1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

911 Commits

Author SHA1 Message Date
NIIBE Yutaka
5744d2038b agent: Minor fix for get_client_pid.
* agent/command-ssh.c (get_client_pid): Use 0 to initialize.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-04 10:39:00 +09:00
Werner Koch
d23052b04e
gpgconf: Add --enable-extended-key-format for the agent.
* tools/gpgconf-conf.c: Add option.
* agent/gpg-agent.c (main) <aGPGConfList>: Add option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 16:54:43 +02:00
Werner Koch
d24375271b
agent: Use OCB for key protection with --enable-extended-key-format.
* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
(agent_protect): Make the default protection mode depend on the extend
key format option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-02 20:02:55 +02:00
Werner Koch
2c237c1362
agent: New option --enable-extended-key-format.
* agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
(opts): New option --enable-extended-key-format.
(parse_rereadable_options): Set option
* agent/findkey.c (write_extended_private_key): Add arg 'update'.
(agent_write_private_key): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-24 10:35:36 +01:00
Werner Koch
6fab7bba87
agent: New option --stub-only for DELETE_KEY
* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
* agent/command.c (cmd_delete_key): Add option --stub-only.
--

This option can be used to savely remove stub keys.
2017-03-24 09:02:30 +01:00
NIIBE Yutaka
8c8ce8711d agent,g10: Remove redundant SERIALNO request.
* agent/learncard.c (agent_handle_learn): Don't call
agent_card_serialno.  Get the serialno in status response.
* g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO".
(agent_scd_serialno): New.
(card_cardlist_cb, agent_scd_cardlist): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-16 14:32:51 +09:00
NIIBE Yutaka
176e07ce10 agent: Resolve conflict of util.h.
* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
* agent/w32main.c: Ditto.

--

For openpty function, we need to include util.h on some OS.
We also have util.h in common/, so this change is needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 19:22:48 +09:00
NIIBE Yutaka
bf03925751 agent: Add include files.
* agent/command-ssh.c: Add sys/socket.h and sys/un.h.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 14:22:34 +09:00
NIIBE Yutaka
f7f806afa5 agent: Fix get_client_pid for portability.
* configure.ac: Simply check getpeerucred and ucred.h, and structure
members.
* agent/command-ssh.c: Include ucred.h.
(get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred
structure for OpenBSD.
[LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS.
[LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD.
[HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris.

--

This change also addresses following bug.

GnuPG-bug-id: 2981.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 14:06:35 +09:00
NIIBE Yutaka
4ce4f2f683 agent: For SSH, robustly handling scdaemon's errors.
* agent/command-ssh.c (card_key_list): Return 0 when
agent_card_serialno returns an error.
(ssh_handler_request_identities): Handle errors for card listing
and proceed to other cases.
--

GnuPG-bug-id: 2980

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-06 10:30:57 +09:00
Werner Koch
d6f0f36876
agent: Improve error message for the KEYTOCARD command.
* agent/command.c (cmd_keytocard): Always use leave_cmd.  Simplify
timestamp checking and do an early test with an appropriate error
message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-02 12:29:31 +01:00
Werner Koch
f98c8cb013
scd,agent: Improve the OpenPGP PIN prompt texts.
* scd/app-openpgp.c (get_prompt_info): Change texts.
* agent/call-pinentry.c (struct entry_features): New.
(getinfo_features_cb): New.
(start_pinentry): Set new fucntion as status callback.
(build_cmd_setdesc): New.  Replace all snprintf for SETDESC by this
one.
--

Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 18:51:02 +01:00
Werner Koch
e3944f34e3
scd: Improve the prompts for OpenPGP cards.
* scd/app-openpgp.c (get_disp_name): New.
(get_disp_serialno): New.
(get_prompt_info): New.
(build_enter_admin_pin_prompt): Rework the prompt texts.  Factor some
code out to ...
(get_remaining_tries): New.
(verify_a_chv): Print a remaining counter also for the standard PIN.
Rework the prompt texts.

* agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
no.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 15:48:33 +01:00
Werner Koch
6488ffb767
agent: Prepend the description to a PIN prompt.
* agent/divert-scd.c (has_percent0A_suffix): New.
(getpin_cb): Prepend DESC_TEXT to the prompt.
* agent/findkey.c (modify_description): Rename to ...
(agent_modify_description): this.  MAke global.  Add kludge to remove
empty parentheses from the end.
(agent_key_from_file, agent_delete_key): Adjust for above change.
* agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when
diverting to a card.
--

Now that we have support for multiple tokens, it is important to show
information on which key has been requested.  Without that it may
happen that the PIN for a wrong card is accidentally entered.

The texts are a bit ugly, because they talk about "passphrase" but
later about entering a PIN.

A quick hack would be to s/passphrase/PIN/ in the description but that
is complicated due to i18n.  Another solution might be never to talk
about PINs in the description but always about "passphrase: and only
use "PIN" or "passphrase" on the left of the entry field.
2017-02-22 11:04:55 +01:00
Werner Koch
78d875a0f8
agent: Prepare to pass an additional parameter to the getpin callback.
* agent/call-scd.c (writekey_parm_s, inq_needpin_s): Merge into ...
(inq_needpin_parm_s): new struct.  Add new field 'getpin_cb_desc'.
Change users to set all fields.
(inq_needpin): Pass GETPIN_CB_DESC to the GETPIN_CB.
(agent_card_pksign): Add arg 'desc_text' and change arg 'getpin_cb' to
take an additional arg 'desc_text'.
(agent_card_pkdecrypt): Ditto.
(agent_card_writekey): Change arg 'getpin_cb' to take an additional
arg 'desc_text'.
(agent_card_scd): Ditto.
* agent/divert-scd.c (getpin_cb): Add new arg 'desc_text'.
(divert_pksign): Add new arg 'desc_text' and pass is to
agent_card_pksign.
(divert_pkdecrypt): Add new arg 'desc_text' and pass is to
agent_card_pkdecrypt.
* agent/pkdecrypt.c (agent_pkdecrypt): Pass DESC_TEXT to
divert_pkdecrypt.
* agent/pksign.c (agent_pksign_do):  Pass DESC_TEXT to
divert_pksign.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-22 09:40:50 +01:00
Daniel Kahn Gillmor
ccb420380b Fix spelling.
--

Clean up several other misspellings noticed while reviewing Yuri's
de-duplication patch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
NIIBE Yutaka
dea4b3c742 agent: No cards is not an error.
* agent/command-ssh.c (card_key_list): Care the case of no cards.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-17 20:02:38 +09:00
NIIBE Yutaka
3f4f64b6ac agent: Send back all public keys for available cards.
* agent/call-scd.c (card_cardlist_cb, agent_card_cardlist): New.
* agent/command-ssh.c (card_key_list): New.
(ssh_handler_request_identities): Call card_key_list and loop for the
list to send public keys for all available cards.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-02-17 19:46:01 +09:00
Werner Koch
042fe711c7
agent: Tell pinentry the hostname the agent is running on.
* agent/call-pinentry.c [!W32]: Incluse utsname.h
(start_pinentry): Pass nodename to OPTION/owner.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-03 21:16:26 +01:00
Werner Koch
309f464a59
agent: Tell the Pinentry the client's pid.
* configure.ac: Check for SO_PEERCRED et al.
* agent/agent.h (server_control_s): Add field 'client_pid'.
* agent/command.c (start_command_handler): Set CLIENT_PID.
* agent/command-ssh.c (get_client_pid): New.
(start_command_handler_ssh): Set CLIENT_PID.
* agent/call-pinentry.c (start_pinentry): Tell Pinentry the client-pid.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-03 17:13:08 +01:00
Werner Koch
7052a0d77c
gpg: More diagnostics for a launched pinentry.
* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
that we do not change the code when adding new fields to
PINENTRY_LAUNCHED.
--

This patch changes the --verbose output of gpg to show
for example

  gpg: pinentry launched (5228 gtk2 1.0.1-beta10 \
  /dev/pts/4 xterm localhost:10.0)

the used tty, its type, and the value of DISPLAY in addiion to the
pid, flavor, and version.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-03 12:05:16 +01:00
Werner Koch
f518196ca6
Fix explanation of commit e175152ef7515921635bf1e00383e812668d13fc.
--
2017-02-01 08:18:44 +01:00
Werner Koch
1ec7dc4e55
Explain commit e175152ef7515921635bf1e00383e812668d13fc.
--
2017-01-30 12:08:30 +01:00
Justus Winter
e175152ef7 agent: Fix double free.
* agent/cache.c (agent_store_cache_hit): Make sure the update is
atomic.
--
Previously, the function freed the last key, and duplicated the new
key after doing that.  There is a chance, however, that calling the
allocator surrenders control to a different thread, causing a double
free if a different thread also calls this function.

