1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

8422 Commits

Author SHA1 Message Date
Werner Koch
67b82a9c60
common: New function dotlock_is_locked.
* common/dotlock.c (dotlock_is_locked): New.
(dotlock_take): Set locked flag also in disabled mode.  No more
warning if the lock has already been taken.
(dotlock_release): Clear locked flag also in disabled mode.  No more
warning if the lock has not been taken.
--

This allow to use dotlock_take and dotlock_release even if they have
already been called.  Before this changes this worked too but a
diagnostic was printed.
2021-03-02 19:11:53 +01:00
Werner Koch
677245ba0e
sm: Lock kbx files also before a search.
* sm/keydb.c (keydb_search): Lock files.
--

This is required for Windows to avoid update locks.  We use it also on
Unix so that the locking behaviour is more or less indentical.

GnuPG-bug-id: 4505
2021-03-02 19:03:00 +01:00
Werner Koch
2b9ae79ad8
sm: On Windows close the kbx files at several places.
* kbx/keybox-search.c (keybox_search_reset) [W32]: Always close.

* kbx/keybox-init.c (keybox_close_all_files): New.
* sm/keydb.c (keydb_close_all_files): New.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Call new function.
(gpgsm_dirmngr_lookup): Ditto.
(gpgsm_dirmngr_run_command): Ditto.
--

We need to make sure that there are no open files on Windows.  Thus we
close them at several strategic locations.

GnuPG-bug-id: 4505
2021-03-02 19:01:07 +01:00
Werner Koch
c99f3599d8
sm: Remove unused function.
* sm/keydb.c (keydb_insert_cert): Remove.
* kbx/keybox-update.c (keybox_update_cert): Remove stub.
2021-03-02 13:49:55 +01:00
Nicolas Fella via Gnupg-devel
0441ed6e1c
gpg: Keep temp files when opening images via xdg-open
* g10/photoid.c (get_default_photo_command): Change parameter for
xdg-open.
--

xdg-open spawns the user's preferred image viewer and then exits.
Therefore we must not remove the temp file when it exits,
otherwise by the time the actual image viewer is started the file
doesn't exist any more.

Signed-off-by: Nicolas Fella <nicolas.fella@gmx.de>
2021-03-01 09:47:21 +01:00
Werner Koch
e5af401fc4
sm: Silence some other pkcs#12 import prattle
* sm/minip12.c (parse_bag_data): Print a regular log_info only in
verbose mode.
--
2021-03-01 09:46:59 +01:00
Werner Koch
b8998e5ee0
doc: Explain how Tor is detected.
--
2021-02-24 11:09:37 +01:00
Werner Koch
bcdbf0fcf3
sm: Silence some output on --quiet
* sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
* sm/gpgsm.c: Include minip12.h.
(set_debug): Call p12_set_verbosity.
* sm/import.c (parse_p12): Dump keygrip only in debug mode.
* sm/minip12.c (opt_verbose, p12_set_verbosity): New.
(parse_bag_encrypted_data): Print info messages only in verbose mode.
--

GnuPG-bug-id: 4757
2021-02-24 08:38:13 +01:00
Werner Koch
41979ed730
scd: Change parameters of readkey fucntion pointer.
* scd/app-common.h (APP_READKEY_FLAG_ADVANCED): New.
(struct app_ctx_s): Replace param advanced by flags in readkey.
Change all users.
2021-02-19 10:10:28 +01:00
Werner Koch
669786cf64
scd: Pass ctrl parameter to more app functions.
* scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function
pointers for readkey, setattr, sign, auth, decipher, and check_pin.
--

This is a yet another patch to allow for easier backporting.
2021-02-19 09:56:44 +01:00
Werner Koch
f8588369bc
scd: Detect Yubikey and provide nicer display-s/n.
* scd/app-common.h (struct app_ctx_s): Rename unused field
card_version to cardversion.
* scd/app.c (app_new_register): Add code rom 2.3 to detect the Yubikey
and set cardversion.
(app_get_dispserialno): New.
* scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
2021-02-19 09:20:29 +01:00
Werner Koch
43b3ec5aee
scd: Change the apptype from a string to an enum.
* scd/app-common.h (cardtype_t): New.
(apptype_t): New.
(struct app_ctx_s): Change type of field apptype.  Add fields
appversion and cardtype.  Adjust all app-*.c for the new type.
* scd/app.c (supported_app_list): New.
(strapptype): New.
(apptype_from_name): New.
(app_dump_state): Use strapptype.
(app_write_learn_status): Ditto.
(app_getattr): Ditto.
(check_conflict): Use apptype_from_name and integer comparison.
* scd/app-openpgp.c: Replace app->card_version by app->appversion.
--

