* dirmngr/server.c (parse_version_string): Add arg MICRO and set it.
(cmp_version): Extend to handle the MICRO part.
(confucius_mktmpdir): Rename to my_mktmpdir.
(my_mktmpdir): xstrconcat does not fail; use strconcat.
(fetch_into_tmpdir): Improve error checking.
Signed-off-by: Werner Koch <wk@gnupg.org>
Given an application name and version VERSIONCHECK fetches the software
version list from version.gnupg.org, verifies the signature and returns
whenever the given version is older (UPDATE), current (CURRENT) or newer
(ROLLBACK).
* agent/gpg-agent.c (thread_init_once, initialize_modules): New.
(main): Make sure no daemonizing-fork call after npth_init, and no npth
calls before npth_init, with care of npth calls by assuan hooks.
* dirmngr/dirmngr.c (thread_init): New.
(main): Make sure npth_init must not be called before daemonizing fork.
* scd/scdaemon.c (main): Likewise.
--
It is simply the best for nPth not to allow the daemonizing fork after
npth_init, because semantics and implementations of forked child process
in a threaded application is a difficult corner case.
GnuPG-bug-id: 1779
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o.
--
Thanks to Rainer Perske who located the issue.
GnuPG-bug-id: 2698
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This is a fix for the commit: 49829c29e5
* dirmngr/crlcache.c (crl_cache_load): Open file in binary mode.
--
This fixes conversion bugs with binary CRL's on Windows.
GnuPG-bug-id: issue2448
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* dirmgnr/cdblib.c: comment used unnecesary hyphenation
* dirmngr/crlcache.h: comment was iso-8859-1
* doc/contrib.text: list contributors using UTF-8 (now we can
acknowledge many more people using their preferred orthography)
At least one other files remains in a non-UTF-8 encoding, which i'm
not sure what to do with:
- build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs
it that way?
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
(oDisableCheckOwnSocket): New.
(opts): Add --disable-check-own-socket.
(disable_check_own_socket): New var.
(parse_rereadable_options): Set that var.
(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
(handle_connections) [HAVE_INOTIFY_INIT]: New.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h: Include asshelp.h.
* dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields.
(data_line_write): Implement logging inhibit.
(data_line_cookie_close): Print non-logged D lines.
(cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines.
(dirmngr_assuan_log_monitor): New.
* dirmngr/dirmngr.c (main): Register monitor function.
--
In particular with large keys the D lines clutter the log output and
make it unusable.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.
--
Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand. Use symbolic
representations instead of numeric for better readability.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* common/stringhelp.c (string_to_u64): New.
* dirmngr/http.c (longcounter_t): Remove.
(struct cookie_s): Change content_length to uint64_t.
(parse_response): Use string_to_u64.
--
Meanwhile we allow some C99 features including stdint.h. Thus we can
simplify things now.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.
--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/crlcache.c (list_one_crl_entry): Spell superseded correctly.
* dirmngr/ocsp.c (ocsp_invalid): Likewise.
This might break some tools which parse the existing output and expect
misspellings, but i'm not sure there are many such tools, and we
should use standardized orthography going forward.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/ks-engine-http.c (ks_http_fetch): Reinitialize HTTP session
when following a HTTP redirection.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Prefix fingerprint with 0x.
--
pre-2.1 made sure that the 0x prefix was put before the fingerprint so
that the search command works. Actually --recv-key should be used
with a fingerprint but some users are using --search-key, probably to
use the interactive mode.
GnuPG-bug-id: 2412
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
(do_encryption): Always support OCB.
(do_decryption): Ditto.
(agent_unprotect): Ditto.
* dirmngr/server.c (is_tor_running): Unconditionally build this.
--
Although not technically required, it is easier to require them to
avoid bug reports due to too old library versions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr_ldap.c (fetch_ldap): Do not use log_debug in an
unprotected section. Replace log_debug by log_info in verbose mode.
--
GnuPG-bug-id: 2376
* dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case
default Protocol gives error.
