aboutsummaryrefslogtreecommitdiffstats
path: root/agent (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* agent: Handle USAGE information in KEYINFO.NIIBE Yutaka2022-05-262-4/+25
| | | | | | | | | | | * agent/agent.h (struct card_key_info_s): Add USAGE field. * agent/call-scd.c (card_keyinfo_cb): Parse USAGE field. Allow optional SERIALNO, IDSTR, and USAGE fields. Fix releasing on possible allocation error. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.NIIBE Yutaka2022-05-252-5/+21
| | | | | | | | | | | | | * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. (cmd_put_secret): Likewise. * scd/command.c (pin_cb): Likewise. -- GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add missing assuan_end_confidential call.NIIBE Yutaka2022-05-251-0/+1
| | | | | | | | * agent/command.c (send_back_passphrase): Fix. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix a bug accessing after release when opt.verbose.NIIBE Yutaka2022-05-201-4/+4
| | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Don't release KEY_PUBLIC too early. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Factor out handling scanning over ssh keys.NIIBE Yutaka2022-05-201-42/+48
| | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): New. (ssh_handler_request_identities): Use ssh_send_available_keys. -- GnuPG-bug-id: 5985 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Show "Label:" field of private key when prompt the insertion.NIIBE Yutaka2022-05-201-24/+27
| | | | | | | | | | * agent/findkey.c (prompt_for_card): Use "Label:" field. (agent_key_from_file): Use KEYMETA. -- GnuPG-bug-id: 5986 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Move confirmation handling into findkey.c.NIIBE Yutaka2022-05-206-165/+151
| | | | | | | | | | | | | | | | | | * agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API. (divert_pksign, divert_pkdecrypt): Likewise. * agent/divert-scd.c (ask_for_card): Remove. (divert_pksign, divert_pkdecrypt): Don't call ask_for_card. * agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Remove DESC_TEXT argument. * agent/findkey.c (prompt_for_card): New (was: ask_for_card). (agent_key_from_file): Call prompt_for_card when it's a key on card. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API. * agent/pksign.c (agent_pksign_do): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Pop up dialog window for confirmation, when specified so.NIIBE Yutaka2022-05-192-0/+46
| | | | | | | | | * agent/findkey.c (agent_key_from_file): Support "Confirm:". -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Supply GRIP=NULL for agent_key_from_file, for real use.NIIBE Yutaka2022-05-193-18/+19
| | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Change the semantics of GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH. * agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL. * agent/pksign.c (agent_pksign_do): Likewise. -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Use module_tests for testing agent/.NIIBE Yutaka2022-04-262-2/+4
| | | | | | | | | * agent/Makefile.am (module_test): New. * agent/all-tests.scm: Use module_tests instead of TESTS. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Deprecate the --supervised options.Werner Koch2022-04-251-1/+4
| | | | | | | | * agent/gpg-agent.c (main): Mark --supervised as deprecated. * dirmngr/dirmngr.c (main): Ditto. -- The supervised thing causes more trouble than it pretends to solve.
