1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-02 20:18:55 +01:00
Commit Graph

55 Commits

Author SHA1 Message Date
Andre Heinecke
5e1a844ae9
sm: Fix cert storage for ephemeral certs
* sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
existing certs if store should not be ephemeral.

--

Previously keydb_store_cert would ignore ephemeral certificates
when asked to store a non ephemeral certificate and insert
it again without the flags. This resulted in duplicated
certificates in the keybox.

GnuPG-bug-id: 1921
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2015-06-25 13:03:39 +02:00
Werner Koch
935edf88ab kbx: Let keydb_search skip unwanted blobs.
* kbx/keybox.h (keybox_blobtype_t): New.
* kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
* kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
non-matching blobs.
* sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
* g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
--

Without this fix a listing of all keys would fail because the wrong
blob type would be returned for the gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 12:15:34 +01:00
Werner Koch
2ca90f78ce gpg: Skip overlong keys and a print a warning.
* kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too
long blobs.
* sm/keydb.c (keydb_search): Call keybox_search with a dummy param.
* g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs.
(keydb_search_reset): Reset that field.
(keydb_search): Update that field.
(keydb_get_skipped_counter): New.
* g10/keylist.c (list_all): Print count of skipped keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 21:01:49 +02:00
Werner Koch
ec332d58ef gpg: Take care to use pubring.kbx if it has ever been used.
* kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
* kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
flag.
* kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
and set header flag.
* kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
and add arg for_openpgp.
(keybox_new_openpgp, keybox_new_x509): New.  Use them instead of the
former keybox_new.
* kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
openpgp header flags.

* g10/keydb.c (rt_from_file): New.  Factored out and extended from
keydb_add_resource.
(keydb_add_resource): Switch to the kbx file if it has the openpgp
flag set.

* kbx/keybox-dump.c (dump_header_blob): Print header flags.
--

The problem was reported by dkg on gnupg-devel (2014-10-07):

  I just discovered a new problem, though, which will affect people on
  systems that have gpg and gpg2 coinstalled:

   0) create a new keyring with gpg2, and use it exclusively with gpg2
  for a while.
   1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
  ~/.gnupg/pubring.gpg
   2) future runs of gpg2 now only look at pubring.gpg and ignore
  pubring.kbx -- the keys you had accumulated in the keybox are no
  longer listed in the output of gpg2 --list-keys

Note that gpgsm has always used pubring.kbx and thus this file might
already be there but without gpg ever inserted a key.  The new flag in
the KBX header gives us an indication whether a KBX file has ever been
written by gpg >= 2.1.  If that is the case we will use it instead of
the default pubring.gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 19:10:32 +02:00
Werner Koch
c4b60cdae8 sm: Create homedir and lock empty keybox creation.
* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c (try_make_homedir): New.  Similar to the one from
g10/openfile.c.
(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.
2014-08-14 17:15:50 +02:00
Werner Koch
42c043a8ad gpgsm: Add a way to save a found state.
* kbx/keybox-defs.h (keybox_found_s): New.
(keybox_handle): Factor FOUND out to above.  Add saved_found.
* kbx/keybox-init.c (keybox_release): Release saved_found.
(keybox_push_found_state, keybox_pop_found_state): New.

* sm/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init it.
(keydb_push_found_state, keydb_pop_found_state): New.
2014-06-02 15:55:00 +02:00
Werner Koch
25036ec6ab gpg: Fix uninitialized access to search descindex with gpg keyboxes.
* kbx/keybox-search.c (keybox_search): Add arg  R_DESCINDEX.  Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--

This only affects the new keybox for OpenPGP keys in 2.1.  The bug
exhibited itself by running GPA's backup command on Windows.
2014-05-14 18:13:11 +02:00
Werner Koch
f254497e09 sm: Remove cruft from source files.
* sm/keydb.c, sm/keydb.h: Remove disabled code parts.
2013-06-27 11:40:12 +02:00
Werner Koch
096e7457ec Change all quotes in strings and comments to the new GNU standard.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.
2012-06-05 19:29:22 +02:00
Werner Koch
ed8e267859 Add a flag parameter to dotlock_create.
This allows us to extend this function in the future.
2011-09-28 15:41:58 +02:00
Werner Koch
b73ae3ca36 Renamed the lock functions.
Also cleaned up the dotlock code for easier readability.
2011-09-23 14:43:58 +02:00
Werner Koch
816bee1fa0 Fixed set but unused variable bugs 2011-08-10 14:11:30 +02:00
Werner Koch
5da12674ea Fix regression in gpg's mail address parsing.
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'.  This happened when I merged the user id
classification code of gpgsm and gpg.
2011-04-25 23:59:25 +02:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
9a96043be4 Unification of the search descriptor usage. 2009-12-08 16:30:33 +00:00
Werner Koch
1d0e9816e4 s/DOTLOCK/dotlock_t/.
Add some stuff for g13.
2009-09-23 10:28:41 +00:00
Werner Koch
0a5f742466 Marked all unused args on non-W32 platforms. 2008-10-20 13:53:23 +00:00
Werner Koch
80f77d79c5 Fix a problem with dirmngr looked up certificates.
Typo fixes.
2008-04-01 15:08:57 +00:00
Werner Koch
93d3811abc Changed to GPLv3.
Removed intl/.
2007-07-04 19:49:40 +00:00
Werner Koch
12cc96a176 kbx/
* keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL):
	New.
	* keybox-update.c (keybox_compress): Use it here instead of a
	magic constant.
sm/
	* fingerprint.c (gpgsm_get_fingerprint): Add caching.
	(gpgsm_get_fingerprint_string): Use bin2hexcolon().
	(gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only
	as much memory as required.
	(gpgsm_get_keygrip_hexstring): Use bin2hex.

