* dirmngr/ks-action.c (ks_action_search): Search all configured
keyservers for the given patterns.
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 1038
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--
This feature is independent of --use-tor and automagically uses Tor if
available. The dirmngr.conf file needs to specify two keyservers to
make this work. For new installations this is done using the skeleton
file. This feature requires the Libassuan 2.4.2 to work.
This patch also fixes a memory leak of opt.keyserver en passant.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before
checking for errors, but silently ignore errors when looking up SRV
records.
--
This is a follow-up to 946faaff.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the
declaration was already fixed by a previous change.
* dirmngr/server.c (cmd_getinfo): Use assuan_fd_t.
--
Note that this matters only for Windows and it does not harm as long
as we can only build for 32 bit Windows withsizeof(int)==sizeof(void*).
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
* dirmngr/server.c (data_line_cookie_write): Ditto.
* sm/certdump.c (format_name_writer): Ditto.
* sm/server.c (data_line_cookie_write): Ditto.
* dirmngr/http.c (cookie_read, cookie_write): Ditto.
--
See the release notes of libgpg-error 1.15 for background info on
gpgrt_ssize_t.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (my_unprotect, my_protect): Remove.
(connect_server): Do not use these wrappers.
--
Since Libassuan version 2.4.2 the macro ASSUAN_SYSTEM_NPTH_IMPL
protects the low-level connect calls with npth_unprotect and
npth_protect. This is better than the high-level kludge we used here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port.
--
Previously, sin_port was set to zero, making connect fail.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/dns-stuff.c (getsrv): Fix error handling.
--
This fixes hkp server pools not using SRV records.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
(create_new_hostinfo): Initialize 'port'.
(add_host): Add host parameter and update the hosttable entry.
(map_host): Return port if known, adjust calls to 'add_host'.
(make_host_part): Let 'map_host' specify the port if known.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/asshelp.h: Include 'util.h'.
* dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect
to the dirmngr.
(start_dirmngr): Drop now unused declaration and function.
--
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 1843
* dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed
arguments.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/http.c (close_tls_session): New function.
(session_unref): Use the new function to close the TLS stream.
(cookie_read): If the stream terminated prematurely, close it and
return a short read.
--
With this patch, I was able to update all the keys in the Debian
keyring over hkps.
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 1950
* dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable'
entry instead of creating another one.
--
Previously, if a keyserver was given using its IP address
(e.g. 'hkp://127.0.0.1'), 'map_host' would create two entries in the
'hosttable', one with the name '127.0.0.1', and the second one with
the name 'localhost' and 'v4addr' being set to '127.0.0.1'. But the
first entry is the one being used for lookups, and since the 'v4' flag
is not set, the 'HTTP_FLAG_IGNORE_IPv4' is used when doing the http
request, making it fail.
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 2012
* dirmngr/dns-stuff.c: Include npth.h
(my_unprotect, my_protect): New wrapper.
(resolve_name_adns): Put unprotect/protect around adns calls.
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (tor_credentials): New.
(enable_dns_tormode): Add arg new_circuit and update tor_credentials.
(my_adns_init): Rework to set Tor mode using a config file options and
always use credentials.
* dirmngr/server.c (cmd_dns_cert): Improve error message.
* dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
--
Note that the option --new-circuit in t-dns-stuff is not really useful
because a new circuit is also used for the first call to the function.
Todo: We need to find a policy when to requrest a new curcuit and we
also need to add credentials to the assuan_sock_connect calls.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h (zb32_encode): Move prototype to ...
* common/zb32.h: new. Include this for all callers of zb32_encode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c: Include unistd.h.
(getsrv): Run srand only once.
* dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
and change output format.
* dirmngr/dns-stuff.c: Replace all use of default_errsource.
(my_adns_init): Move to top.
(resolve_name_adns): New.
(resolve_dns_name) [USE_ADNS]: Divert to new func.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (is_onion_address): New.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
(map_host): Special case onion addresses.