--
Servers may have blocked V2 Protocol, in which case the
bind will result in a Protocol Error. In that case we try
again with v3 Protocol if the ldap libarary used to compile
dirmngr supports V3.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* dirmngr/dirmngr_ldap.c (fetch_ldap): Use ldap_err2string on bind
return.
--
ldap_simple_bind_s does not set errno.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--
This is just in case of a improperly set umask. Note that a connect
requires a write permissions.
* tools/Makefile.am (gpgconf_SOURCES): Remove no-libgcrypt.c.
(gpgconf_LDADD): Add LIBGCRYPT_LIBS.
(gpg_connect_agent_LDADD): Ditto.
(gpgtar_LDADD): Ditto.
* dirmngr/Makefile.am (dirmngr_client_LDADD): Ditto.
(t_common_ldadd): Ditto. Remove no-libgcrypt.o.
--
We need this change so that a future code in common/ can use Libgcrypt
functions; in particular hashing.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the
domain part.
--
This change updates gnupg to comply with
draft-koch-openpgp-webkey-service-01
* dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New.
* dirmngr/http.c (http_session_new): Add arg "flags".
* dirmngr/ks-engine-hkp.c (send_request): Use new flag
HTTP_FLAG_TRUST_DEF for the new arg of http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (main): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls
is supported.
--
Wrong reporting was pointed out by K_F. Check is the same as
in ks-engine-hkp.c
* dirmngr/dirmngr-client.c (init_asctobin): New function.
(main): Move the initialization code to the new function.
(read_pem_certificate): Initialize base64 table.
(read_certificate): Try to decode certificates given in files as PEM
first.
GnuPG-bug-id: 1844
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/dns-stuff.c (map_eai_to_gpg_error): Map EAI_NODATA and
EAI_ADDRFAMILY only if defined.
--
Reported-by: Christoph Moench-Tegeder <cmt@burggraben.net>
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/misc.c (hexify_data): Add arg with_prefix. Adjust all
callers.
* dirmngr/crlcache.c (cache_isvalid): Print "0x" in front of the S/N.
--
GnuPG-bug-id: 1147
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (map_host): Fix setting of r_poolname.
--
map_host is intended to return the name of the pool as an additional
information. However this broke some time ago and a pool name was
only retrained if the pool name was retrieved from a DNS CNAME.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem.
* dirmngr/http.c (http_session_new): Add optional arg
intended_hostname and set a default cert.
* dirmngr/ks-engine-hkp.c (send_request): Pass httphost to
http_session_new.
--
Ship the certificate for the sks-keyservers hkps pool. If the user
has specified that they want to use
hkps://hkps.pool.sks-keyservers.net, and they have not specified any
hkp-cacert explicitly, then initialize the trust path with this
specific trust anchor.
Co-authored-by: wk@gnupg.org
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to
avoid a warning when ADNS is not available.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as
it is unused if LDAP is used to search for keys.
--
This amends 6ac57a48.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver
responded with a '404 Not Found'.
* dirmngr/ks-engine-hkp.c (send_request): Return http status code.
(ks_hkp_search): Likewise.
(ks_hkp_{get,put}): Adapt call to 'send_request'.
* dirmngr/ks-engine.h (ks_hkp_search): Update prototype.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/ks-action.c (ks_action_search): Search all configured
keyservers for the given patterns.
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 1038
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--
This feature is independent of --use-tor and automagically uses Tor if
available. The dirmngr.conf file needs to specify two keyservers to
make this work. For new installations this is done using the skeleton
file. This feature requires the Libassuan 2.4.2 to work.
This patch also fixes a memory leak of opt.keyserver en passant.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before
checking for errors, but silently ignore errors when looking up SRV
records.
--
This is a follow-up to 946faaff.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the
declaration was already fixed by a previous change.
* dirmngr/server.c (cmd_getinfo): Use assuan_fd_t.
--
Note that this matters only for Windows and it does not harm as long
as we can only build for 32 bit Windows withsizeof(int)==sizeof(void*).
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
* dirmngr/server.c (data_line_cookie_write): Ditto.