* agent: Not writing password into file.NIIBE Yutaka2022-04-221-35/+20
| | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke pattern check program. -- GnuPG-bug-id: 5917 Signed-off-by: NIIBE Yutaka <[email protected]>
* ssh: Returned faked response for the new session-bind extension.Werner Koch2022-04-141-0/+14
| | | | | | | | | | | | | | | | * agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New. (SSH_OPT_CONSTRAIN_EXTENSION): New. (ssh_handler_add_identity): Ignore them. (ssh_handler_extension): Take success for session-bind. -- OpenSSH 8.9 does not gracefully allow communication with older agent implementations. Until this new OpenSSH feature has been settled we return a faked response. Code has not yet been tested. GnuPG-bug-id: 5931
* agent: Ignore MD5 Fingerprints for ssh keysJakub Jelen2022-04-141-2/+4
| | | | | | | | -- * agent/command-ssh.c (add_control_entry): Ignore failure of the MD5 digest Signed-off-by: Jakub Jelen <[email protected]>
* agent: Fix for possible support of Cygwin OpenSSH.NIIBE Yutaka2022-04-071-1/+5
| | | | | | | | | | | * agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen. -- With new (not-yet-released) libgpg-error, gpg-agent should be able to handle connection from Cygwin version of OpenSSH. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:w32: Fix for use of socket.NIIBE Yutaka2022-04-041-7/+7
| | | | | | | | | | * agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for socket, until call of socket API. (start_command_handler_ssh): Don't convert here. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: KEYTOCARD prefers to specified time.NIIBE Yutaka2022-03-281-12/+11
| | | | | | | | | | * agent/command.c (cmd_keytocard): Timestamp at "Created:" field is only used when time is not specified. -- Fixes-commit: c795be79c14fac01b984bdc2e2041d2141f27612 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Use "Created:" field for creation time.NIIBE Yutaka2022-03-255-21/+36
| | | | | | | | | | | | | | * agent/agent.h (agent_key_from_file): Change the declaration. * agent/findkey.c (agent_key_from_file): Return timestamp. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change. * agent/pksign.c (agent_pkdecrypt): Likewise. * agent/command.c (cmd_passwd, cmd_export_key): Likewise. (cmd_keytocard): Use timestamp in private key file in "Created:". -- GnuPG-bug-id: 5538 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Print the correct daemon name in presence of a --foo-program.Werner Koch2022-02-271-1/+2
| | | | | | | | * agent/call-daemon.c (wait_child_thread): Print the correct name. -- This makes sure that the log print the actual used name if for example --pinentry-program was used.
* agent: New flag "qual" for the trustlist.txt.Werner Koch2022-02-271-15/+17
| | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Add flag "qual". (read_one_trustfile): Rename arg "allow_include" to "systrust" and change callers. Parse new flag "qual". (istrusted_internal): Print all flags. * sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag. * sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified". * sm/certchain.c (do_validate_chain): Take care of the qualified flag.
* ssh: Fix adding an ed25519 key with a zero length comment.Werner Koch2022-01-281-4/+10
| | | | | | | | | | | | | | | | * agent/command-ssh.c (sexp_key_construct): Do not put an empty string into an S-expression. (stream_read_string): Do not not try to a read a zero length block. -- Actually we could handles this different by not putting a comment tag into the s-expression, however this requires more code and at other places we already return "(none)" instead of an empty comment. The second fix is more or less a cosmetic thing to get better error messages in case the underlying read system call returns an error. GnuPG-bug-id: 5794
* agent: always use hexgrip when storing key passwordJames Bottomley via Gnupg-devel2022-01-241-4/+15
| | | | | | | | | | | -- The current code uses the binary ctrl->keygrip, but all the passphrase storage engines expect this to be a string, so convert the binary keygrip to a hex one before passing it in as the keyid. This fixes a crash seen in some libsecret implementations where a non-ascii keyid isn't well handled. Signed-off-by: James Bottomley <[email protected]>
* agent: Fix comment for .po generation.NIIBE Yutaka2021-12-211-3/+3
| | | | | | | | | * agent/call-pinentry.c (setup_formatted_passphrase): Move comment to inside. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Print the non-option warning earlier.Werner Koch2021-11-141-10/+10
| | | | | | | | * agent/gpg-agent.c (main): Move detection up. -- The problem is that PARGS is re-used and when detecting a possible incorrect use, the flag that "--" has already been seen has gone.
