1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

7596 Commits

Author SHA1 Message Date
Werner Koch
96a4fbecd1
dirmngr: Add a background task framework.
* dirmngr/workqueue.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
* dirmngr/server.c (server_local_s): New field session_id.
(cmd_wkd_get): Add a task.
(task_check_wkd_support): New stub function.
(cmd_getinfo): New sub-commands "session_id" and "workqueue".
(start_command_handler): Add arg session_id and store it in
SERVER_LOCAL.
(dirmngr_status_helpf): New.
* dirmngr/dirmngr.h (wqtask_t): New type.
* dirmngr/dirmngr.c (main): Pass 0 as session_id to
start_command_handler.
(start_connection_thread): Introduce a session_id and pass it to
start_command_handler.  Run post session tasks.
(housekeeping_thread): Run global workqueue tasks.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-14 13:42:18 +01:00
Werner Koch
26f08343fb
dirmngr: Limit the number of cached domains for WKD.
* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
(insert_or_update): Limit the length of a bucket chain.
(domaininfo_print_stats): Print just one summary line.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-14 09:04:52 +01:00
Werner Koch
65038e6852
dirmngr: Keep track of domains used for WKD queries
* dirmngr/domaininfo.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
known and tell domaininfo about the results.
--

This adds a registry for domain information to eventually avoid
useless queries for domains which do not support WKD.  The missing
part is a background task to check whether a queried domain supports
WKD at all and to expire old entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-13 16:09:32 +01:00
Werner Koch
5d83eb9226
gpg-agent: Avoid getting stuck in shutdown pending state.
* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--

I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds.  The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again.  Actually that should not
hanppen because the

          if (active_connections == 0)
            break; /* ready */

should have terminated the loop.  For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-13 11:59:50 +01:00
NIIBE Yutaka
80b9045434 tests: Handle the case with DISABLE_REGEX.
* tests/openpgp/Makefile.am [DISABLE_REGEX] (EXTRA_DIST, XTESTS):
  Conditionalize.
* tests/openpgp/all-tests.scm (all-tests): Input file is Makefile.

--

The feature is only valid with !DISABLE_REGEX.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-13 18:50:30 +09:00
Damien Goutte-Gattat
a1fe3708d0 tests: Run the trust-pgp-4 test again.
* tests/openpgp/Makefile.am (XTESTS): Add trust-pgp-4.scm.
(EXTRA_DIST): Remove the test file from EXTRA_DIST.
--

Now that issue 2923 is fixed, the trust-pgp-4 test passes as
expected and we can enable it again. That should help prevent
a future regression on this issue.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-11-13 16:13:14 +09:00
Daniel Kahn Gillmor
d048157e87 po/da: Fix Danish confusion between "compressed" and "compromised"
--
In https://bugs.debian.org/881393 , Jonas Smedegaard reports:

> In option number 1, the word "komprimeret" means "compressed".
>
> I am pretty sure it should say "kompromitteret" instead, which means
> "compromised".

Debian-Bug-Id: 881393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-11-11 18:42:06 +08:00
NIIBE Yutaka
ccf3ba9208 g10: Fix regexp sanitization.
* g10/trustdb.c (sanitize_regexp): Only escape operators.

--

To sanitize a regular expression, quoting by backslash should be only
done for defined characters.  POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library.  Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-09 14:03:22 +09:00
Werner Koch
68284e1509
doc: Include NEWS from the 2.2.2 release
--
2017-11-07 11:20:00 +01:00
Werner Koch
ab7ac82704
dirmngr: Reduce default LDAP timeout to 15 seconds.
* dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
* dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-07 10:02:53 +01:00
Werner Koch
f9f72ffbfa
speedo: Include software versions in the W32 README
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-07 09:25:28 +01:00
NIIBE Yutaka
380bce13d9 agent: Use clock or clock_gettime for calibration.
* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.

--

For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.

Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC;  The old code with times(3) is not 100% correct,
in terms of POSIX.  It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC.  CLOCKS_PER_SEC is specifically for clock(3).

GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-07 10:49:36 +09:00
Werner Koch
42308224d1
tests: Minor imporvement in agent invocation
* tests/openpgp/defs.scm (create-gpghome): Add s2k-count.
--

My tests show only 2.5% improvement, but as we have that option now
let's use it.

real    9m12.604s
user    2m20.720s
sys     0m11.452s

real    8m3.815s
user    2m16.700s
sys     0m11.544s

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-06 16:49:07 +01:00
Werner Koch
52d41c8b0f
agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-06 15:03:06 +01:00
Werner Koch
f7212f1d11
agent: New option --s2k-count.
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--

This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-06 13:57:30 +01:00
Werner Koch
922bae8082
gpg: Unifiy the message for re-configuring cards.
* g10/card-util.c (ask_card_keyattr): Print "rsaNNNN".
--

This is a separate patch from the previous to avoid string changes
when backporting the other patch to 2.2.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 17:20:13 +01:00
Werner Koch
ea09b6cded
gpg: Introduce magic value 25519 to switch a card to ECC.
* g10/card-util.c (show_keysize_warning): Slightly change the text.
(ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--

This is kludge to make it easier for gnuk to be switched into ECC
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 17:16:14 +01:00
Werner Koch
1651310203
build: Remove configure options --disable-gpg
--

gpg is used by several other components as well as from the test
suite.  We need it.

GnuPG-bug-id: 3479
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 16:55:17 +01:00
NIIBE Yutaka
5e96fe72e4 agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
* agent/learncard.c (agent_handle_learn): Find SERIALNO.

--

Bug is: "gpg-connect-agent learn /bye" just fails wrongly.

Fixes-commit: 8c8ce8711d9c938fcb982b0341e6b052742cb887
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-02 16:23:10 +09:00
Werner Koch
fd3f5ca151
Register another OpenPGP card vendor.
--
2017-11-01 18:17:44 +01:00
Werner Koch
87b94e08d7
gpg: Remove trailing comma in an enum.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-01 18:14:26 +01:00
Werner Koch
f795f4529d
gpg: Rename two card related functions in card-util.
* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
(do_change_rsa_keysize): Rename to do_change_keyattr.
--

We want to support other algos than RSA and thus we need a better name
for the functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-01 18:13:25 +01:00
NIIBE Yutaka
6c63a04569 g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
* g10/keygen.c (pSUBKEYGRIP): New.
(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
(do_generate_keypair): Support pSUBKEYGRIP.

--

In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.

GnuPG-bug-id: 3478
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-01 10:19:35 +09:00
NIIBE Yutaka
d63b7966cd g10: Simplify "factory-reset" procedure.
* g10/card-util.c (factory_reset): Simplify.

--

In this summer, I got report about old code before this change didn't
work with newer Yubikey.  I got another report test version of OpenPGP
card V3.3 implementation didn't work, either.  Then, I confirmed that
according to the OpenPGP card specification, the procedure of old code
is not expected by its author.

This change simplify "factory-reset" as simple.

Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
change.  That's because the factory-reset feature of Gnuk was
introduced by reading the implementation of GnuPG, instead of reading
the specification.  Gnuk 1.2.5 and later works well.  All OpenPGPcard
implementations I have work well (2.0, 2.1, 2.2, test version of 3).

GnuPG-bug-id: 3286
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-30 11:59:11 +09:00
Werner Koch
f6ab97fd96
Merge branch 'STABLE-BRANCH-2-2' into master
--
Resolved Conflicts:
	configure.ac - Adjust due to new log_clock otions
2017-10-27 13:56:15 +02:00
NIIBE Yutaka
fb7828676c agent: Clean up pinentry access locking.
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-27 09:54:48 +09:00
NIIBE Yutaka
3b66a256e3 agent: Allow recursive use of pinentry.
* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 14:40:38 +09:00
NIIBE Yutaka
05cb87276c agent, tests: Support --disable-scdaemon build case.
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:39:49 +09:00
NIIBE Yutaka
b13972dfbf Fix comment of configure.
* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:38:50 +09:00
NIIBE Yutaka
bf26c08b95 agent, tests: Support --disable-scdaemon build case.
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:24:39 +09:00
NIIBE Yutaka
3549dce4f5 Fix comment of configure.
* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-26 11:19:45 +09:00
Werner Koch
84af859e39
gpg: Avoid superfluous sig check info during import.
* g10/key-check.c (print_info): New.
(key_check_all_keysigs): Print sig checking results only in debug
mode.  Prettify the stats info and suppress them in quiet mode.

