gnupg

Commit Graph

Author	SHA1	Message	Date
Werner Koch	5fe4b97887	gpg: Let --fetch-key return an exit code on failure. * g10/keyserver.c (keyserver_fetch): Return an error code. * g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data. -- GnuPG-bug-id: 5376	2021-06-25 10:35:24 +02:00
Werner Koch	9f586700ec	gpg,sm: Simplify keyserver spec parsing. * common/keyserver.h: Remove. * sm/gpgsm.h (struct keyserver_spec): Remove. (opt): Change keyserver to a strlist_t. * sm/gpgsm.c (keyserver_list_free): Remove. (parse_keyserver_line): Remove. (main): Store keyserver in an strlist. * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid an ambiguity in dirmngr by adding a prefix if needed. * g10/options.h (struct keyserver_spec): Move definition from keyserver.h to here. Remove most fields. * g10/keyserver.c (free_keyserver_spec): Adjust. (cmp_keyserver_spec): Adjust. (parse_keyserver_uri): Simplify. (keyidlist): Remove fakev3 arg which does not make any sense because we don't even support v3 keys. -- We now rely on the dirmngr to parse the keyserver specs. Thus a bad specification will not be caught immediately. However, even before that dirmngr had stricter tests. Signed-off-by: Werner Koch <wk@gnupg.org>	2021-05-26 14:30:17 +02:00
Werner Koch	22fe23f46d	gpg: Fix mailbox based search via AKL keyserver method. * g10/keyserver.c (keyserver_import_name): Rename to ... (keyserver_import_mbox): this. And use mail search mode. * g10/getkey.c (get_pubkey_byname): Change the two callers. -- In contrast to a search via keyserver_import_ntds the older keyserver_import_name used a full match of the provided name despite that it is only called with an addr-spec (mbox). Due to the mode the pattern send to dirmngr was prefixed with a '=' and thus dirmngr used an exact search;. This did only work for provided user ids like "foo@example.org" but not for "<foo@example.org>" or "Foo <foo@xample.org>". The old code dates back to 2010. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit `4fcfac6feb`)	2021-05-04 10:23:20 +02:00
Werner Koch	2af217ecd7	gpg: Allow fingerprint based lookup with --locate-external-key. * g10/keyserver.c (keyserver_import_fprint_ntds): New. * g10/getkey.c (get_pubkey_byname): Detect an attempt to search by fingerprint in no_local mode. -- See the man page. For testing use gpg --auto-key-locate local,wkd,keyserver --locate-external-key \ FINGERPRINT with at least one LDAP keyserver given in dirmngr.conf. On Windows "ntds" may be used instead or in addtion to "keyserver". Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit `ec36eca08c`)	2021-05-03 20:53:15 +02:00
Werner Koch	b59af0e2a0	gpg: Lookup a missing public key of the current card via LDAP. * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public key from the current card via LDAP. * g10/call-dirmngr.c: Include keyserver-intetnal.h. (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the new LDAP flag. * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New. Replace the use of the value 1 for the former quick arg. (KEYSERVER_IMPORT_FLAG_LDAP): New. * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line length. * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only. * dirmngr/server.c (cmd_ks_get): Add option --ldap. -- This change makes it easy to start working with gnupg: Just insert the smartcard or token provided to you and the first time you sign a message the public key associated with the current card will be imported and everything is set without any configuration. This works only with an LDAP directory because it can be expected that the public key has been put into the LDAP during card personalization. Of course an LDAP server needs to be configured; in a Windows AD domain this can be a mere "keyserver ldap:///" in dirmngr.conf. Other configured keyservers are ignored. Requirements for the card driver: The $SIGNKEYID attribute must exists and a query for the KEY-FPR attribute needs to return the OpenPGP fingerprint for that key. This is currently supported for OpenPGP cards and certain PKCS#15 cards. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit `d7e707170f`)	2021-05-03 20:28:33 +02:00
Werner Koch	1303b0ed84	gpg: Do not use self-sigs-only for LDAP keyserver imports. * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status. * g10/options.h (opts): New field expl_import_self_sigs_only. * g10/import.c (parse_import_options): Set it. * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP. -- I can be assumed that configured LDAP servers are somehow curated and not affected by rogue key signatures as the HKP servers are. Thus we can allow the import of key signature from LDAP keyservers by default. GnuPG-bug-id: 5387	2021-04-13 14:50:05 +02:00
