* configure.ac: Require at least Libgcrypt 1.9.0. Remove all
GCRYPT_VERSION_NUMBER dependent code.
--
Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
--
The former gpgkeys_ldap module has once been ported to dirmngr but
unfortunately the dirmngr_ldap wrapper has not been used so that we
have internal LDAP calls with these problems:
- No usable timeouts.
- On non-Windows platforms a lot of extra libs and possibly even a
second copy of Libgcrypt is pulled in.
- Only one threads runs at a time.
This patch mitigates the last point.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
--
Ported from 2.2.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
serverinfo and allow searching by fingerprint.
(ks_ldap_get, ks_ldap_search): First connect then create teh filter.
--
With the new schema we can finally search by fingerprint.
* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
extract-state and schemav2. Add data for the new schema version.
remove the legacy code to handle UIDs in the "pub" line.
(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
(my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
serverinfo arg. Set the new info flags.
(ks_ldap_get): Adjust for change.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto. Replace xmalloc by xtrymalloc. Change the DN
for use with NTDS (aka Active Directory).
* doc/ldap/gnupg-ldap-init.ldif (pgpSoftware): Update definition of
pgpVersion.
* doc/ldap/gnupg-ldap-ad-init.ldif: New.
* doc/ldap/gnupg-ldap-ad-schema.ldif: New.
--
This is a first take on better Active Directory support. The main
change for NTDS in the code is that the an top-RDN of CN is used
instead of the old pgpCertID. More changes to come; for example using
and storing the fingerprint.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
--
The pgpSignerID has no use in the LDAP and thus don't store it.
David's idea back in 2004 was
/* This bit is really for the benefit of people who
store their keys in LDAP servers. It makes it easy
to do queries for things like "all keys signed by
Isabella". */
See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5
I consider this dangerous because such a query is not able to validate
the signature, does not get revocation signatures, and also has no
information about the validity of the signatures. Further many keys
are spammed tehse days with faked signatures and it does not make
sense to blow up the LDAP with such garbage.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
addlist.
--
The code used the wrong list which resulting in adding attributes
marked for deletion. In particular Active Directory does not accept
such an data and rejects them. The bug was introduced into 2.1 while
porting the code from the old keyserver helpers to dirmngr.
Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
string.
(gpgconf_versions): Print ksba revision.
--
The latest Libksba version support retrieving of the revision (commit)
id. We now use that or print a question mark.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.h (struct gnupg_dirent_s): New.
* common/sysutils.c: Include dirent.h.
(struct gnupg_dir_s): New.
(gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all
callers of opendir, readdir, and closedir to use these functions.
--
GnuPG-bug-id: 5098
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--
Yet another wrapper for Unicode support on Windows.
GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New. Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--
This is yet another step for full Unicode support on Windows.
GnuPG-bug-id: 5098
* common/sysutils.c (gnupg_access): New. Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--
Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.
This is required to correctly handle non-ascii filenames on Windows.
GnuPG-bug-id: 5098
* dirmngr/ldap.c (start_default_fetch_ldap): Rename to
start_cacert_fetch_ldap and remove arg attr. Instead use
"cACertificate" directly.
* dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
(start_cert_fetch_ldap): Rename arg for clarity.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.
--
The strings in the ARRAY don't need to be released by caller, as those
are references. It's easier to follow the code when it's explicitly
const *.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
--
And we also print nicer diagnostics. The reason we need this is that
for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a
command to dirmngr. This may results in a SIGPIPE which in turn leads
to an annoying error message from gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--
The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate. This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.c (dns_res_stub): Fix RESCONF usage.
--
Note that this is dead code. It is for making a static analyzer happy.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
conversion.
* dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
int to float.
* sm/gpgsm.c (parse_keyserver_line): Initialize ERR.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
In the experiment for 4994, and patches were wrongly applied.
Fixes-commit: 46d185f60397f68830bfdfb99627b29aea5016f1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.
