=0; i < 16; i++, s+=2) for (i=0; i < 16; i++, s+=2)
{ {
int c = hextobyte(s); int c = hextobyte(s);
if (c == -1) if (c == -1)
@ -1233,7 +1231,7 @@ classify_user_id (const char *name,
int i; int i;
if (hexlength == 41) if (hexlength == 41)
s++; s++;
for (i=0; i < 20; i++, s+=2) for (i=0; i < 20; i++, s+=2)
{ {
int c = hextobyte(s); int c = hextobyte(s);
if (c == -1) if (c == -1)
@ -1243,16 +1241,16 @@ classify_user_id (const char *name,
mode = KEYDB_SEARCH_MODE_FPR20; mode = KEYDB_SEARCH_MODE_FPR20;
} }
else if (!hexprefix) else if (!hexprefix)
{ {
/* The fingerprint in an X.509 listing is often delimited by /* The fingerprint in an X.509 listing is often delimited by
colons, so we try to single this case out. */ colons, so we try to single this case out. */
mode = 0; mode = 0;
hexlength = strspn (s, ":0123456789abcdefABCDEF"); hexlength = strspn (s, ":0123456789abcdefABCDEF");
if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength))) if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
{ {
int i; int i;
for (i=0; i < 20; i++, s += 3) for (i=0; i < 20; i++, s += 3)
{ {
int c = hextobyte(s); int c = hextobyte(s);
if (c == -1 || (i < 19 && s[2] != ':')) if (c == -1 || (i < 19 && s[2] != ':'))
@ -1263,10 +1261,10 @@ classify_user_id (const char *name,
mode = KEYDB_SEARCH_MODE_FPR20; mode = KEYDB_SEARCH_MODE_FPR20;
} }
if (!mode) /* default is substring search */ if (!mode) /* default is substring search */
{ {
*force_exact = 0; *force_exact = 0;
desc->u.name = s; desc->u.name = s;
mode = KEYDB_SEARCH_MODE_SUBSTR; mode = KEYDB_SEARCH_MODE_SUBSTR;
} }
} }
else else
@ -1274,7 +1272,7 @@ classify_user_id (const char *name,
return 0; return 0;
} }
} }
desc->mode = mode; desc->mode = mode;
return mode; return mode;
} }
@ -1324,7 +1322,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
if (ephemeral) if (ephemeral)
keydb_set_ephemeral (kh, 1); keydb_set_ephemeral (kh, 1);
rc = lock_all (kh); rc = lock_all (kh);
if (rc) if (rc)
return rc; return rc;
@ -1359,7 +1357,7 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
keydb_release (kh); keydb_release (kh);
return rc; return rc;
} }
keydb_release (kh); keydb_release (kh);
return 0; return 0;
} }
@ -1368,8 +1366,8 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
transaction by locating the certificate in the DB and updating the transaction by locating the certificate in the DB and updating the
flags. */ flags. */
gpg_error_t gpg_error_t
keydb_set_cert_flags (ksba_cert_t cert, int ephemeral, keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
int which, int idx, int which, int idx,
unsigned int mask, unsigned int value) unsigned int mask, unsigned int value)
{ {
KEYDB_HANDLE kh; KEYDB_HANDLE kh;
@ -1434,7 +1432,7 @@ keydb_set_cert_flags (ksba_cert_t cert, int ephemeral,
} }
} }
keydb_release (kh); keydb_release (kh);
return 0; return 0;
} }
@ -1453,7 +1451,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
unsigned int old_value, value; unsigned int old_value, value;
(void)ctrl; (void)ctrl;
hd = keydb_new (0); hd = keydb_new (0);
if (!hd) if (!hd)
{ {
@ -1465,7 +1463,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
ndesc = 1; ndesc = 1;
else else
{ {
for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++) for (sl=names, ndesc=0; sl; sl = sl->next, ndesc++)
; ;
} }
@ -1479,9 +1477,9 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
if (!names) if (!names)
desc[0].mode = KEYDB_SEARCH_MODE_FIRST; desc[0].mode = KEYDB_SEARCH_MODE_FIRST;
else else
{ {
for (ndesc=0, sl=names; sl; sl = sl->next) for (ndesc=0, sl=names; sl; sl = sl->next)
{ {
rc = keydb_classify_name (sl->d, desc+ndesc); rc = keydb_classify_name (sl->d, desc+ndesc);
if (rc) if (rc)
@ -1504,7 +1502,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
while (!(rc = keydb_search (hd, desc, ndesc))) while (!(rc = keydb_search (hd, desc, ndesc)))
{ {
if (!names) if (!names)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT; desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
err = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &old_value); err = keydb_get_flags (hd, KEYBOX_FLAG_VALIDITY, 0, &old_value);
@ -1514,7 +1512,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
gpg_strerror (err)); gpg_strerror (err));
goto leave; goto leave;
} }
value = (old_value & ~VALIDITY_REVOKED); value = (old_value & ~VALIDITY_REVOKED);
if (value != old_value) if (value != old_value)
{ {
@ -1528,7 +1526,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
} }
if (rc && rc != -1) if (rc && rc != -1)
log_error ("keydb_search failed: %s\n", gpg_strerror (rc)); log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
leave: leave:
xfree (desc); xfree (desc);
keydb_release (hd); keydb_release (hd);

37
tools/ChangeLog
View File

@ -1,3 +1,10 @@
2011-08-04 Werner Koch <wk@g10code.com>
* symcryptrun.c: Include utmp.h for login_tty.
* gpgconf-comp.c (gc_process_gpgconf_conf): Remove unsued var
USED_COMPONENTS.
