| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
PIPE_REJECT_REMOTE_CLIENTS would be enough.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command-ssh.c: Fix comments.
* agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check.
--
GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets.
* g10/gpg.c (main) <aGenRandom>: Add Level 30.
|
|
* agent/findkey.c (write_extended_private_key): Make sure
it is flushed out.
--
GnuPG-bug-id: 6035
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (cmd_keyattr): Check the ATTRNAME.
--
GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (cmd_keyattr): Write the result.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument.
(agent_update_private_key): New.
* agent/command-ssh.c (data_sign): Follow the change of the function
agent_raw_key_from_file.
* agent/command.c (do_one_keyinfo): Likewise.
(cmd_keyattr): New.
(register_commands): Add an entry of cmd_keyattr.
* agent/findkey.c (agent_update_private_key): New.
(agent_raw_key_from_file): Add R_KEYMETA argument.
--
GnuPG-bug-id: 5988
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-daemon.c (daemon_start): Don't put file descriptor from
log_get_fd to no_close_list.
* agent/call-pinentry.c (start_pinentry): Likewise.
* common/call-gpg.c (start_gpg): Likewise.
* call-syshelp.c (start_syshelp): Likewise.
* tools/gpg-connect-agent.c (main): Likewise.
--
GnuPG-bug-id: 5921
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (prompt_for_card): Don't print "(null").
|
|
* agent/command-ssh.c (ssh_send_available_keys): Do not bump
key_counter for ignored keys. Also use opt.debug instead of
opt.verbose and fix a memory leak.
--
The error shown by "ssh-add -l" before this fix was:
error fetching identities: incomplete messag
Fixes-commit: 193fcc2f7a8cca5240ce50499c54f99235a87e1c
GnuPG-bug-id: 5996
|
|
* agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New.
(opts): Add new option names.
(parse_rereadable_options): Parse options.
(finalize_rereadable_options): Reset allow-mark-trusted for the new
option.
* agent/agent.h (opt): Add fields no_user_trustlist and
sys_trustlist_name.
* agent/trustlist.c (make_sys_trustlist_name): New.
(read_one_trustfile): Use here.
(read_trustfiles): Use here. Implement --no-user-trustlist.
--
With the global options we can now avoid that a user changes the
Root-CA trust by editing the trustlist.txt. However, to implement
this we need a new option so that we don't need to rely on some magic
like --no-allow-mark-trusted has been put into a force section.
The second option makes system administration easier as it allows to
keep the trustlist in a non-distributed file.
GnuPG-bug-id: 5990
|
|
--
|
|
* agent/command.c (cmd_readkey): Handle --format=ssh to return key
in SSH format.
--
GnuPG-bug-id: 6012
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (prompt_for_card): Add "Prompt" field handling.
--
GnuPG-bug-id: 5987
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (public_key_from_file): Support "Use-for-ssh"
when it's in extended format.
--
GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_ssh_key_from_file): New.
* agent/command-ssh.c (get_ssh_keyinfo_on_cards): New.
(ssh_send_available_keys): Loop on the GNUPG_PRIVATE_KEYS_DIR.
Support keys by agent_ssh_key_from_file.
(ssh_handler_request_identities): Move card key handling to
ssh_send_available_keys.
* agent/findkey.c (public_key_from_file): New. Adding handling
for SSH.
(agent_public_key_from_file): Use public_key_from_file.
(agent_ssh_key_from_file): New.
--
GnuPG-bug-id: 5996
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (get_keyinfo_on_cards): Make it static. Don't
return bogus value on error. Return NULL when scdaemon is disabled.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (struct card_key_info_s): Add USAGE field.
* agent/call-scd.c (card_keyinfo_cb): Parse USAGE field.
Allow optional SERIALNO, IDSTR, and USAGE fields.
Fix releasing on possible allocation error.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-scd.c (inq_needpin): Call assuan_begin_confidential
and assuan_end_confidential, and wipe the memory after use.
* agent/command.c (cmd_preset_passphrase): Likewise.
(cmd_put_secret): Likewise.
* scd/command.c (pin_cb): Likewise.
--
GnuPG-bug-id: 5977
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (send_back_passphrase): Fix.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command-ssh.c (ssh_handler_request_identities): Don't release
KEY_PUBLIC too early.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command-ssh.c (ssh_send_available_keys): New.