This is another patch to make backporting from 2.3 easier.
2021-02-19 09:17:06 +01:00
Werner Koch
6380126b31
scd: Add some compatibility code for easier backporting.
* scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
(APP_READKEY_FLAG_INFO): New.
(APP_LEARN_FLAG_KEYPAIRINFO): New.
(APP_LEARN_FLAG_MULTI): New.
(struct app_ctx_s): New forward declaration.
(struct app_ctx_s): Add members prep_reselect, reselect, and
with_keygrip.
(KEYGRIP_ACTION_SEND_DATA): New.
(KEYGRIP_ACTION_WRITE_STATUS): New.
(KEYGRIP_ACTION_LOOKUP): New.
(APP_CARD): New macro.
* scd/scdaemon.h: Include app-common.h and remove from all other
files.
(app_t): Move typedef to ...
* scd/app-common.h: here.
--

These changes will make it easier to backport changes from 2.3 to 2.2.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-02-19 08:30:36 +01:00
Werner Koch
55f46b33df
dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
extension.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
hostname - which is NULL and thus the same if not given.  Fix minor
error in error code handling.
--

Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet
been officially regisetered.  Thus for correctness the OID can be
used:

  1.3.6.1.4.1.11591.2.5          LDAP URL extensions
  1.3.6.1.4.1.11591.2.5.1          gpgNtds=1 (auth. with current user)

Note that the value must be 1; all other values won't enable AD
authentication and are resevered for future use.
2021-02-17 17:31:36 +01:00
Werner Koch
cdc828f690
dirmngr: Rewrite a weird function by straighter code.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): Use ascii-memcasecmp.
--

Note that the first test on ldaps or ldaps in the original code did
not worked at all so that the Mixed Case part took over there.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-02-17 16:15:59 +01:00
Werner Koch
3c7b1f3f5f
common: Fix compiler warning
--
2021-02-17 15:28:05 +01:00
Werner Koch
db687d15e6
doc: Remove man page for symcryptrun.
--

The tool has no more configure option to build it and thus the man
page does not make sense.  We keep the actual file for reference,
though.

GnuPG-bug-id: 5290
2021-02-09 18:28:09 +01:00
bobwxc
4ca8ca5f7f po: Update Simplified Chinese Translation.
--

Signed-off-by: bobwxc <bobwxc@yeah.net>
2021-02-09 11:12:25 +09:00
Werner Koch
6e258babe7
Include the library version in the compliance checks.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--

This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant.  GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f)
2021-01-28 16:01:53 +01:00
Werner Koch
9037be5f40
gpg: Fix ugly error message for an unknown symkey algorithm.
* g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
algorithm.
--

Trying to encrypt data created with

 printf "\x8c\x49\x05\x0e\x0a\x03\x01"

fails in version 2.2.19 with

 gpg: packet(3) with unknown version 5

but with later versions with

  gpg: encrypted with unknown algorithm 14
  gpg: Ohhhh jeeee: ... this is a bug \
       ([...]/passphrase.c:433:passphrase_to_dek)

so we better catch this case earlier.

Reported-by: Tavis Ormandy
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-27 11:45:33 +01:00
NIIBE Yutaka
c31ba1fcbd po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-01-12 13:52:02 +09:00
Werner Koch
2ba2b7644e
Post release updates
--
2021-01-11 19:55:46 +01:00
Werner Koch
0c103cde00
Release 2.2.27 gnupg-2.2.27 2021-01-11 18:42:08 +01:00
Werner Koch
4c53b2b867
Update copyright notices.
--
2021-01-11 18:40:45 +01:00
Werner Koch
8df4f519ec
po: Auto updates
--
2021-01-11 18:39:24 +01:00
Werner Koch
3901c1a8c5
gpg,w32: Fix gnupg_remove.
* common/sysutils.c (map_w32_to_errno): New.
(gnupg_w32_set_errno): New.
(gnupg_remove) [w32]: Set ERRNO
--

