1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9884 Commits

Author SHA1 Message Date
Alexander Kulbartsch
55eef71dbe
wkd: gpg-wks-client --send checks if build with sendmail support
* tools/gpg-wks-client.c (main): Return GPG_ERR_NOT_IMPLEMENTED if
gnupg was build without sendmail support.  (NAME_OF_SENDMAIL=="")
2022-10-13 09:24:03 +02:00
Werner Koch
1383aa4750
agent: Introduce attribute "Remote-list" to KEYINFO.
* agent/command.c (do_one_keyinfo): Add arg list_mode.  Check
attribute Remote-list.
(cmd_keyinfo): Change semantics to return nothing in restricted list
mode.
2022-10-12 11:30:35 +02:00
Werner Koch
b0b4e24c4f
wkd: Implement --blacklist option for gpg-wks-client
* tools/gpg-wks-client.c (blacklist_array, blacklist_array_len): New.
(parse_arguments): Install blacklist.
(read_file): New.
(cmp_blacklist, add_blacklist, is_in_blacklist): New.
(mirror_one_key): Check list.
* tools/gpg-wks.h (opt): Remove field blacklist.
--

GnuPG-bug-id: 6224
2022-10-07 17:35:44 +02:00
Werner Koch
0a151548b6
wkd: Restrict gpg-wks-client --mirror to the given domains.
* tools/gpg-wks-client.c (domain_matches_mbox): New.
(mirror_one_key): Skip non-matching domains.
(command_mirror): Change args to allow for several domains.
--

Although dirmngr returns only the keys matching a certain domain,
those keys still may have user ids from other domains.  Now we publish
only the user-ids as specified on the command line.

GnuPG-bug-id: T6224
2022-10-07 15:59:53 +02:00
Werner Koch
4364283f75
wkd: Silence gpg-wks-client diagnostics from gpg.
* tools/gpg-wks-client.c (add_user_id): PAss --quiet to gpg unless we
are running in double verbose mode.
(decrypt_stream): Ditto
(encrypt_response): Ditto.
(mirror_one_keys_userid): Ditto.
* tools/wks-util.c (wks_get_key): Ditto.
(wks_list_key): Ditto.
(wks_filter_uid): Ditto.
2022-10-07 15:01:14 +02:00
Werner Koch
94d13f53a3
common: Protect against a theoretical integer overflow in tlv.c
* common/tlv.c (parse_ber_header): Protect agains integer overflow.
--

Although there is no concrete case where we use the (nhdr + length),
it is better to protect against this already here.
2022-10-07 14:20:53 +02:00
Werner Koch
64002ffdfc
po: Fix wrong LF in the German translation
--

Reported-by: mario.haustein@hrz.tu-chemnitz.de

Also fix one fuzzy and and a German Typo
2022-10-07 09:53:42 +02:00
NIIBE Yutaka
d68a803c47
gpg: Fix wrong use of FD2INT with iobuf_fdopen_nc.
* g10/decrypt.c (decrypt_message_fd): Use INPUT_FD directly.
* g10/encrypt.c (encrypt_crypt): Use FILEFD directly.

--

Before 8402815d, original code was with iobuf_open_fd_or_name, which
used gnupg_fd_t for the file descriptor (FD2INT was relevant at that
time).  After the change, because it's not gnupg_fd_t but int, use of
FD2INT is irrelevant.

Fixes-commit: 8402815d8e0e04a44362968f88b3d484d2395402
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-10-07 11:16:55 +09:00
Werner Koch
7ccd489aa2
wkd: New command --mirror for gpg-wks-client.
* tools/gpg-wks-client.c (aMirror,oBlacklist,oNoAutostart): New.
(opts): Add ----mirror, --no-autostart, and --blacklist.
(parse_arguments): Parse new options.
(main): Parse common.conf.  Implement aMirror.
(mirror_one_key_parm): New.
(mirror_one_keys_userid, mirror_one_key): New.
(command_mirror): New.

