1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

847 Commits

Author SHA1 Message Date
NIIBE Yutaka
ac87fc1a9b
Merge branch 'master' into gniibe/t6275 2022-12-05 12:01:06 +09:00
Werner Koch
c3f9f2d497
wkd: New option --add-revocs and some fixes.
* tools/gpg-wks.h (opt): Add add_revocs.
* tools/wks-util.c (wks_get_key): Add arg 'binary'.
(wks_armor_key): New.
(wks_find_add_revocs): New.
(wks_cmd_install_key): Get key in binary mode and add revocations if
enabled.
* tools/gpg-wks-client.c (oAddRevocs): New.
(opts): Add --add-revocs.
(parse_arguments): Set option,
(command_send): Get key in binary mode, add revocations if enabled,
and explictly armor key.  Remove kludge to skip the Content-type line
in no_encrypt mode.

(mirror_one_keys_userid): Always filter the key to get rid of the
armor as received from dirmngr.  Add revocations from the local
keyring.
--

Note that this also fixes an oddity of the new mirror command which
used to store the keys armored as received from dirmngr.
2022-11-29 17:17:50 +01:00
Werner Koch
34fafa50f1
wkd: Make use of --debug extprog.
* tools/wks-util.c (debug_gpg_invocation): New.
(get_key_status_cb): Enable debug output.
(wks_get_key): Show gpg invocation.
(wks_list_key): Ditto.
(wks_filter_uid): Ditto.
2022-11-29 10:43:54 +01:00
NIIBE Yutaka
202d7b47e7
Replace other use cases of gnupg_spawn_process_fd.
--

 by gnupg_process_spawn

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-25 13:18:17 +09:00
NIIBE Yutaka
729951f4c2
common,tools,dirmngr: Introduce gnupg_process_spawn.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-17 14:12:51 +09:00
Werner Koch
9c4691c73e
card: New commands "gpg" and "gpgsm".
* tools/gpg-card.c: Include exechelp.h
(cmd_gpg): New.
(enum cmdids): Add cmdGPG and cmdGPGSM.
(cmds): Add commands "gpg" and "gpgsm"
(dispatch_command, interactive_loop): Call them.
--

It is too cumbersome to leave the gpg-card shell just for running a
quick gpg or gpgsm command.  Thus we add these new commands.

Take care: As of now we don't have proper shell-quoting rules
implemented.  This will eventually be done.
2022-10-25 14:11:47 +02:00
Werner Koch
f3198f9d70
card: Also show fingerprints of known X.509 certificates
* tools/gpg-card.c (list_one_kinfo): Show fpr.
--

The fingerprint is actually more useful than the Subject-DN.
2022-10-25 11:57:23 +02:00
NIIBE Yutaka
de01fb8131
agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.
* common/exechelp-posix.c (do_exec): Remove PREEXEC argument.
(gnupg_spawn_process): Likewise.
(gnupg_spawn_process_fd): Follow the change of do_exec.
(gnupg_spawn_process_detached): Likewise.
* common/exechelp-w32.c (gnupg_spawn_process): Remove PREEXEC.
* common/exechelp.h (gnupg_spawn_process): Remove PREEXEC.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* tests/gpgscm/ffi.c (do_spawn_process): Likewise.
* tools/gpgconf-comp.c (gc_component_check_options): Likewise.
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.

--

PREEXEC is not portable feature and it's not used.

GnuPG-bug-id: 6249
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-10-20 14:19:19 +09:00
Alexander Kulbartsch
55eef71dbe
wkd: gpg-wks-client --send checks if build with sendmail support
* tools/gpg-wks-client.c (main): Return GPG_ERR_NOT_IMPLEMENTED if
gnupg was build without sendmail support.  (NAME_OF_SENDMAIL=="")
2022-10-13 09:24:03 +02:00
Werner Koch
b0b4e24c4f
wkd: Implement --blacklist option for gpg-wks-client
* tools/gpg-wks-client.c (blacklist_array, blacklist_array_len): New.
(parse_arguments): Install blacklist.
(read_file): New.
(cmp_blacklist, add_blacklist, is_in_blacklist): New.
(mirror_one_key): Check list.
* tools/gpg-wks.h (opt): Remove field blacklist.
--

GnuPG-bug-id: 6224
2022-10-07 17:35:44 +02:00
Werner Koch
0a151548b6
wkd: Restrict gpg-wks-client --mirror to the given domains.
* tools/gpg-wks-client.c (domain_matches_mbox): New.
(mirror_one_key): Skip non-matching domains.
(command_mirror): Change args to allow for several domains.
--

Although dirmngr returns only the keys matching a certain domain,
those keys still may have user ids from other domains.  Now we publish
only the user-ids as specified on the command line.

