* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--
Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--
These changes are helpful for phone support.
* tools/gpg-connect-agent.c (handle_inquire): When the helper program
exit status is not 0, it means cancellation, now.
--
GnuPG-bug-id: 6010
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--
The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools. However, with the global config file
common.conf things are anyway better. We disable the use for the
commonly used tools so that it does not look like calling gpg on the
command line seems to block with no output if the log
server (e.g. tcp://1.2.3.4:11111) is not reachable.
* tools/gpgtar.c: New option --with-log.
* tools/gpgtar.h (opt): Add field with_log.
* tools/gpgtar-extract.c (gpgtar_extract): Move directory string
building up. Add option --log-file if needed.
* tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
is used outside of its scope.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
* tools/gpgtar.h (opt): Add new flags.
* tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
--require-compliance.
(main): Init signals.
* tools/gpgtar-create.c: Add new header files.
(gpgtar_create): Rework to use a pipe for encryption and signing.
* tools/gpgtar-list.c: Add new header files.
(gpgtar_list): Rework to use a pipe for decryption.
* tools/gpgtar-extract.c: Add new header files.
(gpgtar_extract): Rework to use a pipe for decryption.
--
Fixes-commit: 40dbee86f3
* tools/gpgtar.c: Replace assert by log_assert.
* tools/gpgtar-extract.c: Ditto.
(extract_regular): Create files with sysopen flag.
* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
--
Note that for this change libgpg-error 1.45 is required for Windows.
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.
* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
--
This delay of 2 or 3 seconds is in particular annoying on Windows.
This is now suppressed, as it should be, if --no-use-tor is used.
The second patch is unrelated
* tools/gpgconf-comp.c (retrieve_options_from_program): Ignore to to
ignored options. Add failsafe code to avoid calling percent_escape
with NULL.
--
Remember: When using ARGPARSE_FLAG_WITHATTR the ARGPARSE_OPT_IGNORE
flags in the returned type needs to be considered.
GnuPG-bug-id: 5800
* dirmngr/dirmngr.c: Reorder two option groups.
* tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to
"ldapserver" and set level to invisible.
(known_options_dirmngr): Add "ldapserver" at the basic level.
* sm/gpgsm.c (opts): No more help text for "ldapserver".
--
GnuPG-bug-id: 5800
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--
GnuPG-bug-id: 5754
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr. Detect and store long file and link
names. Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--
GnuPG-bug-id: 5754
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--
* tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
things.
(show_configs_one_file): New arg LISTP to be passed thru.
(show_configs): Show envars and regisiry values.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (aShowConfigs): New.
(opts): Add --show-configs.
(CUTLINE_FMT): New.
(show_version_gnupg): Add arg "prefix" and adjust caller.
(my_copy_file): New.
(show_configs_one_file): New.New.
(show_configs): New.
(main): Call show_configs.
--
The ability to have a consolidated list of all config files is very
useful for support cases. This is in particular important due to the
global config files and their conditional constructs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c (known_options_gpg): Add "keyserver".
--
This allows Kleopatra to read and change the keyserver that is used
by gpg if the deprecated keyserver option in gpg.conf is set.
GnuPG-bug-id: 5462
* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
(i18n_localegettext): Ditto.
* tools/gpgconf-comp.c (my_dgettext): Ditto.
--
On Unix, gnupg_localedir() returns the locale directory relative to
the root directory of the gnupg installation if specified in the
gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR.
GnuPG-bug-id: 5999
* common/recsel.c (recsel_parse_expr): Add flag -t.
* common/stringhelp.c: Remove assert.h.
(strtokenize): Factor code out to do_strtokenize.
(strtokenize_nt): New.
(do_strtokenize): Add arg trim to support the strtokenize_nt.
* common/t-stringhelp.c (test_strtokenize_nt): New test cases.
* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
flag -t.
--
This fixes a bug with user ids with leading spaces because:
wks-client lists all mail addresses from the key and matches them to the
requested mail address.
If there are several user-ids all with the same mail address
wks-client picks one of them and then extracts exactly that user id.
However, here it does not match by the mail address but by the full
user-id so that we can be sure that there will be only one user-id in
the final key.
The filter built expression unfortunately strips leading blanks but
requires a verbatim match. Thus it won't find the user id again and
errors out.
The new -t flag and a non-trimming strtokenize solves the problem.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg. Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing. Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constrainst flag from the supplied pinentry
struct.
--
Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different. Thus a
the use of a different pattern file will be useful. Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.
GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
instead of the constant which makes a difference on Windows.
(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
(gnupg_cachedir): Remove unsued function.
* common/sysutils.c (gnupg_rmdir): New.
* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
--
That is actually a more correct directory than APPDATA. This fixes
a problem with installations where the APPDATA is non a network drive
and the resulting socket filename is truncated in our socket helper
function (because we use sockaddr also for our local socket
emulation on Windows).
LOCAL_APPDATA is expected to be on the local box and thus in the
majority of cases the resulting socket file name will be short enough.
GnuPG-bug-id: 5537
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h.
* dirmngr/ks-engine-ldap.c: Remove including getopt.h.
* tools/make-dns-cert.c: Likewise.
--
Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h
is only needed for getopt_long of GNU extention.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-check-pattern.c: Major rewrite.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Here is a simple pattern file:
====================
# Pattern to reject passwords which do not comply to
# - at least 1 uppercase letter
# - at least 1 lowercase letter
# - at least one number
# - at least one special character
# and a few extra things to show the reject mode
# Reject is the default mode, ignore case is the default
#[reject]
#[icase]
# If the password starts with "foo" (case insensitive) it is rejected.
/foo.*/
[case]
# If the password starts with "bar" (case sensitive) it is rejected.
/bar.*/
# Switch to accept mode: Only if all patterns up to the next "accept"
# or "reject" tag or EOF match, the password is accepted. Otherwise
# the password is rejected.
[accept]
/[A-Z]+/
/[a-z]+/
/[0-9]+/
/[^A-Za-z0-9]+/
=================
Someone™ please write regression tests.
