* agent/gpg-agent.c (start_connection_thread): Rename to ...
(do_start_connection_thread): this. Factor nonce checking out to ...
(start_connection_thread_std): this,
(start_connection_thread_extra): this,
(start_connection_thread_browser): and this.
--
Although not tested, the code did not worked on Windows becuase we
were checning the wrong nonce.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (opt): Add field "browser_socket".
* agent/command.c (cmd_setkeydesc): Use a different message for
restricted==2.
* agent/gpg-agent.c (oBrowserSocket): New.
(opts): Add --browser-socket.
(socket_name_browser, redir_socket_name_browser): New.
(socket_nonce_browser): New.
(cleanup): Cleanup browser socket.
(main): Implement option.
(start_connection_thread_browser): New.
(handle_connections): Add arg listen_fd_browser and use it.
--
This is very similar to --extra-socket but intended to be used by a web
browser session. AS of now it only displays a different "Note: in
the Pinentry than --extra-socket but it may eventually be tweaked for
the use by browser extensions making use of gpg-agent.
It is marked experimental and and thus may be removed in later
versions.
To better support the different "client classes", it would be useful
to add corresponsing cache classes so that each class has its own
cache.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (opt): Add field allow_emacs_pinentry.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oAllowEmacsPinentry): New.
(opts): Add option --allow-emacs-pinentry.
(parse_rereadable_options): Set this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option.
--
gpgconf-comp and manual entry added by wk.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_getinfo): Add new sub-command.
--
The current output is:
> getinfo std_env_names
D GPG_TTY
D TERM
D DISPLAY
D XAUTHORITY
D XMODIFIERS
D GTK_IM_MODULE
D QT_IM_MODULE
D PINENTRY_USER_DATA
OK
Note that there is an invisible \x00 at the end of each line.
* agent/command.c (cmd_get_passphrase): Read from the user cache.
--
We used to read the passphrase with mode CACHE_MODE_NORMAL but we put
it into the cache with CACHE_MODE_USER. However, agent_get_cache does
not yet distinguish between them and thus this does not change
anything.
* agent/agent.h (agent_get_passphrase): Add arguments keyinfo and
cache_mode. Update callers.
* agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo
and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key,
then send SETKEYINFO to the pinentry.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* agent/agent.h (opt): Add field allow_external_cache.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oNoAllowExternalCache): New.
(opts): Add option --no-allow-external-cache.
(parse_rereadable_options): Set this option.
--
Pinentry 0.9.2 may be build with libsecret support and thus an extra
checkbox is displayed to allow the user to get passwords out of an
libsecret maintained cache. Security aware user may want to avoid
this feature and may do this at runtime by enabling this option.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (start_pinentry): Add more strings.
--
We do this so that translations of these strings will be available at
the time a pinentry implements features which require these strings.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (oDebugPinentry): New.
(opts): Add --debug-pinentry.
(parse_rereadable_options): Set that option.
* agent/call-pinentry.c (start_pinentry): Pass option to
assuan_set_flag.
--
This option is quite useful to see the IPC between gpg-agent and
Pinentry. Note that "debug 1024" is also required.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New
constant.
(pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was
provided.
(agent_askpin): Pass "OPTION allow-external-password-cache" to the
pinentry. Always pass SETKEYINFO to the pinentry. If there is no
stable identifier, then use "--clear". If the password is incorrect
and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS,
then decrement PININFO->FAILED_TRIES.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* agent/call-pinentry.c (pinentry_status_cb): Or in
PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant.
(PINENTRY_STATUS_PIN_REPEATED): Likewise.
(close_button_status_cb): Rename from this...
(pinentry_status_cb): ... to this. Use the constants.
(agent_askpin): Rename local variable from close_button to
pinentry_status. Use symbolic constants rather than magic numbers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--
JNLIB has no more meaning. Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (agent_askpin): Add args keyinfo and
cache_mode. Change all callers to pass (NULL,0) for them. Send
SETKEYINFO command.
* agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
the new args.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
opaque MPIs to comply with the OpenPGP spec.
--
This patch is the protected private key counterpart to commit ab17f7b.
Thanks to andy_s for describing the problem.
GnuPG-bug-id: 1853
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command-ssh.c (ssh_search_control_file): Check S before
upcasing it.
--
In contradiction to the comment we did not check the length of HEXGRIP
and thus the GPG_ERR_INV_LENGTH was never triggered.
Detected by Stack 0.3:
bug: anti-simplify
model: |
%cmp8 = icmp ne i32 %i.0, 40, !dbg !986
--> false
stack:
- /home/wk/s/gnupg/agent/command-ssh.c:1226:0
ncore: 2
core:
- /home/wk/s/gnupg/agent/command-ssh.c:1225:0
- buffer overflow
- /home/wk/s/gnupg/agent/command-ssh.c:1225:0
- buffer overflow
* agent/call-pinentry.c (unlock_pinentry): Add error logging. Map
error source of uncommon errors to Pinentry.