Werner Koch	559efd23e9	gpg: New AKL method "ntds" * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new support for KEYDB_SEARCH_MODE_MAIL. (ks_ldap_get): Add a debug. * g10/options.h (AKL_NTDS): New. * g10/keyserver.c (keyserver_import_ntds): New. (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL. * g10/getkey.c (parse_auto_key_locate): Support "ntds". (get_pubkey_byname): Ditto.	2020-12-17 18:19:01 +01:00
Werner Koch	2baa00ea18	gpg: Add property "fpr" for use by --export-filter. * g10/export.c (push_export_filters): New. (pop_export_filters): New. (export_pubkey_buffer): Add args prefix and prefixlen. Adjust callers. * g10/import.c (impex_filter_getval): Add property "fpr". * g10/main.h (struct impex_filter_parm_s): Add field hexfpr. -- The push and pop feature will help us to use the export filter internally in gpg. Same for the export_pubkey_buffer change. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>	2020-03-14 19:15:00 +01:00
Werner Koch	de57b5bf91	gpg: Make --quiet work on --send-keys. * g10/keyserver.c (keyserver_put): Act upon --quiet. -- Suggested-by: Robin H. Johnson <robbat2@gentoo.org> Signed-off-by: Werner Koch <wk@gnupg.org>	2019-09-06 16:49:57 +02:00
Werner Koch	3242837d20	gpg: With --auto-key-retrieve prefer WKD over keyservers. * g10/mainproc.c (check_sig_and_print): Print a hint on how to make use of the preferred keyserver. Remove keyserver lookup just by the keyid. Try a WKD lookup before a keyserver lookup. -- The use of the the keyid for lookups does not make much sense anymore since for quite some time we do have the fingerprint as part of the signature. GnuPG-bug-id: 4595 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit `96bf8f4778`)	2019-07-05 10:43:55 +02:00
Werner Koch	8d645f1d1f	gpg: Do not print a hint to use the deprecated --keyserver option. * g10/keyserver.c (keyserver_search): Remove a specialized error message. -- Dirmngr comes with a default keyserver and the suggestion to use gpg --keyserver is not good because that option is deprecated. An error message "No keyserver available" is sufficient. GnuPG-bug-id: 4512 Signed-off-by: Werner Koch <wk@gnupg.org>	2019-05-14 07:57:07 +02:00
Werner Koch	dc4c7f65e3	gpg: Accept also armored data from the WKD. * g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR. -- We may even adjust the specs to allow that. It should not be a problem for any OpenPGP implementation because armored keys are very common and de-armoring code is de-facto a mandatory feature. Signed-off-by: Werner Koch <wk@gnupg.org>	2019-04-11 10:05:08 +02:00
Werner Koch	f7ff25edad	gpg: In search-keys return "Not found" instead of "No Data". * g10/keyserver.c (keyserver_search): Check for NO_DATA. -- GnuPG-bug-id: 3830 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit `e7252ae57f`)	2018-12-11 12:31:36 +01:00
Werner Koch	87b5421ca8	gpg: Extend --key-origin to take an optional URL arg. * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 21:10:58 +02:00
Werner Koch	2ca0381d07	gpg: Store key origin info for new keys from a keyserver * g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was done by fingerprint. * g10/import.c (apply_meta_data): Implement that. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:47:41 +02:00
Werner Koch	e7068bf92e	gpg: Store key origin info for new DANE and WKD retrieved keys. * g10/import.c (apply_meta_data): Remove arg 'merge'. Add arg 'url'. Implement WKD and DANE key origin. (import_keys_internal): Add arg 'url' and change all callers. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. * g10/keylist.c (list_keyblock_print): Fix update URL printing. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return the SOURCE. Pass ks_status_cb to assuan_transact. * g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to the import function. -- Note that this only for new keys. Merging this info will be added soon. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:09:52 +02:00
Werner Koch	f6f0dd4d5e	gpg: Filter keys received via DANE * g10/keyserver.c (keyserver_import_cert): Use an import filter in DANE mode. -- We only want to see the user ids requested via DANE and not any additional ids. This filter enables this in the same way we do this in WKD. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-24 20:09:52 +02:00