	* certchain.c (gpgsm_validate_chain): Keep track of the
	certificate chain and reset the ephemeral flags.
	* keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK.
	Changed caller to use a mask of ~0.  Return a proper error code if
	the certificate is not available.
2007-03-20 16:57:40 +00:00
Werner Koch
58785c880d Allow to select X.509 certificates using the keygrip. 2006-10-20 11:38:48 +00:00
Werner Koch
4b48bcacc9 Fix for bug 537 2006-10-02 11:54:35 +00:00
Werner Koch
e6f8654d03 Added common certificates. 2006-09-18 09:28:58 +00:00
Werner Koch
eef036df23 The big Assuan error code removal. 2006-09-06 16:35:52 +00:00
Werner Koch
f98537733a Updated FSF's address. 2006-06-20 17:21:37 +00:00
Werner Koch
fbe4ac37f6 g10/ does build again. 2006-05-23 16:19:43 +00:00
Marcus Brinkmann
11544e7184 2006-05-19 Marcus Brinkmann <marcus@g10code.de>
* keydb.c (keydb_insert_cert): Do not lock here, but only check if
	it is locked.
	(keydb_store_cert): Lock here.

	* keydb.h (keydb_delete): Accept new argument UNLOCK.
	* keydb.c (keydb_delete): Likewise.  Only unlock if this is set.
	* delete.c (delete_one): Add new argument to invocation of
	keydb_delete.
2006-05-22 14:35:04 +00:00
Werner Koch
deeba405a9 gcc-4 defaults forced me to edit many many files to get rid of the
char * vs. unsigned char * warnings.  The GNU coding standards used to
say that these mismatches are okay and better than a bunch of casts.
Obviously this has changed now.
2005-06-16 08:12:03 +00:00
Werner Koch
8f620c8c2c * configure.ac (have_w32_system): New. Disable Pth checks for W32.
Link jnlib/w32-pth.h to pth.h.

* Makefile.am (pkglib_PROGRAMS): Build only for W32.

* keydb.c: Don't define DIRSEP_S here.
2004-12-06 13:49:14 +00:00
Werner Koch
f289f433b6 * configure.ac: Require libksba 0.9.7.
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.

* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.

* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA.  We use shared error codes anyway.

* export.c (export_p12): Removed debugging code.

* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
2004-06-06 13:00:59 +00:00
Werner Koch
236d241aed * gpgsm.c: New command --keydb-clear-some-cert-flags.
* keydb.c (keydb_clear_some_cert_flags): New.
(keydb_update_keyblock, keydb_set_flags): Change error code
CONFLICT to NOT_LOCKED.
2004-04-28 08:59:34 +00:00
Werner Koch
6aaceac7fe The keybox gets now compressed after 3 hours and ephemeral
stored certificates are deleted after about a day.
2004-04-26 08:09:25 +00:00
Werner Koch
501267f88b (list_cert_colon): Hack to set the expired flag. 2004-03-15 08:39:48 +00:00
Werner Koch
1a709b341c * gpgsm.c (set_debug): Set the new --debug-level flags.
(main): New option --gpgconf-list.
(main): Do not setup -u and -r keys when not required.
(main): Setup the used character set.

* keydb.c (keydb_add_resource): Print a hint to start the
gpg-agent.
2004-02-18 17:00:21 +00:00
Werner Koch
5bda9a8e74 * keybox.h (keybox_flag_t): New.
* keybox-search.c (get_flag_from_image, keybox_get_flags): New.
(_keybox_get_flag_location): New.

* certchain.c (gpgsm_validate_chain): Mark revoked certs in the
keybox.

* keylist.c (list_cert_colon): New arg VALIDITY; use it to print a
revoked flag.
(list_internal_keys): Retrieve validity flag.
(list_external_cb): Pass 0 as validity flag.
* keydb.c (keydb_get_flags, keydb_set_flags): New.
(keydb_set_cert_flags): New.
(lock_all): Return a proper error code.
(keydb_lock): New.
(keydb_delete): Don't lock but check that it has been locked.
(keydb_update_keyblock): Ditto.
* delete.c (delete_one): Take a lock.
2004-02-02 17:09:35 +00:00
Werner Koch
cbd57643a7 Replaced deprecated type names.
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
(gpgsm_dump_serial): Ditto.

* decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
2003-12-17 12:28:24 +00:00
Repo Admin
9ca4830a5b This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2003-08-05 17:11:04 +00:00
Repo Admin
82a17c9fb3 This commit was manufactured by cvs2svn to create branch
'GNUPG-1-9-BRANCH'.
2002-10-19 07:55:27 +00:00
Werner Koch
5190d70423 * keydb.c (keydb_add_resource): Register a lock file.
(lock_all, unlock_all): Implemented.
2002-07-22 13:14:48 +00:00
Werner Koch
5795c02b09 * keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
all callers.
* call-agent.c (learn_cb): Print info message only for real imports.

* import.c (gpgsm_import): Moved duplicated code to ...
(check_and_store): new function.  Added magic to import the entire
chain. Print status only for real imports and moved printing code
to ..
(print_imported_status): New.
2002-07-02 10:40:12 +00:00
Werner Koch
df58e024e7 * gpgsm.c: New option --auto-issuer-key-retrieve.
* certpath.c (find_up): Try to retrieve an issuer key from an
external source and from the ephemeral key DB.
(find_up_store_certs_cb): New.

* keydb.c (keydb_set_ephemeral): Does now return the old
state.  Call the backend only when required.

* call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
(lookup_status_cb): Issue status only when CTRL is not NULL.
(gpgsm_dirmngr_lookup): Document that CTRL is optional.

* call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
2002-06-29 14:01:53 +00:00
Werner Koch
42cf865350 * certlist.c (gpgsm_add_to_certlist): Fixed locating of a
certificate with the required key usage.

* gpgsm.c (main): Fixed a segv when using --outfile without an
argument.

* keylist.c (print_capabilities): Also check for non-repudiation
and data encipherment.
* certlist.c (cert_usage_p): Test for signing and encryption was
swapped.  Add a case for certification usage, handle
non-repudiation and data encipherment.
(gpgsm_cert_use_cert_p): New.
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
callers to pass it.
* certpath.c (gpgsm_validate_path): Use it here to print a status
message. Added a CTRL argument and changed all callers to pass it.
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
usage.
* verify.c (gpgsm_verify): Ditto.
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.
2002-06-20 10:43:02 +00:00
Werner Koch
52146943d1 * call-agent.c (learn_cb): Use log_info instead of log_error on
successful import.

* keydb.c (keydb_set_ephemeral): New.
(keydb_store_cert): New are ephemeral, changed all callers.
* keylist.c (list_external_cb): Store cert as ephemeral.
* export.c (gpgsm_export): Kludge to export epehmeral certificates.

* gpgsm.c (main): New command --list-external-keys.
2002-06-19 08:30:10 +00:00
Werner Koch
c8454f792d * gpgsm.c, gpgsm.h: Add local_user.
* sign.c (gpgsm_get_default_cert): New.
(get_default_signer): Use the new function if local_user is not
set otherwise used that value.
* encrypt.c (get_default_recipient): Removed.
(gpgsm_encrypt): Use gpgsm_get_default_cert.
* verify.c (gpgsm_verify): Better error text for a bad signature
found by comparing the hashs.
2002-03-05 15:56:46 +00:00
Werner Koch
a9979e26a5 * import.c (gpgsm_import): Just do a basic cert check before
storing it.
* certpath.c (gpgsm_basic_cert_check): New.

* keydb.c (keydb_store_cert): New.
* import.c (store_cert): Removed and change all caller to use
the new function.
* verify.c (store_cert): Ditto.

* certlist.c (gpgsm_add_to_certlist): Validate the path

* certpath.c (gpgsm_validate_path): Check the trust list.
* call-agent.c (gpgsm_agent_istrusted): New.
2002-01-15 13:02:47 +00:00
Werner Koch
dc37fe1849 * base64.c (gpgsm_create_writer): Allow to set the object name
* server.c (cmd_genkey): New.
* certreqgen.c: New.  The parameter handling code has been taken
from gnupg/g10/keygen.c version 1.0.6.
* call-agent.c (gpgsm_agent_genkey): New.
2002-01-10 19:47:20 +00:00
Werner Koch
5f116e9540 * base64.c (base64_reader_cb): Try to detect an S/MIME body part.
* certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
global.
(print_time): Renamed to gpgsm_dump_time, made global.
(gpgsm_dump_serial): Take a real S-Expression as argument and
print the first item.
* keylist.c (list_cert_colon): Ditto.
* keydb.c (keydb_search_issuer_sn): Ditto.
* decrypt.c (print_integer_sexp): Removed and made callers
use gpgsm_dump_serial.
* verify.c (print_time): Removed, made callers use gpgsm_dump_time.
2001-12-20 13:25:08 +00:00
Werner Koch
56172ce393 Changes to be used with the new libksba interface.
libgcrypt-1.1.5 is required (cvs or tarball)
2001-12-18 17:37:48 +00:00
Werner Koch
fb446a5aeb * keylist.c (list_cert_colon): Kludge to show an email address
encoded in the subject's DN.
2001-12-14 20:48:26 +00:00
Werner Koch
6a8c47bd29 Implemented encryption in server mode.
Allow to specify a recipient on the commandline
There is still a default hardwired recipient if none has been set.
2001-12-11 12:31:04 +00:00