--
GnuPG-bug-id: 4998
Reported-by: Kevin Locke
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
(main): Use that arg for the default file.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.h (dns_strsection, dns_strclass)
(dns_strtype): Change APIs.
* dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
(dns_rr_print): Use __dst for dns_strclass and dns_strtype.
(dns_trace_dump): Likewise.
(dns_ai_print): Use __dst for dns_strtype.
(dns_strsection): Add an argument __dst for storage.
(dns_strclass, dns_strtype): Likewise.
(parse_packet): Use __dst for dns_strsection.
(send_query): Use __dst for dns_strtype.
(isection): Use __dst for dns_strsection.
(iclass): Use __dst for dns_strclass.
(itype): Use __dst for dns_strtype.
GnuPG-bug-id: 4934
Reported-by: Tomas Mraz
Fixes-commit: 455ef62d29a112de05897139716265d07e4c6ae3
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/validate.c (hash_algo_from_buffer): New.
(uint_from_buffer): New.
(check_cert_sig): Support rsaPSS.
* sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on
error.
--
Yes, I know that there is a lot of code duplication. In fact some of
the code is ugly and it would be better if we enhance Libgcrypt to
guarantee that returned memory buffers via gcry_sexp_extract_param are
allways Nul terminated and we should also enhance that function to
directly extract into an unsigned int or char *.
GnuPG-bug-id: 4538
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here.
(known_options_scdaemon): Remove "options".
(known_options_dirmngr): Remove "options".
(known_options_gpgsm): Remove "options".
(known_options_gpg): Remove "options" and "keyserver".
(struct gc_option_s): Rename active t gpgconf_list.
(gc_component_list_options): Do not act upon active.
(option_check_validity): Ditto.
(is_known_option): Make it work correctly for unknown options.
(retrieve_options_from_program): Use renamed flag gpgconf_list only to
detect duplicated items from --gpgconf-list. Do not set runtime.
Only e set the options if set by --gpgconf-list; never clear them.
* agent/gpg-agent.c: Simplify the --gpgconf-list output.
* dirmngr/dirmngr.c: Ditto.
* g10/gpg.c: Ditto.
* kbx/keyboxd.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
for the string arg test.
--
There is no need to read the list of options from the components
unless they convey a default value. It is better to consult only the
list we have in gpgconf-comp.c to decide on whether an option should
be displayed. Right, this might mess up thing if a newer gpgconf
version is used with an older component, but we already print warnings
in this case and in general we do not want to support this anymore -
the times of gpg 1.4. and 2.0 are long over now.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c: Remove all regular option descriptions. They
are now read in from the component. Also remove a few meanwhile
obsolete options.
* agent/gpg-agent.c: Add option description which were only set in
gpgconf-comp.c.
* dirmngr/dirmngr.c: Ditto.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto.
* g10/gpg.c: Ditto.
--
This second part removes all regular option descriptions because they
can be read from the components. A few were missing in the components
and thus moved to there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (reread_configuration): Use a two-part config
file.
* dirmngr/dirmngr.c (reread_configuration): Ditto.
--
If --options is used to to set a specific options file, this file and
not the default file needs to be re-read on SIGHUP.
GnuPG-bug-id: 4788
* scd/scdaemon.c: Switch to the new option parser and enable a global
conf file.
* dirmngr/dirmngr.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto. Do not force verbose mode.
* dirmngr/dirmngr_ldap.c: Switch to the new option parser.
* dirmngr/dirmngr-client.c: Switch to the new option parser.
--
This finalizes the switch to the new option parser. What's left is to
remove the old argparser code from common.
g13-syshelp does not anymore default to --verbose because that can now
be enabled in /etc/gnupg/g13-syshelp.conf.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Remove argparse.h.
* common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
argparse.h. Do this also for all main modules which use our option
parser except for gpg. Replace calls to strusage by calls to
gpgrt_strusage everywhere.