2011-01-11 Werner Koch <wk@g10code.com> 2011-01-11 Werner Koch <wk@g10code.com>
* gpgtar.c, gpgtar.h, gpgtar-create.c, gpgtar-extract.c * gpgtar.c, gpgtar.h, gpgtar-create.c, gpgtar-extract.c
@ -164,7 +171,7 @@
* gpgconf-comp.c (my_percent_escape): Make non-static and rename * gpgconf-comp.c (my_percent_escape): Make non-static and rename
to ... to ...
(gc_percent_escape): ... this. Change all callers. (gc_percent_escape): ... this. Change all callers.
2008-05-26 Werner Koch <wk@g10code.com> 2008-05-26 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (gpg_agent_runtime_change) [W32]: Issue * gpgconf-comp.c (gpg_agent_runtime_change) [W32]: Issue
@ -286,7 +293,7 @@
(handle_inquire): Implement new command. (handle_inquire): Implement new command.
(substitute_line_copy): New. (substitute_line_copy): New.
(unescape_string, unpercent_string): New. (unescape_string, unpercent_string): New.
* no-libgcrypt.c (gcry_set_outofcore_handler) * no-libgcrypt.c (gcry_set_outofcore_handler)
(gcry_set_fatalerror_handler, gcry_set_log_handler): New. (gcry_set_fatalerror_handler, gcry_set_log_handler): New.
* Makefile.am (gpg_connect_agent_LDADD): Link to libreadline. * Makefile.am (gpg_connect_agent_LDADD): Link to libreadline.
@ -508,7 +515,7 @@
min-passphrase-length. Apply new flag to some of them. min-passphrase-length. Apply new flag to some of them.
(gc_process_gpgconf_conf, key_matches_user_or_group): New. (gc_process_gpgconf_conf, key_matches_user_or_group): New.
(gc_component_change_options): Factor some code out to .. (gc_component_change_options): Factor some code out to ..
(change_one_value): .. new. (change_one_value): .. new.
(gc_component_retrieve_options): Allow -1 for COMPONENT to iterate (gc_component_retrieve_options): Allow -1 for COMPONENT to iterate
over al components. over al components.
* gpgconf.c (main): New commands --check-config and * gpgconf.c (main): New commands --check-config and
@ -551,7 +558,7 @@
2006-10-20 Werner Koch <wk@g10code.com> 2006-10-20 Werner Koch <wk@g10code.com>
* gpgsm-gencert.sh: Enhanced the main menu. * gpgsm-gencert.sh: Enhanced the main menu.
2006-10-12 Werner Koch <wk@g10code.com> 2006-10-12 Werner Koch <wk@g10code.com>
@ -683,7 +690,7 @@
2005-06-01 Werner Koch <wk@g10code.com> 2005-06-01 Werner Koch <wk@g10code.com>
* symcryptrun.c: Include mkdtemp.h. * symcryptrun.c: Include mkdtemp.h.
2005-05-31 Werner Koch <wk@g10code.com> 2005-05-31 Werner Koch <wk@g10code.com>
@ -737,7 +744,7 @@
2005-04-11 Marcus Brinkmann <marcus@g10code.de> 2005-04-11 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c: Implement config file parsing. * symcryptrun.c: Implement config file parsing.
* Makefile.am (bin_PROGRAMS): Add symcryptrun. * Makefile.am (bin_PROGRAMS): Add symcryptrun.
(symcryptrun_SOURCES, symcryptrun_LDADD): New variables. (symcryptrun_SOURCES, symcryptrun_LDADD): New variables.
* symcryptrun.c: New file. * symcryptrun.c: New file.
@ -757,7 +764,7 @@
2005-02-24 Werner Koch <wk@g10code.com> 2005-02-24 Werner Koch <wk@g10code.com>
* gpg-connect-agent.c: New. * gpg-connect-agent.c: New.
* Makefile.am: Add it. * Makefile.am: Add it.
2004-12-21 Werner Koch <wk@g10code.com> 2004-12-21 Werner Koch <wk@g10code.com>
@ -801,7 +808,7 @@
2004-10-01 Werner Koch <wk@g10code.com> 2004-10-01 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Made all strings for --log-file read the same. * gpgconf-comp.c: Made all strings for --log-file read the same.
2004-10-01 Werner Koch <wk@g10code.com> 2004-10-01 Werner Koch <wk@g10code.com>
* gpgconf-comp.c (my_dgettext): Also switch codeset and directory * gpgconf-comp.c (my_dgettext): Also switch codeset and directory
@ -833,8 +840,8 @@
* no-libgcrypt.c (gcry_realloc, gcry_xmalloc, gcry_xcalloc): New. * no-libgcrypt.c (gcry_realloc, gcry_xmalloc, gcry_xcalloc): New.
* gpgconf-comp.c (retrieve_options_from_program) * gpgconf-comp.c (retrieve_options_from_program)
(retrieve_options_from_file, change_options_file) (retrieve_options_from_file, change_options_file)
(change_options_program, gc_component_change_options): Replaced (change_options_program, gc_component_change_options): Replaced
getline by read_line and test for allocation failure. getline by read_line and test for allocation failure.
@ -902,7 +909,7 @@
(gc_component_change_options): New variable runtime. Initialize (gc_component_change_options): New variable runtime. Initialize
it. If an option is changed that has the GC_OPT_FLAG_RUNTIME bit it. If an option is changed that has the GC_OPT_FLAG_RUNTIME bit
set, also set the corresponding runtime variable. Finally, call set, also set the corresponding runtime variable. Finally, call
the runtime_change callback of the backend if needed. the runtime_change callback of the backend if needed.