To make sure the update is atomic under the non-preemptive thread
model, we must make sure not to surrender control to a different
thread.  Therefore, we avoid calling the allocator during the
update.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-25 13:51:57 +01:00
Werner Koch
707c47f559
Update copyright notices for 2017.
--

Also some http:// -> https:// fixes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 19:16:55 +01:00
Werner Koch
3d356d165a
agent: Reduce sleep time in the progress callback.
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
from 100ms to 1ms or use gpgrt_yield when build against a recent
libgpg-error.
--

Debian-bug-id: 851298
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-18 10:13:18 +01:00
NIIBE Yutaka
0801f49b0d agent: Ask specific SERIALNO for pksign/pkdecrypt.
* agent/call-scd.c (agent_card_serialno): Add DEMAND argument.
* agent/command-ssh.c (card_key_available): Follow the change.
* agent/learncard.c (agent_handle_learn): Likewise.
* agent/divert-scd.c (ask_for_card): Use DEMAND argument.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-16 10:33:08 +09:00
Werner Koch
8d774904c8
agent,w32: Fix annoying output to DebugView.
* agent/gpg-agent.c (startup_fd_list): Do not define for W32.
(main) [W32]: Do not call get_all_open_fds.
--

GnuPG-bug-id: 2267
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-06 18:47:53 +01:00
Werner Koch
e384405b6e
Remove unused debug flags and add "dns" and "network".
* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
* g10/gpg.c (debug_flags): Remove "cardio".
* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* agent/gpg-agent.c (debug_flags): Remove "command".
* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* scd/scdaemon.c (debug_flags): Remove "command".
* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
(DBG_NETWORK_VALUE, DNG_NETWORK): New.
* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
--

Note that "dns" and "network" are not yet used but will soon be added
to dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 09:41:15 +01:00
Daniel Kahn Gillmor
8636ad5023 agent: Respect --enable-large-secmem
* agent/gpg-agent.c (main): Initialize secmem to the configured buffer
size.

--

This patch is a step toward addressing
GnuPG-bug-id: 2857

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-12-06 11:02:47 -05:00
Werner Koch
aa6ab9e0bc
agent,dirmngr: Tiny restructuring.
* agent/gpg-agent.c (handle_connections): Add a comment.
* dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
socket to ...
(handle_connections): here.  Add a comment why we keep the
listening socket open during a shutdown.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 20:35:23 +01:00
Werner Koch
854adc8ae1
agent,dirmngr: Handle corner case in shutdown mode.
* agent/gpg-agent.c (handle_connections): Keep on selecting on the
inotify fd even when a shutdown is pending.
* dirmngr/dirmngr.c (handle_connections): Ditto.  Also simplifyy the
use of the HAVE_INOTIFY_INIT cpp conditional.
--

Without that patch we won't notice a removed socket when a shutdown is
pending.  This is somewhat related to bug report 2849.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 20:17:03 +01:00
Werner Koch
81d6e98cdf
agent,w32: Initialize nPth in server mode.
* agent/gpg-agent.c (main) [W32]: Call initialize_modules in server
mode.
--

Fixes-commit: 9a707a223a3d45ccf245dee7989ca144e4e6bb49
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:54:36 +01:00
NIIBE Yutaka
9a707a223a agent: Fix npth + daemon mode problem.
* agent/gpg-agent.c (main): Remove duplicated initialization in daemon
mode.

--
The commit f57dc2b1e6f28d164f882373535dbcb0d632ca17 fixes a part of
problem (for missing initialization of supervised mode).  It was
actually put in wrong place.

Fixes-commit: 9f92b62a51d2d60f038fdbe01602865c5933fa95
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-11-21 11:18:33 +09:00
Werner Koch
6bf6981972
agent: Improve concurrency when Libgcrypt 1.8 is used.
* agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
system call clamp.
(agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
enough.
--

This patch prepares for a feature comming with Libgcrypt 1.8.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-12 11:03:10 +01:00
Werner Koch
4473db1ef2
agent: Kludge to mitigate blocking calls in Libgcrypt.
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
"need_entropy".
--

During key generation Libgrypt will read from /dev/random which may
block.  Libgcrypt is not nPth aware and thus the entire process will
block.  Fortunately there is also a select with a short timeout to run
the progress callback.  We detect this in gpg-agent and introduce a
short delay to give other threads (i.e. connections) an opportunity to
run.

This alone is not sufficient, an updated Libgpg-error is also required
to make the lock functions nPth aware.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-11 20:36:58 +01:00
Daniel Kahn Gillmor
e51912f467
agent: Clean up comments.
* agent/agent.h: Clean up comments.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-11 08:27:55 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
c1ea0b577a
agent: Extend the PINENTRY_LAUNCHED inquiry and status.
* agent/call-pinentry.c (start_pinentry): Get flavor and version and
pass it to agent_inq_pinentry_launched.
* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-03 20:10:38 +01:00
Daniel Kahn Gillmor
68b59bbc42 Spelling: correct spelling of "passphrase".
There were several different variant spellings of "passphrase".  This
should fix them all for all English text.

I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-02 12:53:58 +01:00
Justus Winter
445f0c13d7 Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:59:56 +02:00
Daniel Kahn Gillmor
6316b28e89 agent,common: move get_socket_name() into common.
* agent/gpg-agent.c (get_socket_name): move to ...
* common/sysutils.c (gnupg_get_socket_name): ... here.

--
This allows us to use the same functionality in dirmngr as well.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-27 10:37:17 +09:00
Werner Koch
b77f95a4a6
agent: Avoid double error message.
* agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
Remove unneeded diagnostic.
--

get_socket_name already prints error messages and thus there is not
need to print another one.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-26 09:10:52 +02:00
Daniel Kahn Gillmor
27f6d5b9f4 agent: --supervised mode improvements.
* agent/gpg-agent.c (map_supervised_socket): if the agent is running
  in --supervised mode and is not actually given LISTEN_FDNAMES
  directives, require at least fd 3 to be open for listening.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-26 14:18:29 +09:00
Justus Winter
852b8f0b89 agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.
* agent/call-pinentry.c (start_pinentry): Also send the user data
using an Assuan 'OPTION' command.
* tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
passphrase file.
(spacep): Include newline characters.
(rstrip): New function.
(main): Handle Windows line endings.  Handle the userdata option, and
restart with the new options.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-25 17:07:08 +02:00
Werner Koch
8c40b3b98d
agent: Minor cleanup for recent change in findkey.c
* agent/findkey.c (agent_write_private_key): Avoid label name error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-24 13:01:06 +02:00
Werner Koch
fdb653a33e
agent: Slightly change structure of cmd_readkey.
* agent/command.c (cmd_readkey): Avoid a leave label in the middle of
the code.  Remove the special return.
--

This helps to get better debug output.

The set_error macro which is used by parse_keygrip merely sets the
error code into the Assuan context.  It is thus no problem anymore to
call leave_cmd after having used set_error.  This might havve been
diffferent in the past.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-24 12:59:57 +02:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
NIIBE Yutaka
1ffd475f99 agent: Fix saving with FORCE=1.
* agent/findkey.c (agent_write_private_key): Recover from an error of
GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 10:57:29 +09:00
NIIBE Yutaka
9a34e2142b agent, g10: Fix keygen.
* agent/command.c (cmd_readkey): Get length after card_readkey.
* g10/keygen.c (gen_card_key): Fix off-by-one error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 20:01:46 +09:00
NIIBE Yutaka
82cbab906a agent: Add --card option for READKEY.
* agent/findkey.c (agent_write_shadow_key): New.
* agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
* agent/learncard.c (agent_handle_learn): Likewise.
* agent/command.c (cmd_readkey): Add --card option.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-20 12:05:15 +09:00
Werner Koch
2f7d4c38c9
agent: Move inotify code to common and improve it.
* common/sysutils.c: Include sys/inotify.h.
(my_error_from_syserror, my_error): New.
(gnupg_inotify_watch_socket): New.
(gnupg_inotify_has_name): New.
* agent/gpg-agent.c: Do not include sys/inotify.h.
(my_inotify_is_name): Remove.
(handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
the new functions.
--

When removing not a simple socket file but the entire directory the
old code missed most events and thus did not worked properly.

IN_DELETE_SELF has also been added to the watch list to detect a
removal of the directory.  However, in all tests that event was not
triggered.  The only way it could be triggered was by not watching
the socket dir but an arbitary directory and rmdir that.