(ks_hkp_print_hosttable): Print an 'O' for an onion address.
* dirmngr/http.c (connect_server): Special case onion addresses.
--
Note that this requires the latest libassuan from git. Onion addresses
are always support regardless of the --use-tor flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
we require getaddrinfo anyway.
* dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
(map_eai_to_gpg_error) [W32]: Take care of unsupported codes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
first resolving the CNAME.
(get_dns_cname): New.
* dirmngr/t-dns-stuff.c (main): Add option --cname.
--
At least the getaddrinfo implementation in glibc 2.19-13 from Debian
returns EAI_NONAME if the CNAME points to a too long list of A/AAAA
addresses. Looking at the wire the data is correctly returned from
the server but getaddrinfo seems to get confused by truncation and
retry. To fix this we resolve the CNAME again and call getaddrinfo
again with the canonical name.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
(my_adns_init): new.
(getsrv)[USE_ADNS]: Use my_adns_init.
(getsrv)[!USE_ADNS]: Return an error if Tor mode is active.
* dirmngr/t-dns-stuff.c: Add option --use-tor.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME.
* dirmngr/dns-stuff.h (MAXDNAME): Remove.
(struct srventry): Use a fixed value instead of MAXDNAME.
* dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME.
Malloc a helper array.
--
Depending on the order of included headers it might be that we allocate
the array with a different size than what we test against in another
module. To make it more robust we use the actual known size of
checking.
A better would be to use a linked list and avoid these large arrays.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file.
* common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file.
* common/Makefile.am (common_sources): Remove srv.c and srv.h.
* g10/keyserver.c: Do not include srv.h. The code using it is anyway
disabled.
* dirmngr/http.c: Remove header srv.h and stubs.
* dirmngr/t-dns-stuff.c: Add option --srv.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/t-http.c (main): Init assuan sockets.
* dirmngr/http.c: Include dns-stuff.h.
(connect_server)[!HAVE_GETADDRINFO]: Remove all code.
(connect_server): Change to use resolve_dns_name.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (send_request): Always set the gnutls pull/push
functions.
(my_npth_read): Rename to ...
(my_gnutls_read) .. this. Use system read if !USE_NPTH.
(my_npth_write): Rename to ...
(my_gnutls_write) .. this. Use system write if !USE_NPTH.
--
This is necessary to run t-http because we once switched to a ref
counted object with the socket descriptor.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/Makefile.am (t_http_SOURCES): Add dns-stuff.c.
(t_ldap_parse_uri_SOURCES): Ditto.
* dirmngr/dns-stuff.c: Bail out if neither ADNS nor getaddrinfo is
available.
--
We used to have replacement code for getaddrinfo and thus check for it
in configure. However, this was for the old http and dns-cert code
from common/. For dirmngr I made liberal use of getaddrinfo w/o
without checking. Just in case someone tries to build on an old
platform we now error our with a suitable #error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
dns_addrinfo_t.
(map_host): Replace getaddrinfo by resolve_dns_name.
--
Note that we still need to replace getnameinfo so that the PTR lookup
is either suppressed or also done via ADNS.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.h: Include some header files.
(dns_addinfo_t, dns_addrinfo_s): New.
* dirmngr/dns-stuff.c: Always include DNS related headers.
(free_dns_addrinfo): New.
(resolve_name_standard): New.
(resolve_dns_name): New.
* dirmngr/t-dns-stuff.c: Include netdb.h.
(main): Keep old default mode with no args but else print outout of
resolve_dns_name. Revamp option parser.
--
This wrapper allows us to switch to ADNS and thus Tor for standard
name resultion.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (send_request): Use newer assuan function only if
available.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 4e42ad30
* dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c.
* dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change
includers.
* dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c.
* dirmngr/Makefile.am: Adjust.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
(USE_DNS_CERT): Prefer ADNS over the system resolver.