--

This also makes usable stats by prefixing them with the key and the
program name.

GnuPG-bug-id: 3397
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 21:11:38 +02:00
Werner Koch
812fe29bff
build: New configure option --enable-werror
* configure.ac: Implement that option.
--

This can be used as a workaround in case of bogus autoconf tests.

GnuPG-bug-id: 2423
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 18:44:49 +02:00
Werner Koch
e417aaf698
build: Do not mess with CFLAGS in configure.
* configure.ac: Do not mess with the user provided CFLAGS.
--

A problem was claimed with some configure tests if the user provided
CFLAGS=-Werror.  The commit introducing this

Fixes-commit: 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8

does not mention a concrete case.  Anyway, messing with CFLAGS is a
bad idea because configure tests will then test something different
than what is used later (cf. autoconf manual).  Tests which depend on
the whether -Werror is used needsto be fixed.

Note that in certain cases we modify CFLAGS.  This is only done for
some configure options or if the platform requires the use of special
compiler flags (e.g. on HP/UX).

GnuPG-bug-id: 2423
2017-10-24 18:34:28 +02:00
Rainer Perske
1067403c8a
sm: Do not expect X.509 keyids to be unique
* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
(run_command_inq_cb): Ditto.
* sm/gpgsm.c (main): Pass false.
* sm/server.c (cmd_passwd): Pass false.

--

As described in my report T1644, it is possible that multiple
certificates exist with the same Distinguished Name and the same key.
In this case, verifying S/MIME signatures and other actions fail with
"certificate not found: Ambiguous name". For details see the bug
report.

To circumvent the problem, I am patching GnuPG since 2014 so that in
this case the newest of the ambiguous certificates is used.

This is not an ultimate solution of the problem: You should try every
certificate with the same DN until verification succeeds or until all
certificates fail, and if multiple certificates of a chain are
ambiguous you even have to check every combination. You may even
consider checking the keyUsage attributes of the ambiguous certificates
to reduce the number of combinations.

But in the existing case of the certificates in the German Research
Network (DFN) PKI where the newest one is the valid one and all
ambiguous certificates have the same keyUsage attributes, this patch
has proven to be sufficient over the last three years.

With every GnuPG update, I have adapted the patch, luckily I never
needed to change anything except line numbers.

GnuPG-bug-id: 1644

ChangeLog log written by wk, comment taken from mail.  Signed-off line
was missing in the plain diff.  However the mail with the patch and
the DCO posted as reply to that mail were both signed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 17:29:04 +02:00
Werner Koch
f8e2d87532
Register DCO for Rainer Perske
--
2017-10-24 17:16:27 +02:00
Werner Koch
6e808ae470
gpgconf: Ignore non-installed components with --apply-profile.
* tools/gpgconf-comp.c (retrieve_options_from_program): Add arg
only_installed.
(gc_component_retrieve_options): Use this if we want to process all
components.
--

Note that this also also ignores them in --with-defaults.  This is
useful for systems which come without scdaemon.

GnuPG-bug-id: 3313
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 12:01:35 +02:00
Werner Koch
560d85ecff
gpg: Improve the "secret key available" notice in keyedit.c
* g10/keyedit.c (KEYEDIT_NEED_SUBSK): New.
(cmds): Add this flag to keytocard, bkuptocard, expire, and passwd.
(keyedit_menu): Check whether only subkeys are available and take care
of that in the command check and in the HELP listing.  Also print a
different notice if only subkeys are available.
--

Print "Secret key is available" and the bailing out in all commands
which require the _primary_ secret key was surprising.  Now we print
another notice and adjust the checks.