GnuPG-bug-id: 2756
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-15 21:35:05 +02:00
NIIBE Yutaka
fb3b3e1e7a agent: Fix get_socket_name.
* agent/gpg-agent.c (get_socket_name): Fix the size of copying.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-07 19:00:10 +09:00
NIIBE Yutaka
fc0b392e76 agent, dirmngr, scd: Fix init_common_subsystems.
* common/init.c (_init_common_subsystems): Don't call
gpgrt_set_syscall_clamp in this function.
* agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
gpgrt_set_syscall_clamp after npth_init.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-07 10:45:22 +09:00
Werner Koch
1cedc32c95
agent: Another minor fix to map_supervised_sockets.
* agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
Provide correct fd in the second error case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-05 11:48:59 +02:00
Werner Koch
f57dc2b1e6
agent: Fix npth + supervised mode problem.
* agent/gpg-agent.c (main): Initialize modules in supervised mode.
--

It was probably my fault.  I had to rebase my patches to take in the
npth patches but for some reason my addition of initialize_modules got
lost.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-05 09:13:27 +02:00
Daniel Kahn Gillmor
a2127c71db
agent: Fix error handling in map_supervised_sockets
* agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
  close on error is fd, not i.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-05 08:11:53 +02:00
Werner Koch
1a9c8d78ec
agent: Streamline the supervised mode code.
* agent/gpg-agent.c (get_socket_path): Rename to ...
(get_socket_name): this.  This is to comply with the GNU coding guide.
Use xtrymalloc instead of malloc.  Do not build for W32.
(map_supervised_sockets): Use strtokenize and set the the socket names
here.
(main): Adjust for above change.  Do not close the socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-04 17:11:43 +02:00
Werner Koch
afcfae7959
agent: Adjust cleanup for supervised mode. Fix for W32.
* agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
(is_supervised): Move from main() to global.
(inhibit_socket_removal): New.
(cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
(check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
seting the socket names to empty.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-04 17:11:43 +02:00
Werner Koch
dc059af1ff
agent: Adjust supervised mode for the new default socket names.
* agent/gpg-agent.c (main): In supervised mode do not provide default
socket names.  Unset DISPLAY and INSIDE_EMACS.  Use log_error and
agent_exit.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-04 17:11:43 +02:00
Daniel Kahn Gillmor
9f92b62a51
agent: Implement --supervised command (for systemd, etc).
* agent/gpg-agent.c (get_socket_path): New function for POSIX systems
to return the path for a provided unix-domain socket.
(map_supervised_sockets): New function to inspect $LISTEN_FDS and
$LISTEN_FDNAMES and map them to the specific functionality offered by
the agent.
(main): Add --supervised command.  When used, listen on already-open
file descriptors instead of opening our own.
* doc/gpg-agent.texi: Document --supervised option.

--

"gpg-agent --supervised" is a way to invoke gpg-agent such that a
system supervisor like systemd can provide socket-activated startup,
log management, and scheduled shutdown.

When running in this mode, gpg-agent:

 * Does not open its own listening socket; rather, it expects to be
   given a listening socket on incoming file descriptors.

 * Does not detach from the invoking process, staying in the
   foreground instead.  Unless otherwise specified, logs are sent to
   stderr.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-04 17:11:43 +02:00
NIIBE Yutaka
eda17649f8 agent, dirmngr, scd: npth_init must be after fork.
* agent/gpg-agent.c (thread_init_once, initialize_modules): New.
(main): Make sure no daemonizing-fork call after npth_init, and no npth
calls before npth_init, with care of npth calls by assuan hooks.
* dirmngr/dirmngr.c (thread_init): New.
(main): Make sure npth_init must not be called before daemonizing fork.
* scd/scdaemon.c (main): Likewise.

--

It is simply the best for nPth not to allow the daemonizing fork after
npth_init, because semantics and implementations of forked child process
in a threaded application is a difficult corner case.

GnuPG-bug-id: 1779
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-04 09:01:13 +09:00
Werner Koch
80cc16e072
agent: Create the extra sockets in the standard socket dir.
* agent/gpg-agent.c (main): Take the socketdir in account for the
default sockets.
* tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
"agent-browser-socket".

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-30 19:21:51 +02:00
Werner Koch
95cf7afff0
agent: Kludge to allow disabling of the extra sockets.
* agent/gpg-agent.c (main): Check for special socket names.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-30 18:49:16 +02:00
Justus Winter
6054e8aaec build: Fix build against libiconv.
* agent/Makefile.am: Add INCICONV and LIBICONV.
* common/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-30 17:45:59 +02:00
Justus Winter
e11686f973 agent: Enable restricted, browser, and ssh socket by default.
* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
'browser-socket', enable ssh socket by default, but do not emit the
'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
* doc/gpg-agent.texi: Update documentation.
--

This change enables the restricted, browser, and ssh socket by
default.  Note that in all cases, the user has to do some additional
configuration to her setup to make use of these features.  Therefore,
this should not break any existing setups, but makes it simpler to
discover and use these features.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-30 12:06:02 +02:00
NIIBE Yutaka
98bc6f480a agent: Allow only specific digest size for ECDSA.
* agent/pksign.c (do_encode_dsa): Fix validation of digest size.

--

Thanks to Steven Noonan <steven@uplinklabs.net> who offers patches
and a test case.

GnuPG-bug-id: 2702
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-27 14:01:18 +09:00
NIIBE Yutaka
7305d27f36 Fix comment and format.
* agent/protect-tool.c (main): Fix comment.
* doc/DETAILS (colon listings): Fix list.
* tests/openpgp/multisig.test: Fix comment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-17 16:16:41 +09:00
Daniel Kahn Gillmor
0d67241e31 Fix more spelling
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-17 16:00:37 +09:00
Werner Koch
650356148a
agent: Terminate on deletion of the socket file (Linux only).
* configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
* agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
(handle_connections) [HAVE_INOTIFY_INIT]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-06 11:00:12 +02:00
Werner Koch
0b99d1fd2a
agent: Silence --debug IPC output for connections from self.
* agent/command.c (server_local_s): Add fields 'greeting_seen' and
'connect_from_self'.
(io_monitor): Do not log connections from self.
(start_command_handler): Set flag 'connect_from_self'.
* agent/gpg-agent.c (check_own_socket_thread): Disable logging.
(do_start_connection_thread): Do not log conection start and
termination if IPC debugging is enabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 16:24:14 +02:00
Werner Koch
2eeb5551c3
agent: Small improvement of the server's local state.
* agent/command.c (sserver_local_s): Change flags to use only one bit.
(option_handler): Make an atoi return 1 or 0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 16:24:14 +02:00
Werner Koch
0ac671f8a2
common: Add an assuan logging monitor.
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-05 11:58:48 +02:00
NIIBE Yutaka
8b6c0bae33 agent: invoke scdaemon with --homedir.
* agent/call-scd.c (start_scd): Supply --homedir option when it's not
default homedir.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-09-02 13:41:19 +09:00
Werner Koch
b5d63e81d5
agent: Allow import of overly large keys.
* agent/command.c (MAXLEN_KEYDATA): Double the size.
--

Debian-bug-id: 834447
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-16 19:06:28 +02:00
Daniel Kahn Gillmor
61c2a1fa6d
Call log_set_prefix() with human-readable labels.
* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.

--

Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand.  Use symbolic
representations instead of numeric for better readability.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-12 12:16:19 +02:00
Justus Winter
14479e2515 common: Rework the simple password query module.
* common/simple-pwquery.c (writen, readline): Drop.
(agent_send_option, agent_send_all_options, agent_open): Just use
libassuan.
(simple_pw_set_socket): Simplify.
(default_inq_cb): New function.
(simple_pwquery, simple_query): Just use libassuan.
* agent/Makefile.am (gpg_preset_passphrase_LDADD): Add libassuan.
* tools/Makefile.am (symcryptrun_LDADD): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-08-11 12:49:30 +02:00
Justus Winter
9e6503b7ce common: Remove simple password query error codes.
* common/simple-pwquery.h: Remove mapping function.  Move all
definitions of status codes...
* common/simple-pwquery.c: ... here, and define them to meaningful gpg
error values.
* agent/preset-passphrase.c (preset_passphrase): Use error code as-is.
(forget_passphrase): Likewise.
* tools/symcryptrun.c (confucius_get_pass): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-08-11 09:52:08 +02:00
NIIBE Yutaka
f14795d57f agent: SSH support fix.
* agent/command-ssh.c (ssh_handler_request_identities): Keep error
message same.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-10 13:51:14 +09:00
Werner Koch
e630f90499
agent: Fix regression in recent ssh changes.
* agent/command-ssh.c (sexp_key_construct): Lowercase the algo name.
--

We need to use a lowercase version of the algo in S-expression.
Unfortunately Libgcrypt has no function for this, thus we need to
malloc and first.

Fixes-commit: ebf24e3
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-09 17:44:54 +02:00
Ben Kibbey
49829c29e5 Cleanup initialization of libgcrypt.
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.