(ssh_handler_request_identities): Use ssh_send_available_keys.
--
GnuPG-bug-id: 5985
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (prompt_for_card): Use "Label:" field.
(agent_key_from_file): Use KEYMETA.
--
GnuPG-bug-id: 5986
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API.
(divert_pksign, divert_pkdecrypt): Likewise.
* agent/divert-scd.c (ask_for_card): Remove.
(divert_pksign, divert_pkdecrypt): Don't call ask_for_card.
* agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt):
Remove DESC_TEXT argument.
* agent/findkey.c (prompt_for_card): New (was: ask_for_card).
(agent_key_from_file): Call prompt_for_card when it's a key
on card.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API.
* agent/pksign.c (agent_pksign_do): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_key_from_file): Support "Confirm:".
--
GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/findkey.c (agent_key_from_file): Change the semantics of
GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH.
* agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL.
* agent/pksign.c (agent_pksign_do): Likewise.
--
GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/Makefile.am (module_test): New.
* agent/all-tests.scm: Use module_tests instead of TESTS.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (main): Mark --supervised as deprecated.
* dirmngr/dirmngr.c (main): Ditto.
--
The supervised thing causes more trouble than it pretends to solve.
|
|
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.
--
GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New.
(SSH_OPT_CONSTRAIN_EXTENSION): New.
(ssh_handler_add_identity): Ignore them.
(ssh_handler_extension): Take success for session-bind.
--
OpenSSH 8.9 does not gracefully allow communication with older agent
implementations. Until this new OpenSSH feature has been settled we
return a faked response.
Code has not yet been tested.
GnuPG-bug-id: 5931
|
|
--
* agent/command-ssh.c (add_control_entry): Ignore failure of the MD5
digest
Signed-off-by: Jakub Jelen <[email protected]>
|
|
* agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen.
--
With new (not-yet-released) libgpg-error, gpg-agent should be able to
handle connection from Cygwin version of OpenSSH.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for
socket, until call of socket API.
(start_command_handler_ssh): Don't convert here.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/command.c (cmd_keytocard): Timestamp at "Created:" field is
only used when time is not specified.
--
Fixes-commit: c795be79c14fac01b984bdc2e2041d2141f27612
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/agent.h (agent_key_from_file): Change the declaration.
* agent/findkey.c (agent_key_from_file): Return timestamp.
* agent/pkdecrypt.c (agent_pkdecrypt): Follow the change.
* agent/pksign.c (agent_pkdecrypt): Likewise.
* agent/command.c (cmd_passwd, cmd_export_key): Likewise.
(cmd_keytocard): Use timestamp in private key file in "Created:".
--
GnuPG-bug-id: 5538
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/call-daemon.c (wait_child_thread): Print the correct name.
--
This makes sure that the log print the actual used name if for example
--pinentry-program was used.
|
|
* agent/trustlist.c (struct trustitem_s): Add flag "qual".
(read_one_trustfile): Rename arg "allow_include" to "systrust" and
change callers. Parse new flag "qual".
(istrusted_internal): Print all flags.
* sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag.
* sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified".
* sm/certchain.c (do_validate_chain): Take care of the qualified flag.
|
|
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--
Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.
The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.
GnuPG-bug-id: 5794
|
|
--
The current code uses the binary ctrl->keygrip, but all the passphrase
storage engines expect this to be a string, so convert the binary
keygrip to a hex one before passing it in as the keyid. This fixes a
crash seen in some libsecret implementations where a non-ascii keyid
isn't well handled.
Signed-off-by: James Bottomley <[email protected]>
|
|
* agent/call-pinentry.c (setup_formatted_passphrase): Move comment to
inside.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* agent/gpg-agent.c (main): Move detection up.
--
The problem is that PARGS is re-used and when detecting a possible
incorrect use, the flag that "--" has already been seen has gone.
|
|
* agent/gpg-agent.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option.
(create_server_socket): Implement option.
* dirmngr/dirmngr.c (oStealSocket): New.
(opts): Add option.
(steal_socket): New file global var.
(main): Set option. Add comment to eventually implement it.
--
Note that --steal-socket has currently no effect on dirmngr because
dirmngr does this anway.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to
avoid its use on unexpected inputs.
--
GnuPG-bug-id: 5393
Co-authored-by: NIIBE Yutaka <[email protected]>
Signed-off-by: Jakub Jelen <[email protected]>
|