* sm/certdump.c (format_name_writer): Ditto.
* sm/server.c (data_line_cookie_write): Ditto.
* dirmngr/http.c (cookie_read, cookie_write): Ditto.
--
See the release notes of libgpg-error 1.15 for background info on
gpgrt_ssize_t.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (my_unprotect, my_protect): Remove.
(connect_server): Do not use these wrappers.
--
Since Libassuan version 2.4.2 the macro ASSUAN_SYSTEM_NPTH_IMPL
protects the low-level connect calls with npth_unprotect and
npth_protect. This is better than the high-level kludge we used here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port.
--
Previously, sin_port was set to zero, making connect fail.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/dns-stuff.c (getsrv): Fix error handling.
--
This fixes hkp server pools not using SRV records.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
(create_new_hostinfo): Initialize 'port'.
(add_host): Add host parameter and update the hosttable entry.
(map_host): Return port if known, adjust calls to 'add_host'.
(make_host_part): Let 'map_host' specify the port if known.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/asshelp.h: Include 'util.h'.
* dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect
to the dirmngr.
(start_dirmngr): Drop now unused declaration and function.
--
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 1843
* dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed
arguments.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/http.c (close_tls_session): New function.
(session_unref): Use the new function to close the TLS stream.
(cookie_read): If the stream terminated prematurely, close it and
return a short read.
--
With this patch, I was able to update all the keys in the Debian
keyring over hkps.
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 1950
* dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable'
entry instead of creating another one.
--
Previously, if a keyserver was given using its IP address
(e.g. 'hkp://127.0.0.1'), 'map_host' would create two entries in the
'hosttable', one with the name '127.0.0.1', and the second one with
the name 'localhost' and 'v4addr' being set to '127.0.0.1'. But the
first entry is the one being used for lookups, and since the 'v4' flag
is not set, the 'HTTP_FLAG_IGNORE_IPv4' is used when doing the http
request, making it fail.
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 2012
* dirmngr/dns-stuff.c: Include npth.h
(my_unprotect, my_protect): New wrapper.
(resolve_name_adns): Put unprotect/protect around adns calls.
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (tor_credentials): New.
(enable_dns_tormode): Add arg new_circuit and update tor_credentials.
(my_adns_init): Rework to set Tor mode using a config file options and
always use credentials.
* dirmngr/server.c (cmd_dns_cert): Improve error message.
* dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
--
Note that the option --new-circuit in t-dns-stuff is not really useful
because a new circuit is also used for the first call to the function.
Todo: We need to find a policy when to requrest a new curcuit and we
also need to add credentials to the assuan_sock_connect calls.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h (zb32_encode): Move prototype to ...
* common/zb32.h: new. Include this for all callers of zb32_encode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c: Include unistd.h.
(getsrv): Run srand only once.
* dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
and change output format.
* dirmngr/dns-stuff.c: Replace all use of default_errsource.
(my_adns_init): Move to top.
(resolve_name_adns): New.
(resolve_dns_name) [USE_ADNS]: Divert to new func.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (is_onion_address): New.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
(map_host): Special case onion addresses.
(ks_hkp_print_hosttable): Print an 'O' for an onion address.
* dirmngr/http.c (connect_server): Special case onion addresses.
--
Note that this requires the latest libassuan from git. Onion addresses
are always support regardless of the --use-tor flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
we require getaddrinfo anyway.
* dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
(map_eai_to_gpg_error) [W32]: Take care of unsupported codes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
first resolving the CNAME.
(get_dns_cname): New.
* dirmngr/t-dns-stuff.c (main): Add option --cname.
--
At least the getaddrinfo implementation in glibc 2.19-13 from Debian
returns EAI_NONAME if the CNAME points to a too long list of A/AAAA
addresses. Looking at the wire the data is correctly returned from
the server but getaddrinfo seems to get confused by truncation and
retry. To fix this we resolve the CNAME again and call getaddrinfo
again with the canonical name.
Signed-off-by: Werner Koch <wk@gnupg.org>