* tools/gpg-wks.h (struct uidinfo_list_s): Add fields flags.
* tools/wks-util.c (wks_cmd_install_key): Factor some code out to ...
(wks_install_key_core): new.

* tools/call-dirmngr.c (wkd_dirmngr_ks_get): New.
--

This implements the basic LDAP to WKD mirroring.  The blacklist
option and domain restrictions are not yet fully implemented.

Take care: In OpenLDAP you may need to increase the paged result limit
by using a configuration like:

  dn: olcDatabase={1}mdb,cn=config
  changetype: modify
  replace: olcLimits
  olcLimits: dn.subtree="dc=example,dc=org" size.prtotal=unlimited

GnuPG-bug-id: 6224
2022-10-06 18:38:29 +02:00
Werner Koch
7a01e806ea
dirmngr: Support paged LDAP mode for KS_GET
* dirmngr/ks-engine-ldap.c (PAGE_SIZE): New.
(struct ks_engine_ldap_local_s): Add several new fields.
(ks_ldap_clear_state): Release them.
(search_and_parse): Factored out from ks_ldap_get and extended to
support the paged mode.
(ks_ldap_get):  Implement the pages mode for --first and --next.
* dirmngr/server.c (cmd_ks_get): Provide a dummy passphrase in --first
mode.
* dirmngr/Makefile.am (dirmngr_LDADD): Add LBER_LIBS.
--

The paged mode allows to retrieve more items than the servers usually
limit (e.g. 1000 for an LDS).  This patch also allows to use --first
without a patter to retrieve all keyblocks (except for disabled and
revoked keys).

GnuPG-bug-id: 6224
2022-10-05 15:15:14 +02:00
Werner Koch
4de98d4468
dirmngr: New options --first and --next for KS_GET.
* dirmngr/server.c (cmd_ks_get): Add option --first and --next.
(start_command_handler): Free that new ldap state.
* dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New.
(ks_ldap_new_state, ks_ldap_clear_state): New.
(ks_ldap_free_state): New.
(return_one_keyblock): New.  Mostly factored out from ....
(ks_ldap_get): here.  Implement --first/--next feature.

* dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to
ks_get_flags.
* dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New.
(KS_GET_FLAG_FIRST): New.
(KS_GET_FLAG_NEXT): New.

* dirmngr/dirmngr.h (struct server_control_s): Add member
ks_get_state.
(struct ks_engine_ldap_local_s): New forward reference.
--

This feature allows to fetch keyblock by keyblock from an LDAP server.
This way tools can process and maybe filter each keyblock in a more
flexible way.  Here is an example where two keyblocks for one mail
address are returned:

  $ gpg-connect-agent --dirmngr
  > ks_get --ldap --first  <foo@example.org>
  [... First keyblock is returned ]
  OK
  > ks_get --next
  [ ... Next keyblock is returned ]
  OK
  > ks_get --next
  ERR 167772218 No data <Dirmngr>

GnuPG_bug_id: 6224
2022-10-04 12:44:29 +02:00
Werner Koch
3390951ffd
gpg: Show just keyserver and port with --send-keys.
* g10/call-dirmngr.c (ks_status_cb): Mangle the keyserver url
2022-09-30 16:40:31 +02:00
Werner Koch
11aa5a93a7
dirmngr: Minor fix for baseDN fallback.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Avoid passing data
behind the EOS.
(interrogate_ldap_dn): Stylistic change.
--

This also updates the my_ldap_connect description.

GnuPG-bug-id: 6047
2022-09-29 15:59:43 +02:00
Werner Koch
2e22184ba5
gpg: Avoid to emit a compliance mode line if libgcrypt is non-compliant.
* g10/encrypt.c (check_encryption_compliance): Check gcrypt compliance
before emitting an ENCRYPTION_COMPLIANCE_MODE status.
--

GnuPG-bug-id: 6221
Ported-from: 07c6743148d4abd30fb8bf08b07eb9755fdfff2d
2022-09-29 15:16:35 +02:00
Werner Koch
46f9b0071f
gpg: Fix assertion failure due to errors in encrypt_filter.
* common/iobuf.c (iobuf_copy): Use log_assert.  Explicitly cast error
return value.
* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.

* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
--

The second fix avoids repeated error message about non-compliant keys.

Updates-commit: a51067a21f688086bd8e44234a88ae367582cc76
Ported-from: aa0c942521d89f4f0aac90bacaf8a7a7cefc88d8
GnuPG-bug-id: 6174
2022-09-29 15:09:56 +02:00
Werner Koch
a51067a21f
gpg: Make --require-compliance work for -se
* g10/encrypt.c (encrypt_crypt, encrypt_filter): Factor common code
out to ...
(create_dek_with_warnings): new
(check_encryption_compliance): and new.

* g10/encrypt.c (encrypt_filter): Add the compliance check.
--

GnuPG-bug-id: 6174
Ported-from: f88cb12f8e3c1234a094d09e2505d3a3eec4cbfe
2022-09-29 15:03:26 +02:00
NIIBE Yutaka
530d709607
dirnmgr: Fix the function prototype.
* dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): It's with
no arguments.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-29 09:53:13 +09:00
NIIBE Yutaka
4b2066afb4
dirmngr: Change interrogate_ldap_dn for better memory semantics.
* dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): Return BASEDN found,
memory allocated.
(my_ldap_connect): Follow the change, removing needless allocation.

--

GnuPG-bug-id: 6047
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-29 09:48:30 +09:00
Joey Berkovitz
3257385378
dirmngr: Interrogate LDAP server when base DN specified.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP
server when basedn specified.

--

GnuPG-bug-id: 6047
Signed-off-by: Joey Berkovitz <joeyberkovitz@gmail.com>
2022-09-29 09:33:21 +09:00
NIIBE Yutaka
03f3923337
Register DCO for Joey Berkovitz.
--
2022-09-29 09:27:47 +09:00
Werner Koch
536b5cd663
dirmngr: Fix lost flags during LDAP upload
* dirmngr/ldapserver.c (ldapserver_parse_one): Turn LINE into a const.
Use strtokenize instead of strtok style parsing.
--

This fixes a problem with resulted in a General Error for the second
key to be uploaded in the same session.  But only if the colon format
to specify a keyserver with flags was used.
2022-09-28 15:43:48 +02:00
Werner Koch
1b0c17dfab
gpg: Silence some diagnostics.
* g10/parse-packet.c (enum_sig_subpkt): Show "buffer shorter than
subpacket" only in debug mode.
(parse_signature): Show "signature packet without timestamp / keyid"
only in souble verbose mode.

* g10/sig-check.c (check_signature_metadata_validity): Use ISO
timestamp in UTC for the signature expired note.
--

I have seen to many of these diagnostics and in particular the first
one seems to be a connected to the others.  Thus it does not make
sense to show them in standard verbose mode.

The ISO timestamp is much easier to read than than the localized
timestamp and switching from localtime to UTC should not harm.
2022-09-28 11:14:26 +02:00
Werner Koch
d65a0335e5
dirmngr: New server flag "areconly" (A-record-only)
* dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly"
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag.
* dirmngr/dirmngr_ldap.c: Add option --areconly
(connect_ldap): Implement option.
* dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option.
--

This flag is used to pass the Windows specific option
LDAP_OPT_AREC_EXCLUSIVE.  It is ignored on other systems.

Signed-off-by: Werner Koch <wk@gnupg.org>
2022-09-28 09:55:15 +02:00
Werner Koch
acabbc0078
dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND.
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Use gpgMailbox if
server supports this.
2022-09-26 14:41:04 +02:00
Werner Koch
1b2ac21c4c
gpg: Don't consider unknown keys as non-compliant while decrypting.
* g10/mainproc.c (proc_encrypted):  Change compliance logic.
--

For the description of the proplem see
  https://dev.gnupg.org/T6205#163306

GnuPG-bug-id: 6205
2022-09-26 14:40:34 +02:00
NIIBE Yutaka
993820c315
dirmngr: Factor out interrogate_ldap_dn function.
* dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New.

--

GnuPG-bug-id: 6047
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-26 15:53:27 +09:00
Werner Koch
ed54fd53d1
tools: Need to set the dir for common.conf
* tools/gpg-connect-agent.c (main): Set dirs.
* tools/gpg-card.c (main): Ditto.
--
Fixes-commit: 203dcc19eb48228c60036691fe87fb37e29369a4
2022-09-21 09:41:39 +02:00
Werner Koch
0c8299e2b5
dirmngr: Fix CRL DP error fallback to other schemes.
* dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop.
Remove the unused issuername_uri stuff.
--

It is quite common that LDAP servers are blocked and thuis the HTTP
access point should be used instead.  This worked well for
certificates where the DP are given in this form:

        crlDP: ldap://x500.bund.de/[...]
               http://x500.bund.de/[...]
               issuer: none

but it failed for this form

        crlDP: ldap://x500.bund.de/[...]
               issuer: none
        crlDP: http://x500.bund.de/[...]
               issuer: none

because the LAST_ERR thing terminated the outer loop.  This pacth
fixes this and also cleans up the code to be more robust.

Note that the common workaround of using --ignore-ldap-dp will now
only be needed if the firewall uses packet dropping instead of proper
ICMP rejects.
2022-09-16 16:49:55 +02:00
Werner Koch
5fdb03db9e
doc: Keep list of RFCs only in DETAILS
--
2022-09-16 16:49:54 +02:00
NIIBE Yutaka
d5e29991c0
dirmngr:dns,doc,gpg: Fix for noreturn for C11.
* dirmngr/dns.c: Use __noreturn__.
* doc/yat2m.c: Likewise.
* g10/main.h: Likewise.

--

GnuPG-bug-id: 4002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-16 14:33:50 +09:00
NIIBE Yutaka
ddc6f7d194
build: Use LDAP_DEPRECATED to detect ldap library.
* m4/ldap.m4: Define LDAP_DEPRECATED when test.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-15 11:21:28 +09:00
NIIBE Yutaka
7a936505dc
build: Update .gitignore for translations under po/.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-15 10:48:23 +09:00
Werner Koch
50d12860ef
tests: Restrict the use of gpgconf.ctl to make check.
* common/homedir.c (unix_rootdir): Add ".enable" statement to
gpgconf.ctl
* tests/gpgconf.ctl.in: Use this statement.
* tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Enable .enable.
(TESTS_ENVIRONMENT): Ditto.
* tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/migrations/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto.
--

Without that it was required to delete the gpgconf.ctl to run manual
tests.

What a hack.
2022-09-14 12:05:21 +02:00
NIIBE Yutaka
e70e09c3d5
common: Fix for GPG_ERR_SOURCE_DEFAULT check.
* common/init.h: Remove GPG_ERR_SOURCE_UNKNOWN check.

--

GnuPG-bug-id: 6200
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 16:59:56 +09:00
NIIBE Yutaka
d55728539f
kbx: Fix for GPG_ERR_SOURCE_DEFAULT.
* kbx/keybox-defs.h (GPG_ERR_SOURCE_DEFAULT): Define here, when not
defined.
* kbx/kbxutil.c: Let keybox-defs.h include gpg-error.h.

--

GnuPG-bug-id: 6200
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 16:53:35 +09:00
NIIBE Yutaka
598884699d
dirmngr: Fix for USE_LDAP.
* dirmngr/ks-action.c [USE_LDAP] (ks_action_help): Recover variables.
* dirmngr/server.c [USE_LDAP] (dirmngr/server.c): Likewise.

--

Fixes-commit: 3d7dbf16618db4d0dc602daadbde098d4a14b528
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 16:45:22 +09:00
NIIBE Yutaka
0b532627e8
common: Fix t-recsel.
* common/t-recsel.c (main): Don't need to call init_common_subsystems.

--

GnuPG-bug-id: 6200
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 15:42:03 +09:00
NIIBE Yutaka
23d7b7cfb0
dirmngr:dns: Fixes for function prototypes.
* dirmngr/dns.c (dns_a_parse0, dns_a_push0, dns_a_cmp0): New.
(dns_a_print0, dns_aaaa_parse0, dns_aaaa_cmp0): New.
(dns_aaaa_print0, dns_mx_parse0, dns_mx_push0, dns_mx_cmp0): New.
(dns_mx_print0, dns_mx_cname0, dns_ns_parse0, dns_ns_push0): New.
(dns_ns_cmp0, dns_ns_print0, dns_ns_cname0, dns_cname_parse0): New.
(dns_cname_push0, dns_cname_cmp0, dns_cname_print0): New.
(dns_cname_cname0, dns_soa_parse0, dns_soa_push0): New.
(dns_soa_cmp0, dns_soa_print0, dns_srv_parse0, dns_srv_push0): New.
(dns_srv_cmp0, dns_srv_print0, dns_srv_cname0, dns_opt_parse0): New.
(dns_opt_push0, dns_opt_cmp0, dns_opt_print0, dns_ptr_parse0): New.
(dns_ptr_push0, dns_ptr_cmp0, dns_ptr_print0, dns_ptr_cname0): New.
(dns_sshfp_parse0, dns_sshfp_push0, dns_sshfp_cmp0): New.
(dns_sshfp_print0, dns_txt_parse0, dns_txt_push0, dns_txt_cmp0): New.
(struct dns_rrtype): Add function prototypes.
(dns_rrtypes): Use "0" variant of functions.
(DNS_PRAGMA_PUSH, DNS_PRAGMA_POP): Remove.

--

Original code was pretty badly written ignoring the type system of C,
but modern compiler encourages use of the type system.  No
architectural changes, but only things mechanically possible.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 14:53:13 +09:00
NIIBE Yutaka
3d7dbf1661
agent,dirmngr,gpg,scd: Clean up for modern compiler.
* agent/protect.c (agent_get_shadow_info_type): It's a write only
variable, useful for debugging.
* g10/key-check.c (key_check_all_keysigs): Likewise.
* g10/keyedit.c (show_basic_key_info, menu_expire): Likewise.
* scd/app-sc-hsm.c (read_ef_prkd): Likewise.
* dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars.
* dirmngr/ks-action.c (ks_action_help): Remove unused variables.
* dirmngr/server.c (make_keyserver_item): Likewise.
* dirmngr/validate.c (check_cert_sig): Initialize the variable.
* scd/app-p15.c (select_and_read_record): Likewise.
* tests/gpgscm/scheme.c (scheme_init_new): A function with no args.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-14 12:08:58 +09:00
NIIBE Yutaka
e133bcb1cd
tools:gpg-auth: Enhance it to support use case for login.
* tools/Makefile.am: gpg-auth is one in libexec_PROGRAMS.
* tools/gpg-auth.c: Support use by root for login user.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-13 16:41:10 +09:00
NIIBE Yutaka
87d4338ed1
gpg,common,scd,sm: Function prototype fixes for modern compiler.
* common/gettime.c (gnupg_get_time): It has no arguments.
* common/signal.c (gnupg_block_all_signals): Likewise.
(gnupg_unblock_all_signals): Likewise.
* common/utf8conv.c (get_native_charset): Likewise.
* g10/cpr.c (is_status_enabled, cpr_enabled): Likewise.
* g10/getkey.c (getkey_disable_caches): Likewise.
* g10/keygen.c (ask_expiredate): Likewise.
* g10/passphrase.c (have_static_passphrase): Likewise.
(get_last_passphrase): Likewise.
* g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise.
(tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise.
(tdbio_read_nextcheck): Likewise.
* g10/trustdb.c (how_to_fix_the_trustdb): Likewise.
* scd/scdaemon.c (scd_get_socket_name): Likewise.
* sm/passphrase.c (have_static_passphrase): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-13 16:34:00 +09:00
Ingo Klöcker
a47b3a4087
sm: Fix reporting of bad passphrase error
* sm/minip12.c (p12_parse): Set badpass flag to result in ctx.
--