--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2016-08-09 10:47:46 +02:00
NIIBE Yutaka
ebf24e3b29 agent: SSH support improvement.
* agent/command-ssh.c (ssh_handler_request_identities): Skip a key with
error, not giving up to handle the request itself.
* agent/cvt-openpgp.c (extract_private_key): Support "ecdsa" key.

--

Note that "ecdsa" key is still in use by old versions of gpg-agent
through its SSH handling (until 2.1.14).  With old versions of
gpg-agent, adding ECDSA key by ssh-add command, "ecdsa" key will be
created.  So, "ecdsa" key should be supported.

For g10/gpg, "ecdsa" and "ecdh" was only used in some experimental
versions of libgcrypt, with parameters.  We now use "ecc" for all cases
in released versions.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-09 11:42:20 +09:00
NIIBE Yutaka
591a8373a5 agent: More clean up of SSH support.
* common/util.h (get_pk_algo_from_key): New.
* common/sexputil.c (get_pk_algo_from_key): The implementation.
* agent/gpg-agent.c: Remove include of openpgpdefs.h.
* agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
(ssh_key_types): Update with GCRY_PK_*.
(make_cstring, sexp_extract_identifier): Remove.
(sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
(ssh_key_to_blob): Use cadr to get value list.
(ssh_key_type_lookup): Lookup with integer ALGO.
(ssh_receive_key): Follow the change of ssh_key_type_lookup.
(ssh_send_key_public): Likewise.  Use get_pk_algo_from_key to get ALGO.

--

This fixes the regresson introduced by the commit
894789c3299dc47a8c1ccaaa7070382f0fae0262.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-08 18:55:53 +09:00
Werner Koch
40d16029ed
agent: Fix long standing regression tracking the connection count.
* agent/gpg-agent.c (get_agent_active_connection_count): New.
(do_start_connection_thread, start_connection_thread_ssh): Bump
ACTIVE_CONNECTIONS up and down.
* agent/command.c (cmd_getinfo): Add subcommand "connections".
--

The variable ACTIVE_CONNECTIONS is used to shutdown gpg-agent in a
friendly way.  Before we switched to nPth a Pth provided count of
threads was used for this.  During the migration to nPth
ACTIVE_CONNECTIONS was introduced and checked but never set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-06 10:15:47 +02:00
NIIBE Yutaka
894789c329 agent: Clean up SSH support.
* agent/command-ssh.c (file_to_buffer): Remove.
(ssh_handler_request_identities): Use agent_public_key_from_file.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-08-06 14:47:29 +09:00
Daniel Kahn Gillmor
dc107b7850 More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
  common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
  dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
  doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
  doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
  g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
  m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
  po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
  po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
  po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
  po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
  scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
  sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
  with clearer text.

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:55:33 +02:00
Daniel Kahn Gillmor
cd45cf782b Fix spelling and grammar.
* agent/learncard.c: s/coccured/occurred/
* doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
  s/reponses/responses/i
* doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
  to" to more conventional english usage.
* doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
  tests/openpgp/armor.test: s/occured/occurred/
* tools/gpgsplit.c: s/calcualting/calculating/
* sm/server.c: s/formated/formatted/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-03 16:54:01 +02:00
Justus Winter
270f7f7b8b agent: Add known keys to sshcontrol.
* agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
even if it is already in the private key store.
* tests/openpgp/ssh.scm: Test this.

GnuPG-bug-id: 2316
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-19 16:51:16 +02:00
Justus Winter
f474249366 agent: Fix passphrase cache lookups.
CACHE_MODE_ANY is supposed to match any cache mode except
CACHE_MODE_IGNORE, but the code used '==' to compare cache modes.

* agent/cache.c (cache_mode_equal): New function.
(agent_set_cache): Use the new function to compare cache modes.
(agent_get_cache): Likewise.
* tests/openpgp/Makefile.am (TESTS): Add new test.
* tests/openpgp/issue2015.scm: New file.

GnuPG-bug-id: 2015
Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-18 12:51:38 +02:00
Werner Koch
c98995efef
build: Require latest released libraries
* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
(do_encryption): Always support OCB.
(do_decryption): Ditto.
(agent_unprotect): Ditto.
* dirmngr/server.c (is_tor_running): Unconditionally build this.
--

Although not technically required, it is easier to require them to
avoid bug reports due to too old library versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-14 10:48:34 +02:00
NIIBE Yutaka
7be2181777 agent: Fix envvars for UPDATESTARTUPTTY.
agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames
to get the list.

--

Debian-bug-id: 801247
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-07-13 09:24:26 +09:00
Werner Koch
3ead21da80
common: Add dedicated private key functions to name-value.c.
* common/name-value.c (struct name_value_container): Add field
'private_key_mode'.
(my_error): New.  Use instead of gpg_error.
(nvc_new_private_key): New.
(nve_release): Add arg 'private_key_mode'.
(nvc_release): Call nve_release with private_key_mode flag.
(nvc_delete): Ditto.
(_nvc_add): Do no special case "Key:" in non-private_key_mode.
(nvc_get_private_key): Return error in non-private_key_mode.
(nvc_set_private_key): Ditto.
(nvc_parse):  Factor all code out to ...
(do_nvc_parse): new.  Add arg 'for_private_key'.
(nvc_parse_private_key): New.
* agent/findkey.c (write_extended_private_key): Replace nvc_parse by
nvc_parse_private_key.
(read_key_file): Ditto.

* common/t-name-value.c (private_key_mode): New variable.
(my_nvc_new): New.  Replace all callers.
(test_key_extraction): Take mode in account.
(run_tests): Ditto.
(run_modification_tests): Ditto.
(parse): Ditto.
(main): Add option --parse and rename --parse to --parse-key.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 13:17:25 +02:00
Werner Koch
d74d23d860
common: Rename external symbols in name-value.c.
* common/name-value.c, common/name-value.h: Rename symbol prefixes
from "pkc_" to "nvc_" and from "pke_" to "nve_".  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 12:12:50 +02:00
Werner Koch
b841a883a2
common: Rename private-keys.c to name-value.c
* common/private-keys.c: Rename to name-value.c.
* common/private-keys.h: Rename to name-value.h.  Chage all users.
* common/t-private-keys.c: Rename to t-name-value.c.
* common/Makefile.am: Adjust accordingly.
--

The module is cool enough to be used for other purposes as well.  Thus
we better change the name.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-23 11:55:46 +02:00
Daniel Kahn Gillmor
7de7432076
g10: Add openpgp_protected flag to agent secret key export functions
* g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
openpgp_protected flag.
* g10/export.c (receive_seckey_from_agent): Request openpgp_protected
secret keys from agent.
* agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
brief description of the effect of --openpgp.
--

The --openpgp flag for gpg-agent's EXPORT_KEY actually forces
encryption in a certain (RFC 4880-compatible format).  This changeset
exposes that functionality in internal functions, and clarifies
functionality in the agent's help text.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-06-11 11:14:00 +02:00
Werner Koch
8127043d54
Explicitly restrict socket permissions.
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--

This is just in case of a improperly set umask.  Note that a connect
requires a write permissions.
2016-06-08 16:18:02 +02:00
Werner Koch
6790115fd9
w32: Fix recent build regression.
* common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition
for NAME.
* g10/gpg.c (main) [W32]:  Fix use og gnupg_homedir.

* agent/gpg-agent.c (remove_socket): Remove unused var P.
* scd/scdaemon.c (cleanup): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 15:14:06 +02:00
Werner Koch
aab8a0b052
Implement /run/user/UID/gnupg based sockets.
* common/homedir.c: Include sys/stat.h and zb32.h.
(w32_portable_app, w32_bin_is_bin): Change type from int to byte.
(non_default_homedir): New.
(is_gnupg_default_homedir): New.
(default_homedir): Set non_default_homedir.
(gnupg_set_homedir): Set non_default_homedir and make
the_gnupg_homedir and absolute directory name.
(gnupg_homedir): Return an absolute directory name.
(_gnupg_socketdir_internal): New.
(gnupg_socketdir): Implement /run/user/ based sockets.
* tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete
make_filename by xstrdup.
* tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output.
--

If a [/var]/run/user/$(id -u)/ directory exists, a gnupg subdir is
created as needed and the permissions of the directories are checked.
If that all matches that directory name is returned instead of the
homedir.

To cope with non standard homedirs (via GNUPGHOME or --homedir) the
SHA-1 hash of the homedir is computed, left truncated to 120 bits,
zBase-32 encoded, prefixed with "d.", and appended to
"[/var]/run/user/$(id -u)/gnupg/".  If that directory exists and has
proper permissions it is returned as socket dir - if not the homedir
is used.  Due to cleanup issues, this directory will not be
auto-created but needs to be created by the user in advance.