GnuPG-bug-id: 3463
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 10:56:13 +02:00
Werner Koch
016538d828
gpg: Remove unused flags from keyedit.c.
* g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove.
(cmds): Remove them.
--

These flags were cruft from the time we had to switch between secret
and public key view.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 09:35:25 +02:00
Werner Koch
9e3f2a7e0b
doc: Fix "SEE ALSO" section of gpgv.
--
2017-10-20 08:56:39 +02:00
Werner Koch
44fb3fbc85
gpg: Fix creating on-disk subkey with on-card primary key.
* g10/keygen.c (generate_subkeypair): Ignore error code issued for
trying to verify a card based key.
--

We try to verify the primary key and thus seed the passphrase cache
before generating the subkey.  However, the verification does not yet
work for on-card keys and thus the PASSWD --verify send to the agent
returns an error.  This patch detects this error and continues without
a seeded passphrase cache.  After all that pre-seeding is just a
convenience.

GnuPG-bug-id: 3280
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 18:10:37 +02:00
Werner Koch
2c7dccca9b
gpg: Print sec/sbb with --import-option import-show or show-only.
* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--

Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported.  If the secret key
already exists locally another suffix might be printed.  The upshot is
that the suffix has no usefulness.

GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 17:12:36 +02:00
Werner Koch
68c8619114
gpg: Make --dry-run and show-only work for secret keys.
* g10/import.c (import_secret_one): Check for dry-run before
transferring keys.
--

The use of --dry-run or --import-option show-only had no effect when
importing a secret key and the public key already existed.  If the
public key did not exist an error message inhibited the import of the
secret key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 17:05:39 +02:00
Damien Goutte-Gattat
1ba308aa03
dirmngr: Do not follow https-to-http redirects.
* dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
a https URI to a http URI.
--

GnuPG-bug-id: 3436
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-10-19 15:32:38 +02:00
NIIBE Yutaka
d07de38627
g10: Fix find_and_check_key for multiple keyrings.
* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.

--

When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring.  Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.

Thanks to Guido Günther for the use case and the log.

Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-10-19 15:03:19 +02:00
Werner Koch
7c73db3d31
gpg: Keep a lock during the read-update/insert cycle in import.
* g10/keydb.c (keydb_handle): New field 'keep_lock'.
(keydb_release): Clear that flag.
(keydb_lock): New function.
(unlock_all): Skip if KEEP_LOCK is set.
* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
requested.
--

That change is straightforward.  It helps to avoid the race condition
that another gpg process inserts a key while the first process is
between the search and the insert.

A similar change is due for gpgsm.

Note that the key edit operations may still suffer from a race.

GnuPG-bug-id: 3446
2017-10-19 15:02:28 +02:00
Werner Koch
8448347b5b
gpg: Improve keydb handling in the main import function.
* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle.  Remove the now surplus keyblock fetch in the merge branch.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 15:01:38 +02:00
Werner Koch
752cae6dd2
gpg: Simplify keydb handling of the main import function.
* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 15:00:05 +02:00
Werner Koch
1bf5cbd3ef
sm: Fix colon listing of fields > 12 in crt records.
* sm/keylist.c (print_capabilities): Move colon printing ...
(list_cert_colon): to here.
--

Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 14:59:34 +02:00
Daniel Kahn Gillmor
28aa689058 agent: Send pinentry the uid of connecting process where possible.
* agent/agent.h (server_control_s): Add field 'client_uid'.
* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
option "owner" sent to pinentry.
* agent/command-ssh.c (peer_info_s): New static struct.
(get_client_pid): Rename to...
(get_client_info): Here, and extract uid in addition to pid.
(start_command_handler_ssh): Use get_client_info() instead of
get_client_pid().
* agent/command.c (start_command_handler): Try assuan_get_peercred,
and only fall back to assuan_get_pid when assuan_get_peercred fails.

--

This also requires an update to pinentry to handle the new uid field.
Distributing the uid as well as the pid makes it harder for a
different user on the same machine to take advantage of any race
conditions between when a requesting process might ask for something
that needs pinentry, and when pinentry gets around to inspecting the
state of that process.

We put the uid before the nodename because the uid is guaranteed to be
a integer (represented in decimal), which makes it much simpler to
parse past than the potentially arbitrarily structured nodename.

Use a / instead of whitespace to delimit pid/uid at Werner's request.

If we were willing to depend on the nodename being
whitespace-delimited (as the current, unreleased pinentry code does),
then we could add the uid after the nodename.  But since no released
pinentry depends on this option anyway, i think we should make the
more conservative, easily-parseable choice and put the user ID first.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-10-19 03:09:44 -04:00