* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--
It is sometimes helpful to be able to inspect certain envvars in a
running agent. For example "http_proxy".
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.
--
https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:
If the agent does not support the requested flags, or is otherwise
unable or unwilling to generate the signature (e.g. because it
doesn't have the specified key, or the user refused confirmation of a
constrained key), it must reply with a SSH_AGENT_FAILURE message.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3880
* agent/command-ssh.c: repoint documentation reference.
--
Damien Miller is now documenting the ssh-agent protocol via the IETF.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
callers to pass it.
(agent_get_cache): Ditto.
* agent/cache.c (struct cache_items_s): Add field 'restricted'.
(housekeeping): Adjust debug output.
(agent_flush_cache): Ditto.
(agent_put_cache): Ditto. Take RESTRICTED into account.
(agent_get_cache): Ditto.
--
If requests are coming from different sources they should not share the
same cache. This way we make sure that a Pinentry pops up for a
remote request to a key we have already used locally.
GnuPG-bug-id: 3858
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--
This allows to pretend that a request originated from the extra or
browser socket.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--
This change mitigates the risk of having cached items in a post mortem
dump.
GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--
This fixes a potential overflow if LFs are passed to the status
string functions. This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing. In any case the functions need to be more robust and
comply to the promised interface. Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.
For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.
Reported-by: private_pers
* configure.ac: Check ucred.h as well as sys/ucred.h.
* agent/command-ssh.c: Add inclusion of ucred.h.
--
It was T2981, adding ucred.h for Solaris. We also need sys/ucred.h
for FreeBSD and macOS.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--
GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (initialize_modules): Add hook again.
(main): Remove setting of the system houk but add scoket system hook
setting after assuan initialization.
--
Thread initialization is better to be deferred after fork (in case of
UNIX). assuan_sock_init should be earlier. Thus, we need to change
system hooks for assuan_sock_* interface. Or else, on Windows, it may
cause hang on server.
Updates-commit: 1524ba9656f0205d8c6ef504f773b832a7a12ab9
GnuPG-bug-id: 3378
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
(main): ... here, just before assuan_sock_init.
--
In Assuan, global variable SOCK_CTX is used internally, which is
initialized by assuan_sock_init. When initialized, system hooks
are copied into SOCK_CTX structure. Thus, system hooks should
be set, before the call of assuan_sock_init.
GnuPG-bug-id: 3378
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--
Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.
GnuPG-bug-id: 3530
* agent/gpg-agent.c (handle_connections): Always check inotify fds.
--
I noticed a gpg-agent processed, probably in shutdown_pending state,
which was selecting on only these two inotify fds. The select
returned immediately but because we did not handle the fds in
shutdown_pending state they were not read and the next select call
returned one of them immediately again. Actually that should not
hanppen because the
if (active_connections == 0)
break; /* ready */
should have terminated the loop. For unknown reasons (maybe be just a
connection thread terminated in a gdb session) that did not happen.
By moving the check outside of the shutdown_pending condition and
closing the fd after they have been triggered the code should be more
robust.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5d83eb9226c0ce608ec284d8c9bc22ce84a00c25)
* agent/protect.c (calibrate_get_time): Use clock or clock_gettime.
--
For calibration, clock(3) is better than times(3) among UNIXen.
Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU.
Thanks to Damien Goutte-Gattat for the information of use of
CLOCKS_PER_SEC; The old code with times(3) is not 100% correct,
in terms of POSIX. It should have used sysconf (_SC_CLK_TCK) instead
of CLOCKS_PER_SEC. CLOCKS_PER_SEC is specifically for clock(3).
GnuPG-bug-id: 3056, 3276, 3472
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 380bce13d94ff03c96e39ac1d834f382c5c730a1)
* agent/command.c (cmd_getinfo): New sub-commands.
* agent/protect.c (get_standard_s2k_count): Factor some code out to ...
(get_calibrated_s2k_count): new.
(get_standard_s2k_time): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)
* agent/agent.h (opt): New field 's2k_count'.
* agent/gpg-agent.c (oS2KCount): New enum value.
(opts): New option --s2k-count.
(parse_rereadable_options): Set opt.s2k_count.
--
This option is useful to speed up the starting of gpg-agent and in
cases where the auto-calibration runs into problems due to a broken
time measurement facility.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e)
* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.
--
We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.
It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object). But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.
So, simply have a thread private object for recursive pinentry access.
GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit fb7828676cc2c01047498898378711e049f73fee)
* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
--
We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.
GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/agent.h (L_): Define agent_Lunderscore when simple
gettext is used.
--
This fixes a regression introduced by b3286af3 ENABLE_NLS
is not defined if we use simple gettext and not gettext.
GnuPG-Bug-Id: T3364
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
(parse_rereadable_options): here.
(opts): Change its description.
(main) <aGPGConfList>: Include this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
level.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
* agent/findkey.c (read_key_file): Ditto. Change return type to
gpg_error_t. On es_fessk failure return a correct error code.
(agent_key_from_file): Change var name 'rc' to 'err'.
* agent/pksign.c (agent_pksign_do): Ditto. Change return type to
gpg_error_t. Return a valid erro code on malloc failure.
(agent_pksign): Ditto. Change return type to gpg_error_t. replace
xmalloc by xtrymalloc.
* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
(do_decryption): Ditto. Do not init RC.
(merge_lists): Change return type to gpg_error_t.
(agent_unprotect): Ditto.
(agent_get_shadow_info): Ditto.
--
While code starring for bug 3266 I found two glitches and also changed
var name for easier reading.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (have_homedir_inotify): New var.
(reliable_homedir_inotify): New var.
(main): Set reliable_homedir_inotify.
(handle_tick): Call stat on the homedir.
(handle_connections): Mark availibility of the inotify watch.
* dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
(TIMERTICK_INTERVAL_SHUTDOWN): New.
(handle_connections): Depend tick interval on the shutdown state.
--
The stat call is used on systems which do not support inotify and also
when we assume that the inotify does not work reliable.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--
Note that only dirmngr did not call the chdir with --no-detach. thus
we kept it this way.
Tested gpg-agent by checking the properties shown by procexp.
Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2670
* agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8.
--
For the de-vs compliance of gpg we need to check whether the Jitter
RNG is used on Windows. This change allows to test this for
gpg-agent.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
* agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
--
Note that in genkey() max_length is set to MAX_PASSPHRASE_LEN + 1
because in agent_askpin() decrements that value before conveying it to
the loopback.
GnuPG-bug-id: 3254
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty
passphrase is supplied, do not protect the key.
GnuPG-bug-id: 2856
Signed-off-by: Justus Winter <justus@g10code.com>
* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--
GnuPG-bug-id: 3218
Note that we should add this also to dirmngr. And for non-Linux
systems a stat in ticker should be implemented.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--
OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256. This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/command-ssh.c (add_control_entry): Hand in the key, write both
the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
when adding ssh keys.
(ssh_identity_register): Adapt callsite.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>