2004-03-16 Werner Koch <wk@gnupg.org> 2004-03-16 Werner Koch <wk@gnupg.org>
@ -993,7 +1000,7 @@
quote in pathname. quote in pathname.
(change_options_program): Percent deescape string before writing (change_options_program): Percent deescape string before writing
it out. it out.
* gpgconf-comp.c (gc_component_list_options): Do not skip groups * gpgconf-comp.c (gc_component_list_options): Do not skip groups
on output. on output.
@ -1027,10 +1034,10 @@
* gpgconf-comp.c: Use xmalloc, libcommon's asctimestamp and * gpgconf-comp.c: Use xmalloc, libcommon's asctimestamp and
gnupg_get_time, fix error() invocation and use getline() gnupg_get_time, fix error() invocation and use getline()
consistently. consistently.
2004-01-30 Werner Koch <wk@gnupg.org> 2004-01-30 Werner Koch <wk@gnupg.org>
* addgnupghome: Also set the group of copied files. * addgnupghome: Also set the group of copied files.
2004-01-30 Werner Koch <wk@gnupg.org> 2004-01-30 Werner Koch <wk@gnupg.org>
@ -1058,7 +1065,7 @@
2004-01-10 Werner Koch <wk@gnupg.org> 2004-01-10 Werner Koch <wk@gnupg.org>
* Makefile.am: Use GPG_ERROR_CFLAGS * Makefile.am: Use GPG_ERROR_CFLAGS
2004-01-05 Werner Koch <wk@gnupg.org> 2004-01-05 Werner Koch <wk@gnupg.org>
* Manifest: New. * Manifest: New.

156
tools/gpgconf-comp.c
View File

@ -179,13 +179,13 @@ static struct
NULL, "gpgconf-gpg.conf" }, NULL, "gpgconf-gpg.conf" },
{ "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM, { "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM,
NULL, "gpgconf-gpgsm.conf" }, NULL, "gpgconf-gpgsm.conf" },
{ "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT, { "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT,
gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" }, gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" },
{ "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON, { "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON,
scdaemon_runtime_change, "gpgconf-scdaemon.conf" }, scdaemon_runtime_change, "gpgconf-scdaemon.conf" },
{ "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR, { "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR,
NULL, "gpgconf-dirmngr.conf" }, NULL, "gpgconf-dirmngr.conf" },
{ "DirMngr LDAP Server List", NULL, 0, { "DirMngr LDAP Server List", NULL, 0,
NULL, "ldapserverlist-file", "LDAP Server" }, NULL, "ldapserverlist-file", "LDAP Server" },
}; };
@ -400,17 +400,17 @@ struct gc_option
/* A gettext domain in which the following description can be found. /* A gettext domain in which the following description can be found.
If this is NULL, then DESC is not translated. Valid for groups If this is NULL, then DESC is not translated. Valid for groups
and options. and options.
Note that we try to keep the description of groups within the Note that we try to keep the description of groups within the
gnupg domain. gnupg domain.
IMPORTANT: If you add a new domain please make sure to add a code IMPORTANT: If you add a new domain please make sure to add a code
set switching call to the function my_dgettext further below. */ set switching call to the function my_dgettext further below. */
const char *desc_domain; const char *desc_domain;
/* A gettext description for this group or option. If it starts /* A gettext description for this group or option. If it starts
with a '|', then the string up to the next '|' describes the with a '|', then the string up to the next '|' describes the
argument, and the description follows the second '|'. argument, and the description follows the second '|'.
In general enclosing these description in N_() is not required In general enclosing these description in N_() is not required
because the description should be identical to the one in the because the description should be identical to the one in the
@ -508,7 +508,7 @@ static gc_option_t gc_options_gpg_agent[] =
GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC, GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
"gnupg", N_("Options controlling the security") }, "gnupg", N_("Options controlling the security") },
{ "default-cache-ttl", GC_OPT_FLAG_RUNTIME, { "default-cache-ttl", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_BASIC, "gnupg", GC_LEVEL_BASIC, "gnupg",
"|N|expire cached PINs after N seconds", "|N|expire cached PINs after N seconds",
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME, { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
@ -520,7 +520,7 @@ static gc_option_t gc_options_gpg_agent[] =
N_("|N|set maximum PIN cache lifetime to N seconds"), N_("|N|set maximum PIN cache lifetime to N seconds"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME, { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", GC_LEVEL_EXPERT, "gnupg",
N_("|N|set maximum SSH key lifetime to N seconds"), N_("|N|set maximum SSH key lifetime to N seconds"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME, { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
@ -536,16 +536,16 @@ static gc_option_t gc_options_gpg_agent[] =
{ "Passphrase policy", { "Passphrase policy",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
"gnupg", N_("Options enforcing a passphrase policy") }, "gnupg", N_("Options enforcing a passphrase policy") },
{ "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME, { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", GC_LEVEL_EXPERT, "gnupg",
