Fixes#423.
* DETAILS: Document new status codes.
* cardglue.c (agent_scd_pkdecrypt, agent_scd_pksign)
(agent_scd_genkey, agent_scd_setattr, agent_scd_change_pin)
(agent_scd_checkpin, agent_openpgp_storekey): Make sure to send a
SC_OP_FAILURE after card operations which might change data.
* card-util.c (change_pin): Send a SC_OP_SUCCESS after a PIN has
been changed.
(change_name): Removed a debug output.
* status.h, status.c: New codes BAD_PASSPHRASE_PIN, SC_OP_FAILURE
and SC_OP_SUCCESS.
* de.po: Updated. Translation is still in the works, though.
* command-ssh.c (sexp_key_extract): Removed FIXME, since
xtrymallos does set errno correctly by now.
(sexp_extract_identifier): Remove const attribute from identifier.
(ssh_handler_request_identities): Remove const attribute from
key_type; removes ugly casts and FIXME.
(sexp_key_extract): Remove const attribute from comment.
(ssh_send_key_public): Remove const attribute from
key_type/comment; removes ugly cast.
(data_sign): Remove const attribute from identifier; removes ugly
cast.
(key_secret_to_public): Remove const attribute from comment;
removes ugly cast.
(ssh_handler_sign_request): Remove const attribute from p.
(sexp_key_extract): Use make_cstring().
(ssh_key_extract_comment): Likewise.
(ssh_key_to_buffer): Use secure memory for memory area to hold the
key S-Expression.
Added more comments.
%0A may pass through.
* agent.h (server_control_s): New field USE_AUTH_CALL.
* call-scd.c (agent_card_pksign): Make use of it.
* command-ssh.c (data_sign): Set the flag.
(ssh_send_key_public): New arg OVERRIDE_COMMENT.
(card_key_available): Add new arg CARDSN.
(ssh_handler_request_identities): Use the card s/n as comment.
(sexp_key_extract): Use GCRYMPI_FMT_STD.
(data_sign): Ditto.
* learncard.c (make_shadow_info): Moved to ..
* protect.c (make_shadow_info): .. here. Return NULL on malloc
failure. Made global.
* agent.h: Add prototype.
* xasprintf.c (xtryasprintf): New.
* app-openpgp.c (get_public_key): Make sure not to return negative
numbers.
(do_sign): Allow passing of indata with algorithm prefix.
(do_auth): Allow OPENPGP.3 as an alternative ID.
* app.c (app_getattr): Return just the S/N but not the timestamp.
* no-libgcrypt.c (gcry_strdup): New.
../g10/call-agent.c
(card_getattr_cb, agent_card_getattr): New.
* command-ssh.c (card_key_available): New.
(ssh_handler_request_identities): First see whether a card key is
available.
* app.c (app_getattr): Return APPTYPE or SERIALNO type even if the
application does dot support the getattr call.
* app.c (select_application): Return an error code and the
application context in an new arg.
* command.c (open_card): Adjusted for that. Don't use the
fallback if no card is present. Return an error if the card has
been removed without a reset.
(do_reset, cmd_serialno): Clear that error flag.
(TEST_CARD_REMOVAL): New. Use it with all command handlers.
(scd_update_reader_status_file): Set the error flag on all changes.
select returns with -1.
* tools.texi (gpg-connect-agent): New.
* app-openpgp.c (get_one_do): Never try to get a non cacheable
object from the cache.
(get_one_do): Add new arg to return an error code. Changed all
callers.
(do_getattr): Let it return a proper error code.
* app.c (select_application): Return an error code and the
application context in an new arg.
* command.c (open_card): Adjusted for that. Don't use the
fallback if no card is present. Return an error if the card has
been removed without a reset.
(do_reset, cmd_serialno): Clear that error flag.
(TEST_CARD_REMOVAL): New. Use it with all command handlers.
* scdaemon.c (ticker_thread): Termintate if a shutdown is pending.
* apdu.c: Added some PCSC error codes.
(pcsc_error_to_sw): New.
(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
(open_pcsc_reader): Do proper error code mapping.