The required permissions are: directory owned by the user, group and
others bits not set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 13:59:28 +02:00
Werner Koch
0faf895154
Do not try to remove the enclosing directory of sockets.
* agent/gpg-agent.c (remove_socket): Do not remove the enclosing
directory.
* scd/scdaemon.c (cleanup): Ditto.

--

The socket directory is now below /run or at ~/.gnupg.  Thus we should
not try to remove the directory of the socket.  The auto-removal was
introduced at a time we used a temporary directory for the sockets.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-08 09:04:29 +02:00
Werner Koch
36550dde99
common: New function gnupg_socketdir.
* common/homedir.c (gnupg_socketdir): New.
* agent/gpg-agent.c (create_socket_name): Use new function instead of
gnupg_homedir.
(check_own_socket): Ditto.
(check_for_running_agent): Ditto.
* agent/preset-passphrase.c (main): Ditto.
* common/asshelp.c (start_new_gpg_agent): Ditto.
* scd/scdaemon.c (create_socket_name): Ditto.
* tools/gpgconf.c (main): Ditto.
* tools/symcryptrun.c (main): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 13:48:46 +02:00
Werner Koch
fb88f37c40
common: Remove homedir arg from start_new_{dirmngr,gpg_agent}.
* common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in
favor of gnupg_homedir ().  Change all callers.
(start_new_dirmngr): Ditto.
* common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg
'homedir'.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 13:09:00 +02:00
Werner Koch
22a7ef01aa
Replace use of opt.homedir by accessor functions.
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--

This will make detection of a non-default homedir easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
Werner Koch
1b460f049e
gpg: Try to use the passphrase from the primary for --quick-addkey.
* agent/command.c (cmd_genkey): Add option --passwd-nonce.
(cmd_passwd): Return a PASSWD_NONCE in verify mode.
* g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
not send a RESET if given.
(agent_passwd): Add arg 'verify'.
* g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
(gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
(generate_subkeypair): Use sepeare hexgrip var for the to be created
for hexgrip feature.  Verify primary key first.  Make use of the
passwd nonce.  Allow for a static passphrase.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-02 21:21:08 +02:00
Werner Koch
ac9ff644b1
gpg: Allow unattended deletion of secret keys.
* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--

Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-10 11:01:42 +02:00
Werner Koch
3ef0938cfd
agent: Make --allow-loopback-pinentry the default.
* agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
(opts): Add --no-allow-loopback-pinentry.  Hide
description of --allow-loopback-pinentry.
(parse_rereadable_options): Set opt.allow_loopback_pinentry by
default.
(main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
in the gpgconf list.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
--

Given that a user can anyway change that options in the gpg-agent.conf
file and that gpg needs to be invoked with --pinentry-mode=loopback
the former default does not make much sense - in that option is useful
at all.  There was a discussion of this topic on gnupg-devel in April
without a clear result.  So we try this new default and just in case
real problems are found for the majority of installations, we can
revert that.  The new default is also aligned with GnuPG's policy to
make its use easier and only require users with very high security
standards to tweak certain options (those users have anyway modeled
their threat model and configured their software according to this).

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-04 09:24:18 +02:00
Justus Winter
12af2630cf common: Add support for the new extended private key format.
* agent/findkey.c (write_extended_private_key): New function.
(agent_write_private_key): Detect if an existing file is in extended
format and update the key within if it is.
(read_key_file): Handle the new format.
* agent/keyformat.txt: Document the new format.
* common/Makefile.am: Add the new files.
* common/private-keys.c: New file.
* common/private-keys.h: Likewise.
* common/t-private-keys.c: Likewise.
* common/util.h (alphap, alnump): New macros.
* tests/migrations: Add test demonstrating that we can cope with the
new format.

--
GnuPG 2.3+ will use a new format to store private keys that is both
more flexible and easier to read and edit by human beings.  The new
format stores name,value-pairs using the common mail and http header
convention.

This patch adds the parser and support code and prepares GnuPG 2.1 for
the new format.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-21 14:38:53 +02:00
Justus Winter
342cc48889 agent: Convert key format document to org.
* agent/keyformat.txt: Convert to org mode.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-21 14:38:53 +02:00
Justus Winter
f8adf1a323 agent: Sanitize permissions of the private key directory.
* agent/gpg-agent.c (create_private_keys_directory): Set permissions.
* common/sysutils.c (modestr_to_mode): New function.
(gnupg_mkdir): Use new function.
(gnupg_chmod): New function.
* common/sysutils.h (gnupg_chmod): New prototype.
* tests/migrations/from-classic.test: Test migration with existing
directory.

GnuPG-bug-id: 2312
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-20 15:02:37 +02:00
Werner Koch
8c3fb2360f
agent: Fix regression due to recent commit 4159567.
* agent/protect.c (do_encryption): Fix CBC hashing.
--

The buggy code included an extra closing parenthesis before
the (protected-at) term in the CBC hashing.  We now do it by
explicitly hashing the protected stuff and append the rest of the
expression instead of a fixed closing parenthesis.  Note that the OCB
hashing only differs that it does no include the protected part.

Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-14 12:29:36 +02:00
Werner Koch
6df75ec70a
agent: Allow gpg-protect-tool to handle openpgp-native protection.
* agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
agent_unprotect.
(main): Allocate a simple CTRL object and pass it to
read_and_unprotect.
(convert_from_openpgp_native): Remove stub.
(agent_key_available, agent_get_cache): New stubs.
(agent_askpin): New emulation for the one in call-pinentry.c.
(agent_write_private_key): New to dump key.
* agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-14 12:29:29 +02:00
Werner Koch
4159567f7e
agent: Implement new protection mode openpgp-s2k3-ocb-aes.
* agent/protect.c (agent_protect): Add arg use_ocb.  Change all caller
to pass -1 for default.
* agent/protect-tool.c: New option --debug-use-ocb.
(oDebugUseOCB): New.
(opt_debug_use_ocb): New.
(main): Set option.
(read_and_protect): Implement option.

* agent/protect.c (OCB_MODE_SUPPORTED): New macro.
(PROT_DEFAULT_TO_OCB): New macro.
(do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
and timestamp_exp_len.  Implement OCB.
(agent_protect): Change to support OCB.
(do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
Implement OCB.
(merge_lists): Allow NULL for sha1hash.
(agent_unprotect): Change to support OCB.
(agent_private_key_type): Remove debug output.
--

Instead of using the old OpenPGP way of appending a hash of the
plaintext and encrypt that along with the plaintext, the new scheme
uses a proper authenticated encryption mode.  See keyformat.txt for a
description.  Libgcrypt 1.7 is required.

This mode is not yet enabled because there would be no way to return
to an older GnuPG version.  To test the new scheme use
gpg-protect-tool:

 ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
 ./gpg-protect-tool -av -P abc -u <prot.key

Any key from the private key storage should work.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-12 14:38:44 +02:00
Werner Koch
100b413d7f
doc: Note that the persistant passphrase format is unimplemented.
--
2016-04-12 14:38:44 +02:00
Werner Koch
7faf131c8b
indent: Help Emacs not to get confused by conditional compilation.
* agent/protect.c (calibrate_get_time) [W32]: Use separate function
calls for W32 and W32CE.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-12 14:38:44 +02:00
NIIBE Yutaka
8588c2dbc4 agent: allow removal of the shadowed key.
* agent/findkey.c (agent_delete_key): Remove the key when asked.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-03-17 08:37:58 +09:00
Justus Winter
e77c85577d common: Consolidate Assuan server argument handling.
* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-02 14:14:33 +01:00
Werner Koch
ee87c653bf
agent: Send PROGRESS status lines to the client.
* agent/gpg-agent.c (struct progress_dispatch_s): New.
(progress_dispatch_list): New.
(main): Register libgcrypt pogress handler.
(agent_libgcrypt_progress_cb): New.
(agent_set_progress_cb): New.
(unregister_progress_cb): New.
(agent_deinit_default_ctrl): Call unregister.
* agent/command.c (progress_cb): New.
(start_command_handler): Register progress callback.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-25 11:20:23 +01:00
Werner Koch
499743387f
agent: New option --pinentry-timeout
* agent/gpg-agent.c (oPinentryTimeout): New.
(opts): Add new option.
(parse_rereadable_options): PArse that option.
(main): Tell gpgconf about this option.
* agent/call-pinentry.c (start_pinentry): Send option to Pinentry.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add Option.
--

GnuPG-bug-id: 2222
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-20 11:22:44 +01:00
Werner Koch
e2f984b4af
ssh: Accept OpenSSH *cert-v01 key variants.
* agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New.
(ssh_key_types): Add OpenSSH cert types.
(stream_read_string): Allow a dummy read.
(ssh_receive_mpint_list): Pass SPEC by reference.
(ssh_receive_mpint_list): New arg CERT and use it.
(ssh_receive_key): Read certificate into an estream object and modify
parser to make use of that object.
--

This is a first step to support certificate via the agent.  The only
effect of this change is the removal of an error message parsing the
certificate.  Note that ssh-add sends the private key anyway first and
only then follows with the certificate+private key.

