* tools/gpgtar.c (main): Fix the use of the union.
--
Fixes-commit: 2756147e392c8f58fc79db6b9420b306b6ddd082
GnuPG-bug-id: 6562
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (opts): Use string for oLoggerFD, oOverrideSessionKeyFD,
oStatusFD, oAttributeFD, oCommandFD, and oPassphraseFD.
(main): Use translate_sys2libc_fdstr.
* g10/gpgv.c (opts): Use string for oLoggerFD, and oStatusFD.
(main): Use translate_sys2libc_fdstr.
* sm/gpgsm.c (opts): Use string for oLoggerFD, oStatusFD, and
oPassphraseFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpg-auth.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
tools/gpg-card.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpg-pair-tool.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpg-wks-client.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpgconf.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpgtar-create.c (gpgtar_create): Fix for opt.status_fd.
* tools/gpgtar-extract.c (gpgtar_extract): Fix for opt.status_fd.
* tools/gpgtar-list.c (gpgtar_list): Fix for opt.status_fd.
* tools/gpgtar.c (opts): Use string for oStatusFD.
(main): Use translate_sys2libc_fdstr.
* tools/gpgtar.h (opts): Use string for oStatusFD.
--
GnuPG-bug-id: 6551
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-wks-client.c (opt): New option --no-add-revocs.
(main): Make --add-revocs the default.
(command_send): Rename to ...
(command_create): to match the command name.
* tools/wks-util.c (wks_get_key): Change from export-minimal to
export-clean
--
To properly work with tusted introducers et al. it is important to also
upload valid key signatures to the Web Key Directory.
* tools/gpgtar.c: Add option --no-compress.
* tools/gpgtar.h (opt): Add field no_compress.
* tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg.
--
This option is probably easier to remember than --gpg-args '-z0'.
* kbx/kbx-client-util.c (prepare_data_pipe): Use _get_osfhandle
for pipe to be used for sentfd.
[HAVE_W32_SYSTEM] (datastream_thread): Add the case of NREAD==0.
* tools/gpg-connect-agent.c (do_sendfd): Use es_syshd instead
of es_fileno.
[HAVE_W32_SYSTEM] (do_open): Use %p for formating HANDLE.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpgtar.c (main): Write status line before exit.
--
Due to the new way we support gpgtar in GPGME we need status lines to
detect a final error.
GnuPG-bug-id: 6497
* tools/gpgtar.c (main): Write status line before exit.
--
Due to the new way we support gpgtar in GPGME we need status lines to
detect a final error.
GnuPG-bug-id: 6497
* common/util.h (GNUPG_MODULE_NAME_GPGTAR): New.
* common/homedir.c (gnupg_module_name): Add it.
* tools/gpgtar.c: Include comopt.h.
(enum cmd_and_opt_values): Add oDebug.
(opts): Add --debug.
(any_debug): New.
(main): Parse common.conf.
--
Having a way to see the output of gpgtar is often useful for
debugging. The only effect of the debug option is to show whether
common.conf was read.
* tools/gpgtar.c (main): Don't allow logging via the Registry. Forbid
using stdout for status-fd in crypt mode.
--
Without that check a status output would be mixed up with the input to
the internal call of gpg.
Using the Registry key to enable logging is very annoying.
* tools/gpgconf.c (show_configs): Add a list of envvars and print
them.
--
Note that for simplicity we to not distinguish between Windows and
Linux here.
* tools/wks-util.c (write_to_file): Rename to ...
(wks_write_to_file): this, make global, and support NULL for fname.
* tools/gpg-wks-client.c (command_check): Write to key.
* tools/call-dirmngr.c (wkd_get_status_cb): Deetect and output warning
and note stati from dirmngr.
--
This is in particular helpful to check for non-proper TLS
certificates.
* tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in
spawn.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
Note that this fix does not handle file descripotors passed via the
--gpg-args options.