Werner Koch	330212efb9	gpg: Pass key origin values to import functions. * g10/import.c (import_keys_stream): Remove this unused function. (import_keys_internal): Add arg origin. (import_keys): Ditto. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. (apply_meta_data): New stub. (import_secret_one): Pass 0 for ORIGIN. * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. (keyserver_fetch): Add arg origin. (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and keyserver_fetch. * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. -- This is just the framework; applying the meta data will be done in another commit. GnuPG-bug-id: 3252 Signed-off-by: Werner Koch <wk@gnupg.org>	2017-07-13 18:29:01 +02:00
Werner Koch	8f2671d2cc	gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>	2017-03-31 20:07:20 +02:00
Justus Winter	2649fdfff5	g10: Move more flags into the flag bitfield. * g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and 'is_expired' into the flags bitfield, and drop the prefix. * g10/call-dirmngr.c: Adapt accordingly. * g10/export.c: Likewise. * g10/getkey.c: Likewise. * g10/import.c: Likewise. * g10/kbnode.c: Likewise. * g10/keyedit.c: Likewise. * g10/keylist.c: Likewise. * g10/keyserver.c: Likewise. * g10/mainproc.c: Likewise. * g10/pkclist.c: Likewise. * g10/pubkey-enc.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. -- This patch has been created by applying the following semantic patch: @@ expression E; @@ -E->is_expired +E->flags.expired @@ expression E; @@ -E->is_primary +E->flags.primary @@ expression E; @@ -E->is_revoked +E->flags.revoked Signed-off-by: Justus Winter <justus@g10code.com>	2017-03-08 13:31:10 +01:00
NIIBE Yutaka	70aca95d68	Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>	2017-03-07 20:25:54 +09:00
Werner Koch	86efc3ee53	gpg: Let only Dirmngr decide whether CERT is supported. * g10/getkey.c (parse_auto_key_locate): Do not build parts depending on USE_DNS_CERT. -- This also removes USE_DNS_SRV from commented code. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-12-01 16:40:32 +01:00
Werner Koch	4d7dc432b5	Change all http://www.gnu.org in license notices to https:// --	2016-11-05 12:02:19 +01:00
Werner Koch	a15ed5a1fd	gpg: Convey --quick option to dirmngr for --auto-key-retrieve. * g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'. (gpg_dirmngr_wkd_get): Ditto. * g10/keyserver.c (keyserver_get): Add arg 'quick'. (keyserver_get_chunk): Add arg 'quick'. (keyserver_import_fprint): Ditto. Change callers to pass 0 for it. (keyserver_import_keyid): Ditto. (keyserver_import_wkd): Ditto. * g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with QUICK set. -- Note that this option has not yet been implemented by dirmngr. Dirmngr will simply ignore it for now. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-10-27 09:06:10 +02:00
Werner Koch	cbf2ac6669	gpg: Improve WKD by importing only the requested UID. * g10/keyserver.c: Include mbox-util.h. (keyserver_import_wkd): Do not use the global import options but employ an import filter. -- We also make sure that an mbox has been passed to keyserver_import_wkd so it may also be called with a complete user id (which is currently not the case). Signed-off-by: Werner Koch <wk@gnupg.org>	2016-09-28 15:35:31 +02:00
Justus Winter	78aeb236fe	g10: Fix memory leak. * g10/keyserver.c (parse_keyserver_uri): Free URI. Signed-off-by: Justus Winter <justus@g10code.com>	2016-07-01 14:16:18 +02:00
Werner Koch	5ddccf4fc6	doc: Consistently use 'keyserver'. -- GnuPG-bug-id: 2383 Signed-off-by: Werner Koch <wk@gnupg.org>	2016-06-14 09:06:44 +02:00
Werner Koch	027c4e5552	gpg: Pass CTRL object down to the trust functions Signed-off-by: Werner Koch <wk@gnupg.org>	2016-05-21 11:41:49 +02:00
Werner Koch	64bfeafa52	gpg: Remove all assert.h and s/assert/log_assert/. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-04-29 11:05:24 +02:00
Werner Koch	87de9e19ed	gpg: Add experimental AKL method "wkd" and option --with-wkd-hash. * g10/getkey.c (parse_auto_key_locate): Add method "wkd". (get_pubkey_byname): Implement that method. Also rename a variable. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New. * g10/keyserver.c (keyserver_import_wkd): New. * g10/test-stubs.c (keyserver_import_wkd): Add stub. * g10/gpgv.c (keyserver_import_wkd): Ditto. * g10/options.h (opt): Add field 'with_wkd_hash'. (AKL_WKD): New. * g10/gpg.c (oWithWKDHash): New. (opts): Add option --with-wkd-hash. (main): Set that option. * g10/keylist.c (list_keyblock_print): Implement that option. -- The Web Key Directory is an experimental feature to retrieve a key via https. It is similar to OpenPGP DANE but also uses an encryption to reveal less information about a key lookup. For example the URI to lookup the key for Joe.Doe@Example.ORG is: https://example.org/.well-known/openpgpkey/ hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q (line has been wrapped for rendering purposes). The hash is a z-Base-32 encoded SHA-1 hash of the mail address' local-part. The address wk@gnupg.org can be used for testing. Signed-off-by: Werner Koch <wk@gnupg.org>	2016-04-27 08:34:29 +02:00