N_("do not allow to bypass the passphrase policy"), N_("do not allow to bypass the passphrase policy"),
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "min-passphrase-len", GC_OPT_FLAG_RUNTIME, { "min-passphrase-len", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_ADVANCED, "gnupg", GC_LEVEL_ADVANCED, "gnupg",
N_("|N|set minimal required length for new passphrases to N"), N_("|N|set minimal required length for new passphrases to N"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME, { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", GC_LEVEL_EXPERT, "gnupg",
N_("|N|require at least N non-alpha characters for a new passphrase"), N_("|N|require at least N non-alpha characters for a new passphrase"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME, { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME,
@ -553,11 +553,11 @@ static gc_option_t gc_options_gpg_agent[] =
"gnupg", N_("|FILE|check new passphrases against pattern in FILE"), "gnupg", N_("|FILE|check new passphrases against pattern in FILE"),
GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT },
{ "max-passphrase-days", GC_OPT_FLAG_RUNTIME, { "max-passphrase-days", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", GC_LEVEL_EXPERT, "gnupg",
N_("|N|expire the passphrase after N days"), N_("|N|expire the passphrase after N days"),
GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT },
{ "enable-passphrase-history", GC_OPT_FLAG_RUNTIME, { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", GC_LEVEL_EXPERT, "gnupg",
N_("do not allow the reuse of old passphrases"), N_("do not allow the reuse of old passphrases"),
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
@ -816,7 +816,7 @@ static gc_option_t gc_options_dirmngr[] =
{ "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"dirmngr", "csh-style command output", "dirmngr", "csh-style command output",
GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR },
{ "Configuration", { "Configuration",
GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT, GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
"gnupg", N_("Options controlling the configuration") }, "gnupg", N_("Options controlling the configuration") },
@ -1031,11 +1031,11 @@ gpg_agent_runtime_change (void)
const char *pgmname; const char *pgmname;
const char *argv[2]; const char *argv[2];
pid_t pid; pid_t pid;
pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT); pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT);
argv[0] = "reloadagent"; argv[0] = "reloadagent";
argv[1] = NULL; argv[1] = NULL;
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid); err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err) if (!err)
err = gnupg_wait_process (pgmname, pid, NULL); err = gnupg_wait_process (pgmname, pid, NULL);
@ -1053,7 +1053,7 @@ scdaemon_runtime_change (void)
const char *pgmname; const char *pgmname;
const char *argv[6]; const char *argv[6];
pid_t pid; pid_t pid;
/* We use "GETINFO app_running" to see whether the agent is already /* We use "GETINFO app_running" to see whether the agent is already
running and kill it only in this case. This avoids an explicit running and kill it only in this case. This avoids an explicit
starting of the agent in case it is not yet running. There is starting of the agent in case it is not yet running. There is
@ -1066,7 +1066,7 @@ scdaemon_runtime_change (void)
argv[3] = "scd killscd"; argv[3] = "scd killscd";
argv[4] = "/end"; argv[4] = "/end";
argv[5] = NULL; argv[5] = NULL;
err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid); err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
if (!err) if (!err)
err = gnupg_wait_process (pgmname, pid, NULL); err = gnupg_wait_process (pgmname, pid, NULL);
@ -1087,7 +1087,7 @@ gc_component_reload (int component)
/* Set a flag for the backends to be reloaded. */ /* Set a flag for the backends to be reloaded. */
for (backend = 0; backend < GC_BACKEND_NR; backend++) for (backend = 0; backend < GC_BACKEND_NR; backend++)
runtime[backend] = 0; runtime[backend] = 0;
if (component == -1) if (component == -1)
{ {
for (component = 0; component < GC_COMPONENT_NR; component++) for (component = 0; component < GC_COMPONENT_NR; component++)
@ -1106,7 +1106,7 @@ gc_component_reload (int component)
} }
/* Do the reload for all selected backends. */ /* Do the reload for all selected backends. */
for (backend = 0; backend < GC_BACKEND_NR; backend++) for (backend = 0; backend < GC_BACKEND_NR; backend++)
{ {
if (runtime[backend] && gc_backend[backend].runtime_change) if (runtime[backend] && gc_backend[backend].runtime_change)
(*gc_backend[backend].runtime_change) (); (*gc_backend[backend].runtime_change) ();
@ -1129,7 +1129,7 @@ my_dgettext (const char *domain, const char *msgid)
{ {
static int switched_codeset; static int switched_codeset;
char *text; char *text;
if (!switched_codeset) if (!switched_codeset)
{ {
switched_codeset = 1; switched_codeset = 1;
@ -1149,7 +1149,7 @@ my_dgettext (const char *domain, const char *msgid)
{ {
static int switched_codeset; static int switched_codeset;
char *text; char *text;
if (!switched_codeset) if (!switched_codeset)
{ {
switched_codeset = 1; switched_codeset = 1;
@ -1157,7 +1157,7 @@ my_dgettext (const char *domain, const char *msgid)
bindtextdomain ("dirmngr", LOCALEDIR); bindtextdomain ("dirmngr", LOCALEDIR);
bind_textdomain_codeset ("dirmngr", "utf-8"); bind_textdomain_codeset ("dirmngr", "utf-8");