GnuPG-bug-id: 6348
* tools/gpg-wks.h (opt): Add add_revocs.
* tools/wks-util.c (wks_get_key): Add arg 'binary'.
(wks_armor_key): New.
(wks_find_add_revocs): New.
(wks_cmd_install_key): Get key in binary mode and add revocations if
enabled.
* tools/gpg-wks-client.c (oAddRevocs): New.
(opts): Add --add-revocs.
(parse_arguments): Set option,
(command_send): Get key in binary mode, add revocations if enabled,
and explictly armor key. Remove kludge to skip the Content-type line
in no_encrypt mode.
(mirror_one_keys_userid): Always filter the key to get rid of the
armor as received from dirmngr. Add revocations from the local
keyring.
--
Note that this also fixes an oddity of the new mirror command which
used to store the keys armored as received from dirmngr.
* tools/gpg-card.c: Include exechelp.h
(cmd_gpg): New.
(enum cmdids): Add cmdGPG and cmdGPGSM.
(cmds): Add commands "gpg" and "gpgsm"
(dispatch_command, interactive_loop): Call them.
--
It is too cumbersome to leave the gpg-card shell just for running a
quick gpg or gpgsm command. Thus we add these new commands.
Take care: As of now we don't have proper shell-quoting rules
implemented. This will eventually be done.
* tools/gpg-wks-client.c (domain_matches_mbox): New.
(mirror_one_key): Skip non-matching domains.
(command_mirror): Change args to allow for several domains.
--
Although dirmngr returns only the keys matching a certain domain,
those keys still may have user ids from other domains. Now we publish
only the user-ids as specified on the command line.
GnuPG-bug-id: T6224
* tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New.
(opts): Add ----mirror, --no-autostart, and --blacklist.
(parse_arguments): Parse new options.
(main): Parse common.conf. Implement aMirror.
(mirror_one_key_parm): New.
(mirror_one_keys_userid, mirror_one_key): New.
(command_mirror): New.
* tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags.
* tools/wks-util.c (wks_cmd_install_key): Factor some code out to ...
(wks_install_key_core): new.
* tools/call-dirmngr.c (wkd_dirmngr_ks_get): New.
--
This implements the basic LDAP to WKD mirroring. The blacklist
option and domain restrictions are not yet fully implemented.
Take care: In OpenLDAP you may need to increase the paged result limit
by using a configuration like:
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcLimits
olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited
GnuPG-bug-id: 6224
* tools/Makefile.am: gpg-auth is one in libexec_PROGRAMS.
* tools/gpg-auth.c: Support use by root for login user.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-auth.c (my_strusage): Fix usage string.
(main): Use gpg-agent to get scdaemon socket.
(authenticate): Return GPG_ERR_NOT_FOUND when no success.
(ga_scd_connect): Use DBG_IPC.
(inq_needpin): Change API for getpin.
(put_second_field_cb): New, to get the second field.
(scd_get_pubkey): Use put_second_field_cb.
(ga_filter_by_authorized_keys): Put NULL at the PREV->next.
(getpin): Flush the standard output.
Include the last terminating NUL.
Return the length.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/comopt.c (opts): Add "no-autostart".
(parse_comopt): Set it.
* common/comopt.h (comopt): Add no_autostart.
* g10/gpg.c (main): Take care of the new option.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add.
(main): Parse common options and handle new option.
* tools/gpg-card.c (main): Ditto.
(cmd_yubikey): Fix minor error reporting issue.
* common/util.h (GNUPG_MODULE_NAME_CARD): New const.
* common/homedir.c (gnupg_module_name): Support it.
--
Having a global option makes it easier to use disable autostart on a
server which is required to use a remote gpg-agent reliable.
* common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and
change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key. Indicate whether the HKLM fallback was used.
--
Note that this is backport from 2.2. The new support there for
REG_DWORD needs to be implemented in libgpg-error, though.
