1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-28 11:11:32 +01:00

5312 Commits

Author SHA1 Message Date
Werner Koch
1e2e39c575 gpg: Make --auto-key-locate work again with keyservers.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
* g10/keyserver.c (keyserver_import_name): Implement.
(keyserver_get): Use exact mode for name based import.
(keyserver_get): Add args R_FPR and R_FPRLEN.  Change all callers.
2014-03-17 15:39:33 +01:00
Werner Koch
1d642d3ca8 gpg: New mechanism "clear" for --auto-key-locate.
* g10/getkey.c (parse_auto_key_locate): Implement "clear".
2014-03-17 15:36:15 +01:00
Werner Koch
2223eaefaf gpg-connect-agent: Make it easier to connect to the dirmngr.
* tools/gpg-connect-agent.c: Add options --dirmngr and
--dirmngr-program.
2014-03-14 19:25:58 +01:00
Werner Koch
59b4fb5f49 dirmngr: Make use of IPv4 and IPV6 more explicit.
* common/http.c (connect_server): Handle the new flags.
* common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New.
* dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags.
(make_host_part): Ditto.
(send_request): Add arg httpflags.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
2014-03-14 17:00:10 +01:00
Werner Koch
d7fbefeb82 dirmngr: Do not use brackets around legacy IP addresses.
* dirmngr/ks-engine-hkp.c (my_getnameinfo): Change args to take a
complete addrinfo.  Bracket only v6 addresses.  Change caller.
2014-03-14 16:22:54 +01:00
Werner Koch
a401f768ca gpg: Print the actual used keyserver address.
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg.  Adjust all users.  Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--

It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key.  This is helpful if
the keyserver is actually a pool of keyservers.  This patch does this.
2014-03-14 16:12:54 +01:00
Werner Koch
5d321eb00b dirmngr: Default to a user socket name and enable autostart.
* common/homedir.c (dirmngr_socket_name): Rename to
dirmngr_sys_socket_name.
(dirmngr_user_socket_name): New.
* common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr
socket.
* dirmngr/dirmngr.c (main): Ditto.
* dirmngr/server.c (cmd_getinfo): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* dirmngr/dirmngr-client.c (start_dirmngr): Likewise.
* tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs.

* configure.ac (USE_DIRMNGR_AUTO_START): Set by default.
2014-03-14 12:36:36 +01:00
Werner Koch
6dd5d99a61 gpg: Add option --dirmngr-program.
* g10/gpg.c: Add option --dirmngr-program.
* g10/options.h (struct opt): Add field dirmngr_program.
* g10/call-dirmngr.c (create_context): Use new var.

* dirmngr/dirmngr.c: Include gc-opt-flags.h.
(main): Remove GC_OPT_FLAG_*.
* tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
* common/gc-opt-flags.h: here.
2014-03-12 18:35:36 +01:00
Werner Koch
fb56a273b1 dirmngr: Detect dead keyservers and try another one.
* dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity.
(ks_action_search, ks_action_put): Ditto.
(ks_action_get): Consult only the first server which retruned some
data.

* dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New.
(map_host): Add arg CTRL and call dirmngr_tick.
(make_host_part): Add arg CTRL.
(mark_host_dead): Allow the use of an URL.
(handle_send_request_error): New.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on
error.
2014-03-12 14:33:51 +01:00
Werner Koch
99135b89ce Comment typo fixes
--
2014-03-12 14:33:51 +01:00
Werner Koch
3d9e0eb02c http: Add a flag to the URL parser indicating a literal v6 address.
* common/http.h (struct parsed_uri_t): Add field v6lit.
* common/http.c (do_parse_uri): Set v6lit.
2014-03-12 14:33:51 +01:00
NIIBE Yutaka
781b941743 scd: writekey support of ECC.
* scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New.
(store_fpr): Support ECC keys with varargs.
(get_ecc_key_parameters, get_curve_name): Support secp256k1.
(parse_ecc_curve): Likewise.
(build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New.
(ecdh_writekey): New.  Not implemented yet.
(do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey.
(do_genkey): Follow the change of store_fpr.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-03-12 17:25:33 +09:00
Werner Koch
0b2cca807d dirmngr: Put brackets around IP addresses in the hosttable.
* dirmngr/ks-engine-hkp.c (EAI_OVERFLOW): Provide a substitute.
(my_getnameinfo): New.
(map_host): Use it.
2014-03-11 18:02:29 +01:00
Werner Koch
a3dee28891 dirmngr: Add command option to mark hosts as dead or alive.
* dirmngr/server.c (cmd_killdirmngr): Factor some code out to ...
(check_owner_permission): here.
(cmd_keyserver): Add options --dead and --alive.
* dirmngr/ks-engine-hkp.c (host_in_pool_p): New.
(ks_hkp_mark_host): New.
--