* dirmngr/dns-cert.c (tor_mode): New global var.
(enable_dns_tormode): New func.
(get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
* dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.
* dirmngr/dirmngr.c (set_tor_mode): Use newer assuan function only if
available.
* dirmngr/http.c (http_raw_connect): Ditto.
--
Frankly we should require that but we can also wait for 2.4.0 and
switch then.
* dirmngr/dirmngr.c (set_tor_mode): New.
(main, reread_configuration): Call it.
* dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
mode is enabled if the FORCE_TOR flag is given.
--
The patch for http.c is a sanity check because tor mode is anyway
global as long as the Assuan socket wrappers are used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c: Include assuan.h. Changed all code taking a socket
descriptor from int to assuan_fd_t.
(my_unprotect, my_protect): New.
(my_connect): Remove.
(_my_socket_new, _my_socket_unref): use assuan_sock_close.
(connect_server): Use assuan_sock_connect, assuan_sock_new, and
assuan_sock_close.
* dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS.
--
This change prepares for the use of SOCKS5 with http.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/http.c: Move to ../dirmngr/.
* common/http.h: Move to ../dirmngr/.
* common/t-http.c: Move to ../dirmngr/.
* common/tls-ca.pem: Move to ../dirmngr/.
* common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
Remove http.c related stuff.
* po/POTFILES.in: Move http.c to dirmngr/.
* dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
(module_maint_tests): New.
(noinst_PROGRAMS): Add module_maint_tests.
(dirmngr_SOURCES): Add http.c and http.h.
(dirmngr_LDADD): Remove libcommontlsnpth.
(t_common_ldadd): Ditto.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
(t_ldap_parse_uri_SOURCES): Add http.c.
(t_ldap_parse_uri_CFLAGS): Build without npth.
($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
* dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
--
All network access is done via dirmngr and thus http.c should be
there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_dns_cert): Add option --dane.
--
This implements draft-ietf-dane-openpgpkey-05.txt
To test this use
$ gpg-connect-agent --dirmngr
> /hex
> dns_cert --dane wk@gnupg.org
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-cert.c (get_dns_cert): Add hack to retrieve arbitrary
resource records.
* dirmngr/dns-cert.h (DNS_CERTTYPE_RRBASE): New.
(DNS_CERTTYPE_RR61): New.
--
This has been tested with ADNS on Unix and with the standard
resolver. Because ADNS works it should also work on Windows.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_killdirmngr): Set assuan close flag.
(cmd_reloaddirmngr): Use check_owner_permission.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
check for cert file existance in option --hkp-cacert.
--
GnuPG-bug-id: 2120
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (oKeyServer): New.
(opts): Add "keyserver".
(parse_rereadable_options): Parse that options
(main): Add option to the gpgconf list.
* dirmngr/dirmngr.h (opt): Add field "keyserver".
* dirmngr/server.c (ensure_keyserver): New.
(make_keyserver_item): New. Factored out from
(cmd_keyserver): here. Call ensure_keyserver.
(cmd_ks_search): Call ensure_keyserver.
(cmd_ks_get): Ditto.
(cmd_ks_fetch): Ditto.
(cmd_ks_put): Ditto.
--
This option specifies the keyserver to be used if the client does not
set another keyserver. We want to fade out the use of --keyserver in
gpg.conf in favor of specifying it here.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer
after realloc.
--
vex01 reported and debugged the problem.
GnuPG-bug-id: 2107
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.
* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the
http module.
* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--
More work is required to actually make --use-tor useful. For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--
Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places. For now we need repalcement
macros, though.
* g13/g13.c: Make use of debug_parse_flag.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto
* agent/gpg-agent.c: Ditto. But do not terminate on "help"
* dirmngr/dirmngr.c: Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the
stdout reader after EOF from read_log_data.
* dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before
the next iteration.
--
I assumed that the log_fd also has a reader object but that reader
object is used for stdout and needs to be closed by the consumer.
