* agent/gpg-agent.c (handle_connections): Add a comment.
* dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
socket to ...
(handle_connections): here. Add a comment why we keep the
listening socket open during a shutdown.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (handle_connections): Keep on selecting on the
inotify fd even when a shutdown is pending.
* dirmngr/dirmngr.c (handle_connections): Ditto. Also simplifyy the
use of the HAVE_INOTIFY_INIT cpp conditional.
--
Without that patch we won't notice a removed socket when a shutdown is
pending. This is somewhat related to bug report 2849.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/plaintext.c (get_output_file): Check and open special filename
before falling back to stdout.
--
GnuPG-bug-id: 2677
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/gpgsm.c (check_special_filename): Move to ..
* common/sysutils.c (check_special_filename): here. Add arg
NOTRANSLATE.
(allow_special_filenames): New local var.
(enable_special_filenames): New public functions.
* sm/gpgsm.c (allow_special_filenames): Remove var.
(main): Call enable_special_filenames instead of setting the var.
(open_read, open_es_fread, open_es_fwrite): Call
check_special_filename with 0 for NOTRANSLATE.
* common/iobuf.c (special_names_enabled): Remove var.
(iobuf_enable_special_filenames): Remove func.
(check_special_filename): Remove func.
(iobuf_is_pipe_filename): Call new version of the function with
NOTRANSLATE set.
(do_open): Ditto.
* g10/gpg.c (main): Call enable_special_filenames instead of
iobuf_enable_special_filenames.
* g10/gpgv.c (main): Ditto.
--
Note that we keep the iobuf.c:translate_file_handle because it is a
bit different (for whatever reasons) than the translate function from
sysutils.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt.c (decrypt_messages): Properly decrease the reference
count of the armor filters after pushing them.
Signed-off-by: Justus Winter <justus@g10code.com>
* doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY. Add
a new field called VALIDITY.
* g10/tofu.c (write_stats_status): Update output accordingly.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Change TOFU_STATS as discussed offline with Werner, Justus and Andre.
* dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread()
Before we need it.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Call
ldap_wrapper_launch_thread() just in time (before any attempt to use
an ldap subprocess).
--
A dirmngr process that never looks anything up in LDAP has no need for
a reaper thread, but one was started automatically. This thread wakes
up every two seconds to look for ldap processes that might never have
been running. We won't start more than one reaper thread for any
given dirmngr due to the static int "done" in
ldap_wrapper_launch_thread(), so it's safe to call this every time
there is a use of ldap_wrapper.
If someone wants to do further dirmngr optimizations for ldap users,
the reaper thread itself could use dynamically-calculated timeouts
(and probably needs to be alerted dynamically when a new ldap
subprocess is available so it can re-calculate those timeouts).
Note: It's not clear to me how to test ldap access effectively; i know
of no public ldap services that i can verify against, and i do not run
my own ldap servers. If someone has a publicly-available ldap server
that developers can run tests against, i would be happy to hear about
it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* build-aux/gitlog-to-changelog (parse_amend_file): Generalize keyword
removal.
--
This simplified rule does now match most special keywords like
Signed-off-by:
GnuPG-bug-id:
Fixes-commit:
However it does not match the sometimes used
Fixes:
which should be avoided anyway.
This patch helps in cases where the "--" delimiter line was not used
and only keywords were given.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if
our caller requested the key. Fixes a crash in 'lookup'.
GnuPG-bug-id: 2848
Fixes-commit: 1d03cc77e1
Signed-off-by: Justus Winter <justus@g10code.com>
* scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
max_rsp_data fields as Extended Capabilities bits are different.
(get_cached_data) Use extcap.max_certlen_3.
(get_one_do): Don't use exmode=1.
(determine_rsa_response): New.
(get_public_key, do_genkey): Call determine_rsa_response.
(do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
(do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
(do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
(show_caps): Remove max_cmd_data and max_rsp_data.
(app_select_openpgp): Likewise.
--
OpenPGP card V3 had introduced incompatible change in Extended
Capabilities bits. We can work around by this change by not
using those bits.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>.
(busy_handler): Replace use of open with es_fopen.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Thanks for Werner for pointing this out: es_fopen is more portable
than open.
* g10/trustdb.c (tdb_utks): New function.
* g10/tofu.c (check_utks): New function.
(initdb): Call it.
* tests/openpgp/tofu.scm: Modify test to check the effective policy of
keys whose effective policy changes when we change the set of UTKs.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
If the set of ultimately trusted keys changes, then it is possible
that a binding's effective policy changes. To deal with this, we
detect when the set of ultimately trusted keys changes and invalidate
all cached policies.
* scd/apdu.c (send_le): Fix the size, adding two for status
bytes to Le.
--
This is long standing bug. So far, Le was not exact value.
