* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
(agent_protect): Make the default protection mode depend on the extend
key format option.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
* agent/command.c (cmd_delete_key): Add option --stub-only.
--
This option can be used to savely remove stub keys.
* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
* agent/w32main.c: Ditto.
--
For openpty function, we need to include util.h on some OS.
We also have util.h in common/, so this change is needed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac: Simply check getpeerucred and ucred.h, and structure
members.
* agent/command-ssh.c: Include ucred.h.
(get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred
structure for OpenBSD.
[LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS.
[LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD.
[HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris.
--
This change also addresses following bug.
GnuPG-bug-id: 2981.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/command-ssh.c (card_key_list): Return 0 when
agent_card_serialno returns an error.
(ssh_handler_request_identities): Handle errors for card listing
and proceed to other cases.
--
GnuPG-bug-id: 2980
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/command.c (cmd_keytocard): Always use leave_cmd. Simplify
timestamp checking and do an early test with an appropriate error
message.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (get_prompt_info): Change texts.
* agent/call-pinentry.c (struct entry_features): New.
(getinfo_features_cb): New.
(start_pinentry): Set new fucntion as status callback.
(build_cmd_setdesc): New. Replace all snprintf for SETDESC by this
one.
--
Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (get_disp_name): New.
(get_disp_serialno): New.
(get_prompt_info): New.
(build_enter_admin_pin_prompt): Rework the prompt texts. Factor some
code out to ...
(get_remaining_tries): New.
(verify_a_chv): Print a remaining counter also for the standard PIN.
Rework the prompt texts.
* agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
no.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/divert-scd.c (has_percent0A_suffix): New.
(getpin_cb): Prepend DESC_TEXT to the prompt.
* agent/findkey.c (modify_description): Rename to ...
(agent_modify_description): this. MAke global. Add kludge to remove
empty parentheses from the end.
(agent_key_from_file, agent_delete_key): Adjust for above change.
* agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when
diverting to a card.
--
Now that we have support for multiple tokens, it is important to show
information on which key has been requested. Without that it may
happen that the PIN for a wrong card is accidentally entered.
The texts are a bit ugly, because they talk about "passphrase" but
later about entering a PIN.
A quick hack would be to s/passphrase/PIN/ in the description but that
is complicated due to i18n. Another solution might be never to talk
about PINs in the description but always about "passphrase: and only
use "PIN" or "passphrase" on the left of the entry field.
* agent/call-scd.c (writekey_parm_s, inq_needpin_s): Merge into ...
(inq_needpin_parm_s): new struct. Add new field 'getpin_cb_desc'.
Change users to set all fields.
(inq_needpin): Pass GETPIN_CB_DESC to the GETPIN_CB.
(agent_card_pksign): Add arg 'desc_text' and change arg 'getpin_cb' to
take an additional arg 'desc_text'.
(agent_card_pkdecrypt): Ditto.
(agent_card_writekey): Change arg 'getpin_cb' to take an additional
arg 'desc_text'.
(agent_card_scd): Ditto.
* agent/divert-scd.c (getpin_cb): Add new arg 'desc_text'.
(divert_pksign): Add new arg 'desc_text' and pass is to
agent_card_pksign.
(divert_pkdecrypt): Add new arg 'desc_text' and pass is to
agent_card_pkdecrypt.
* agent/pkdecrypt.c (agent_pkdecrypt): Pass DESC_TEXT to
divert_pkdecrypt.
* agent/pksign.c (agent_pksign_do): Pass DESC_TEXT to
divert_pksign.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-scd.c (card_cardlist_cb, agent_card_cardlist): New.
* agent/command-ssh.c (card_key_list): New.
(ssh_handler_request_identities): Call card_key_list and loop for the
list to send public keys for all available cards.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
* g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
that we do not change the code when adding new fields to
PINENTRY_LAUNCHED.
--
This patch changes the --verbose output of gpg to show
for example
gpg: pinentry launched (5228 gtk2 1.0.1-beta10 \
/dev/pts/4 xterm localhost:10.0)
the used tty, its type, and the value of DISPLAY in addiion to the
pid, flavor, and version.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cache.c (agent_store_cache_hit): Make sure the update is
atomic.
--
Previously, the function freed the last key, and duplicated the new
key after doing that. There is a chance, however, that calling the
allocator surrenders control to a different thread, causing a double
free if a different thread also calls this function.
To make sure the update is atomic under the non-preemptive thread
model, we must make sure not to surrender control to a different
thread. Therefore, we avoid calling the allocator during the
update.
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
from 100ms to 1ms or use gpgrt_yield when build against a recent
libgpg-error.
--
Debian-bug-id: 851298
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (startup_fd_list): Do not define for W32.
(main) [W32]: Do not call get_all_open_fds.
--
GnuPG-bug-id: 2267
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Initialize secmem to the configured buffer
size.
--
This patch is a step toward addressing
GnuPG-bug-id: 2857
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (handle_connections): Add a comment.
* dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
socket to ...
(handle_connections): here. Add a comment why we keep the
listening socket open during a shutdown.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (handle_connections): Keep on selecting on the
inotify fd even when a shutdown is pending.
* dirmngr/dirmngr.c (handle_connections): Ditto. Also simplifyy the
use of the HAVE_INOTIFY_INIT cpp conditional.
--
Without that patch we won't notice a removed socket when a shutdown is
pending. This is somewhat related to bug report 2849.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Remove duplicated initialization in daemon
mode.
--
The commit f57dc2b1e6 fixes a part of
problem (for missing initialization of supervised mode). It was
actually put in wrong place.
Fixes-commit: 9f92b62a51
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
system call clamp.
(agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
enough.
--
This patch prepares for a feature comming with Libgcrypt 1.8.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
"need_entropy".
--
During key generation Libgrypt will read from /dev/random which may
block. Libgcrypt is not nPth aware and thus the entire process will
block. Fortunately there is also a select with a short timeout to run
the progress callback. We detect this in gpg-agent and introduce a
short delay to give other threads (i.e. connections) an opportunity to
run.
This alone is not sufficient, an updated Libgpg-error is also required
to make the lock functions nPth aware.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (start_pinentry): Get flavor and version and
pass it to agent_inq_pinentry_launched.
* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.
Signed-off-by: Werner Koch <wk@gnupg.org>
There were several different variant spellings of "passphrase". This
should fix them all for all English text.
I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (get_socket_name): move to ...
* common/sysutils.c (gnupg_get_socket_name): ... here.
--
This allows us to use the same functionality in dirmngr as well.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
Remove unneeded diagnostic.
--
get_socket_name already prints error messages and thus there is not
need to print another one.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (map_supervised_socket): if the agent is running
in --supervised mode and is not actually given LISTEN_FDNAMES
directives, require at least fd 3 to be open for listening.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/call-pinentry.c (start_pinentry): Also send the user data
using an Assuan 'OPTION' command.
* tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
passphrase file.
(spacep): Include newline characters.
(rstrip): New function.
(main): Handle Windows line endings. Handle the userdata option, and
restart with the new options.
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/command.c (cmd_readkey): Avoid a leave label in the middle of
the code. Remove the special return.
--
This helps to get better debug output.
The set_error macro which is used by parse_keygrip merely sets the
error code into the Assuan context. It is thus no problem anymore to
call leave_cmd after having used set_error. This might havve been
diffferent in the past.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/findkey.c (agent_write_private_key): Recover from an error of
GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