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--
Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--
These changes are helpful for phone support.
* tools/gpg-connect-agent.c (handle_inquire): When the helper program
exit status is not 0, it means cancellation, now.
--
GnuPG-bug-id: 6010
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--
The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools. However, with the global config file
common.conf things are anyway better. We disable the use for the
commonly used tools so that it does not look like calling gpg on the
command line seems to block with no output if the log
server (e.g. tcp://1.2.3.4:11111) is not reachable.
* tools/gpgtar.c: New option --with-log.
* tools/gpgtar.h (opt): Add field with_log.
* tools/gpgtar-extract.c (gpgtar_extract): Move directory string
building up. Add option --log-file if needed.
* tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
is used outside of its scope.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
* tools/gpgtar.h (opt): Add new flags.
* tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
--require-compliance.
(main): Init signals.
* tools/gpgtar-create.c: Add new header files.
(gpgtar_create): Rework to use a pipe for encryption and signing.
* tools/gpgtar-list.c: Add new header files.
(gpgtar_list): Rework to use a pipe for decryption.
* tools/gpgtar-extract.c: Add new header files.
(gpgtar_extract): Rework to use a pipe for decryption.
--
Fixes-commit: 40dbee86f3043aff8a8c2055521e270318e33068
* tools/gpgtar.c: Replace assert by log_assert.
* tools/gpgtar-extract.c: Ditto.
(extract_regular): Create files with sysopen flag.
* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
--
Note that for this change libgpg-error 1.45 is required for Windows.
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.
* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
--
This delay of 2 or 3 seconds is in particular annoying on Windows.
This is now suppressed, as it should be, if --no-use-tor is used.
The second patch is unrelated
* tools/gpgconf-comp.c (retrieve_options_from_program): Ignore to to
ignored options. Add failsafe code to avoid calling percent_escape
with NULL.
--
Remember: When using ARGPARSE_FLAG_WITHATTR the ARGPARSE_OPT_IGNORE
flags in the returned type needs to be considered.
GnuPG-bug-id: 5800
* dirmngr/dirmngr.c: Reorder two option groups.
* tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to
"ldapserver" and set level to invisible.
(known_options_dirmngr): Add "ldapserver" at the basic level.
* sm/gpgsm.c (opts): No more help text for "ldapserver".
--
GnuPG-bug-id: 5800
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--
GnuPG-bug-id: 5754
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr. Detect and store long file and link
names. Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--
GnuPG-bug-id: 5754
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--
* tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain
things.
(show_configs_one_file): New arg LISTP to be passed thru.
(show_configs): Show envars and regisiry values.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf.c (aShowConfigs): New.
(opts): Add --show-configs.
(CUTLINE_FMT): New.
(show_version_gnupg): Add arg "prefix" and adjust caller.
(my_copy_file): New.
(show_configs_one_file): New.New.
(show_configs): New.
(main): Call show_configs.
--
The ability to have a consolidated list of all config files is very
useful for support cases. This is in particular important due to the
global config files and their conditional constructs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgconf-comp.c (known_options_gpg): Add "keyserver".
--
This allows Kleopatra to read and change the keyserver that is used
by gpg if the deprecated keyserver option in gpg.conf is set.
GnuPG-bug-id: 5462
* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
(i18n_localegettext): Ditto.
* tools/gpgconf-comp.c (my_dgettext): Ditto.
--
On Unix, gnupg_localedir() returns the locale directory relative to
the root directory of the gnupg installation if specified in the
gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR.
GnuPG-bug-id: 5999
* common/recsel.c (recsel_parse_expr): Add flag -t.
* common/stringhelp.c: Remove assert.h.
(strtokenize): Factor code out to do_strtokenize.
(strtokenize_nt): New.
(do_strtokenize): Add arg trim to support the strtokenize_nt.
* common/t-stringhelp.c (test_strtokenize_nt): New test cases.
* tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
flag -t.