Werner Koch	09117e769a	gpg: Make --auto-key-retrieve work with dirmngr configured server. * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional. * g10/keyserver.c (keyserver_any_configured): New. (keyserver_put): Remove arg keyserver because this will always receive opt.keyserver which is anyway used when connecting dirmngr. Do not check opt.keyserver. (keyserver_import_cert): Replace opt.keyserver by keyserver_any_configured. * g10/mainproc.c (check_sig_and_print): Ditto. * g10/import.c (revocation_present): Ditto. * g10/getkey.c (get_pubkey_byname): Ditto. * g10/gpgv.c (keyserver_any_configured): Add stub. * g10/test-stubs.c (keyserver_any_configured): Add stub. -- The keyserver should be configured in dirmngr.conf and thus we can't use opt.keyserver in gpg to decide whether a keyserver has been configured. GnuPG-bug-id: 2147 Signed-off-by: Werner Koch <wk@gnupg.org>	2016-01-21 11:49:27 +01:00
Werner Koch	437965e562	Use ngettext for some strings. * scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for some diagnostics. (do_genkey): Ditto. * g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto. * g10/keylist.c (print_signature_stats): Ditto. * g10/keyserver.c (keyserver_refresh): Ditto. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/sign.c (do_sign): Ditto. * g10/trustdb.c (reset_trust_records): Ditto. (validate_keys): Use a table like diagnostic output. -- Suggested-by: Ineiev <ineiev@gnu.org> Signed-off-by: Werner Koch <wk@gnupg.org>	2016-01-18 11:20:15 +01:00
Werner Koch	4d3395ef1f	gpg: Use a regular type instead of a void* for import stats. * g10/import.c (struct stats_s): Rename to import_stats_s. Change all users. * g10/main.h (import_stats_t): New. Change fucntions to use this instead of a void pointer. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-12 18:19:35 +01:00
Werner Koch	50a568e738	gpg: Make keyidlist more robust in case of errors. * g10/keyserver.c (keyidlist): Clear *KLIST on error. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-03 12:19:30 +01:00
Werner Koch	a28ac99efe	gpg: Take care of keydb_new returning NULL. * g10/keydb.c (keydb_new): Print an error message if needed. Also use xtrycalloc because we return an error anyway. * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new. * g10/export.c (do_export_stream): Ditto. * g10/getkey.c (get_pubkey): Ditto. (get_pubkey_fast): Ditto. (get_pubkeyblock): Ditto. (get_seckey): Ditto. (key_byname): Ditto. (get_pubkey_byfprint): Ditto. (get_pubkey_byfprint_fast): Ditto. (parse_def_secret_key): Ditto. (have_secret_key_with_kid): Ditto. * g10/import.c (import_one): Ditto. (import_revoke_cert): Ditto. * g10/keyedit.c (keyedit_quick_adduid): Ditto. * g10/keygen.c (quick_generate_keypair): Ditto. (do_generate_keypair): Ditto. * g10/trustdb.c (validate_keys): Ditto. * g10/keyserver.c (keyidlist): Ditto. * g10/revoke.c (gen_desig_revoke): Ditto. (gen_revoke): Ditto. * g10/gpg.c (check_user_ids): Ditto. (main): Do not print an error message for keydb_new error. * g10/keylist.c (list_all): Use actual error code returned by keydb_new. * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error. * g10/t-keydb.c (do_test): Ditto. * g10/keyring.c (keyring_new): Actually return an error so that the existing keydb_new error checking makes sense for a keyring resource. (keyring_rebuild_cache): Take care of keyring_new returning an error. -- Commit `04a6b903` changed keydb_new to return an error. However the error was not checked at most places which we fix with this patch. To make things easier keydb_new prints an error message itself. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-12-03 12:18:32 +01:00