The real bug with the non-released ldap_wrapper control objects was
that when looping over distribution points we did not closed the used
reader object before the next iteration. Now, the test case had more
than one DP and thus we lost one reader object.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation
into the loop. Check the queue also on timeout. Close log_fd and
reader context on EOF or error.
--
The major bug here was that on an EOF of the log fd the log fd was not
closed and thus the final queue item removal could not work. Checking
the queue on a timeout is not really necessary but it help in case
there is a race condition lingering.
GnuPG-bug-id: 1838, 1978
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
use.
(start_connection_thread): Ditto.
(handle_connections): Ditto.
--
Example valgrind output:
==2921== Conditional jump or move depends on uninitialised value(s)
==2921== at 0x5BBDEF4: pthread_getspecific (pthread_getspecific.c:57)
==2921== by 0x40AAEE: pid_suffix_callback (dirmngr.c:614)
==2921== by 0x433F5A: do_logv (logging.c:684)
This is because on 64 bit systems "sizeof aptr > sizeof aint" and thus
Valgrind complains about this. It is no a real problem because we
don't use the unitialized bits.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--
JNLIB has no more meaning. Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/dns-cert.h: Move to ../dirmngr/.
* common/dns-cert.c: Move to ../dirmngr/. Change args to return the
key as a buffer.
* common/t-dns-cert.c: Move to ../dirmngr/.
* common/pka.c, common/pka.h, common/t-pka.c: Remove.
* dirmngr/server.c (data_line_cookie_write): Factor code out to
data_line_write and make it a wrapper for that.
(data_line_write): New.
(cmd_dns_cert): New.
(register_commands): Register new command.
* g10/Makefile.am (LDADD): Remove DNSLIBS.
* g10/call-dirmngr.c (dns_cert_parm_s): New.
(dns_cert_data_cb, dns_cert_status_cb): New.
(gpg_dirmngr_dns_cert): New.
(gpg_dirmngr_get_pka): New.
* g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
* g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
gpg_dirmngr_dns_cert.
(keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
* g10/mainproc.c: Include call-dirmngr.h.
(pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
gpg_dirmngr_get_pka.
--
With this patch gpg does not do any network access itself but uses
dirmngr for that. Note that we need to keep linking to NETLIBS due to
the logging code and because we need TCP for our socket emulation
under Windows. Probably also required for Solaris etc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/Makefile.am (dirmngr_SOURCES): Only include
ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP
is TRUE.
(module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE.
* dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
* dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1949
* dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
* g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return
GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource
leak.
(ks_ldap_search): Check error from es_fopenmem. Use LDAP_ERR where
required.
(modlist_dump): Check error from es_fopenmem.
(uncescape): s/int/size_t/. Use existing macros.
(extract_attributes): Use existing trim function.
(ks_ldap_put): Do not segv on error from modlist_dump.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
(ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
(tm2ldaptime): Use snprintf.
(ldap_connect): Get error code prior to log_error and and use modern
function. Use xfree, xtrustrdup etc.
(modlist_lookup): Use GNUPG_GCC_A_USED.
(modlist_free): Use xfree.
--
sprintf has been replaced by snprintf to avoid warnings on some
platforms.
xfree et al. is required so that replacement functions are
used if defined. For example the Libgcrypt functions which may not be
fully compatible with standard free.
Impossible conditions should use GPG_ERR_INTERNAL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-dirmngr.c (record_output): New function.
(ks_put_inq_cb): Use it here to generate a --with-colons like output
instead of a custom format.
* dirmngr/ks-action.c: Include "ldap-parse-uri.h".
(ks_action_help): If the provided URI is an LDAP URI, then use
ldap_parse_uri to parse. Call ks_ldap_help.
(ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
(ks_action_get): Likewise.
(ks_action_put): Likewise. Also, change data from a 'const void *' to
a 'void *' and add info and infolen parameters. Add note that
function may modify DATA.
* dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
* dirmngr/server.c: Include "ldap-parse-uri.h".
(cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
ldap_parse_uri.
(hlp_ks_put): Improve documentation.
(cmd_ks_put): Also pass info and infolen to ks_action_put. Improve
documentation.
* dirmngr/ks-engine.h (ks_ldap_help): New declaration.
(ks_ldap_search): Likewise.
(ks_ldap_get): Likewise.
(ks_ldap_put): Likewise.
* dirmngr/ks-engine-ldap.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
ldap-parse-uri.c and ldap-parse-uri.h.
(dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).
--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
* dirmngr/ks-action.c (copy_stream): Move function from here...
* dirmngr/misc.c (copy_stream): ... to here and drop the static
qualifier.
* dirmngr/misc.h (copy_stream): Add declaration.
--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
* dirmngr/ks-engine-hkp.c (armor_data): Move function from here...
* dirmngr/misc.c (armor_data): ... to here and drop static qualifier.
* dirmngr/misc.h: New declaration.
--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
* dirmngr/Makefile.am (module_tests): New variable.
(noinst_PROGRAMS): New primary. Set it to $(module_tests).
(TESTS): New variable. Set it to $(module_tests).
(t_common_src): New variable.
(t_common_ldadd): Likewise.
(t_ldap_parse_uri_SOURCES): New primary.
(t_ldap_parse_uri_LDADD): Likewise.
* dirmngr/ldap-parse-uri.c: New file.
* dirmngr/ldap-parse-uri.h: Likewise.
* dirmngr/t-ldap-parse-uri.c: Likewise.
* dirmngr/t-support.h: Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
* common/http.c (send_request): Set the requested for SNI.
* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
the selecting a host.
--
GnuPG-bug-id: 1792
Thanks to davidw for figuring out the problem.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/certcache.c (cert_cache_init): Load certificates
from sysconfig dir instead of the homeidr.
* dirmngr/dirmngr.c (main): Removed parsing of obsolete
homedir_data option.
* dirmngr/dirmngr.h (opt): Removed homedir_data.
* doc/dirmngr.texi: Update and clarify certs directory doc.
--
Using the homedir for extra-certs and trusted-certs makes
little sense when dirmngr is used with a caller that
manages it's own store of certificates and can
provide those through the SENDCERT command.
You can use trusted-certs and extra-certs to provide
users with a base of locally available certificates that are
not already in store of the applications.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a388 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (map_host): Fix error return.
--
In ks-engine-hkp.c on line 509 'reftbl' is freed, but it is then
used on line 511. I'm guessing this is a missing return;.
Reported-by: Joshua Rogers <honey@internot.info>
Debian-Bug-Id: 773520
Other fixes on error added too.
* dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL.
--
Reported-by: Joshua Rogers <git@internot.info>
"Remove un-needed check. If 'url' were not to be true,
http_parse_uri(parse_uri(do_parse_uri))) would fail, leaving 'err'
false."
In addition I added an explicit check for the URL arg not beeing NULL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
* sm/gpgsm.c (parse_keyserver_line): Ditto.
--
Reported-by: Joshua Rogers <git@internot.info>
"If something inside the ldapserver_parse_one function failed,
'server' would be freed, then returned, leading to a
use-after-free. This code is likely copied from sm/gpgsm.c, which
was also susceptible to this bug."
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
Return an error code for all dead hosts.
(make_host_part): Change to return an gpg_error_t. Change all
callers.
--
The functions used to return an error code via ERRNO. However, this
does not allow to return extra error codes in a portable way. Thus we
change the function to directly return a gpg_error_t.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros.
--
Only report support for the hkps scheme when GnuPG / dirmngr
has been built with a TLS library.
This helps debuging and enable the user to detect whether support
for hkps is included by doing a
`gpg-connect-agent --dirmngr 'keyserver --help' /bye`.