Since forthcoming change will introduce exact value of expected length
of response data, this change is needed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/gpgscm/opdefines.h (put, get): Check arguments. Also rename
to 'set-symbol-property' and 'symbol-property', the names used by
Guile, because put and get are too unspecific.
* tests/gpgscm/scheme.c (hasprop): Only symbols have property lists.
(get_property): New function.
(set_property): Likewise.
(opexe_4): Use the new functions.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/gpgscm/scheme-private.h (struct scheme): New fields for the
static integer cells.
* tests/gpgscm/scheme.c (_alloc_cellseg): New function.
(alloc_cellseg): Use the new function.
(MAX_SMALL_INTEGER): New macro.
(initialize_small_integers): New function.
(mk_small_integer): Likewise.
(mk_integer): Return a small integer if possible.
(_s_return): Do not free 'op' if it is a small integer.
(s_save): Use a small integer to box the opcode.
(scheme_init_custom_alloc): Initialize small integers.
(scheme_deinit): Free chunk of small integers.
* tests/gpgscm/scheme.h (USE_SMALL_INTEGERS): New macro.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/tofu.c (initdb): Add column effective_policy to the bindings
table.
(record_binding): New parameters effective_policy and set_conflict.
Save the effective policy. If SET_CONFLICT is set, then set conflict
according to CONFLICT. Otherwise, preserve the current value of
conflict. Update callers.
(get_trust): Don't compute the effective policy here...
(get_policy): ... do it here, if it was not cached. Take new
parameters, PK, the public key, and NOW, the time that the operation
started. Update callers.
(show_statistics): New parameter PK. Pass it to get_policy. Update
callers.
(tofu_notice_key_changed): New function.
* g10/gpgv.c (tofu_notice_key_changed): New stub.
* g10/import.c (import_revoke_cert): Take additional argument CTRL.
Pass it to keydb_update_keyblock.
* g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
Update callers.
[USE_TOFU]: Call tofu_notice_key_changed.
* g10/test-stubs.c (tofu_notice_key_changed): New stub.
* tests/openpgp/tofu.scm: Assume that manually setting a binding's
policy to auto does not cause the tofu engine to forget about any
conflict.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
We now store the computed policy in the tofu DB (in the
effective_policy column of the bindings table) to avoid computing it
every time, which is expensive. Further, policy is never overridden
in case of a conflict. Instead, we detect a conflict if CONFLICT is
not empty.
This change is backwards compatible to existing DBs. The only minor
incompatibility is that unresolved conflicts won't be automatically
resolved in case we import a direct signature, or cross signatures.
* g10/tofu.c (struct tofu_dbs_s): Remove unused field
record_binding_update2. Replace register_insert with
register_signature and register_encryption.
(tofu_register_signature): Don't use dbs->s.register_insert, but
dbs->s.register_signature.
(tofu_register_encryption): Don't use dbs->s.register_insert, but
dbs->s.register_encryption.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other
systemd user service example files.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (main): Remove duplicated initialization in daemon
mode.
--
The commit f57dc2b1e6 fixes a part of
problem (for missing initialization of supervised mode). It was
actually put in wrong place.
Fixes-commit: 9f92b62a51
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/tofu.c (busy_handler): Fix the flags and utime is not needed.
--
The argument flags must include one of O_RDONLY, O_WRONLY, or O_RDWR.
Adding O_TRUNC, the file is updated. So, utime is not needed.
Fixes-commit: b2e1b17efa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like
we did for WindowsCE.
--
Given that the timer tick is only used for housekeeping tasks and
these are done every 10 minutes, it makes no sense to use 2 seconds.
The minor drawback is tha the housekeeping may be delayed by one
minute.
NB: For the purpose of power saving, we already make sure that the
process wakes up at the full second so that it is synchronized to the
wakeup time of other processes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (handle_tick): Remove w32 tests for
shutdown_pending; no longer needed.
--
In d83ba4897b, we removed the
Windows-specific system daemon features, where shutdown_pending was
set from w32_service_control(). shutdown_pending is now never
assigned outside of handle_signal() or within an inotify test, neither
of which are available on w32.
As a result, this stanza in handle_tick() should be dead code, and can
be removed to keep things simple.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
s/win32/w32/ to please RMS ;-) -wk
* g10/tofu.c (busy_handler): Add third argument which is mandatory for
O_CREATE flag.
--
Reported-by: Kristian Fiskerstrand
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.
--
Some other products by Cherry works with pinpad, although it only works
for smaller keys (RSA 1024). TPDU support is good for larger keys.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
* dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
* doc/dirmngr.texi: Document this behavior.
--
A user who doesn't specify a keyserver, but asks gnupg to fetch a key
currently just gets a simple error messages "No keyserver available".
If the user is asking to contact a keyserver, we should have a
reasonable default, and not require them to fiddle with settings when
they might not know what settings to choose. This patch makes the
default hkps://hkps.pool.sks-keyservers.net.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Werner Koch