Also removed the warning that the widnows part has not yet been done.
AFAICS, the current mingw supports the all used socket functions.
2014-03-11 16:30:36 +01:00
Werner Koch
71b55c9455 dirmngr: Make Assuan output of keyblocks easier readable
* dirmngr/server.c (data_line_cookie_write): Print shorter data lines
in verbose mode.
2014-03-11 16:30:36 +01:00
Werner Koch
3c35b46a32 dirmngr: Fix HKP host selection code.
* dirmngr/server.c (cmd_keyserver): Add option --resolve and change
--print-hosttable to --hosttable.
* dirmngr/ks-action.c (ks_printf_help): New.
(ks_action_resolve): New.
* dirmngr/ks-engine-hkp.c (select_random_host): Fix selection.
(ks_hkp_print_hosttable): Print to assuan stream.
(map_host): Remove debug code.  Add arg FORCE_SELECT.  Return numeric
IP addr if it can't be resolved.
(make_host_part): Add arg FORCE_SELECT; change callers to pass false.
(ks_hkp_resolve): New.
--

The new options for the keyserver command are useful for debugging.
For example:

  $ tools/gpg-connect-agent -S /usr/local/var/run/gnupg/S.dirmngr \
          'keyserver hkp://keys.gnupg.net' \
          'keyserver http://http-keys.gnupg.net' \
          'keyserver --resolve --hosttable' /bye

yields:

  OK
  OK
  S # http://astrath.net:80
  S # http://2001:41d0:1:e673::1:11371
  S # hosttable (idx, ipv4, ipv6, dead, name):
  S #   0       http-keys.gnupg.net
  S #   .   --> 10 11 12 1 5 8 7 4* 2 9 6 3
  S #   1 4     37.250.168.245.bredband.tre.se
  S #   2 4 6   keys.exosphere.de
  S #   3 4 6   poseidon.muc.drweb-av.de
  S #   4 4     astrath.net
  S #   5 4     79.143.214.216
  S #   6 4     openpgp.andrew.kvalhe.im
  S #   7 4     app.aaiedu.hr
  S #   8 4 6   alita.karotte.org
  S #   9 4 6   keyserver.bau5net.com
  S #  10 4     194.94.127.122
  S #  11   6   2001:4d88:1ffc:477::7
  S #  12   6   2a00:1280:8000:2:1:8:0:1
  S #  13       keys.gnupg.net
  S #   .   --> 23 28* 30 17 22 8 7 27 25 14 21 20 19 29 [...]
  S #  14 4     hufu.ki.iif.hu
  S #  15 4     pks.ms.mff.cuni.cz
  S #  16 4     pgpkeys.co.uk
  S #  17 4     80-239-156-219.customer.teliacarrier.com
  S #  18 4     srv01.secure-u.de
  S #  19 4     mallos.xs4all.nl
  S #  20 4     kronecker.scientia.net
  S #  21 4     keyserver.ut.mephi.ru
  S #  22 4     89-68-150-88.dynamic.chello.pl
  S #  23   6   2001:1608:21:6:84:200:66:125
  S #  24   6   sks.es.net
  S #  25   6   gstueve-1-pt.tunnel.tserv13.ash1.ipv6.he.net
  S #  26   6   sks.mrball.net
  S #  27   6   gozer.rediris.es
  S #  28   6   2001:41d0:1:e673::1
  S #  29   6   oteiza.siccegge.de
  S #  30   6   2403:4200:401:10::13
  S #  31   6   statler.serviz.fr
  OK
2014-03-11 16:30:36 +01:00
Werner Koch
f30d8b0188 List readline support in configure summary
* m4/readline.m4: Set gnupg_cv_have_readline.
* configure.ac: Add readline support to summary output.
--

Readline is an optional feature which is build if the readline
development files are available on the build systems.  Too often they
are missing on a (new) build machine which at least makes debugging
inconvenient.
Backport useful code from fixes for bug 1447.