Currently hkps will be listed as a supported scheme but trying to
add a keyserver using it will silently fail.
As a digression, https is never listed as a valid scheme.
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.
* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"
* common/t-timestuff.c: Use putenv if setenv is not available.
--
gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X. This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.
In part two we will address the functions
mkdtemp
setenv
unsetenv
strpbrk
which may bot be implemented on all platforms. They are not required
on a libc based system.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap
* g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not
need $(LIBASSUAN_LIBS)
* sm/Makefile.am: gpgsm does not need $(ZLIBS)
* tools/Makefile.am: gpgconf does not need $(NPTH_LIBS)
--
In the course of building GnuPG 2.1.0 beta864 on debian, i found that
several of the installed executables were linked to libraries that
they did not need to be linked to, which would cause unnecessary
package dependencies at runtime.
The changeset here removes these unnecessary libraries from linking.
Something similar could possibly also be done by passing --as-needed
to the linker, but trimming the depenencies seems more parsimonious.
* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--
This is only the configure stuff. If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
--
Note that this requires that the root certificates are registered using
the --hkp-cacert option. Eventually we may introduce a separate
option to allow using different CAs for KS_FETCH and keyserver based
requests.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and
v6addr.
(create_new_hostinfo): Clear them.
(my_getnameinfo): Add args numeric and r_isnumeric.
(is_ip_address): New.
(map_host): Add arg r_host. Rewrite the code to handle pools in a
special way.
(ks_hkp_print_hosttable): Change format of help info output.
(make_host_part): Add arg optional r_httphost.
(send_request): Add arg httphost.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to
send_request.
--
This changes quite some things on how the hostinfo is maintained.
However, it might be better to rework the data structures and have one
entry per IP address instead of this clumsy patch.
* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost. If given, use HTTPHOST instead of
SERVER. Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
message.
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
* common/Makefile.am ($(PROGRAMS)): New rule
(t_http_LDADD): Use libcommontls.a without directory prefix.
* dirmngr/Makefile.am ($(PROGRAMS)): New rule.
* common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
* dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
(time_for_housekeeping_p): new.
--
I am not sure whether that y2038 hack is really useful but it might
make me smile in my retirement.
* dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New.
(housekeeping_thread): New.
(handle_tick): Call new function.
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New.
(struct hostinfo_s): Add field died_at and set it along with the dead
flag.
(ks_hkp_print_hosttable): Print that info.
(ks_hkp_housekeeping): New.
--
The resurrection gives the host a chance to get back to life the next
time a new host is selected.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
* g10/keyserver.c (keyserver_import_name): Implement.
(keyserver_get): Use exact mode for name based import.
(keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers.
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg. Adjust all users. Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--
It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key. This is helpful if
the keyserver is actually a pool of keyservers. This patch does this.
* dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity.
(ks_action_search, ks_action_put): Ditto.
(ks_action_get): Consult only the first server which retruned some
data.
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New.
(map_host): Add arg CTRL and call dirmngr_tick.
(make_host_part): Add arg CTRL.
(mark_host_dead): Allow the use of an URL.
(handle_send_request_error): New.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on
error.
* dirmngr/server.c (cmd_killdirmngr): Factor some code out to ...
(check_owner_permission): here.
(cmd_keyserver): Add options --dead and --alive.
* dirmngr/ks-engine-hkp.c (host_in_pool_p): New.
(ks_hkp_mark_host): New.
--
Also removed the warning that the widnows part has not yet been done.
AFAICS, the current mingw supports the all used socket functions.
* dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
* dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
* dirmngr/dirmngr.c (w32_service_control): Mark unused args.
(call_real_main): New.
(main) [W32]: Use new function to match prototype.
(real_main) [W32]: Mark unused vars.
(handle_signal) [W32]: Do not build the function at all.
(handle_connections) [W32]: Do not define signo.
* dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
* g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.