GnuPG-bug-id: T6224
2022-10-07 15:59:53 +02:00
Werner Koch
4364283f75
wkd: Silence gpg-wks-client diagnostics from gpg.
* tools/gpg-wks-client.c (add_user_id): PAss --quiet to gpg unless we
are running in double verbose mode.
(decrypt_stream): Ditto
(encrypt_response): Ditto.
(mirror_one_keys_userid): Ditto.
* tools/wks-util.c (wks_get_key): Ditto.
(wks_list_key): Ditto.
(wks_filter_uid): Ditto.
2022-10-07 15:01:14 +02:00
Werner Koch
7ccd489aa2
wkd: New command --mirror for gpg-wks-client.
* tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New.
(opts): Add ----mirror, --no-autostart, and --blacklist.
(parse_arguments): Parse new options.
(main): Parse common.conf.  Implement aMirror.
(mirror_one_key_parm): New.
(mirror_one_keys_userid, mirror_one_key): New.
(command_mirror): New.

* tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags.
* tools/wks-util.c (wks_cmd_install_key): Factor some code out to ...
(wks_install_key_core): new.

* tools/call-dirmngr.c (wkd_dirmngr_ks_get): New.
--

This implements the basic LDAP to WKD mirroring.  The blacklist
option and domain restrictions are not yet fully implemented.

Take care: In OpenLDAP you may need to increase the paged result limit
by using a configuration like:

  dn: olcDatabase={1}mdb,cn=config
  changetype: modify
  replace: olcLimits
  olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited

GnuPG-bug-id: 6224
2022-10-06 18:38:29 +02:00
Werner Koch
ed54fd53d1
tools: Need to set the dir for common.conf
* tools/gpg-connect-agent.c (main): Set dirs.
* tools/gpg-card.c (main): Ditto.
--
Fixes-commit: 203dcc19eb
2022-09-21 09:41:39 +02:00
NIIBE Yutaka
e133bcb1cd
tools:gpg-auth: Enhance it to support use case for login.
* tools/Makefile.am: gpg-auth is one in libexec_PROGRAMS.
* tools/gpg-auth.c: Support use by root for login user.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-13 16:41:10 +09:00
NIIBE Yutaka
dc9227ca57 tools:gpg-auth: Support use of pinpad.
* tools/gpg-auth.c (getpin): Use comment.
(inq_needpin): Support "POPUPPINPADPROMPT" protocol response.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-06 13:52:51 +09:00
NIIBE Yutaka
7a22f764d5 tools:gpg-auth: Show SSH key comment when asking PIN.
* tools/gpg-auth.c (authenticate): Put key_list->comment to assuan
user's pointer.
(getpin): Show SSH key comment if any.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-05 14:42:06 +09:00
NIIBE Yutaka
3e5f99e648 tools: Fix gpg-auth.
* tools/gpg-auth.c (my_strusage): Fix usage string.
(main): Use gpg-agent to get scdaemon socket.
(authenticate): Return GPG_ERR_NOT_FOUND when no success.
(ga_scd_connect): Use DBG_IPC.
(inq_needpin): Change API for getpin.
(put_second_field_cb): New, to get the second field.
(scd_get_pubkey): Use put_second_field_cb.
(ga_filter_by_authorized_keys): Put NULL at the PREV->next.
(getpin): Flush the standard output.
Include the last terminating NUL.
Return the length.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-02 19:00:20 +09:00
NIIBE Yutaka
d49788ef9f tools:gpg-auth: New tool for authentication.
* tools/Makefile.am (bin_PROGRAMS): Add gpg-auth.
(gpg_auth_SOURCES, gpg_auth_LDADD):
* tools/gpg-auth.c: New.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-02 14:52:17 +09:00
Werner Koch
203dcc19eb
common: New common option no-autostart.
* common/comopt.c (opts): Add "no-autostart".
(parse_comopt): Set it.
* common/comopt.h (comopt): Add no_autostart.

* g10/gpg.c (main): Take care of the new option.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add.
(main): Parse common options and handle new option.
* tools/gpg-card.c (main): Ditto.
(cmd_yubikey): Fix minor error reporting issue.