What we need to implement next is a way to store the certificate in
the agent and return it on request.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-12 19:12:02 +01:00
Werner Koch
833ba5faa1
common: New put_membuf_cb to replace static membuf_data_cb.
* common/membuf.c (put_membuf_cb): New.
* agent/call-scd.c (membuf_data_cb): Remove.  Change callers to use
put_membuf_cb.
* common/get-passphrase.c (membuf_data_cb): Ditto.
* g10/call-agent.c (membuf_data_cb): Ditto.
* sm/call-agent.c (membuf_data_cb): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 06:33:27 +01:00
Werner Koch
f2ecbf7454
agent: Typo fix for help text.
--
2016-01-05 13:51:04 +01:00
NIIBE Yutaka
ff3b607fc8 agent: Fix RSA verification for card.
* agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
of shadowed key.

--

Reported-by: Justus Winter
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-01-05 10:15:49 +09:00
NIIBE Yutaka
79b51bb872 agent: IMPORT_KEY with --force option fix.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
to check existing key.
(convert_from_openpgp): Ditto.
(convert_from_openpgp_native): Call convert_from_openpgp_main with
dontcare_exist=0.
* agent/command.c (cmd_import_key): Call with dontcare_exist=force.
2015-12-24 14:19:53 +09:00
NIIBE Yutaka
e684c634df agent: Support --force option for IMPORT_KEY.
* agent/command.c (cmd_keywrap_key): New option --force.
2015-12-24 09:52:48 +09:00
Justus Winter
25f0f053cd agent: Improve error handling.
* agent/pksign.c (agent_pksign_do): Improve error handling.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Justus Winter
b78fce3271 agent: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-11 11:21:42 +01:00
Werner Koch
69db3285e4
build: Require at least Libassuan 2.4.1.
* configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
* agent/gpg-agent.c (create_server_socket): Remove check for
libassuan >= 2.3.0 and >= 2.1.4.
(main): Remove check for libassuan >= 2.1.4.
* scd/scdaemon.c (create_server_socket): Remove check for
libassuan >= 2.1.4.
* dirmngr/dirmngr.c (set_tor_mode): Remove check for
libassuan >= 2.3.0.
* dirmngr/http.c (http_raw_connect, send_request): Remove checks for
libassuan >= 2.3.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 18:57:49 +01:00
Werner Koch
022342e284
Silence unused variable or parameter warnings.
--
2015-11-27 18:32:26 +01:00
Neal H. Walfield
5b84b0d660 common: Extend utf8_charcount to include the string's length.
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len.  Process at most LEN bytes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 22:23:37 +01:00
Justus Winter
a1650b1edf agent: Improve error handling.
* agent/trustlist.c (istrusted_internal): Initialize 'err'.
--
There is a plausible path of execution so that a branch condition uses
the uninitialized value.

Found using the Clang Static Analyzer.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-19 16:18:20 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Daniel Kahn Gillmor
1f872cb4ad
Fix typos
--
2015-10-28 10:20:17 +01:00
Daniel Kahn Gillmor
02dc518787
agent: Clarify agent's KEYWRAP_KEY description.
--

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-10-28 10:19:17 +01:00
NIIBE Yutaka
5a12c45666 agent: simplify agent_get_passphrase.
* agent/call-pinentry.c (agent_get_passphrase): Simplify.
2015-10-09 11:55:18 +09:00
NIIBE Yutaka
818fa4f71e agent: fix agent_askpin.
* agent/call-pinentry.c (agent_askpin): Fix off-by-one error.
2015-10-09 11:46:23 +09:00
NIIBE Yutaka
f70f669536 agent: Fix function return type for check_cb and agent_askpin.
* agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
(start_pinentry, setup_qualitybar): Likewise.
(agent_askpin): Fix return value check of check_cb.
* agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
(ssh_identity_register): Fix return value check of agent_askpin.
* agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
* agent/findkey.c (try_unprotect_cb): Likewise.
* agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
(agent_ask_new_passphrase): Fix return value check of agent_askpin.
2015-10-09 11:33:13 +09:00
NIIBE Yutaka
4a5bd1720f agent: Fix verification of signature for smartcard.
* agent/pksign.c (agent_pksign_do): Use public key smartcard.

--

Since gcry_pk_verify can't handle shadowed private key, public
key SEXP should be prepared for smartcard.
2015-10-06 15:10:25 +09:00
NIIBE Yutaka
ce2a84b588 agent: Fix non-allocation for pinentry_loopback.
* agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
be allocated by pinentry_loopback.
2015-10-06 07:52:32 +09:00
Werner Koch
bdd180f47c
scd: Use Assuan macro instead of a number constant.
--
2015-10-02 12:21:31 +02:00
Werner Koch
ddf9dd135a
agent: Fix alignment problem with the second passphrase struct.
* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
PI2.  Check return value of the malloc function.
* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
for PI2.  Wipe PI2.
--

For whatever stupid reasons I once allocated only one memory area and
split that into PI and PI2.  This is actually a common pattern with
malloc but here we used a made up object size and do not take the
extra alignment required into account.  One of these not yet hit by
a (sig)bus PC/VAX hacker bugs.

Instead of trying to fix the alignment, it is better to use a second
calloc for the second struct.

GnuPG-bug-id: 2112
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-02 10:58:40 +02:00
NIIBE Yutaka
cfbe6ba9cf agent: RSA signature verification by gpg-agent.
* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.

--

RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary.  Newer libgcrypt does so.  For older libgcrypt and
smartcards, gpg-agent does signature verification.
2015-09-29 09:49:44 +09:00
NIIBE Yutaka
1542dc604b agent: Fix importing ECC key.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
parameters are stored as opaque.
(apply_protection): ARRAY members are all normal, non-opaque MPI.
(extract_private_key): Get public key as normal, non-opaque MPI.
Remove support of ECC key with '(flags param)'.
Remove support of "ecdsa" and "ecdh" keys of our experiment.
2015-09-19 17:45:17 +09:00
Werner Koch
93d257c819
agent: New option --pinentry-invisible-char.
* agent/gpg-agent.c (oPinentryInvisibleChar): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* agent/agent.h (opt): Add field pinentry_invisible_char.
* agent/call-pinentry.c (start_pinentry): Pass option to pinentry.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-16 21:24:14 +02:00
NIIBE Yutaka
7d5999f096 agent: Fix registering SSH Key of Ed25519.
* agent/command-ssh.c (stream_read_string): Add the prefix of 0x40.

--

GnuPG-bug-id: 2096
2015-09-16 10:37:38 +09:00
Werner Koch
9ba4ccdaf5
agent: Protect commit 135b1e3 against misbehaving Libgcrypt.
* agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-01 07:39:28 +02:00
NIIBE Yutaka
135b1e32f0 agent: Fix SSH public key for EdDSA.
* agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40.
2015-08-31 15:15:03 +09:00
Neal H. Walfield
348a6ebb63 agent: Raise the maximum password length. Don't hard code it.
* agent/agent.h (MAX_PASSPHRASE_LEN): Define.
* agent/command-ssh.c (ssh_identity_register): Use it instead of a
hard-coded literal.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
* agent/findkey.c (unprotect): Likewise.
* agent/genkey.c (agent_ask_new_passphrase): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
GnuPG-bug-id: 2038
2015-08-24 16:14:38 +02:00
Ben Kibbey
bba74cdd95 Fix pinentry loopback and passphrase contraints.
* agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
pinentry loopback mode.
* agent/genkey.c (check_passphrase_constraints): Immediately return when
pinentry mode is loopback.

--
Fixes endless loop when inquiring a passphrase with
pinentry-mode=loopback that may not satisfy passphrase contraints.
2015-08-16 16:12:46 -04:00
NIIBE Yutaka
8704c70108 agent: fix ECC key handling.
* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): CURVE is the name of curve.
2015-08-10 19:13:13 +09:00
Werner Koch
a68c5c5c7f
agent: Add option --force to the DELETE_KEY command.
* agent/findkey.c (agent_delete_key): Add arg "force".
* agent/command.c (cmd_delete_key): Add option --force.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-07 12:55:29 +02:00
NIIBE Yutaka
e5891a82c3 Curve25519 support.
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.
2015-08-06 17:00:41 +09:00
Werner Koch
d382242fb6
Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--

Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places.  For now we need repalcement
macros, though.
2015-07-26 12:50:24 +02:00
NIIBE Yutaka
b3286af36d agent: Support non-NLS build.
* agent/agent.h: Use ENABLE_NLS and define L_() macro.