* configure.ac: Cehck for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
--

We do not have keyserver helpers anymore but this fixes may come handy
eventually.
2014-03-11 16:30:36 +01:00
NIIBE Yutaka
ac5a1a3ccb agent: API change of agent_key_from_file.
* agent/findkey.c (agent_key_from_file): Always return S-expression.
* agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO.
(cmd_export_key): Likewise.  Free SHADOW_INFO.
(cmd_keytocard): Likewise.  Release S_SKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Likewise.
* agent/pksign.c (agent_pksign_do): Likewise.  Use the S-expression to
know the key type.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-03-11 16:03:01 +09:00
Werner Koch
57d26f39af Backport useful code from fixes for bug 1447.
* configure.ac: Cehck for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
--

We do not have keyserver helpers anymore but this fixes may come handy
eventually.
2014-03-10 16:07:51 +01:00
Werner Koch
9ab9f414fb scd: acquire lock in new_reader_slot.
* scd/apdu.c (new_reader_slot): Acquire lock.
(open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, open_rapdu_reader): Release lock.
(lock_slot, trylock_slot, unlock_slot): Move more to the top.

--
Fixes a test case of:
   No libpcsclite1 installed.
   Run gpg-agent
   Run command "gpg-connect-agent learn /bye" with no card/token
   Sometimes it fails: ERR 100663356 Not supported <SCD>
   While it should be always: ERR 100663404 Card error <SCD>

(cherry picked from commit 4f557cb9c2ebe274d6aacc60a09cd919055d01ed)

Resolved conflicts:
	scd/apdu.c: pth/npth changes. Move lock helpers to the top.
                    Take care of removed pcsc_no_service.
2014-03-10 16:07:46 +01:00
Werner Koch
8e9b1aa563 Comment fixes.
--

Reported-by: Daniel Kahn Gillmor
(cherry picked from commit 7db5c81e3a40b60e146f29c6744a33fd1b88c090)
2014-03-10 15:13:12 +01:00
Werner Koch
b278043a8f Do not require libiconv for Android.
* configure.ac (require_iconv): New.  Set to false for android.
(AM_ICONV): Run only if required.
2014-03-10 11:16:52 +01:00
Werner Koch
feda379595 dirmmgr: Use a portability wrapper for struct timeval.
* dirmngr/dirmngr_ldap.c [W32]: Include winber.h.
(my_ldap_timeval_t): New.
2014-03-07 19:20:57 +01:00
Werner Koch
4387ecb11c Silence more warnings about unused vars and args.
* dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
* dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
* dirmngr/dirmngr.c (w32_service_control): Mark unused args.
(call_real_main): New.
(main) [W32]: Use new function to match prototype.
(real_main) [W32]: Mark unused vars.
(handle_signal) [W32]: Do not build the function at all.
(handle_connections) [W32]: Do not define signo.
* dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
* g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.
2014-03-07 19:05:41 +01:00
Werner Koch
35266076e3 dirmngr: Simplify strtok macro.
* dirmngr/ldap-url.c (ldap_utf8_strtok): Remove unused r3d arg.
(ldap_str2charray): Remove lasts.
--

I have no clue why an utf8 version was planned to be used.  Do the
LDAP folks really assume that eventually non-ascii delimiters might be
used?  Simplified it to silence the warning about an used helper var.
2014-03-07 19:00:31 +01:00
Werner Koch
72133b54de Use attribute __gnu_printf__ also in estream header files.
* common/estream-printf.h: Use attribute gnu_printf.
* common/estream.h: Ditto.
2014-03-07 18:56:17 +01:00
Werner Koch
36372dcb2f Use attribute __gnu_printf__ with our estream-printf functions.
* common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__
(JNLIB_GCC_A_NR_PRINTF): Ditto.
--

Our printf supports most of the GNU features and thus we can silence
the warnings from mingw.
2014-03-07 16:40:10 +01:00
Werner Koch
094aa2589e w32: Silence warnings about unused vars.
* agent/gpg-agent.c (main) [W32]: Mark unused vars.
* sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
* g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
* scd/scdaemon.c (main) [W32]: Ditto.
(handle_connections) [W32]: Ditto.
(handle_signal) [W32]: Do not build the function at all.
* scd/apdu.c (pcsc_send_apdu_direct): Ditto.
(connect_pcsc_card): s/long/pcsc_dword_t/.
(open_pcsc_reader_direct): Remove var listlen.
2014-03-07 16:11:15 +01:00
Werner Koch
a0fc42598f w32: Fix a potential problem in gpgconf's gettext.
* tools/gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Make sure
to return something even DOMAIN is not given.
2014-03-07 16:06:40 +01:00
Werner Koch
3032fc3ad7 Silence several warnings when building under Windows.
* agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
(start_pinentry): Ditto.
* common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
* common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
prototypes on Windows and some other platforms.
* common/logging.c (fun_writer): Declare addrbuf only if needed.
* g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
* g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
mode.
* g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
by -1 as temporary hack for Windows.
* g10/export.c (do_export): Ditto.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
* g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
--