* common/util.h (GNUPG_MODULE_NAME_CARD): New const.
* common/homedir.c (gnupg_module_name): Support it.
--

Having a global option makes it easier to use disable autostart on a
server which is required to use a remote gpg-agent reliable.
2022-08-22 12:05:02 +02:00
Werner Koch
5fb2306b97
gpgconf: Add config file for Windows Registry dumps.
* tools/gpgconf.c (show_registry_entries_from_file): New.
(show_configs): Call it.
* doc/examples/gpgconf.rnames: New.
* doc/Makefile.am (examples): Add it.
2022-08-03 09:31:44 +02:00
Werner Koch
ea7aba6e60
gpgconf: Improve registry dumping.
* common/w32-reg.c (read_w32_reg_string): Add arg r_hklm_fallback and
change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key.  Indicate whether the HKLM fallback was used.
--

Note that this is  backport from 2.2.  The new support there for
REG_DWORD needs to be implemented in libgpg-error, though.
2022-08-02 14:35:38 +02:00
Werner Koch
4c8792fa10
wkd: Bind the address to the nonce.
* tools/gpg-wks-server.c (make_pending_fname): New.
(store_key_as_pending, check_and_publish): Use here.
(process_new_key): Pass addrspec to store_key_as_pending.
(expire_one_domain): Expire also the new files.
--

Along with the pass traversal bug this enhancement was
Suggested-by: Philipp Breuch <pbreuch@mail.upb.de>
GnuPG-bug-id: 6098
2022-07-27 11:41:34 +02:00
Werner Koch
8a63a8c825
wkd: Fix path traversal attack on gpg-wks-server.
* tools/gpg-wks-server.c (check_and_publish): Check for invalid
characters in sender controlled data.
* tools/wks-util.c (wks_fname_from_userid): Ditto.
(wks_compute_hu_fname): Ditto.
(ensure_policy_file): Ditto.
2022-07-25 10:21:44 +02:00
Werner Koch
1d5bf0050e
gpg-connect-agent: No help string for --unbuffered
--
2022-07-10 16:18:28 +02:00
Werner Koch
15a8834b0b
gpgconf: New short options -V and -X
* tools/gpgconf.c: Assign short options -X and -V
(show_version_gnupg): Print the vsd version if available.
--

These changes are helpful for phone support.
2022-06-29 13:14:35 +02:00
NIIBE Yutaka
fe535cf265 agent,gpg,tools: Fix use of log_get_fd.
* agent/call-daemon.c (daemon_start): Don't put file descriptor from
log_get_fd to no_close_list.
* agent/call-pinentry.c (start_pinentry): Likewise.
* common/call-gpg.c (start_gpg): Likewise.
* call-syshelp.c (start_syshelp): Likewise.
* tools/gpg-connect-agent.c (main): Likewise.

--

GnuPG-bug-id: 5921
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-22 13:34:06 +09:00
Werner Koch
d2d7a2b128
Remove remaining support for WindowsCE
--
2022-06-03 10:08:21 +02:00
Werner Koch
d89557fe95
tools: Minor fix to gpg-connect-agent options.
* tools/gpg-connect-agent.c (enum cmd_and_opt_values): Move
oUnBuffered more to the top so that oNoop won't not get the value 'v'.
2022-06-02 15:56:59 +02:00
NIIBE Yutaka
5a327e8001 tools: Add a way to cancell INQUIRE for gpg-connect-agent.
* tools/gpg-connect-agent.c (handle_inquire): When the helper program
exit status is not 0, it means cancellation, now.

--

GnuPG-bug-id: 6010
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-02 15:50:57 +09:00
NIIBE Yutaka
24d02b8a32 tools: Add --unbuffered option to gpg-connect-agent.
* tools/gpg-connect-agent.c (cmd_and_opt_values): Add oUnBuffered.
(opts, opt): Likewise.
(main): When unbuffered, set gpgrt_stdin/stdout accordingly.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-06-02 13:21:14 +09:00
Werner Koch
22fef189b1
w32: Do no use Registry item DefaultLogFile for the main tools.
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--

The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools.  However, with the global config file
common.conf things are anyway better.  We disable the use for the
commonly used tools so that it does not look like calling gpg on the
command line seems to block with no output if the log
server (e.g. tcp://1.2.3.4:11111) is not reachable.
2022-04-20 09:30:56 +02:00
NIIBE Yutaka
2cebba7274 gpg,tools: Remove use of repo only zlib-riscos.h.
* g10/compress.c: Don't use zlib-riscos.h.
* tools/gpgsplit.c: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-29 12:07:18 +09:00
NIIBE Yutaka
caba9df726 tools:gpgconf: Fix gc_component table.
* tools/gpgconf-comp.c [!BUILD_WITH_TPM2D] (gc_component): Add a dummy
entry.