To support Unicode gnupg_remove was changed to use DeleteFileW and not
properly tested because the code was alreadt used in Windows CE.
However, ERRNO was not set and thus Dirmngr failed due to

 if (!gnupg_remove (fname))
   log_info (_("removed stale te[...] file '%s'\n"), fname);
 else if (errno != ENOENT)
   {
     err = gpg_error_from_syserror ();
     log_error (_("problem remov[...] file '%s': %s\n"),
                fname, gpg_strerror (err));
     goto leave;
   }

GnuPG-bug-id: 5230
(cherry picked from commit b6967d31912912ad3c0a2ff6bf6eb9822a194562)
2021-01-11 14:26:27 +01:00
Werner Koch
cf0f67199f
speedo: Do not enable build timestamps.
--
2021-01-08 20:11:03 +01:00
Werner Koch
9f37d3e6f3
gpg: Fix --gpgconf-list case with no conf files at all.
* g10/gpg.c (get_default_configname): Remove unused function.
(main): Provide a proper filename to gpgconf_list.
--

With the new option pasrer we used "UNKOWN" in this case.  The problem
was that gpgconf --list-options chekcs that an absolute file is
provided and thus bails out if no config file is in /etc/gnupg or in
~/.gnupg/.

get_default_configname was not anymore in use because its function is
part of the new option parser.
2021-01-08 14:09:59 +01:00
Werner Koch
ff30fcd3dc
gpgconf: Fix description of two new options.
* tools/gpgconf-comp.c: Fix auto-key-import and include-key-block.
--

GnuPG-bug-id: 5221
Fixes-commit: 95b42278cafe7520d87168fb993ba715699e6bb6
2021-01-07 13:22:35 +01:00
Werner Koch
fdc5485026
wkd: Minor permission fix for created files.
* tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file.
(ensure_policy_file): No need to make the policy file group writable.
--

The policy file is rarely changed thus no need to g+w.  Setting +x on
a plain file does not make sense at all.

GnuPG-bug-id: 5214
(cherry picked from commit c008e8d20e12c8845403ad7dad499f6a196ecc6a)
2020-12-30 15:06:33 +01:00
Werner Koch
83e875a2d1
gpg: Initialize a variable even in a never used code path.
* g10/sign.c (write_signature_packets): Init ERR.
--

Actually we could also remove the conditional or replace it by a
log_assert.

GnuPG-bug-id: 5204
2020-12-23 16:06:09 +01:00
Werner Koch
1d5c4788ff
Post release updates
--
2020-12-21 19:09:58 +01:00
Werner Koch
c77bb1a750
Release 2.2.26 gnupg-2.2.26 2020-12-21 17:38:05 +01:00
Werner Koch
323a69ef65
common: Remove superfluous debug output from dotlock.c.
* common/dotlock.c (dotlock_create_unix): Remove debug output.
--

This was left over from developement about 10 years ago.  Exhibits
itself when using sshfs.

GnuPG-bug-id: 5193
2020-12-21 17:37:58 +01:00
Werner Koch
566c48da73
po: Auto-merge
--
2020-12-21 17:24:52 +01:00
Werner Koch
c2bc8435a9
po: Update German translation
--
2020-12-21 17:24:46 +01:00
Werner Koch
725f4a487f
build: Remove the code to build symcryptrun
--

syncryptrun is too ancient to be of any use and has not been tested in
many years.  Thus we should not allow to build it.
2020-12-21 17:24:44 +01:00
Werner Koch
261fb98c6f
doc: Explain LDAP keyserver parameters 2020-12-21 17:24:41 +01:00
Werner Koch
09dc59f6d4
common: Fix the "ignore" meta command in argparse.c
* src/argparse.c (gnupg_argparse): Factor some code out to ...
(prepare_arg_return): new.
(gnupg_argparse): No missing arg error in ignore sections.
* common/sysutils.c: Include pwd.h.
(gnupg_getusername): New.
--

Options in an [ignore] section do not anymore lead to an error if an
argument is missing.  However, if the option is also in a force
section the error is thrown.