--
With this change it is possible to detect whether an error like
GPG_ERR_ASS_INV_RESPONSE has its origin in a call to Pinentry or comes
from another part of gpg-agent.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/pksign.c (agent_pksign_do): Use int.
* scd/app-openpgp.c (get_public_key): Likewise.
--
On 64-bit architecture, int and size_t might be different.
For the first argument for '%b', int is expected.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a388 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (get_default_pinentry_name): New.
(gnupg_module_name): Use that for the default pinentry.
(gnupg_module_name_flush_some): New.
* agent/gpg-agent.c (agent_sighup_action): Flush some module names.
* agent/call-pinentry.c (start_pinentry): Do not modify
opt.pinentry_program.
--
The idea with this change is that under Windows we can install a
simple native Windows pinentry as "pinentry-basic" and a full GUI
version may then later install pinentry-gtk etc which would then
automatically be used.
Unfortunately installing another pinentry from a different package
would clobber the GnuPG core directory which is not nice. To fix that
we would need to agree on standard installation directories for GUIs
to also look there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
Make sure that R_FLAGS and R_CURVE are set to NULL.
--
Given that extract_private_key is not file local it is good to have some
extra asserts to protect against future wrong use.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cvt-openpgp.c (extract_private_key): New.
(convert_to_openpgp): Use extract_private_key.
* agent/findkey.c (agent_public_key_from_file): Use
extract_private_key.
--
This patch add support of ECC key with a curve name and flags. Since
same functionality is also needed for convert_to_openpgp, it was
factored out into the extract_private_key function.
* agent/divert-scd.c (divert_pkdecrypt): Support ECDH.
* scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH.
(send_key_attr): Support ECDH. Fix EdDSA algorithm value.
(retrieve_key_material): Initialize fields.
(get_public_key, ecc_writekey, do_writekey): Support ECDH.
(ecdh_writekey): Remove.
(do_decipher): Support ECDH.
(parse_algorithm_attribute): Support ECDH. Fix EdDSA.
--
Following the gpg-agent protocol, SCDaemon's counter part is now
implemented.
* agent/gpg-agent.c (finalize_rereadable_options): New.
(main, reread_configuration): Call it.
--
This change should help to avoid surprising behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command-ssh.c (setup_ssh_env): Move code to ...
* agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change
calllers.
* agent/command.c (start_command_handler): Call that fucntion for
restricted connections.
--
A remote connection is and should not be able to setup the local
session environment. However, unless --keep-display is used we would
be left without an environment and thus pinentry can't be used. The
fix is the same as used for ssh-agent connection: We use the default
environment as used at the startup of the agent.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--
The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/scdaemon.c (ENAMETOOLONG): New.
(redir_socket_name): New.
(cleanup): Take care of a redirected socket.
(main): Pass redir_socket_name to create_server_socket.
(create_socket_name): Remove superfluous length check.
(create_server_socket): Add arg r_redir_name and implement
redirection. Replace assert for older Assuan by an error message.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (ENAMETOOLONG): New.
(redir_socket_name, redir_socket_name_extra)
(redir_socket_name_ssh): New.
(remove_socket): Take care of the redir names.
(main): Pass the redir names to create_server_socket.
(create_socket_name): Remove length check - that is anyway done later.
(create_server_socket): Add arg r_redir_name and implement redirection
if Libassuan is at least 2.14.
* agent/agent.h (opt): Add field extra_socket.
(server_control_s): Add field restricted.
* agent/command.c: Check restricted flag on many commands.
* agent/gpg-agent.c (oExtraSocket): New.
(opts): Add option --extra-socket.
(socket_name_extra): New.
(cleanup): Cleanup that socket name.
(main): Implement oExtraSocket.
(create_socket_name): Add arg homedir and change all callers.
(create_server_socket): Rename arg is_ssh to primary and change
callers.
(start_connection_thread): Take ctrl as arg.
(start_connection_thread_std): New.
(start_connection_thread_extra): New.
(handle_connections): Add arg listen_fd_extra and replace the
connection starting code by parameterized loop.
* common/asshelp.c (start_new_gpg_agent): Detect the use of the
restricted mode and don't fail on sending the pinentry environment.
* common/util.h (GPG_ERR_FORBIDDEN): New.
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.
* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"
* common/t-timestuff.c: Use putenv if setenv is not available.
--
gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X. This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.
In part two we will address the functions
mkdtemp
setenv
unsetenv
strpbrk
which may bot be implemented on all platforms. They are not required
on a libc based system.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Also fixed some of my own copyright notices due to the termination of
my assignment. The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
* agent/command.c (cmd_export_key): Actually implement the cache_nonce
feature.
* g10/export.c (do_export_stream): Make use of a cache_nonce.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch