* dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
* dirmngr/dirmngr.c (oAllowVersionCheck): New.
(opts): Add --allow-version-check.
(network_activity_seen): New variable.
(parse_rereadable_options): Set opt.allow_version_check.
(main) <aGPGConfList>: Do not anymore set the no change flag for
Windows. Add allow-version-check.
(netactivity_action): Set network_activity_seen.
(housekeeping_thread): Call dirmngr_load_swdb.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
Make "use-tor" available at Basic level.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/loadswdb.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add that file.
* dirmngr/server.c: Remove includes cpparray.h and exectool.h.
(cmd_loadswdb): New.
(parse_version_number,parse_version_string): Remove.
(my_mktmpdir, cmp_version): Remove.
(fetch_into_tmpdir): Remove.
(struct verify_swdb_parm_s): Remove.
(verify_swdb_status_cb): Remove.
(cmd_versioncheck): Remove.
(register_commands): Register LOADSWDB. Remove VERSIONCHECK.
--
This change is required to to the new design where gpgconf does the
version check w/o network access and only dirmngr is responsible for
getting the swdb.
In the next installment the loading will be triggered as needed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function
to report known socket name.
* dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name
to report correct socket name.
--
This fixes the output of 'getinfo socket_name' when dirmngr is invoked
with --socket-name.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/dirmngr.h: Include asshelp.h.
* dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields.
(data_line_write): Implement logging inhibit.
(data_line_cookie_close): Print non-logged D lines.
(cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines.
(dirmngr_assuan_log_monitor): New.
* dirmngr/dirmngr.c (main): Register monitor function.
--
In particular with large keys the D lines clutter the log output and
make it unusable.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--
This feature is independent of --use-tor and automagically uses Tor if
available. The dirmngr.conf file needs to specify two keyservers to
make this work. For new installations this is done using the skeleton
file. This feature requires the Libassuan 2.4.2 to work.
This patch also fixes a memory leak of opt.keyserver en passant.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/http.c: Move to ../dirmngr/.
* common/http.h: Move to ../dirmngr/.
* common/t-http.c: Move to ../dirmngr/.
* common/tls-ca.pem: Move to ../dirmngr/.
* common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
Remove http.c related stuff.
* po/POTFILES.in: Move http.c to dirmngr/.
* dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
(module_maint_tests): New.
(noinst_PROGRAMS): Add module_maint_tests.
(dirmngr_SOURCES): Add http.c and http.h.
(dirmngr_LDADD): Remove libcommontlsnpth.
(t_common_ldadd): Ditto.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
(t_ldap_parse_uri_SOURCES): Add http.c.
(t_ldap_parse_uri_CFLAGS): Build without npth.
($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
* dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
--
All network access is done via dirmngr and thus http.c should be
there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (oKeyServer): New.
(opts): Add "keyserver".
(parse_rereadable_options): Parse that options
(main): Add option to the gpgconf list.
* dirmngr/dirmngr.h (opt): Add field "keyserver".
* dirmngr/server.c (ensure_keyserver): New.
(make_keyserver_item): New. Factored out from
(cmd_keyserver): here. Call ensure_keyserver.
(cmd_ks_search): Call ensure_keyserver.
(cmd_ks_get): Ditto.
(cmd_ks_fetch): Ditto.
(cmd_ks_put): Ditto.
--
This option specifies the keyserver to be used if the client does not
set another keyserver. We want to fade out the use of --keyserver in
gpg.conf in favor of specifying it here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.
* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the
http module.
* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--
More work is required to actually make --use-tor useful. For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
* g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
* dirmngr/certcache.c (cert_cache_init): Load certificates
from sysconfig dir instead of the homeidr.
* dirmngr/dirmngr.c (main): Removed parsing of obsolete
homedir_data option.
* dirmngr/dirmngr.h (opt): Removed homedir_data.
* doc/dirmngr.texi: Update and clarify certs directory doc.
--
Using the homedir for extra-certs and trusted-certs makes
little sense when dirmngr is used with a caller that
manages it's own store of certificates and can
provide those through the SENDCERT command.
You can use trusted-certs and extra-certs to provide
users with a base of locally available certificates that are
not already in store of the applications.
* dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New.
(housekeeping_thread): New.
(handle_tick): Call new function.
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New.
(struct hostinfo_s): Add field died_at and set it along with the dead
flag.
(ks_hkp_print_hosttable): Print that info.
(ks_hkp_housekeeping): New.
--
The resurrection gives the host a chance to get back to life the next
time a new host is selected.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