} }
/* Note: This is a hack to actually use the gnupg2 domain as /* Note: This is a hack to actually use the gnupg2 domain as
@ -1202,7 +1202,7 @@ gc_percent_escape (const char *src)
*(dst++) = '%'; *(dst++) = '%';
*(dst++) = '2'; *(dst++) = '2';
*(dst++) = '5'; *(dst++) = '5';
} }
else if (*src == ':') else if (*src == ':')
{ {
/* The colon is used as field separator. */ /* The colon is used as field separator. */
@ -1258,7 +1258,7 @@ percent_deescape (const char *src)
*(dst++) = (char) val; *(dst++) = (char) val;
src += 3; src += 3;
} }
else else
*(dst++) = *(src++); *(dst++) = *(src++);
} }
@ -1357,7 +1357,7 @@ collect_error_output (int fd, const char *tag)
buffer[pos - (c == '\n')] = 0; buffer[pos - (c == '\n')] = 0;
if (cont_line) if (cont_line)
; /*Ignore continuations of previous line. */ ; /*Ignore continuations of previous line. */
else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':') else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':')
{ {
/* "gpgsm: foo:4: bla" */ /* "gpgsm: foo:4: bla" */
/* Yep, we are interested in this line. */ /* Yep, we are interested in this line. */
@ -1406,7 +1406,7 @@ collect_error_output (int fd, const char *tag)
cont_line = (c != '\n'); cont_line = (c != '\n');
} }
} }
/* We ignore error lines not terminated by a LF. */ /* We ignore error lines not terminated by a LF. */
fclose (fp); fclose (fp);
@ -1469,12 +1469,12 @@ gc_component_check_options (int component, FILE *out, const char *conf_file)
} }
argv[i++] = "--gpgconf-test"; argv[i++] = "--gpgconf-test";
argv[i++] = NULL; argv[i++] = NULL;
err = gnupg_create_inbound_pipe (filedes); err = gnupg_create_inbound_pipe (filedes);
if (err) if (err)
gc_error (1, 0, _("error creating a pipe: %s\n"), gc_error (1, 0, _("error creating a pipe: %s\n"),
gpg_strerror (err)); gpg_strerror (err));
result = 0; result = 0;
errlines = NULL; errlines = NULL;
if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid)) if (gnupg_spawn_process_fd (pgmname, argv, -1, -1, filedes[1], &pid))
@ -1483,10 +1483,10 @@ gc_component_check_options (int component, FILE *out, const char *conf_file)
close (filedes[1]); close (filedes[1]);
result |= 1; /* Program could not be run. */ result |= 1; /* Program could not be run. */
} }
else else
{ {
close (filedes[1]); close (filedes[1]);
errlines = collect_error_output (filedes[0], errlines = collect_error_output (filedes[0],
gc_component[component].name); gc_component[component].name);
if (gnupg_wait_process (pgmname, pid, &exitcode)) if (gnupg_wait_process (pgmname, pid, &exitcode))
{ {
@ -1496,12 +1496,12 @@ gc_component_check_options (int component, FILE *out, const char *conf_file)
result |= 2; /* Program returned an error. */ result |= 2; /* Program returned an error. */
} }
} }
/* If the program could not be run, we can't tell whether /* If the program could not be run, we can't tell whether
the config file is good. */ the config file is good. */
if (result & 1) if (result & 1)
result |= 2; result |= 2;
if (out) if (out)
{ {
const char *desc; const char *desc;
@ -1608,7 +1608,7 @@ list_one_option (const gc_option_t *option, FILE *out)
if (opt.verbose) if (opt.verbose)
{ {
putc (' ', out); putc (' ', out);
if (!option->flags) if (!option->flags)
fprintf (out, "none"); fprintf (out, "none");
else else
@ -1640,7 +1640,7 @@ list_one_option (const gc_option_t *option, FILE *out)
/* The description field. */ /* The description field. */
fprintf (out, ":%s", desc ? gc_percent_escape (desc) : ""); fprintf (out, ":%s", desc ? gc_percent_escape (desc) : "");
/* The type field. */ /* The type field. */
fprintf (out, ":%u", option->arg_type); fprintf (out, ":%u", option->arg_type);
if (opt.verbose) if (opt.verbose)
@ -1682,7 +1682,7 @@ list_one_option (const gc_option_t *option, FILE *out)
/* List all options of the component COMPONENT. */ /* List all options of the component COMPONENT. */
void void
gc_component_list_options (int component, FILE *out) gc_component_list_options (int component, FILE *out)
{ {
const gc_option_t *option = gc_component[component].options; const gc_option_t *option = gc_component[component].options;
while (option && option->name) while (option && option->name)
@ -1705,7 +1705,7 @@ gc_component_list_options (int component, FILE *out)
different active options, and because it is hard to different active options, and because it is hard to
maintain manually, we calculate it here. The value in maintain manually, we calculate it here. The value in
the global static table is ignored. */ the global static table is ignored. */
while (group_option->name) while (group_option->name)
{ {
if (group_option->flags & GC_OPT_FLAG_GROUP) if (group_option->flags & GC_OPT_FLAG_GROUP)
@ -1778,7 +1778,7 @@ get_config_filename (gc_component_t component, gc_backend_t backend)
filename = ""; filename = "";
#ifdef HAVE_DOSISH_SYSTEM #ifdef HAVE_DOSISH_SYSTEM
if (!(filename[0] if (!(filename[0]
&& filename[1] == ':' && filename[1] == ':'
&& (filename[2] == '/' || filename[2] == '\\'))) && (filename[2] == '/' || filename[2] == '\\')))
#else #else
@ -1813,8 +1813,8 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
if (err) if (err)
gc_error (1, 0, _("error creating a pipe: %s\n"), gpg_strerror (err)); gc_error (1, 0, _("error creating a pipe: %s\n"), gpg_strerror (err));
pgmname = (gc_backend[backend].module_name pgmname = (gc_backend[backend].module_name