* g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
(main): Change type of pargs to gpgrt_argparse_t. Rework the option
parser to make use of the new gpgrt_argparser.
--
This is not yet finished but a make check works. gpg has the most
complex and oldest option handling and thus this is the first
migration target. SE-Linux checks and version-ed config files are
missing and will be added later.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
No functional changes, just fixing minor spelling issues.
---
Most of these were identified from the command line by running:
codespell \
--ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
--skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
NEWS README README.maint TODO
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C. Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.
* g10/main.h: Put util.h before the local header files.
--
This change is required for use with gcc/ld's LTO feature which does
not allow common blocks. Further gcc 10 will make -fno-common the
default and thus this chnage is always needed. What a pitty.
Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7)
- Applied respective chnages also to gpg-card and keyboxd.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (proc_wkd_get): Print new NOTE status
"wkd_cached_result".
* g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
verbose mode.
--
This little patch is helpful to see why a WKD change still does not
work after it has been updated on the server.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (time_for_housekeeping_p): Build with --fwrapv.
Replace protecting macro.
--
I once replaced all JNLIB macros by GPGRT macros. However, I missed
to get this right for the push pragma test and used
GPGRT_GCC_HAVE_PUSH_PRAGMA
instead of the correct
GPGRT_HAVE_PRAGMA_GCC_PUSH
Now after fixing this it turned out that no-strict-overflow is not
anymore supported as oprimize pragma and thus I replaced that too
according to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58454 .
Tested with 32 bit Windows but the real test will be in 2038.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap.
* dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a
missing slashes in an http scheme if NO_SCHEME_CHECK is active.
* dirmngr/t-http.c (main): Print new flag.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of
checking the scheme.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using
http_parse_uri.
* dirmngr/t-ldap-parse-uri.c (main): Add option --verbose.
--
This patch merely remove the separate parser for checking for an LDAP
scheme. It is better to let our generic URI parser handle this. Also
fixes this bug
|| url[4] == 'i' || url[4] == 'i')
to make the rarely used ldapi scheme case-insensitive.
More changes to the LDAP code are planned.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Do not build dirmngr if no TLS is available.
* dirmngr/http.c: Remove all uses of the USE_TLS macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--
For example a
gpg -v --locate-external-keys dd9jn@posteo.net
now yields
gpg: Note: server uses an invalid certificate
gpg: (further info: bad cert for 'posteo.net': \
Hostname does not match the certificate)
gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
gpg: error reading key: Wrong name
(without -v the "further info" line is not shown). Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses. Anyway, this help to show the feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--
This should make it easier to diagnose problems with bad WKD servers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
--
This currently works only for Windows but that is where users really
ran into problems. The old workaround was to configure disable-ipv4
or disable-ipv6.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (parse_ldapservers_file): Tune down error
in case no such file exists.
--
This is hardly an error because by default such a file
does not exist. This caused trouble in support because
people think "Oh the system prints an error".
GnuPG-Bug-Id: T3539
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff. Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--
Note that the ldap_sslinit stuff for Windows has not been tested.
This patch removes the whole wrapper-but-linked business because we do
not need it anymore. WindowsCE for which we used it is pretty dead.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldapserver.h: Rename LDAPSERVER_OPT.
--
Using _OPT is not good because it does not describe for what this
configuration group is used. _SESSION immediately shows the purpose.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.
* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.
* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--
There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This
patch fixes this. Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it. For backward
compatibility we do not yet do that.
Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used. Thus the
patch also detects an ldaps scheme and uses this. That part has not
been tested, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.
--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>
GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Originally applied to 2.2. Here a minor conflict fix was needed.
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
(handle_send_request_error): Use it for 503 and 504.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
extra_tries.
--
This is a pretty stupid fix but one which works without much risk of
regressions. We could have used the existing TRIES but in that case
the fallback to other host would have been too limited. With the used
value we can have several fallbacks to other hosts. Note that the
TRIES is still cumulative and not per host.