Neal H. Walfield	58e4a492e2	gpg: Change keydb_search to not return legacy keys. * g10/keyring.c (keyring_search): Take new argument, ignore_legacy. If set, skip any legacy keys. Update callers. * g10/keydb.c (keydb_search): Skip any legacy keys. (keydb_search_first): Don't skip legacy keys. Treat them as an error. (keydb_search_next): Likewise. (keydb_search_fpr): Likewise. * g10/export.c (do_export_stream): Likewise. * g10/getkey.c (lookup): Likewise. (have_secret_key_with_kid): Likewise. * g10/keylist.c (list_all): Likewise. (keyring_rebuild_cache): Likewise. * g10/keyserver.c (keyidlist): Likewise. * g10/trustdb.c (validate_key_list): Likewise. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>	2015-11-17 14:53:05 +01:00
Werner Koch	e3c48335f9	gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-11-12 16:44:00 +01:00
Werner Koch	41bb01ae79	Move SRV RR code from common/ to dirmngr/. * common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file. * common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file. * common/Makefile.am (common_sources): Remove srv.c and srv.h. * g10/keyserver.c: Do not include srv.h. The code using it is anyway disabled. * dirmngr/http.c: Remove header srv.h and stubs. * dirmngr/t-dns-stuff.c: Add option --srv. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-10-22 09:22:41 +02:00
Werner Koch	9ac31f91b1	gpg: Add new --auto-key-locate mechanism "dane". * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE. * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode". * g10/options.h (AKL_DANE): New. * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE. (parse_auto_key_locate): Ditto. -- To test this use gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org Signed-off-by: Werner Koch <wk@gnupg.org>	2015-10-06 20:31:43 +02:00
Werner Koch	ae471fa978	gpg: Deprecate the --keyserver option. * g10/keyserver.c (keyserver_refresh): Change return type to gpg_error_t. Use gpg_dirmngr_ks_list to print the name of the keyserver to use. (keyserver_search): Do not print the "no keyserver" error message. The same error is anyway returned from dirmngr. * g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword". (ks_status_cb): Handle other status keywords. (gpg_dirmngr_ks_list): New. * tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver". (gc_options_dirmngr): Add "Keyserver" group and "keyserver". -- Along with the corresponding dirmngr change this option allows to configure the keyserver only in dirmngr.conf. Existing configurations will continue to work. However, GUIs using gpgconf now the keyserver option under the dirmngr (aka Key Acquirer) tab unless they are in export mode in which the keyserver option is also show for gpg. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-10-05 17:52:28 +02:00
Werner Koch	154f3ed2bf	gpg: Move all DNS access to Dirmngr. * common/dns-cert.h: Move to ../dirmngr/. * common/dns-cert.c: Move to ../dirmngr/. Change args to return the key as a buffer. * common/t-dns-cert.c: Move to ../dirmngr/. * common/pka.c, common/pka.h, common/t-pka.c: Remove. * dirmngr/server.c (data_line_cookie_write): Factor code out to data_line_write and make it a wrapper for that. (data_line_write): New. (cmd_dns_cert): New. (register_commands): Register new command. * g10/Makefile.am (LDADD): Remove DNSLIBS. * g10/call-dirmngr.c (dns_cert_parm_s): New. (dns_cert_data_cb, dns_cert_status_cb): New. (gpg_dirmngr_dns_cert): New. (gpg_dirmngr_get_pka): New. * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function. * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by gpg_dirmngr_dns_cert. (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka. * g10/mainproc.c: Include call-dirmngr.h. (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by gpg_dirmngr_get_pka. -- With this patch gpg does not do any network access itself but uses dirmngr for that. Note that we need to keep linking to NETLIBS due to the logging code and because we need TCP for our socket emulation under Windows. Probably also required for Solaris etc. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-04-23 15:52:39 +02:00
Werner Koch	c4d98734c5	gpg: Make keyserver-option http_proxy work. * g10/options.h (opt): Add field keyserver_options.http_proxy. * g10/keyserver.c (warn_kshelper_option): Add arg noisy. (parse_keyserver_options): Parse into new http_proxy field. * g10/call-dirmngr.c (create_context): Send the http-proxy option.	2015-04-21 19:29:53 +02:00
Werner Koch	ae0d65f864	gpg: Make preferred keyservers work. * g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done. (create_context): Move keyserver setting to ... (open_context): here. (clear_context_flags): New. (gpg_dirmngr_ks_get): Add arg override_keyserver. * g10/keyserver.c (keyserver_refresh): Improve diagnostics. (keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get. -- It used to ignore the given server but showed a diagnostics that it will be used.	2015-04-21 15:36:30 +02:00