* agent,dirmngr: New option --steal-socketWerner Koch2021-11-131-8/+20
| | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. (create_server_socket): Implement option. * dirmngr/dirmngr.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. Add comment to eventually implement it. -- Note that --steal-socket has currently no effect on dirmngr because dirmngr does this anway. Signed-off-by: Werner Koch <[email protected]>
* agent: Avoid uninitialized buffer.Jakub Jelen2021-11-121-1/+1
| | | | | | | | | | | * agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to avoid its use on unexpected inputs. -- GnuPG-bug-id: 5393 Co-authored-by: NIIBE Yutaka <[email protected]> Signed-off-by: Jakub Jelen <[email protected]>
* agent: Correctly free memory on error path.Jakub Jelen2021-11-121-1/+4
| | | | | | | | | * agent/protect.c (merge_lists): Free memory on error. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2021-10-052-2/+2
| | | | | | | | | | | | | | | | * agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix calibrate_get_time use of clock_gettime.NIIBE Yutaka2021-10-051-1/+22
| | | | | | | | | | | * agent/protect.c (USE_CLOCK_GETTIME): New macro. (calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME. -- GnuPG-bug-id: 5623 Fixes-commit: 380bce13d94ff03c96e39ac1d834f382c5c730a1 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix segv in GET_PASSPHRASE (regression)Werner Koch2021-09-071-1/+1
| | | | | | | | | * agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always NULL. -- Fixes-commit: b89b1f35c29ceaebe39b31444936aa66c9297f2c GnuPG-bug-id: 5577
* agent: Use the sysconfdir for a pattern file.Werner Koch2021-08-181-1/+28
| | | | * agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
* agent: Ignore passphrase constraints for a generated passphrase.Werner Koch2021-08-183-34/+69
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
* agent: Improve the GENPIN callback.Werner Koch2021-08-181-9/+14
| | | | | | * agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ... (DEFAULT_GENPIN_BITS): this and increase to 150. (generate_pin): Make sure that we use at least 128 bits.
* agent: Fix for zero length help string in pinentry hints.Werner Koch2021-08-181-13/+31
| | | | | | | | | | | | * agent/call-pinentry.c: Remove unused assert.h. (inq_cb): Fix use use of assuan_end_confidential in case of nested use. (do_getpin): Ditto. (setup_formatted_passphrase): Escape the help string. (setup_enforced_constraints): Ignore empty help strings. -- (Ported from 2.2)
* agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pientWerner Koch2021-08-131-1/+8
| | | | * agent/call-pinentry.c (atfork_core): Pass DISPLAY.
* agent: New option --check-sym-passphrase-pattern.Werner Koch2021-08-135-25/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oCheckSymPassphrasePattern): New. (opts): Add --check-sym-passphrase-pattern. (parse_rereadable_options): Set option. (main): Return option info. * tools/gpgconf-comp.c: Add new option. * agent/agent.h (opt): Add var check_sym_passphrase_pattern. (struct pin_entry_info_s): Add var constraints_flags. (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. (CHECK_CONSTRAINTS_NEW_SYMKEY): New. * agent/genkey.c (check_passphrase_pattern): Rename to ... (do_check_passphrase_pattern): this to make code reading easier. Handle the --check-sym-passphrase-pattern option. (check_passphrase_constraints): Replace arg no_empty by a generic flags arg. Also handle --check-sym-passphrase-pattern here. * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass CHECK_CONSTRAINTS_NEW_SYMKEY flag. * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. (struct inq_cb_parm_s): New. (inq_cb): Use new struct for parameter passing. Pass flags to teh constraints checking. (do_getpin): Pass constraints flag down. (agent_askpin): Take constrainst flag from the supplied pinentry struct. -- Requirements for a passphrase to protect a private key and for a passphrase used for symmetric encryption are different. Thus a the use of a different pattern file will be useful. Note that a pattern file can be used to replace the other passphrase constraints options and thus we don't need to duplicate them for symmetric encryption. GnuPG-bug-id: 5517 Signed-off-by: Werner Koch <[email protected]>
