* agent/gpg-agent.c (parse_rereadable_options): Use make_filename_try
for opt.pinentry_program. Change definition accordingly.
* g10/gpg.c (main): Use make_filename for agent_program,
dirmngr_program, and keyboxd_program. Change definition accordingly.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-card.c (parse_arguments): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpg-wks-client.c (parse_arguments): Likewise. Do it also for
option --output.
(process_confirmation_request): Print a note for a successful sent.
--
GnuPG-bug-id: 7017
* agent/command.c (cmd_get_passphrase): Allow use in restricted mode
but ignore the cacheid.
--
The use case is symmetric encryption via the extra-socket. To avoid
that the gpg running on the server has access to the cache we set the
cache id to NULL so that the cache is not used at all.
* agent/agent.h (struct ephemeral_private_key_s): New.
(struct server_control_s): Add ephemeral_mode and ephemeral_keys.
(GENKEY_FLAG_NO_PROTECTION, GENKEY_FLAG_PRESET): New.
* agent/genkey.c (clear_ephemeral_keys): New.
(store_key): Add arg ctrl and implement ephemeral_mode. Change all
callers.
(agent_genkey): Replace args no_protection and preset by a generic new
flags arg.
* agent/findkey.c (wipe_and_fclose): New.
(agent_write_private_key): Add arg ctrl and implement ephemeral_mode.
Change all callers.
(agent_update_private_key): Ditto
(read_key_file): Ditto.
(agent_key_available): Ditto.
* agent/command-ssh.c (card_key_available): Do not update display s/n
in ephemeral mode. This is however enver triggred.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Cleanup ephemeral
keys.
* agent/command.c (cmd_genkey): Use the new flags instead of separate
vars.
(cmd_readkey): Create a shadow key only in non-ephemeral_mode.
(cmd_getinfo): Add sub-command "ephemeral".
(option_handler): Add option "ephemeral".
--
The idea here that a session can be switched in an ephemeral mode
which does not store or read keys from disk but keeps them local to
the session.
GnuPG-bug-id: 6944
* agent/gpg-agent.c (main): The value of reliable_homedir_inotify
doesn't not related to nodetach, and it's only zero in the specific
condition.
* kbx/keyboxd.c (handle_connections): Remove the last argument.
(main): Remove reliable_homedir_inotify, as it's always one.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (reliable_homedir_inotify): Remove the global.
(handle_connections): Add reliable_homedir_inotify as an arg.
Don't call gnupg_inotify_watch_delete_self when it's not reliable.
(check_others_thread): No check of reliable_homedir_inotify repeatedly
in the loop.
* kbx/keyboxd.c (reliable_homedir_inotify): Remove the global.
(handle_connections): Add reliable_homedir_inotify as an arg.
(handle_tick): No check of reliable_homedir_inotify in the loop.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (handle_connections): Don't disable use of inotify
when it has the --disable-check-own-socket option.
--
Before the fix, it checks the homedir using the gnupg_stat function
when --disable-check-own-socket is enabled, without trying use of
inotify.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/findkey.c (read_key_file): Add optional arg r_orig_key_value
to return the old Key value. Change all callers.
(agent_write_private_key): Detect whether the Key entry was really
changed.
--
GnuPG-bug-id: 6829
* common/name-value.c (struct name_value_container): Add flag
"modified".
(nvc_modified): New.
(nvc_new): Set flag.
(_nvc_add): Set flag.
(nvc_delete): Set flag.
(nvc_set): Set flag unless value did not change.
(nve_set): Add arg PK. Change the caller.
* agent/findkey.c (agent_write_private_key): Update only if modified.
--
This helps software which uses a file system watcher to track changes
to private keys. In particular smartcard triggered changes are a
problem for such software because this may at worst trigger another
smartcard read.
GnuPG-bug-id: 6829
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call
agent_delete_key before agent_write_private_key. Recover
from an error.
--
Cherry-picked from master commit of:
eda3997b439e415f1bebaa3be20c8bdb43d3a1d0
Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
* agent/divert-tpm2.c (agent_write_tpm2_shadow_key): Call
agent_delete_key before agent_write_private_key. Recover
from an error.
--
Fixes-commit: a1015bf2fc07dabb1200eab5fa41f13e7bf98202
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
* agent/gpg-agent.c (handle_connections): Also check SOCK_INOTIFY_FD
when spawning check_onw_socket_thread. When removal of the socket
is detected, do same as AGENT_PROBLEM_SOCKET_TAKEOVER.
--
GnuPG-bug-id: 6692
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/cache.c (remove_from_timer_list_new): Fix cut&paste error.
TV_SEC field should not be touched.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/cache.c (struct timer_s): New.
(struct cache_item_s): Add a member filed T for timer.
(the_timer_list, the_timer_list_new): New.
(insert_to_timer_list_new, insert_to_timer_list): New.
(remove_from_timer_list, remove_from_timer_list_new): New.
(housekeeping): Remove.
(compute_expiration, update_expiration): New.
(do_expire): New.
(TIMERTICK_INTERVAL): Remove.
(agent_cache_expiration): Use timer list to manage the expiration
of cache entries.
(agent_flush_cache): Call update_expiration when needed.
(agent_put_cache): Don't call housekeeping any more, but
update_expiration for an entry in question.
(agent_get_cache): Likewise.
--
GnuPG-bug-id: 6681
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (check_own_socket_running): Remove.
(socket_takeover_detected): New.
(check_own_socket): Remove.
(handle_tick): Don't call check_own_socket any more.
(handle_connections): Start off the check_own_socket_thread.
Check socket_takeover_detected to handle the event.
(do_check_own_socket): New, factoring out the task.
(check_own_socket_thread): Loop with the interval.
--
GnuPG-bug-id: 6692
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-daemon.c [HAVE_W32_SYSTEM] (daemon_start): Use %p
for the format with a pointer.
--
GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/findkey.c (agent_write_private_key): Partly rewrite to align
with 2.2 code and to make sure that we don't overwrite a real key.
(is_shadowed_key): New.
--
This change is now also needed in 2.4 due to the the former change
"Create and use Token entries to track the display s/n".
GnuPG-bug-id: 6386
* agent/findkey.c (fname_from_keygrip): New.
(agent_write_private_key): Use here. Use temp file for updating.
(agent_update_private_key): Use fname_from_keygrip and use gnupg
rename function instead of a vanilla rename.
* agent/findkey.c (agent_write_private_key): Add arg dispserialno and
update the token.
(agent_write_shadow_key): Add arg dispserialno and adjust all callers.
--
GnuPG-bug-id: 6135
Note that this has been forward ported from 2.2
* agent/findkey.c (agent_write_private_key): Partly rewrite to align
with 2.2 code and to make sure that we don't overwrite a real key.
(is_shadowed_key): New.
--
This change is now also needed in 2.4 due to the the former change
"Create and use Token entries to track the display s/n".
GnuPG-bug-id: 6386
* agent/findkey.c (fname_from_keygrip): New.
(agent_write_private_key): Use here. Use temp file for updating.
(agent_update_private_key): Use fname_from_keygrip and use gnupg
rename function instead of a vanilla rename.