--
This fixes a bug with user ids with leading spaces because:
wks-client lists all mail addresses from the key and matches them to the
requested mail address.
If there are several user-ids all with the same mail address
wks-client picks one of them and then extracts exactly that user id.
However, here it does not match by the mail address but by the full
user-id so that we can be sure that there will be only one user-id in
the final key.
The filter built expression unfortunately strips leading blanks but
requires a verbatim match. Thus it won't find the user id again and
errors out.
The new -t flag and a non-trimming strtokenize solves the problem.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
(opts): Add --check-sym-passphrase-pattern.
(parse_rereadable_options): Set option.
(main): Return option info.
* tools/gpgconf-comp.c: Add new option.
* agent/agent.h (opt): Add var check_sym_passphrase_pattern.
(struct pin_entry_info_s): Add var constraints_flags.
(CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
(CHECK_CONSTRAINTS_NEW_SYMKEY): New.
* agent/genkey.c (check_passphrase_pattern): Rename to ...
(do_check_passphrase_pattern): this to make code reading
easier. Handle the --check-sym-passphrase-pattern option.
(check_passphrase_constraints): Replace arg no_empty by a generic
flags arg. Also handle --check-sym-passphrase-pattern here.
* agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
CHECK_CONSTRAINTS_NEW_SYMKEY flag.
* agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
(struct inq_cb_parm_s): New.
(inq_cb): Use new struct for parameter passing. Pass flags to teh
constraints checking.
(do_getpin): Pass constraints flag down.
(agent_askpin): Take constrainst flag from the supplied pinentry
struct.
--
Requirements for a passphrase to protect a private key and for a
passphrase used for symmetric encryption are different. Thus a
the use of a different pattern file will be useful. Note that a
pattern file can be used to replace the other passphrase constraints
options and thus we don't need to duplicate them for symmetric
encryption.
GnuPG-bug-id: 5517
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
instead of the constant which makes a difference on Windows.
(_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
(gnupg_cachedir): Remove unsued function.
* common/sysutils.c (gnupg_rmdir): New.
* tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
--
That is actually a more correct directory than APPDATA. This fixes
a problem with installations where the APPDATA is non a network drive
and the resulting socket filename is truncated in our socket helper
function (because we use sockaddr also for our local socket
emulation on Windows).
LOCAL_APPDATA is expected to be on the local box and thus in the
majority of cases the resulting socket file name will be short enough.
GnuPG-bug-id: 5537
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h.
* dirmngr/ks-engine-ldap.c: Remove including getopt.h.
* tools/make-dns-cert.c: Likewise.
--
Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h
is only needed for getopt_long of GNU extention.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-check-pattern.c: Major rewrite.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Here is a simple pattern file:
====================
# Pattern to reject passwords which do not comply to
# - at least 1 uppercase letter
# - at least 1 lowercase letter
# - at least one number
# - at least one special character
# and a few extra things to show the reject mode
# Reject is the default mode, ignore case is the default
#[reject]
#[icase]
# If the password starts with "foo" (case insensitive) it is rejected.
/foo.*/
[case]
# If the password starts with "bar" (case sensitive) it is rejected.
/bar.*/
# Switch to accept mode: Only if all patterns up to the next "accept"
# or "reject" tag or EOF match, the password is accepted. Otherwise
# the password is rejected.
[accept]
/[A-Z]+/
/[a-z]+/
/[0-9]+/
/[^A-Za-z0-9]+/
=================
Someone™ please write regression tests.
* tools/gpgtar-create.c (fillup_entry_w32): Move parentheses.
--
Fixes-commit: 8b8925a2bdbb12dd537dde20a27cdb1416c2f1ae
The bug is so obvious that I wonder why it was not reported more often
on Windows. (Adding 1 to MAXDWORD (0xfffffff) always gives 0 for the
product).
Signed-off-by: Werner Koch <wk@gnupg.org>