--

GnuPG-bug-id: 2032

This is a fix for e76d4c05b24211f3981ab69cddb3fccc17d21e0e.
2015-07-10 09:21:32 +09:00
Daiki Ueno
f1490a3a0e
agent: Unset INSIDE_EMACS on gpg-agent startup
* agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar.

--

The variable is set only temporarily when gpg is called from Emacs,
keeping it during the session makes no sense.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
2015-07-01 14:15:31 +02:00
Werner Koch
232af382e5
Flag the L_() function with attribute format_arg.
* agent/agent.h (LunderscorePROTO): New.
* common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
* common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
i18n_localegettext.  Expand LunderscorePROTO.
* agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
again to keep the old translations.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-30 22:28:41 +02:00
Werner Koch
e76d4c05b2
agent: Use different translation func for Pinentry strings.
* po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
* common/i18n.c (i18n_localegettext): New stub.
* common/i18n.h: Expand the LunderscoreIMPL macro.
* agent/agent.h (L_): New.
(LunderscoreIMPL): New.
* agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
caller.
* agent/findkey.c (try_unprotect_cb): Add local var ctrl.
* agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
by xtrystrdup to avoid gcc warning.  Unfortinately this changes the
string.
(agent_ask_new_passphrase): Cleanup the use of initial_errtext.
--

Static strings in gpg-agent need to be translated according to the
locale set by the caller.  This is required so that a gpg-agent can be
started in one locale and a gpg can be run in another.  If we don't do
this the static strings (prompt, buttons) are not or in the wrong
locale translated while dynamic strings (e.g. key description) uses
the locale of gpg.

This is only the first part of the change the actual local switching
still needs to be implemented.

Debian-bug-id: 788983
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-30 21:58:45 +02:00
Werner Koch
8ae683bad3
agent: Improve a comment.
--
2015-06-30 10:34:56 +02:00
Werner Koch
b607657931
agent: Prepare for Libassuan with Cygwin support.
* agent/gpg-agent.c (create_server_socket): Add arg "cygwin".  Call
assuan_sock_set_flag if Assuan version is recent enough.
(main): Create ssh server socket with Cygwin flag set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-29 21:28:59 +02:00
Neal H. Walfield
2778c6f8f4 Show passphrase constraints errors as password prompt errors
* agent/agent.h (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent.  Update callers.
* agent/genkey.c (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent.  If FAILED_CONSTRAINT
is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
or take_this_one_anyway2.  If FAILED_CONSTRAINT is NULL, act as if
SILENT was set.
(agent_ask_new_passphrase): Change initial_errtext's type from a const
char * to a char *.  Pass it to check_passphrase_constraints.  If it
contains malloc's memory, free it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Based on a patch provided by Watson Yuuma Sato <yuuma.sato@gmail.com>
in issue 2018.
2015-06-29 15:53:49 +02:00
Neal H. Walfield
60cf69ff9d Don't raise max-cache-ttl to default-cache-ttl.
* agent/gpg-agent.c (finalize_rereadable_options): Don't raise
max-cache-ttl to default-cache-ttl.  Likewise for max-cache-ttl-ssh
and default-cache-ttl-ssh.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

This closes issue #2009.
2015-06-29 15:53:47 +02:00
Werner Koch
9bca96dbc5
agent: Add --verify to the PASSWD command.
* agent/command.c (cmd_passwd): Add option --verify.
--

GnuPG-bug-id: 1951
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-29 12:50:16 +02:00
Werner Koch
7a38733164
agent,w32: Do not create a useless socket with --enable-putty-support.
* agent/agent.h (opt): Remove field ssh_support.
* agent/gpg-agent.c (ssh_support): New.  Replace all opt.ssh_support
by this.
(main): Do not set ssh_support along with setting putty_support.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-29 12:24:58 +02:00
Werner Koch
54a0ed3d9b
Allow use of debug flag names for all tools.
* g13/g13.c: Make use of debug_parse_flag.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto
* agent/gpg-agent.c: Ditto.  But do not terminate on "help"
* dirmngr/dirmngr.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-23 09:13:45 +02:00
Werner Koch
010d26a85b
agent: Print a warning for obsolete options.
* g10/misc.c (obsolete_scdaemon_option): Move to
* common/miscellaneous.c (obsolete_option): ... here.
* agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete
options.
--

GnuPG-bug-id: 2016
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-17 12:59:29 +02:00
Werner Koch
985918aab0
agent: Fix --extra-socket on Windows.
* agent/gpg-agent.c (start_connection_thread): Rename to ...
(do_start_connection_thread): this.  Factor nonce checking out to ...
(start_connection_thread_std): this,
(start_connection_thread_extra): this,
(start_connection_thread_browser): and this.
--

Although not tested, the code did not worked on Windows becuase we
were checning the wrong nonce.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-11 09:43:32 +02:00
Werner Koch
008435b95c
agent: Add experimental option --browser-socket.
* agent/agent.h (opt): Add field "browser_socket".
* agent/command.c (cmd_setkeydesc): Use a different message for
restricted==2.
* agent/gpg-agent.c (oBrowserSocket): New.
(opts): Add --browser-socket.
(socket_name_browser, redir_socket_name_browser): New.
(socket_nonce_browser): New.
(cleanup): Cleanup browser socket.
(main): Implement option.
(start_connection_thread_browser): New.
(handle_connections): Add arg listen_fd_browser and use it.
--

This is very similar to --extra-socket but intended to be used by a web
browser session.  AS of now it only displays a different "Note: in
the Pinentry than --extra-socket but it may eventually be tweaked for
the use by browser extensions making use of gpg-agent.

It is marked experimental and and thus may be removed in later
versions.

To better support the different "client classes", it would be useful
to add corresponsing cache classes so that each class has its own
cache.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-11 09:36:27 +02:00
Daiki Ueno
691dae270b
agent: Add option --allow-emacs-pinentry
* agent/agent.h (opt): Add field allow_emacs_pinentry.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oAllowEmacsPinentry): New.
(opts): Add option --allow-emacs-pinentry.
(parse_rereadable_options): Set this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option.
--

gpgconf-comp and manual entry added by wk.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-10 15:16:06 +02:00
Werner Koch
8425db6a26
agent: Add command "getinfo std_env_names".
* agent/command.c (cmd_getinfo): Add new sub-command.
--

The current output is:

  > getinfo std_env_names
  D GPG_TTY
  D TERM
  D DISPLAY
  D XAUTHORITY
  D XMODIFIERS
  D GTK_IM_MODULE
  D QT_IM_MODULE
  D PINENTRY_USER_DATA
  OK

Note that there is an invisible \x00 at the end of each line.
2015-06-08 19:00:41 +02:00
Werner Koch
23d2ef83cd
agent: Cleanup caching code for command GET_PASSPHRASE.
* agent/command.c (cmd_get_passphrase): Read from the user cache.
--

We used to read the passphrase with mode CACHE_MODE_NORMAL but we put
it into the cache with CACHE_MODE_USER.  However, agent_get_cache does
not yet distinguish between them and thus this does not change
anything.
2015-05-20 16:14:22 +02:00
Neal H. Walfield
3a9305439b agent: When the password cache is cleared, also clear the ext. cache.
* agent/agent.h (agent_clear_passphrase): New declaration.
* agent/call-pinentry.c (agent_clear_passphrase): New function.
* agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-05-19 15:01:01 +02:00
Neal H. Walfield
e201c20f25 agent: Modify agent_clear_passphrase to support an ext. password cache.
* agent/agent.h (agent_get_passphrase): Add arguments keyinfo and
cache_mode.  Update callers.
* agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo
and cache_mode.  If KEYINFO and CACHE_MODE describe a cachable key,
then send SETKEYINFO to the pinentry.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-05-19 15:01:00 +02:00
Werner Koch
d7293cb317
agent: Add option --no-allow-external-cache.
* agent/agent.h (opt): Add field allow_external_cache.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oNoAllowExternalCache): New.
(opts): Add option --no-allow-external-cache.
(parse_rereadable_options): Set this option.
--

Pinentry 0.9.2 may be build with libsecret support and thus an extra
checkbox is displayed to allow the user to get passwords out of an
libsecret maintained cache.  Security aware user may want to avoid
this feature and may do this at runtime by enabling this option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-11 18:14:28 +02:00
Werner Koch
02d5e12054
agent: Add strings for use by future Pinentry versions.
* agent/call-pinentry.c (start_pinentry): Add more strings.
--

We do this so that translations of these strings will be available at
the time a pinentry implements features which require these strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-11 10:53:52 +02:00
Werner Koch
14232c3870
agent: Add option --debug-pinentry.
* agent/gpg-agent.c (oDebugPinentry): New.
(opts): Add --debug-pinentry.
(parse_rereadable_options): Set that option.
* agent/call-pinentry.c (start_pinentry): Pass option to
assuan_set_flag.
--