The gpg server mode is not actual working and thus we can avoid the
warnings by explicitly disabling the mode.  We keep it working under
Unix, though.
2014-03-07 16:06:35 +01:00
Werner Koch
cb0dcc3408 w32: Include winsock2.h to silence warnings. 2014-03-07 14:18:43 +01:00
Werner Koch
84fd36f8ba gl: Avoid warning about shadowing an arg.
* gl/setenv.c (KNOWN_VALUE): s/value/_v/.
2014-03-07 14:00:14 +01:00
Werner Koch
0fc71f7277 common: Fix build problem with Sun Studio compiler.
* common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
functions.
(ESTREAM_MUTEX_INITIALIZE): Ditto.
--

GnuPG-bug-id: 1566
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 571bcd4662a351cfa55bbf1a79ed1bc26da5780f)

Reolved conflicts:
	common/estream.c

Warning: estream.c still uses pth_mutex_* which is definitely wrong.
         Needs to be investigated.
2014-03-07 10:55:53 +01:00
Werner Koch
d8f0b83e4f gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(tdb_get_ownertrust): Ditto.
(tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts): Ditto.
(tdb_cache_disabled_value): Ditto.
(tdb_check_trustdb_stale): Ditto.
(tdb_get_validity_core): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e)

Resolved conflicts:
	NEWS
	g10/trustdb.c: Manually apply changes due to changed
                       function names.

Note that this also includes the fix for clear_ownertrust, see
GnuPG-bug-id: 1622.
2014-03-07 10:44:27 +01:00
Werner Koch
dfb25d47a9 gpg: Print a "not found" message for an unknown key in --key-edit.
* g10/keyedit.c (keyedit_menu): Print message.
--

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0bf54e60d31389812d05c3fd29bece876204561d)

Resolved conflicts:
	g10/keyedit.c: Fix white spaces
2014-03-07 10:18:32 +01:00
Werner Koch
db1f74ba53 gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe)

Resolved conflicts:
	g10/import.c
	g10/keyserver.c
2014-03-07 10:14:05 +01:00
Werner Koch
90688b29f3 agent: Fix UPDATESTARTUPTTY for ssh.
* agent/command-ssh.c (setup_ssh_env): Fix env setting.
--

gniibe reported this to gnupg-devel on 2012-07-04:

  [...]
  (2) UPDATESTARTUPTTY doesn't work to switch TTY for pinentry for
      SSH.

  [...]

  Current implementation:

      In the function start_command_handler_ssh, the logic puts
      priority on ctrl->session_env which is initialized by
      agent_init_default_ctrl.  There are always GPG_TTY and TERM
      defined, because lines around 968 in gpg-agent.c, it says:

  	/* Make sure that we have a default ttyname. */

      While UPDATESTARTUPTTY updates opt.startup_env, it doesn't
      affect at all.

  Here is a patch to point the issue.  Tested and works for me.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f5578c29adba6d4f7d3650121d07322c2f8d254)
2014-03-07 09:59:32 +01:00
Werner Koch
7c4bfa599f gpgv: Init Libgcrypt to avoid syslog warning.
* g10/gpgv.c (main): Check libgcrypt version and disable secure
memory.
--

GnuPG-bug-id: 1376
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3966eb244518d5612385d35a5149f7164a9fb707)

Resolved conflicts:
	g10/gpgv.c
2014-03-07 09:58:22 +01:00
Werner Koch
5ca482d5f9 Improve libcurl detection.
* m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
given.  Suggested by John Marshall.
--

GnuPG-bug-id: 1510
(cherry picked from commit 110b52fffa77b339e6d59eba939408f7e87e7138)
2014-03-07 09:54:43 +01:00
Werner Koch
0ab752cc2d gpg: Remove legacy keyserver examples from the template conf file.
* g10/options.skel: Update.

(cherry picked from commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c)
2014-03-07 09:53:29 +01:00
Werner Koch
76b1940ad6 w32: Define WINVER only if needed.
* common/sysutils.c (WINVER): Define only if less that 5.0.
2014-03-07 09:52:10 +01:00
Werner Koch
63b7658a29 w32: Remove unused code.
* jnlib/w32-reg.c (write_w32_registry_string): Remove.
2014-03-07 09:48:28 +01:00
Werner Koch
9942a149ff agent: Make --allow-mark-trusted the default.
* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.

* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.

--

These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0.  Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90b419f3e9d05e509348d047e05fcc79e87be6cf)

Resolved conflicts:
	NEWS
	agent/gpg-agent.c
2014-03-07 09:48:26 +01:00
Werner Koch
5105c8d2d3 ssh: Add support for Putty.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support.  Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--

This patch enables support for Putty.  It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file.  It
also works with a smartcard key.

May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f32499f99a0817f63f7a73b09bdcebe60d4775d)

Resolved conflicts:
	NEWS
	agent/agent.h
	agent/gpg-agent.c: Convert from pth to npth.
	common/sysutils.c
	common/sysutils.h
2014-03-07 09:48:10 +01:00
Werner Koch
179012ddd4 agent: Fix binary vs. text mode problem in ssh.
* agent/command-ssh.c (file_to_buffer)
(ssh_handler_request_identities): Open streams in binary mode.
(start_command_handler_ssh): Factor some code out to ..
(setup_ssh_env): new function.
--

This is for now a theoretical fix because there is no ssh client yet
which uses the GnuPG style IPC.  OpenSSL for Cygwin uses only a quite
similar one.  gniibe suggested to implement that IPC style in
Libassuan so that a Cygwin version of OpenSSL may be used with GnuPG.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ed056d67c7c93306b68829f83a2565e978dcfd9b)

Also fixed one typo.
2014-03-07 09:00:56 +01:00
Werner Koch
4ad123d6fe Fix syntax error for building on APPLE.
* scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
--

For W32 and probably for Cygwin we don't need the wrapper, thus the
problems does not exhibit itself.

(cherry picked from commit 8ddf604659b93754ffa6dea295678a8adc293f90)
2014-03-07 08:57:09 +01:00
Werner Koch
d2a6be24af Ignore obsolete option --disable-keypad.
* scd/scdaemon.c (opts): Ignore --disable-keypad.
--

The renaming of --disable-keypad to --disable-pinpad might mess up
configuration files managed with a GUI.  The GUI does not not anymore
know about the old option and would allow the user to switch
"disable-pinpad" on.  However, a "disable-keypad" might still linger
in the conf file with gpgconf not knowing about it.  Thus the conf
file would always be rejected and manual intervention would be
required.  Ignoring the old option nicely solves the problem.

(cherry picked from commit e24e92d7e244edd578c0c1f0fba6e0070cb5f104)
2014-03-07 08:53:11 +01:00
Werner Koch
8fc9de8d6b Allow marking options as ignored.
* jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
(ARGPARSE_TYPE_MASK): New, for internal use.
(ARGPARSE_ignore): New.
* jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
constants by macros.
(optfile_parse): Implement ARGPARSE_OPT_IGNORE.
(arg_parse): Exclide ignore options from --dump-options.
--

In addition to the ignore-invalid-option (commit 41d56433) it is often
useful to mark options in a configuration which as NOP.  For example
options which have no more function at all but can be expected to be
found in existing conf files.  Such an option (or command) may now be
given as

  ARGPARSE_ignore (300, "obsolete-option")

The 300 is merely used as a non-valid single option name much like
group names or the 500+n values used for long options.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 54c54e2824aab5716a187bbbf6dff8860d6a6056)

Resolved conflicts:
	common/argparse.c: Fixed.
2014-03-07 08:51:47 +01:00
Werner Koch
191e32026f common: Fix recent commit 55656208.
* common/membuf.c (get_membuf_shrink): Fix use of LEN.
--

Oops, what a stupid bug.
2014-03-06 15:28:42 +01:00
NIIBE Yutaka
5ed8e9335f Fix g10/trust.c.
* g10/trust.c (register_trusted_keyid, register_trusted_key)
(update_ownertrust): Call functions with tdb_.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-03-06 16:23:10 +09:00