aboutsummaryrefslogtreecommitdiffstats
path: root/agent/command-ssh.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* agent: Fix UPDATESTARTUPTTY for ssh.Werner Koch2013-08-191-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (setup_ssh_env): Fix env setting. -- gniibe reported this to gnupg-devel on 2012-07-04: [...] (2) UPDATESTARTUPTTY doesn't work to switch TTY for pinentry for SSH. [...] Current implementation: In the function start_command_handler_ssh, the logic puts priority on ctrl->session_env which is initialized by agent_init_default_ctrl. There are always GPG_TTY and TERM defined, because lines around 968 in gpg-agent.c, it says: /* Make sure that we have a default ttyname. */ While UPDATESTARTUPTTY updates opt.startup_env, it doesn't affect at all. Here is a patch to point the issue. Tested and works for me. Signed-off-by: Werner Koch <[email protected]>
* agent: Extend cmd KEYINFO to return data from sshcontrol.Werner Koch2013-08-081-15/+95
| | | | | | | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (struct control_file_s): Rename to ssh_control_file_s. (ssh_open_control_file, ssh_close_control_file) (ssh_read_control_file, ssh_search_control_file): New. (control_file_t): Rename and move to ... * agent/agent.h (ssh_control_file_t): here. * agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled, and confirm. Rename unknown keytype indicator from '-' to 'X'. Extend output. (cmd_keyinfo): Add options --ssh-list and --with-ssh. -- This extension allows the development of frontends to manage the sshcontrol file. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 50c98c7ed6b542857ee2f902eca36cda37407737) Conflicts in agent/command.c (due to less information printed by keyinfo) solved.
* ssh: Add support for Putty.Werner Koch2013-07-031-0/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c [W32]: Include Several Windows header. (opts): Change help text for enable-ssh-support. (opts, main): Add option --enable-putty-support (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32. (agent_init_default_ctrl): Add and asssert call. (putty_message_proc, putty_message_thread): New. (handle_connections) [W32]: Start putty message thread. * common/sysutils.c (w32_get_user_sid): New for W32 only * tools/gpgconf-comp.c (gc_options_gpg_agent): Add --enable-ssh-support and --enable-putty-support. Make the configuration group visible at basic level. * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only. -- This patch enables support for Putty. It has been tested with Putty 0.62 using an Unix created ssh key copied to the private-keys-v1.d directory on Windows and with a manually crafted sshcontrol file. It also works with a smartcard key. May thanks to gniibe who implemented a proxy in Python to test the putty/gpg-agent communication. Signed-off-by: Werner Koch <[email protected]>
* agent: Fix binary vs. text mode problem in ssh.Werner Koch2013-07-031-32/+39
| | | | | | | | | | | | | | | * agent/command-ssh.c (file_to_buffer) (ssh_handler_request_identities): Open streams in binary mode. (start_command_handler_ssh): Factor some code out to .. (setup_ssh_env): new function. -- This is for now a theoretical fix because there is no ssh client yet which uses the GnuPG style IPC. OpenSSL for Cygwin uses only a quite similar one. gniibe suggested to implement that IPC style in Libassuan so that a Cygwin version of OpenSSL may be used with GnuPG. Signed-off-by: Werner Koch <[email protected]>
* ssh: Mark unused arg.Werner Koch2013-07-011-0/+2
| | | | | * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Cast spec to void.
* ssh: Support ECDSA keys.Werner Koch2013-07-011-96/+307
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New. (struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO. (ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}. (ssh_signature_encoder_t): Add arg spec and adjust all callers. (ssh_signature_encoder_ecdsa): New. (sexp_key_construct, sexp_key_extract, ssh_receive_key) (ssh_convert_key_to_blob): Support ecdsa. (ssh_identifier_from_curve_name): New. (ssh_send_key_public): Retrieve and pass the curve_name. (key_secret_to_public): Ditto. (data_sign): Add arg SPEC and change callers to pass it. (ssh_handler_sign_request): Get the hash algo from SPEC. * common/ssh-utils.c (get_fingerprint): Support ecdsa. * agent/protect.c (protect_info): Add flag ECC_HACK. (agent_protect): Allow the use of the "curve" parameter. * agent/t-protect.c (test_agent_protect): Add a test case for ecdsa. * agent/command-ssh.c (ssh_key_grip): Print a better error code. -- The 3 standard curves are now supported in gpg-agent's ssh-agent protocol implementation. I tested this with all 3 curves and keys generated by OpenSSH 5.9p1. Using existing non-ssh generated keys will likely fail for now. To fix this, the code should first undergo some more cleanup; then the fixes are pretty straightforward. And yes, the data structures are way too complicated. (cherry picked from commit 649b31c663b8674bc874b4ef283d714a13dc8cfe) Solved conflicts: agent/protect.c agent/t-protect.c common/ssh-utils.c (different variabale name)
* ssh: Rewrite a function for better maintainabilityWerner Koch2013-07-011-40/+41
| | | | | | | | | * agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite. -- Using es_fopenmem instead of a preallocated buffer is safer and easier to read. (cherry picked from commit f76a0312c3794afd81fe1e172df15eb0612deae0)
* ssh: Improve key lookup for many keys.Werner Koch2013-07-011-154/+166
| | | | | | | | | | | | | | | | | | | | | * agent/command-ssh.c: Remove dirent.h. (control_file_s): Add struct item. (rewind_control_file): New. (search_control_file): Factor code out to ... (read_control_file_item): New. (ssh_handler_request_identities): Change to iterate over entries in sshcontrol. -- Formerly we scanned the private key directory for matches of entries in sshcontrol. This patch changes it to scan the sshcontrol file and thus considers only keys configured there. The rationale for this is that it is common to have only a few ssh keys but many private keys. Even if that assumption does not hold true, the scanning of the sshcontrol file is faster than reading the directory and only then scanning the ssh control for each directory entry. (cherry picked from commit d2777f84be0ded5906a9bec3bc23cfed0a9be02f)
* ssh: Cleanup sshcontrol file access code.Werner Koch2013-07-011-59/+102
| | | | | | | | | | | | | * agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace the direct use of the string. (struct control_file_s, control_file_t): New. (open_control_file, close_control_file): New. Use them instead of using fopen/fclose directly. -- (cherry picked from commit 25fb53ab4ae7e1c098500229c776d29b82713a20) Fixed conflicts in some variabale names.
* ssh: Do not look for a card based ssh key if scdaemon is disabled.Werner Koch2013-07-011-1/+2
| | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Do not call card_key_available if the scdaemon is disabled. -- (back ported from commit id 781e9746dff21fc2721373205e63d1d09722d590)
* ssh: Make the mode extension "x" portable by a call to es_fopen.Werner Koch2013-07-011-7/+5
| | | | | | | | | | | * agent/command-ssh.c (open_control_file): Use_es_fopen to support the "wx" mode flag. -- This also patch also specifies a file mode parameter. However, this will only be used with an updated version of es_stream which we have not yet done.
* Support a confirm flag for ssh.Werner Koch2011-08-041-23/+135
| | | | | This implements the suggestion from bug#1349. With this change the fingerprint of the ssh key is also displayed in the pinentry prompts.
* Removed some set but unused variables.Werner Koch2011-08-041-2/+0
|
* Fix crash while reading unsupported ssh keys.Werner Koch2011-07-221-73/+68
| | | | | This bug was found by n-roeser at gmx.net (gnupg-devel@, msgid [email protected]).
* Reworked passing of envars to Pinentry.Werner Koch2009-07-071-16/+28
|
* Fix bug #1053Werner Koch2009-05-151-12/+49
| | | | | Add option --qualitybar to command GET_PASSPHRASE.
* Marked all unused args on non-W32 platforms.Werner Koch2008-10-201-0/+15
|
* Fixed segv in gpg-agent (command marktrusted).Werner Koch2008-05-271-2/+2
| | | | | | Replaced almost all free by xfree. Translation fixes.
* Started to implement the audit log feature.Werner Koch2007-11-191-0/+4
| | | | | | | | Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry. Improved support for the quality bar. Minor internal restructuring. Translation fixes.
* 2007-10-15 Daiki Ueno <[email protected]> (wk)Werner Koch2007-10-151-3/+37
| | | | | | | | * command-ssh.c (reenter_compare_cb): New function; imported from genkey.c. (ssh_identity_register): Ask initial passphrase twice.
* Use Assuan socket wrapper calls.Werner Koch2007-10-011-5/+2
| | | | | Made socket servers secure under Windows.
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* agent/Werner Koch2007-01-311-7/+15
| | | | | | | * command-ssh.c (stream_read_string): Initialize LENGTH to zero. (start_command_handler_ssh): Use es_fgetc/es_ungetc to check if EOF has been reached before trying to process another request.
* Made some PIN pads work.Werner Koch2006-11-201-25/+15
| | | | | Some cleanups for 64 bit CPUs.
* Preparing a new releasegnupg-1.9.90Werner Koch2006-09-251-2/+2
|
* Take advantage of newer gpg-error features.Werner Koch2006-09-141-40/+40
|
* Allow for 4k ssh keys and better error reporting.Werner Koch2006-08-291-0/+9
|
* Various smaller changesWerner Koch2006-06-271-11/+7
|
* Updated FSF's address.Werner Koch2006-06-201-2/+2
|
* 2006-04-09 Moritz Schulte <[email protected]>Moritz Schulte2006-04-091-5/+8
| | | | | | * command-ssh.c (ssh_request_process): Removed FIXME mentioning a possible DoS attack.
* 2006-04-01 Moritz Schulte <[email protected]>Moritz Schulte2006-04-011-3/+1
| | | | | | | * command-ssh.c (ssh_identity_register): Make KEY_GRIP_RAW be 20 instead of 21 bytes long; do not fill KEY_GRIP_RAW[20] with NUL byte - KEY_GRIP_RAW is a raw binary string anyway.
* Bug fixes and ssh support for the BELPIC.Werner Koch2005-09-091-21/+25
|
* (data_sign): Removed empty statement.Werner Koch2005-06-291-1/+1
|
* gcc-4 defaults forced me to edit many many files to get rid of theWerner Koch2005-06-161-42/+33
| | | | | | | char * vs. unsigned char * warnings. The GNU coding standards used to say that these mismatches are okay and better than a bunch of casts. Obviously this has changed now.
* New debugging optionhs, updates to the manual.Werner Koch2005-06-071-2/+3
|
* * call-scd.c (inq_needpin): Skip leading spaces in of PINWerner Koch2005-05-241-1/+1
| | | | | | | | | description. * divert-scd.c (getpin_cb): Enhanced to cope with description flags. * query.c (agent_askpin): Add arg PROMPT_TEXT. Changed all callers.
* 2005-05-05 Moritz Schulte <[email protected]>Moritz Schulte2005-05-051-31/+29
| | | | | | | * command-ssh.c: Use ssh_key_grip(), where gcry_pk_get_keygrip() has been used before. (ssh_handler_sign_request): Removed unusued variable P.
* 2005-05-05 Moritz Schulte <[email protected]>Moritz Schulte2005-05-051-38/+85
| | | | | | | * command-ssh.c (ssh_key_to_buffer): Rename to ... (ssh_key_to_protected_buffer): ... this; change callers. Improved documentation.
* 2005-04-20 Moritz Schulte <[email protected]>Moritz Schulte2005-04-201-3/+0
| | | | | | * command-ssh.c (ssh_handler_request_identities): Removed debugging code (sleep call), which was commited unintenionally.
* * configure.ac: Require libksba 0.9.11.Werner Koch2005-04-181-0/+1
| | | | | | | | | | | | sm/ * call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI. * certlist.c (gpgsm_find_cert): Add new arg KEYID and implement this filter. Changed all callers. * certchain.c (find_up_search_by_keyid): New helper. (find_up): Also try using the AKI.keyIdentifier. (find_up_external): Ditto.
* 2005-04-03 Moritz Schulte <[email protected]>Moritz Schulte2005-04-091-60/+97
| | | | | | | | | | * command-ssh.c (ssh_request_spec): New member: secret_input. (REQUEST_SPEC_DEFINE): New argument: secret_input. (request_specs): Add secret_input flag. (request_spec_lookup): New function ... (ssh_request_process): ... use it here; depending on secret_input flag allocate secure or non-secure memory.
* * acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Accidently usedWerner Koch2005-03-031-1/+1
| | | | | | | | | --ldflags instead of --cflags. Reported by Kazu Yamamoto. * Makefile.am (AM_CFLAGS): Added PTH_CFLAGS. Noted by Kazu Yamamoto. * Makefile.am (gpgsm_LDADD): Added PTH_LIBS. Noted by Kazu Yamamoto.
* 2005-03-02 Moritz Schulte <[email protected]>Moritz Schulte2005-03-021-28/+49
| | | | | | | | | | | | | | | | | | | | | | * command-ssh.c (sexp_key_extract): Removed FIXME, since xtrymallos does set errno correctly by now. (sexp_extract_identifier): Remove const attribute from identifier. (ssh_handler_request_identities): Remove const attribute from key_type; removes ugly casts and FIXME. (sexp_key_extract): Remove const attribute from comment. (ssh_send_key_public): Remove const attribute from key_type/comment; removes ugly cast. (data_sign): Remove const attribute from identifier; removes ugly cast. (key_secret_to_public): Remove const attribute from comment; removes ugly cast. (ssh_handler_sign_request): Remove const attribute from p. (sexp_key_extract): Use make_cstring(). (ssh_key_extract_comment): Likewise. (ssh_key_to_buffer): Use secure memory for memory area to hold the key S-Expression. Added more comments.