? gnupg_module_name (gc_backend[backend].module_name) ? gnupg_module_name (gc_backend[backend].module_name)
: gc_backend[backend].program ); : gc_backend[backend].program );
argv[0] = "--gpgconf-list"; argv[0] = "--gpgconf-list";
argv[1] = NULL; argv[1] = NULL;
@ -1838,7 +1838,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
char *linep; char *linep;
unsigned long flags = 0; unsigned long flags = 0;
char *default_value = NULL; char *default_value = NULL;
/* Strip newline and carriage return, if present. */ /* Strip newline and carriage return, if present. */
while (length > 0 while (length > 0
&& (line[length - 1] == '\n' || line[length - 1] == '\r')) && (line[length - 1] == '\n' || line[length - 1] == '\r'))
@ -1847,7 +1847,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
linep = strchr (line, ':'); linep = strchr (line, ':');
if (linep) if (linep)
*(linep++) = '\0'; *(linep++) = '\0';
/* Extract additional flags. Default to none. */ /* Extract additional flags. Default to none. */
if (linep) if (linep)
{ {
@ -1926,7 +1926,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
char *name; char *name;
char *value; char *value;
gc_option_t *option; gc_option_t *option;
name = line; name = line;
while (*name == ' ' || *name == '\t') while (*name == ' ' || *name == '\t')
name++; name++;
@ -2013,7 +2013,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend)
/* Retrieve the options for the component COMPONENT from backend /* Retrieve the options for the component COMPONENT from backend
BACKEND, which we already know is of type file list. */ BACKEND, which we already know is of type file list. */
static void static void
retrieve_options_from_file (gc_component_t component, gc_backend_t backend) retrieve_options_from_file (gc_component_t component, gc_backend_t backend)
{ {
@ -2110,7 +2110,7 @@ gc_component_retrieve_options (int component)
component = 0; component = 0;
assert (component < GC_COMPONENT_NR); assert (component < GC_COMPONENT_NR);
} }
do do
{ {
option = gc_component[component].options; option = gc_component[component].options;
@ -2120,16 +2120,16 @@ gc_component_retrieve_options (int component)
if (!(option->flags & GC_OPT_FLAG_GROUP)) if (!(option->flags & GC_OPT_FLAG_GROUP))
{ {
backend = option->backend; backend = option->backend;
if (backend_seen[backend]) if (backend_seen[backend])
{ {
option++; option++;
continue; continue;
} }
backend_seen[backend] = 1; backend_seen[backend] = 1;
assert (backend != GC_BACKEND_ANY); assert (backend != GC_BACKEND_ANY);
if (gc_backend[backend].program) if (gc_backend[backend].program)
retrieve_options_from_program (component, backend); retrieve_options_from_program (component, backend);
else else
@ -2156,7 +2156,7 @@ option_check_validity (gc_option_t *option, unsigned long flags,
if (!option->active) if (!option->active)
gc_error (1, 0, "option %s not supported by backend %s", gc_error (1, 0, "option %s not supported by backend %s",
option->name, gc_backend[option->backend].name); option->name, gc_backend[option->backend].name);
if (option->new_flags || option->new_value) if (option->new_flags || option->new_value)
gc_error (1, 0, "option %s already changed", option->name); gc_error (1, 0, "option %s already changed", option->name);
@ -2805,10 +2805,10 @@ change_options_program (gc_component_t component, gc_backend_t backend,
== GC_ARG_TYPE_STRING) == GC_ARG_TYPE_STRING)
{ {
char *end; char *end;
assert (*arg == '"'); assert (*arg == '"');
arg++; arg++;
end = strchr (arg, ','); end = strchr (arg, ',');
if (end) if (end)
*end = '\0'; *end = '\0';
@ -2986,16 +2986,16 @@ gc_component_change_options (int component, FILE *in, FILE *out)
char *linep; char *linep;
unsigned long flags = 0; unsigned long flags = 0;
char *new_value = ""; char *new_value = "";
/* Strip newline and carriage return, if present. */ /* Strip newline and carriage return, if present. */
while (length > 0 while (length > 0
&& (line[length - 1] == '\n' || line[length - 1] == '\r')) && (line[length - 1] == '\n' || line[length - 1] == '\r'))
line[--length] = '\0'; line[--length] = '\0';
linep = strchr (line, ':'); linep = strchr (line, ':');
if (linep) if (linep)
*(linep++) = '\0'; *(linep++) = '\0';
/* Extract additional flags. Default to none. */ /* Extract additional flags. Default to none. */
if (linep) if (linep)
{ {
@ -3005,20 +3005,20 @@ gc_component_change_options (int component, FILE *in, FILE *out)
end = strchr (linep, ':'); end = strchr (linep, ':');
if (end) if (end)
*(end++) = '\0'; *(end++) = '\0';
errno = 0; errno = 0;
flags = strtoul (linep, &tail, 0); flags = strtoul (linep, &tail, 0);
if (errno) if (errno)
gc_error (1, errno, "malformed flags in option %s", line); gc_error (1, errno, "malformed flags in option %s", line);
if (!(*tail == '\0' || *tail == ':' || *tail == ' ')) if (!(*tail == '\0' || *tail == ':' || *tail == ' '))
gc_error (1, 0, "garbage after flags in option %s", line); gc_error (1, 0, "garbage after flags in option %s", line);
linep = end; linep = end;
} }
/* Don't allow setting of the no change flag. */ /* Don't allow setting of the no change flag. */
flags &= ~GC_OPT_FLAG_NO_CHANGE; flags &= ~GC_OPT_FLAG_NO_CHANGE;
/* Extract default value, if present. Default to empty if not. */ /* Extract default value, if present. Default to empty if not. */
if (linep) if (linep)
{ {
@ -3029,18 +3029,18 @@ gc_component_change_options (int component, FILE *in, FILE *out)