* dirmngr/ldap-url.c (ldap_utf8_strtok): Remove unused r3d arg.
(ldap_str2charray): Remove lasts.
--
I have no clue why an utf8 version was planned to be used. Do the
LDAP folks really assume that eventually non-ascii delimiters might be
used? Simplified it to silence the warning about an used helper var.
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.
* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
GnuPG requires that options are given before other arguments. This
can sometimes be confusing. We now print a warning if we found an
argument looking alike a long option without being preceded by the
stop option. This is bug#1343.
* common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
* common/argparse.c (arg_parse): Set new flag.
* g10/gpg.c (main): Print the warning.
* agent/gpg-agent.c (main): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
* g13/g13.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
For the shared code parts it is cumbersome to pass an error sourse
variable to each function. Its value is always a constant for a given
binary and thus a global variable makes things a lot easier than the
former macro stuff.
* common/init.c (default_errsource): New global var.
(init_common_subsystems): Rename to _init_common_subsystems. Set
DEFAULT_ERRSOURCE.
* common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
(init_common_subsystems): New macro.
* common/util.h (default_errsource): Add declaration.
* kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
* agent/gpg-agent.c (get_agent_ssh_socket_name): Use
INVALID_HANDLE_VALUE instead of 0.
(handle_signal) [!HAVE_W32_SYSTEM]: Don't define.
(handle_connections): Port Windows code to NPTH.
* dirmngr/dirmngr.c (handle_connections): Port Windows code to NPTH.
* g13/g13.c (handle_connections): Port Windows code to NPTH.
* scd/scdaemon.c (handle_connections): Port Windows code to NPTH.
* agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
(USE_GCRY_THREAD_CBS): New macro, defined if
GCRY_THREAD_OPTION_VERSION is 0.
(fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
(main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
We had some debug code here which prevented it from working.
The host selection code still needs a review!
* ks-engine-http.c (ks_http_help): Do not print help for hkp.
* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
(send_request): Remove test code.
(map_host): Use xtrymalloc.
* certcache.c (classify_pattern): Remove unused variable and make
explicit substring search work.
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'. This happened when I merged the user id
classification code of gpgsm and gpg.
To better cope with round robin pooled A records like keys.gnupg.net
we need to keep some information on unresponsive hosts etc. What we
do now is to resolve the hostnames, remember them and select a random
one. If a host is dead it will be marked and a different one
selected. This is intended to solve the problem of long timeouts due
to unresponsive hosts.
The code is not yet finished but selection works.
The import test imports the keys as needed and because they are
passphrase protected we now need a pinentry script to convey the
passphrase to gpg-agent.
The basic network code from http.c is used for finger. This keeps the
network related code at one place and we are able to use the somewhat
matured code form http.c. Unfortunately I had to enhance the http
code for more robustness and probably introduced new bugs.
Test this code using
gpg --fetch-key finger:wk@g10code.com
(I might be the last user of finger ;-)
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
Similar to gpg-agent, dirmngr's wait timeouts are now synced to the
full second. Increased ldap helper thread timeout to 2 seconds.
Nuked some white spaces.
Changed order of some conditional to make to put the special case into
the true branch. Indentation changes. Minor other changes to make the
ECC code more similar to the rest of our code.
It builds but many sefltests still fail. Need to fix that before
using it with an ECDH enabled libgcrypt.
[/]
2011-01-21 Werner Koch <wk@g10code.com>
* configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP.
(HAVE_GCRY_PK_ECDH): Add new test.
[agent/]
2011-01-21 Werner Koch <wk@g10code.com>
* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.
[include/]
2011-01-21 Werner Koch <wk@g10code.com>
* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
because we now require libgcrypt 1.4.6.
(GCRY_PK_ECDH): Add replacement.
The following works:
gpg2 --gen-key (ECC)
gpg2 --list-keys
gpg2 --list-packets ~/.gnupg/pubring.gpg
gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>
ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.