--

GnuPG-bug-id: 5701
Reported-by: Adriaan de Groot
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-25 14:28:22 +09:00
Werner Koch
ed53d41b4c
gpgtar: New option --with-log
* tools/gpgtar.c: New option --with-log.
* tools/gpgtar.h (opt): Add field with_log.
* tools/gpgtar-extract.c (gpgtar_extract): Move directory string
building up.  Add option --log-file if needed.
* tools/gpgtar-create.c (gpgtar_create): Make tmpbuf static becuase it
is used outside of its scope.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
2022-03-22 10:19:55 +01:00
Werner Koch
e5ef5e3b91
gpgtar: Finally use a pipe for decryption.
* tools/gpgtar.h (opt): Add new flags.
* tools/gpgtar.c: new options --batch, --yes, --no, --status-fd, and
--require-compliance.
(main): Init signals.
* tools/gpgtar-create.c: Add new header files.
(gpgtar_create): Rework to use a pipe for encryption and signing.
* tools/gpgtar-list.c: Add new header files.
(gpgtar_list): Rework to use a pipe for decryption.
* tools/gpgtar-extract.c: Add new header files.
(gpgtar_extract): Rework to use a pipe for decryption.
--

Fixes-commit: 40dbee86f3
2022-03-21 13:21:20 +01:00
Werner Koch
70b738f93f
gpgtar,w32: Support file names longer than MAX_PATH.
* tools/gpgtar.c: Replace assert by log_assert.
* tools/gpgtar-extract.c: Ditto.
(extract_regular): Create files with sysopen flag.
* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
--

Note that for this change libgpg-error 1.45 is required for Windows.
2022-03-08 07:50:17 +01:00
Werner Koch
cff68fe359
scd,w32: Print code pages with --show-configs
* tools/gpgconf.c (show_configs): Do it.
2022-02-21 12:17:08 +01:00
Werner Koch
57d546674d
dirmngr: Avoid initial delay on the first keyserver access.
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.

* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
--

This delay of 2 or 3 seconds is in particular annoying on Windows.
This is now suppressed, as it should be, if --no-use-tor is used.

The second patch is unrelated
2022-02-01 16:03:06 +01:00
Werner Koch
ed798a97f5
gpgconf: Teach --show-config the legacy gpgconf.conf.
* tools/gpgconf.c (show_configs): Print gpgconf.conf and a warning.
2022-01-27 14:43:45 +01:00
Werner Koch
977b61ddab
gpgconf: Return again "keyserver" for gpgsm.
* tools/gpgconf-comp.c (known_options_gpgsm): Change "ldapserver" back
to "keyserver".
2022-01-27 14:40:53 +01:00
Werner Koch
8fb23094c2
gpgconf: Fix --list-options for forced options
* tools/gpgconf-comp.c (retrieve_options_from_program): Ignore to to
ignored options.  Add failsafe code to avoid calling percent_escape
with NULL.
--

Remember: When using ARGPARSE_FLAG_WITHATTR the ARGPARSE_OPT_IGNORE
flags in the returned type needs to be considered.

GnuPG-bug-id: 5800
2022-01-26 12:47:56 +01:00
Werner Koch
0b4fdbd5f4
gpgconf: Return --ldapserver and --keyserver from dirmngr.
* dirmngr/dirmngr.c: Reorder two option groups.
* tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to
"ldapserver" and set level to invisible.
(known_options_dirmngr): Add "ldapserver" at the basic level.
* sm/gpgsm.c (opts): No more help text for "ldapserver".
--

GnuPG-bug-id: 5800
2022-01-25 20:24:25 +01:00
Werner Koch
ec4a1cffb8
gpgconf: Add command aliases -L -K -R.
* tools/gpgconf.c (enum cmd_and_opt_values): Assign shortcuts.
--

I have to type them to often ;-)
2022-01-12 20:27:14 +01:00
Werner Koch
99a8b1f138
gpgtar: List and extract using extended headers.
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--

GnuPG-bug-id: 5754
2022-01-09 18:37:56 +01:00
Werner Koch
3a1c556b2c
gpgtar: Create extended header for long file names
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr.  Detect and store long file and link
names.  Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--

GnuPG-bug-id: 5754
2022-01-09 18:37:56 +01:00
Werner Koch
ec311425ca
doc: Typo fixes.
--
2021-12-30 10:24:36 +01:00
Werner Koch
42785d7c8a
gpgconf: Do not list ignored options and mark forced options as r/o.
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--
2021-12-30 10:19:55 +01:00
Werner Koch
038136ea48
wkd: Don't beg for donations
* tools/gpg-wks-server.c (send_congratulation_message): Remove
donation hint from message.
--
2021-12-20 19:34:34 +01:00
NIIBE Yutaka
e08225030d w32: Prepare for the case gcrypt.h will not include winsock2.h.
* common/dynload.h: Include specific headers only.
* common/exechelp-w32.c: Include <windows.h>.
* common/gettime.c: Likewise.
* common/utf8conv.c: Likewise.
* tests/gpgscm/ffi.c: Likewise.
* tools/gpgconf.c: Likewise.
* configure.ac: Check winsock2.h, removing gl_HEADER_SYS_SOCKET.

--

GnuPG-bug-id: 5731
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-12-17 13:32:14 +09:00