new_value = linep; new_value = linep;
linep = end; linep = end;
} }
option = find_option (component, line, GC_BACKEND_ANY); option = find_option (component, line, GC_BACKEND_ANY);
if (!option) if (!option)
gc_error (1, 0, "unknown option %s", line); gc_error (1, 0, "unknown option %s", line);
if ((option->flags & GC_OPT_FLAG_NO_CHANGE)) if ((option->flags & GC_OPT_FLAG_NO_CHANGE))
{ {
gc_error (0, 0, "ignoring new value for option %s", gc_error (0, 0, "ignoring new value for option %s",
option->name); option->name);
continue; continue;
} }
change_one_value (option, runtime, flags, new_value); change_one_value (option, runtime, flags, new_value);
} }
} }
@ -3086,10 +3086,10 @@ gc_component_change_options (int component, FILE *in, FILE *out)
&src_filename[option->backend], &src_filename[option->backend],
&dest_filename[option->backend], &dest_filename[option->backend],
&orig_filename[option->backend]); &orig_filename[option->backend]);
if (err) if (err)
break; break;
option++; option++;
} }
@ -3178,14 +3178,14 @@ gc_component_change_options (int component, FILE *in, FILE *out)
/* If it all worked, notify the daemons of the changes. */ /* If it all worked, notify the daemons of the changes. */
if (opt.runtime) if (opt.runtime)
for (backend = 0; backend < GC_BACKEND_NR; backend++) for (backend = 0; backend < GC_BACKEND_NR; backend++)
{ {
if (runtime[backend] && gc_backend[backend].runtime_change) if (runtime[backend] && gc_backend[backend].runtime_change)
(*gc_backend[backend].runtime_change) (); (*gc_backend[backend].runtime_change) ();
} }
/* Move the per-process backup file into its place. */ /* Move the per-process backup file into its place. */
for (backend = 0; backend < GC_BACKEND_NR; backend++) for (backend = 0; backend < GC_BACKEND_NR; backend++)
if (orig_filename[backend]) if (orig_filename[backend])
{ {
char *backup_filename; char *backup_filename;
@ -3222,7 +3222,7 @@ key_matches_user_or_group (char *user)
*group++ = 0; *group++ = 0;
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
/* Under Windows we don't support groups. */ /* Under Windows we don't support groups. */
if (group && *group) if (group && *group)
gc_error (0, 0, _("Note that group specifications are ignored\n")); gc_error (0, 0, _("Note that group specifications are ignored\n"));
if (*user) if (*user)
@ -3333,7 +3333,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
int in_rule = 0; int in_rule = 0;
int got_match = 0; int got_match = 0;
int runtime[GC_BACKEND_NR]; int runtime[GC_BACKEND_NR];
int used_components[GC_COMPONENT_NR];
int backend_id, component_id; int backend_id, component_id;
char *fname; char *fname;
@ -3344,8 +3343,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++) for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
runtime[backend_id] = 0; runtime[backend_id] = 0;
for (component_id = 0; component_id < GC_COMPONENT_NR; component_id++)
used_components[component_id] = 0;
config = fopen (fname, "r"); config = fopen (fname, "r");
if (!config) if (!config)
@ -3368,7 +3365,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
gc_option_t *option_info = NULL; gc_option_t *option_info = NULL;
char *p; char *p;
int is_continuation; int is_continuation;
lineno++; lineno++;
key = line; key = line;
while (*key == ' ' || *key == '\t') while (*key == ' ' || *key == '\t')
@ -3533,26 +3530,26 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
*group++ = 0; *group++ = 0;
if ((p = strchr (group, ':'))) if ((p = strchr (group, ':')))
*p = 0; /* We better strip any extra stuff. */ *p = 0; /* We better strip any extra stuff. */
} }
fprintf (listfp, "k:%s:", gc_percent_escape (key)); fprintf (listfp, "k:%s:", gc_percent_escape (key));
fprintf (listfp, "%s\n", group? gc_percent_escape (group):""); fprintf (listfp, "%s\n", group? gc_percent_escape (group):"");
} }
/* All other lines are rule records. */ /* All other lines are rule records. */
fprintf (listfp, "r:::%s:%s:%s:", fprintf (listfp, "r:::%s:%s:%s:",
gc_component[component_id].name, gc_component[component_id].name,
option_info->name? option_info->name : "", option_info->name? option_info->name : "",
flags? flags : ""); flags? flags : "");
if (value != empty) if (value != empty)
fprintf (listfp, "\"%s", gc_percent_escape (value)); fprintf (listfp, "\"%s", gc_percent_escape (value));
putc ('\n', listfp); putc ('\n', listfp);
} }
/* Check whether the key matches but do this only if we are not /* Check whether the key matches but do this only if we are not
running in syntax check mode. */ running in syntax check mode. */
if ( update if ( update
&& !result && !listfp && !result && !listfp
&& (got_match || (key && key_matches_user_or_group (key))) ) && (got_match || (key && key_matches_user_or_group (key))) )
{ {
@ -3573,7 +3570,6 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
if (defaults) if (defaults)
{ {
assert (component_id >= 0 && component_id < GC_COMPONENT_NR); assert (component_id >= 0 && component_id < GC_COMPONENT_NR);
used_components[component_id] = 1;
/* Here we explicitly allow to update the value again. */ /* Here we explicitly allow to update the value again. */
if (newflags) if (newflags)
@ -3616,7 +3612,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults,
if (opt.runtime) if (opt.runtime)
{ {
for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++) for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++)