Werner Koch	da1990bac7	gpg: Update sub-options of --keyserver-options * g10/options.h (KEYSERVER_HTTP_PROXY): New. (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove. (KEYSERVER_TIMEOUT): New. * common/keyserver.h (KEYSERVER_TIMEOUT): Remove. * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files" and "keep-temp-files". Add "http-proxy" and "timeout". (parse_keyserver_options): Remove 1.2 compatibility option "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files" code. -- Note that many of these options where implicitly used by passing any unknown option down to the former keyserver helpers. The don't exist anymore thus we need to make them explicit. Another patch will convey them to dirmngr. Temp files are not anymore used thus they can be removed and will be ignored when used. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-04-21 10:15:04 +02:00
Werner Koch	91baea2dcd	gpg: Fix memory leak due to PKA lookup. * g10/keyserver.c (keyserver_import_pka): Move the xfree.	2015-02-26 18:01:13 +01:00
Werner Koch	2fc27c8696	gpg: Switch to a hash and CERT record based PKA system. * common/dns-cert.c (get_dns_cert): Make r_key optional. * common/pka.c: Rewrite for the new hash based lookup. * common/t-pka.c: New. * configure.ac: Remove option --disable-dns-pka. (USE_DNS_PKA): Remove ac_define. * g10/getkey.c (parse_auto_key_locate): Always include PKA. -- Note that although PKA is now always build, it will only work if support for looking up via DNS has not been disabled. The new PKA only works with the IPGP DNS certtype and shall be used only to retrieve the fingerprint and optional the key for the first time. Due to the security problems with DNSSEC the former assumption to validate the key using DNSSEC is not anymore justified. Instead an additional layer (e.g. Trust-On-First-Use) needs to be implemented to track change to the key. Having a solid way of getting a key matching a mail address is however a must have. More work needs to go into a redefinition of the --verify-options pka-lookups and pka-trust-increase. The auto-key-locate mechanism should also be able to continue key fetching with another methods once the fingerprint has been retrieved with PKA. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-02-25 16:34:19 +01:00
Werner Koch	af60152a46	common: Allow requesting a specific certtype with get_dns_cert() * common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all callers. (CERTTYPE_): Move constants to ... * common/dns-cert.h: here as DNS_CERTTYPE_. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-02-25 12:03:21 +01:00
Werner Koch	d2a70fd834	gpg: Replace remaining uses of stdio by estream. * g10/sign.c (sign_file): Use log_printf instead of stderr. * g10/tdbdump.c (export_ownertrust): Use estream fucntions. (import_ownertrust): Ditto. * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t. -- Reported-by: Guilhem Moulin <guilhem@fripost.org> Needed for unattended key edits with --status-fd, because since 2.1 status prompts are preceded by es_fflush (in cpr.c:do_get_from_fd) not fflush(3), so the standard output may not be flushed before each prompt. (Which breaks scripts using select(2) to multiplex between the standard and status outputs.) His patch only affected print_and_check_one_sig_colon() but there are many more places where stdio and estream are mixed. This patch now replaces most of them in g10/. At some places stdio is still used, but that is local to a function and should not have side effects. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-02-19 17:22:27 +01:00
Werner Koch	09e8f35d38	gpg: Improve skipping of PGP-2 keys. * g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy keys. * g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY. (prepare_search): Ditto. (keyring_rebuild_cache): Skip legacy keys. * g10/keyserver.c (keyidlist): Ditto. * g10/trustdb.c (validate_key_list): Ditto. -- This is not the most elegant way to handle it but it reduces the chance for unwanted side effects. GnuPG-bug-id: 1816 Signed-off-by: Werner Koch <wk@gnupg.org>	2015-01-22 16:36:28 +01:00
Werner Koch	11142e0ad7	gpg: Replace remaining old error code macros by GPG_ERR_. * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by gpg_strerror. (G10ERR_): Remove all macros and change all occurrences by their GPG_ERR_ counterparts. Signed-off-by: Werner Koch <wk@gnupg.org>	2015-01-22 12:06:11 +01:00

1 2 3

127 Commits