Fixes-commit: a4e04375e84ecb7ea0d02e153cb27988fca4c2d0
GnuPG-bug-id: 5713, 6037
2022-09-09 18:23:11 +02:00
Ingo Klöcker
07b0786939
Revert "common: Add a default OpenPGP ECC mapping."
This reverts commit 8e63e813c7404e1dae1def98e0f45d148f71082d.

The change broke adding existing ECDH encryption subkeys to a key.

GnuPG-bug-id: 5555
2022-09-09 18:23:11 +02:00
Werner Koch
abf7d3c545
agent: Don't start in --supervised mode if no-autostart is enabled.
* agent/gpg-agent.c (main): Print an error message if no-autostart is
set in common.conf.
2022-09-07 11:54:23 +02:00
Werner Koch
0988e49c45
gpg: Support key flags for RENC, TIME, and GROUP.
* g10/packet.h (PUBKEY_USAGE_RENC): New.
(PUBKEY_USAGE_TIME): New.
(PUBKEY_USAGE_GROUP): New.
* g10/getkey.c (parse_key_usage): Set the new key flags.
* g10/keyedit.c (show_key_with_all_names_colon): Show the new key
flags.
* g10/keyid.c (usagestr_from_pk): Ditto
* g10/keylist.c (print_capabilities): Ditto.
* g10/keygen.c (parse_usagestr): Parse line and set new flags.
(quickgen_set_para): Show flags.
--

See draft-koch-openpgp-2015-rfc4880bis-00 for the current version.
Actually these flags have been in the draft for years now.  This patch
is a first step to make use of them.
2022-09-07 11:54:23 +02:00
NIIBE Yutaka
dc9227ca57 tools:gpg-auth: Support use of pinpad.
* tools/gpg-auth.c (getpin): Use comment.
(inq_needpin): Support "POPUPPINPADPROMPT" protocol response.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-06 13:52:51 +09:00
NIIBE Yutaka
f7e0b0c8a5 common: Fix to determine ECC curve for SSH.
* common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for
ECC curve.

--

See oidtable in common/openpgp-oid.c.

Fixes-commit: 8e650dbd48fa5fde6d8f08154e6a892d495e9227
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-06 13:43:03 +09:00
NIIBE Yutaka
7a22f764d5 tools:gpg-auth: Show SSH key comment when asking PIN.
* tools/gpg-auth.c (authenticate): Put key_list->comment to assuan
user's pointer.
(getpin): Show SSH key comment if any.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-05 14:42:06 +09:00
NIIBE Yutaka
3e5f99e648 tools: Fix gpg-auth.
* tools/gpg-auth.c (my_strusage): Fix usage string.
(main): Use gpg-agent to get scdaemon socket.
(authenticate): Return GPG_ERR_NOT_FOUND when no success.
(ga_scd_connect): Use DBG_IPC.
(inq_needpin): Change API for getpin.
(put_second_field_cb): New, to get the second field.
(scd_get_pubkey): Use put_second_field_cb.
(ga_filter_by_authorized_keys): Put NULL at the PREV->next.
(getpin): Flush the standard output.
Include the last terminating NUL.
Return the length.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-02 19:00:20 +09:00
NIIBE Yutaka
d49788ef9f tools:gpg-auth: New tool for authentication.
* tools/Makefile.am (bin_PROGRAMS): Add gpg-auth.
(gpg_auth_SOURCES, gpg_auth_LDADD):
* tools/gpg-auth.c: New.

--

GnuPG-bug-id: 5862
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-02 14:52:17 +09:00