* gpg-connect-agent.c: New.
* Makefile.am: Add it.
(ssh_identity_register): Partly rewritten.
(open_control_file, search_control_file, add_control_entry): New.
(ssh_handler_request_identities): Return only files listed in our
control file.
* findkey.c (unprotect): Check for allocation error.
* agent.h (opt): Add fields to record the startup terminal
settings.
* gpg-agent.c (main): Record them and do not force keep display
with --enable-ssh-support.
* command-ssh.c (start_command_handler_ssh): Use them here.
* gpg-agent.c: Renamed option --ssh-support to
--enable-ssh-support.
* command.c (cmd_readkey): New.
(register_commands): Register new command "READKEY".
* command-ssh.c (ssh_request_process): Improved logging.
* findkey.c (agent_write_private_key): Always use plain open.
Don't depend on an umask for permissions.
(agent_key_from_file): Factored file reading code out to ..
(read_key_file): .. new function.
(agent_public_key_from_file): New.
* command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp
template, clarified.
(ssh_sexp_extract): Support shadowed-private-key-sexp; treat
protected-private key and shadowed-private-key as public keys.
(key_secret_to_public): Rewritten: simply use ssh_sexp_extract()
and ssh_sexp_construct().
keyserver if no URL is available.
* w32installer.nsi: Added page to select the language.
* mk-w32-dist: Create the opt.ini using the available languages.
is dirty and --interactive is set, do an --update-trustdb. If not
interactive, do a --check_trustdb unless --no-auto-check-trustdb is
set.
* import.c (import_keys_internal): Moved from here.
* keyserver.c (keyserver_refresh): Call it here after all refreshing
has happened so that we don't rebuild after each preferred keyserver
set of imports, but do one big rebuild at the end. This is Debian bug
#293816, noted by Kurt Roeckx.
1.9.
* agent.h (agent_exit): Add JNLIB_GCC_A_NR to indicate that this
function won't return.
* gpg-agent.c (check_for_running_agent): Initialize pid to a
default value if not needed.
* command-ssh.c: Removed stdint.h. s/byte_t/unsigned char/,
s/uint32/u32/ becuase that is what we have always used in GnuPG.
(ssh_request_specs): Moved to top of file.
(ssh_key_types): Ditto.
(make_cstring): Ditto.
(data_sign): Don't use a variable for the passphrase prompt, make
it translatable.
(ssh_request_process):
* findkey.c (modify_description): Renamed arguments for clarity,
polished documentation. Make comment a C-string. Fixed case of
DESCRIPTION being just "%".
(agent_key_from_file): Make sure comment string to a C-string.
* gpg-agent.c (create_socket_name): Cleanup the implemntation, use
DIMof, agent_exit, removed superflous args and return the
allocated string as value. Documented. Changed callers.
(create_server_socket): Cleanups similar to above. Changed callers.
(cleanup_do): Renamed to ..
(remove_socket): .. this. Changed caller.
(handle_connections): The signals are to be handled in the select
and not in the accept. Test all FDs after returning from a
select. Remove the event tests from the accept calls. The select
already assured that the accept won't block.
before the encryption key. This is a partial workaround for a PGP bug
(as of this writing, all versions including 8.1), that causes it to
try and encrypt to the most recent subkey regardless of whether that
subkey is actually an encryption type. In this case, the auth key is
an RSA key so it succeeds.
* command-ssh.c (ssh_handler_request_identities)
(ssh_handler_sign_request, ssh_handler_add_identity)
(ssh_handler_remove_identity, ssh_handler_remove_all_identities)
(ssh_handler_lock, ssh_handler_unlock): Changed to return an error
code instead of a boolean.
(ssh_request_process): Changed to return a boolean instead of an
error; adjust caller.
(ssh_request_handle_t): Adjusted type.
(ssh_request_spec): New member: identifier.
(REQUEST_SPEC_DEFINE): New macro; use it for initialization of
request_specs[].
(ssh_request_process): In debugging mode, log identifier of
handler to execute.
(start_command_handler_ssh): Moved most of the stream handling
code ...
(ssh_request_process): ... here.