* * findkey.c (modify_description): Keep invalid % escapes, so thatWerner Koch2005-02-251-28/+128
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | %0A may pass through. * agent.h (server_control_s): New field USE_AUTH_CALL. * call-scd.c (agent_card_pksign): Make use of it. * command-ssh.c (data_sign): Set the flag. (ssh_send_key_public): New arg OVERRIDE_COMMENT. (card_key_available): Add new arg CARDSN. (ssh_handler_request_identities): Use the card s/n as comment. (sexp_key_extract): Use GCRYMPI_FMT_STD. (data_sign): Ditto. * learncard.c (make_shadow_info): Moved to .. * protect.c (make_shadow_info): .. here. Return NULL on malloc failure. Made global. * agent.h: Add prototype. * xasprintf.c (xtryasprintf): New. * app-openpgp.c (get_public_key): Make sure not to return negative numbers. (do_sign): Allow passing of indata with algorithm prefix. (do_auth): Allow OPENPGP.3 as an alternative ID. * app.c (app_getattr): Return just the S/N but not the timestamp. * no-libgcrypt.c (gcry_strdup): New.
* * call-scd.c (unescape_status_string): New. Actual a copy ofWerner Koch2005-02-241-66/+142
| | | | | | | | | | | | | | | | | | | | | | ../g10/call-agent.c (card_getattr_cb, agent_card_getattr): New. * command-ssh.c (card_key_available): New. (ssh_handler_request_identities): First see whether a card key is available. * app.c (app_getattr): Return APPTYPE or SERIALNO type even if the application does dot support the getattr call. * app.c (select_application): Return an error code and the application context in an new arg. * command.c (open_card): Adjusted for that. Don't use the fallback if no card is present. Return an error if the card has been removed without a reset. (do_reset, cmd_serialno): Clear that error flag. (TEST_CARD_REMOVAL): New. Use it with all command handlers. (scd_update_reader_status_file): Set the error flag on all changes.
* * command-ssh.c (get_passphrase): Removed.Werner Koch2005-02-231-76/+287
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (ssh_identity_register): Partly rewritten. (open_control_file, search_control_file, add_control_entry): New. (ssh_handler_request_identities): Return only files listed in our control file. * findkey.c (unprotect): Check for allocation error. * agent.h (opt): Add fields to record the startup terminal settings. * gpg-agent.c (main): Record them and do not force keep display with --enable-ssh-support. * command-ssh.c (start_command_handler_ssh): Use them here. * gpg-agent.c: Renamed option --ssh-support to --enable-ssh-support. * command.c (cmd_readkey): New. (register_commands): Register new command "READKEY". * command-ssh.c (ssh_request_process): Improved logging. * findkey.c (agent_write_private_key): Always use plain open. Don't depend on an umask for permissions. (agent_key_from_file): Factored file reading code out to .. (read_key_file): .. new function. (agent_public_key_from_file): New.
* (stream_read_string): Removed call to abort onWerner Koch2005-02-221-8/+5
| | | | | | | memory error because the CVS version of libgcrypt makes sure that ERRNO gets always set on error even with a faulty user supplied function.
* 2005-02-19 Moritz Schulte <[email protected]>Moritz Schulte2005-02-191-38/+77
| | | | | | | | | | | | | | | | * command-ssh.c (ssh_receive_mpint_list): Slightly rewritten, do not use elems_secret member of key_spec. (ssh_key_type_spec): Removed member: elems_secret. (ssh_key_types): Removed elems_secret data. (ssh_sexp_construct): Renamed to ... (sexp_key_construct): ... this; changed callers. (ssh_sexp_extract): Renamed to ... (sexp_key_extract): ... this; changed callers. (ssh_sexp_extract_key_type): Renamed to ... (sexp_extract_identifier): ... this; changed callers; use make_cstring(). Added more comments.
* 2005-02-18 Moritz Schulte <[email protected]>Moritz Schulte2005-02-181-111/+39
| | | | | | | | | | * command-ssh.c (ssh_sexp_construct): Rewritten generation of sexp template, clarified. (ssh_sexp_extract): Support shadowed-private-key-sexp; treat protected-private key and shadowed-private-key as public keys. (key_secret_to_public): Rewritten: simply use ssh_sexp_extract() and ssh_sexp_construct().
* 2005-02-14 Moritz Schulte <[email protected]>Moritz Schulte2005-02-141-17/+12
| | | | | | * command-ssh.c (uint32_construct): New macro ... (stream_read_uint32): ... use it; removed unnecessary cast.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 21:31:23 +0000