This option is quite useful to see the IPC between gpg-agent and
Pinentry.  Note that "debug 1024" is also required.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-11 10:23:24 +02:00
Werner Koch
d95beb85df
Typo fixes
--
2015-05-08 08:55:57 +02:00
Werner Koch
436f206072
agent: Minor change for 56b5c9f.
* agent/call-pinentry.c (agent_askpin): Move option setting to ...
(start_pinentry): here.  Fix error code check.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-07 15:42:00 +02:00
Neal H. Walfield
ac77e6254b agent: Improve some comments.
--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-05-07 15:03:27 +02:00
Neal H. Walfield
56b5c9f94f agent: Improve support for externally cached passwords.
* agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New
constant.
(pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was
provided.
(agent_askpin): Pass "OPTION allow-external-password-cache" to the
pinentry.  Always pass SETKEYINFO to the pinentry.  If there is no
stable identifier, then use "--clear".  If the password is incorrect
and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS,
then decrement PININFO->FAILED_TRIES.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-05-07 15:03:27 +02:00
Neal H. Walfield
74944330ba agent: Or in the value; don't overwrite the variable.
* agent/call-pinentry.c (pinentry_status_cb): Or in
PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-05-07 15:03:25 +02:00
Neal H. Walfield
d3b5cad234 agent: Avoid magic numbers. Use more accurate names.
* agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant.
(PINENTRY_STATUS_PIN_REPEATED): Likewise.
(close_button_status_cb): Rename from this...
(pinentry_status_cb): ... to this.  Use the constants.
(agent_askpin): Rename local variable from close_button to
pinentry_status.  Use symbolic constants rather than magic numbers.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-05-07 15:03:24 +02:00
Werner Koch
26d7e0d7ac
common: Rename log and gcc attribute macros (jnlib merge).
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--

JNLIB has no more meaning.  Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-24 16:10:47 +02:00
Werner Koch
575230d91b
common: Remove two JNLIB_ macros (jnlib merge).
* configure.ac: Merge seperate jnlib checks.
(HAVE_JNLIB_LOGGING): Remove.
* common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
Rename to GNUPG_COMMON_NEED_AFLOCAL.  Change all tests.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-24 16:10:15 +02:00
Werner Koch
2180845959
agent: Send the new SETKEYINFO command to the Pinentry.
* agent/call-pinentry.c (agent_askpin): Add args keyinfo and
cache_mode.  Change all callers to pass (NULL,0) for them.  Send
SETKEYINFO command.
* agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
the new args.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-14 18:41:05 +02:00
Werner Koch
67158ff155
Remove obsolete directories from AM_CPPFLAGS. 2015-04-10 13:11:59 +02:00
Werner Koch
24a75201da
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.
* g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
NIIBE Yutaka
4ffadb74b3 agent: Add --force option for LEARN.
* agent/command.c (cmd_learn): Handle --force option.
(cmd_keytocard): Don't update key storage file.
* agent/agent.h (agent_handle_learn): Add FORCE.
* agent/learncard.c (agent_handle_learn): Implement FORCE to update
key stroage file.
--
2015-04-03 17:33:11 +09:00
Werner Koch
cf83ff01fc
agent: Compute correct MPI length header for protected ECC keys.
* agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
opaque MPIs to comply with the OpenPGP spec.
--

This patch is the protected private key counterpart to commit ab17f7b.
Thanks to andy_s for describing the problem.

GnuPG-bug-id: 1853
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-19 18:01:58 +01:00
Werner Koch
3a35c9740a
agent: Remove useless conditions in command.c.
* agent/command.c (cmd_setkeydesc): Remove NULL check.
(cmd_get_passphrase): Ditto.
(cmd_clear_passphrase): Ditto.
(cmd_get_confirmation): Ditto.
(cmd_getval): Ditto.
(cmd_putval): Ditto.
--

Detected by Stack 0.3.
2015-03-15 13:11:44 +01:00
Werner Koch
3529dd8bb5
agent: Fix length test in sshcontrol parser.
* agent/command-ssh.c (ssh_search_control_file): Check S before
upcasing it.
--

In contradiction to the comment we did not check the length of HEXGRIP
and thus the GPG_ERR_INV_LENGTH was never triggered.

Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %cmp8 = icmp ne i32 %i.0, 40, !dbg !986
    -->  false
  stack:
    - /home/wk/s/gnupg/agent/command-ssh.c:1226:0
  ncore: 2
  core:
    - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
      - buffer overflow
    - /home/wk/s/gnupg/agent/command-ssh.c:1225:0
      - buffer overflow
2015-03-15 13:04:48 +01:00
Werner Koch
95415bdec7
agent: Remove useless conditions.
* agent/genkey.c (agent_ask_new_passphrase): Remove useless condition.
* agent/command-ssh.c (ssh_identity_register): Ditto.
--

Detected by Stack 0.3:

  bug: anti-simplify
  model: |
    %tobool22 = icmp ne i8* %arraydecay21, null, !dbg !717
    -->  true
  stack:
    - /home/wk/s/gnupg/agent/genkey.c:385:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/agent/genkey.c:362:0
      - pointer overflow

  bug: anti-simplify
  model: |
    %tobool35 = icmp ne i8* %arraydecay34, null, !dbg !1053
    -->  true
  stack:
    - /home/wk/s/gnupg/agent/command-ssh.c:3120:0
  ncore: 1
  core:
    - /home/wk/s/gnupg/agent/command-ssh.c:3103:0
      - pointer overflow
2015-03-15 12:59:17 +01:00
Werner Koch
efde50f92a
agent: Improve error reporting from Pinentry.
* agent/call-pinentry.c (unlock_pinentry): Add error logging.  Map
error source of uncommon errors to Pinentry.
--

With this change it is possible to detect whether an error like
GPG_ERR_ASS_INV_RESPONSE has its origin in a call to Pinentry or comes
from another part of gpg-agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-11 16:28:32 +01:00
NIIBE Yutaka
bb5a1b7c73 scd: fix for 64-bit arch.
* agent/pksign.c (agent_pksign_do): Use int.
* scd/app-openpgp.c (get_public_key): Likewise.

--

On 64-bit architecture, int and size_t might be different.
For the first argument for '%b', int is expected.
2015-03-09 11:00:03 +09:00
Werner Koch
2183683bd6 Use inline functions to convert buffer data to scalars.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-11 10:28:25 +01:00
Werner Koch
0de5c6a9a7 gpg-agent: Use "pinentry-basic" as fallback.
* common/homedir.c (get_default_pinentry_name): New.
(gnupg_module_name): Use that for the default pinentry.
(gnupg_module_name_flush_some): New.
* agent/gpg-agent.c (agent_sighup_action): Flush some module names.
* agent/call-pinentry.c (start_pinentry): Do not modify
opt.pinentry_program.
--

The idea with this change is that under Windows we can install a
simple native Windows pinentry as "pinentry-basic" and a full GUI
version may then later install pinentry-gtk etc which would then
automatically be used.

Unfortunately installing another pinentry from a different package
would clobber the GnuPG core directory which is not nice.  To fix that
we would need to agree on standard installation directories for GUIs
to also look there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-02-04 10:28:38 +01:00
Werner Koch
6ab0fac575 agent: Fix use of imported but unprotected openpgp keys.
* agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New.
* agent/command.c (do_one_keyinfo): Implement it.
* agent/findkey.c (agent_key_from_file): Ditto.
(agent_key_info_from_file): Ditto.
(agent_delete_key): Ditto.
* agent/protect.c (agent_private_key_type): Add detection for openpgp
"none" method.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-29 16:26:07 +01:00
Werner Koch
0c2bfd9d5a Add a hook to be called right after main.
* common/init.c (early_system_init): New stub function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 19:57:22 +01:00
Werner Koch
7959654377 agent: Add some extra robustness to extract_private_key
* agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
Make sure that R_FLAGS and R_CURVE are set to NULL.
--

Given that extract_private_key is not file local it is good to have some
extra asserts to protect against future wrong use.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-28 09:12:36 +01:00
NIIBE Yutaka
9453d645d4 agent: Fix agent_public_key_from_file for ECC.
* agent/cvt-openpgp.c (extract_private_key): New.
(convert_to_openpgp): Use extract_private_key.
* agent/findkey.c (agent_public_key_from_file): Use
extract_private_key.

--

This patch add support of ECC key with a curve name and flags.  Since
same functionality is also needed for convert_to_openpgp, it was
factored out into the extract_private_key function.
2015-01-27 09:30:11 +09:00
Werner Koch
aa99ebde77 gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
Werner Koch
ac2cb47fc5 agent: Make --allow-loopback-pinentry gpgconf changeable. 2015-01-04 17:19:06 +01:00