This is a port of the fix from libgpg-error.  Also fixes the
username fixme.
2020-12-21 17:24:34 +01:00
Werner Koch
8a2e5025eb
gpg: Fix --trusted-key with fingerprint arg.
* g10/trustdb.c (tdb_register_trusted_key): Take care of that
other constant.
--

Fixes-commit: 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-18 17:10:01 +01:00
Werner Koch
15bfd189c0
dirmngr: Do not block threads in LDAP keyserver calls.
* dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
--

The former gpgkeys_ldap module has once been ported to dirmngr but
unfortunately the dirmngr_ldap wrapper has not been used so that we
have internal LDAP calls with these problems:

- No usable timeouts.
- On non-Windows platforms a lot of extra libs and possibly even a
  second copy of Libgcrypt is pulled in.
- Only one threads runs at a time.

This patch mitigates the last point.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-18 11:57:44 +01:00
Werner Koch
9e8d299e18
Merge branch 'wk/stable-2.2-global-options' into STABLE-BRANCH-2-2
--
2020-12-18 11:23:01 +01:00
Werner Koch
9b886adba4
dirmngr: Fix backport of the new option parser from 2.3
* dirmngr/dirmngr.c (main) <aGPGConfList>: Re-introduce
gpgconf-dirmngr.conf.
--

Fixes-commit: a028f24136a062f55408a5fec84c6d31201b2143
2020-12-18 11:21:18 +01:00
Werner Koch
559efd23e9
gpg: New AKL method "ntds"
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
* g10/options.h (AKL_NTDS): New.
* g10/keyserver.c (keyserver_import_ntds): New.
(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
* g10/getkey.c (parse_auto_key_locate): Support "ntds".
(get_pubkey_byname): Ditto.
2020-12-17 18:19:01 +01:00
Werner Koch
776bef74c7
dirmngr: Support "ldap:///" for the current AD user.
* dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
2020-12-17 16:09:31 +01:00
Werner Koch
c75fd75532
dirmngr: Allow LDAP searches via fingerprint.
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
serverinfo and allow searching by fingerprint.
(ks_ldap_get, ks_ldap_search): First connect then create teh filter.
--

With the new schema we can finally search by fingerprint.
2020-12-17 11:19:22 +01:00
Werner Koch
c28cb5282b
dirmngr: Store all version 2 schema attributes.
* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
extract-state and schemav2.  Add data for the new schema version.
remove the legacy code to handle UIDs in the "pub" line.
(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from 2.3
2020-12-17 11:08:31 +01:00
Werner Koch
ac8ece9266
dirmngr: Support the new Active Directory schema
* dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
(my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
serverinfo arg.  Set the new info flags.
(ks_ldap_get): Adjust for change.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.  Replace xmalloc by xtrymalloc.  Change the DN
for use with NTDS (aka Active Directory).
--

This is a first take on better Active Directory support.  The main
change for NTDS in the code is that the an top-RDN of CN is used
instead of the old pgpCertID.  More changes to come; for example using
and storing the fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from 2.3 without the new schema samples - they can
be found in the repo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 11:05:46 +01:00
Werner Koch
0e88c73bc9
dirmngr: Do not store the useless pgpSignerID in the LDAP.
* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
--

The pgpSignerID has no use in the LDAP and thus don't store it.
David's idea back in 2004 was
              /* This bit is really for the benefit of people who
                 store their keys in LDAP servers.  It makes it easy
                 to do queries for things like "all keys signed by
                 Isabella".  */
See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5

I consider this dangerous because such a query is not able to validate
the signature, does not get revocation signatures, and also has no
information about the validity of the signatures.  Further many keys
are spammed tehse days with faked signatures and it does not make
sense to blow up the LDAP with such garbage.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 11:02:49 +01:00
Werner Koch
e47de85382
dirmngr: Fix adding keys to an LDAP server.
* dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
addlist.
--

The code used the wrong list which resulting in adding attributes
marked for deletion.  In particular Active Directory does not accept
such an data and rejects them.  The bug was introduced into 2.1 while
porting the code from the old keyserver helpers to dirmngr.

Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 10:23:46 +01:00