GnuPG-bug-id: 4600
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval,
r_produced_at, and r_md. Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo. Print a diagnostic if the
signature does not verify.
--
GnuPG-bug-id: 3966
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/certcache.c (find_cert_bysubject): Add better debug output
and try to locate by keyid.
--
This chnages was suggested in
GnuPG-bug-id: 4536
but we do not have any test cases for this.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
(insert_or_update): Implement new update algorithm.
--
The old algorithm limited the length of a bucket chain by purging the
last 50% or the entries. Thus the first domains entered into the
cache were never purged. The new algorithm is a bit better: It also
limits the chain length on overflow to 50% but tries to keep the
entries indicating that a WKD is available in the cache. If there is
still space to keep more, those which clearly do not support WKD are
also kept.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--
These search modes were added over time and there has until recently
be no incentive to remove the cruft. With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (post_option_parsing): Do not call set_tor_mode.
(dirmngr_sighup_action): Call it here.
(main): Call it here unless in --gpgconf-list mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (same_host_p): Add exception table.
--
Please: Adding entries to this table shall be an exception and not the
rule.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.h (dns_quietinit): Remove.
(dns_hints_i_new): Remove.
--
Even before our change, dns_quietinit was questionable macro; There
was no place in dns.c which requires overrides in initializer list.
Only redundant zero were.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
* dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
automatic variable for opts.
* dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
Likewise.
--
In fact, DNS_OPTS_INIT was only needed when args are none. With
partially specified initialization, C99 guarantees zero-ed other
members just like static object.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
Call dns_rr_grep with NULL.
* dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
--
Here we still use C99 feature of struct member initialization in
dns_rr_foreach, for struct dns_rr_i. Note that in C99, it guarantees
non-specified member fields are initialized by zero. So, there's no
need to use dns_rr_i_new at all.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
variables.
(dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
--
Compound literals is a feature of C99. Because we only use C90 plus
some limited features, in the project, it's better to avoid it.
Besides, we make sure when it's read-only.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc.
* tools/gpg-pair-tool.c (command_respond): Init two vars to silence
gcc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
http_status and handle it.
(ks_hkp_search): Get http_status froms end_request and pass on to
handle_send_request_error.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--
GnuPG-bug-id: 4175
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--
With this change a http query will not follow a redirect unless the
Location header gives the same host. If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.
Signed-off-by: Werner Koch <wk@gnupg.org>
Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.
--
This allows it to flush the CRL cache of a running dirmngr
server. This can be useful to debug / analyze CRL issues.
GnuPG-Bug-Id: T3967
Differential Revision: https://dev.gnupg.org/D469
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
(cherry picked from commit 00321a025f90990a71b60b4689ede1f38fbde347)
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement. Change all callers to pass false for it.
* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--
Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it. After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.
To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command
t-mbox-util --verbose --filter
can be used; to output w/o sub-addresses add --no-sub.
GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
--
Reportted-by: Tomas Mraz
GnuPG-bug-id: 4230
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--
GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
request.
--
We append the raw non-canonicalized local address part to the hash.
Servers who serve the requests from static files will ignore the
parameters and a test with posteo shows that also services using a
database ignore the parameter. The general idea is that service
providers may use their own canonicalization rules. The problem is
that we currently filter the returned key for the full mail address
and thus we will never see a key if the service did a different
canonicalization than we. So consider this to be an experiment.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--
If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.
--
Multiple threads may write to hosttable[x]->dead while
select_random_host() is running. For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.
If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.
This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.
As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.
However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block. Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.
GnuPG-bug-id: 2836
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
to mitigate rogue DNS servers.
--
I am not sure wether this really is very useful because the security
relies on a trustworthy DNS system anyway. However, that check is
easy enough to do.
Signed-off-by: Werner Koch <wk@gnupg.org>