if (runtime[backend_id] && gc_backend[backend_id].runtime_change) if (runtime[backend_id] && gc_backend[backend_id].runtime_change)
(*gc_backend[backend_id].runtime_change) (); (*gc_backend[backend_id].runtime_change) ();
} }

41
tools/symcryptrun.c
View File

@ -72,14 +72,17 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/wait.h> #include <sys/wait.h>
#ifdef HAVE_PTY_H #ifdef HAVE_PTY_H
#include <pty.h> # include <pty.h>
#endif
#ifdef HAVE_UTMP_H
# include <utmp.h>
#endif #endif
#include <ctype.h> #include <ctype.h>
#ifdef HAVE_LOCALE_H #ifdef HAVE_LOCALE_H
#include <locale.h> # include <locale.h>
#endif #endif
#ifdef HAVE_LANGINFO_CODESET #ifdef HAVE_LANGINFO_CODESET
#include <langinfo.h> # include <langinfo.h>
#endif #endif
#include <gpg-error.h> #include <gpg-error.h>
@ -152,9 +155,9 @@ static ARGPARSE_OPTS opts[] =
{ oDecrypt, "decrypt", 0, N_("decryption modus") }, { oDecrypt, "decrypt", 0, N_("decryption modus") },
{ oEncrypt, "encrypt", 0, N_("encryption modus") }, { oEncrypt, "encrypt", 0, N_("encryption modus") },
{ 302, NULL, 0, N_("@\nOptions:\n ") }, { 302, NULL, 0, N_("@\nOptions:\n ") },
{ oClass, "class", 2, N_("tool class (confucius)") }, { oClass, "class", 2, N_("tool class (confucius)") },
{ oProgram, "program", 2, N_("program filename") }, { oProgram, "program", 2, N_("program filename") },
@ -167,7 +170,7 @@ static ARGPARSE_OPTS opts[] =
/* Hidden options. */ /* Hidden options. */
{ oNoVerbose, "no-verbose", 0, "@" }, { oNoVerbose, "no-verbose", 0, "@" },
{ oHomedir, "homedir", 2, "@" }, { oHomedir, "homedir", 2, "@" },
{ oNoOptions, "no-options", 0, "@" },/* shortcut for --options /dev/null */ { oNoOptions, "no-options", 0, "@" },/* shortcut for --options /dev/null */
{0} {0}
@ -253,10 +256,10 @@ remove_file (char *name, int shred)
if (pid == 0) if (pid == 0)
{ {
/* Child. */ /* Child. */
/* -f forces file to be writable, and -u unlinks it afterwards. */ /* -f forces file to be writable, and -u unlinks it afterwards. */
char *args[] = { SHRED, "-uf", name, NULL }; char *args[] = { SHRED, "-uf", name, NULL };
execv (SHRED, args); execv (SHRED, args);
_exit (127); _exit (127);
} }
@ -268,11 +271,11 @@ remove_file (char *name, int shred)
else else
{ {
/* Parent. */ /* Parent. */
if (TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)) != pid) if (TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)) != pid)
status = -1; status = -1;
} }
if (!WIFEXITED (status)) if (!WIFEXITED (status))
{ {
log_error (_("%s on %s aborted with status %i\n"), log_error (_("%s on %s aborted with status %i\n"),
@ -427,7 +430,7 @@ confucius_get_pass (const char *cacheid, int again, int *canceled)
if (canceled) if (canceled)
*canceled = 0; *canceled = 0;
orig_codeset = i18n_switchto_utf8 (); orig_codeset = i18n_switchto_utf8 ();
pw = simple_pwquery (cacheid, pw = simple_pwquery (cacheid,
again ? _("does not match - try again"):NULL, again ? _("does not match - try again"):NULL,
@ -445,7 +448,7 @@ confucius_get_pass (const char *cacheid, int again, int *canceled)
log_info (_("cancelled\n")); log_info (_("cancelled\n"));
if (canceled) if (canceled)
*canceled = 1; *canceled = 1;
} }
} }
return pw; return pw;
@ -554,7 +557,7 @@ confucius_process (int mode, char *infile, char *outfile,
free (args); free (args);
return 1; return 1;
} }
else if (pid == 0) else if (pid == 0)
{ {
/* Child. */ /* Child. */
@ -627,7 +630,7 @@ confucius_process (int mode, char *infile, char *outfile,
close (cstderr[0]); close (cstderr[0]);
return 1; return 1;
} }
else else
{ {
char *newline; char *newline;
@ -853,7 +856,7 @@ confucius_main (int mode, int argc, char *argv[])
rmdir (tmpdir); rmdir (tmpdir);
return res; return res;
} }
remove_file (outfile, mode == oDecrypt); remove_file (outfile, mode == oDecrypt);
if (infile_from_stdin) if (infile_from_stdin)
remove_file (infile, mode == oEncrypt); remove_file (infile, mode == oEncrypt);
@ -873,7 +876,7 @@ main (int argc, char **argv)
char **orig_argv; char **orig_argv;
FILE *configfp = NULL; FILE *configfp = NULL;
char *configname = NULL; char *configname = NULL;
unsigned configlineno; unsigned configlineno;
int mode = 0; int mode = 0;
int res; int res;
char *logfile = NULL; char *logfile = NULL;
@ -910,7 +913,7 @@ main (int argc, char **argv)
if (default_config) if (default_config)
configname = make_filename (opt.homedir, "symcryptrun.conf", NULL ); configname = make_filename (opt.homedir, "symcryptrun.conf", NULL );
argc = orig_argc; argc = orig_argc;
argv = orig_argv; argv = orig_argv;
pargs.argc = &argc; pargs.argc = &argc;
@ -929,7 +932,7 @@ main (int argc, char **argv)
configname, strerror(errno) ); configname, strerror(errno) );
exit(1); exit(1);
} }
xfree (configname); xfree (configname);
configname = NULL; configname = NULL;
} }
default_config = 0; default_config = 0;
@ -946,7 +949,7 @@ main (int argc, char **argv)
case oQuiet: opt.quiet = 1; break; case oQuiet: opt.quiet = 1; break;
case oVerbose: opt.verbose++; break; case oVerbose: opt.verbose++; break;
case oNoVerbose: opt.verbose = 0; break; case oNoVerbose: opt.verbose = 0; break;
case oClass: opt.class = pargs.r.ret_str; break; case oClass: opt.class = pargs.r.ret_str; break;
case oProgram: opt.program = pargs.r.ret_str; break; case oProgram: opt.program = pargs.r.ret_str; break;
case oKeyfile: opt.keyfile = pargs.r.ret_str; break; case oKeyfile: opt.keyfile = pargs.r.ret_str; break;