* agent: Make --pinentry-formatted-passphrase a simple flagIngo Klöcker2021-08-123-21/+5
| | | | | | | | | | | | | | * agent/agent.h (opt): Change type of pinentry_formatted_passphrase to int (as for other flags). * agent/call-pinentry.c (setup_formatted_passphrase): Remove no longer needed translated strings. Write option without value to Assuan connection. * agent/gpg-agent.c (opts): Use ARGPARSE_s_n for oPinentryFormattedPassphrase. (parse_rereadable_options): Set option to 1. -- GnuPG-bug-id: 5553, 5517
* agent: Add checkpin inquiry for pinentryIngo Klöcker2021-08-101-0/+104
| | | | | | | | | | | | | | | | * agent/call-pinentry.c (inq_cb): Handle checkpin inquiry. (setup_enforced_constraints): New. (agent_get_passphrase): Call setup_enforced_constraints if new passphrase is requested. -- This implements the gpg-agent side for checking whether a new passphrase entered by the user in pinentry satisfies the passphrase constraints. Performing a checkpin inquiry is only allowed if the passphrase constraints are enforced. setup_enforced_constraints sends necessary options and translated strings to pinentry. GnuPG-bug-id: 5517, 5532
* agent: New option --pinentry-formatted-passphraseIngo Klöcker2021-08-103-0/+80
| | | | | | | | | | | | * agent/agent.h (opt): Add field pinentry_formatted_passphrase. * agent/call-pinentry.c (setup_formatted_passphrase): New. (agent_get_passphrase): Pass option to pinentry. * agent/gpg-agent.c (oPinentryFormattedPassphrase): New. (opts): Add option. (parse_rereadable_options): Set option. -- GnuPG-bug-id: 5517
* agent: Add translatable text for Caps Lock hintIngo Klöcker2021-07-211-0/+1
| | | | | | | * agent/call-pinentry.c (start_pinentry): Add new default text. -- GnuPG-bug-id: 4950
* agent: Fix regression in agent_get_shadow_info_type.Werner Koch2021-06-251-2/+6
| | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): Return the correct value. -- Fixes-commit: 33a2362e566c0e0d7011abf2e5fa5704d7cb4206 GnuPG-bug-id: 5393
* agent: Fix importing protected secret key.NIIBE Yutaka2021-06-091-21/+49
| | | | | | | | | | * agent/cvt-openpgp.c (do_unprotect): Only modify SKEY when it is correctly decrypted. -- GnuPG-bug-id: 5122 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Appropriate error code for importing key with no passwd.NIIBE Yutaka2021-06-041-0/+2
| | | | | | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Return GPG_ERR_BAD_SECKEY. -- When non-protected case, error at gcry_pk_testkey results GPG_ERR_BAD_PASSPHRASE. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix calling handle_pincache_put.NIIBE Yutaka2021-05-281-1/+1
| | | | | | | | | | * agent/call-scd.c (padding_info_cb): Fix the argument. -- GnuPG-bug-id: 5436 Reported-by: Bogdan Luca Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix memory leaksJakub Jelen2021-05-203-22/+30
| | | | | | | | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): free wctp * agent/call-scd.c (agent_card_pksign): return error instead of noop (card_keyinfo_cb): free keyinfo. Restructure to avoid a goto backwards. * agent/protect.c (agent_get_shadow_info_type): allocate only as a last action. Catch xtrymalloc failure. (agent_is_tpm2_key): Free buf. -- Signed-off-by: Jakub Jelen <[email protected]> Additional changes are: - Restructure to avoid a goto backwards. - Catch xtrymalloc failure. GnuPG-bug-id: 5393 Signed-off-by: Werner Koch <[email protected]>
* agent: Avoid memory leaks in error code paths.Jakub Jelen2021-05-205-8/+22
| | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_genkey): Use goto instead of return. * agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto. * agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct pointer (agent_genkey): Release memory * agent/gpg-agent.c (check_own_socket): Free sockname * agent/protect-tool.c (read_key): Free buf. (agent_askpin): Free passphrase -- Signed-off-by: Jakub Jelen <[email protected]> Changed original patch to not add a free before a GPG_ERR_BUG. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 5393
* gpg: Improve speed of secret key listing.Werner Koch2021-05-191-34/+143
| | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_keyinfo): Factor some code out to ... (get_keyinfo_on_cards): ... new. (cmd_havekey): Add --list mode. * g10/gpg.h (struct server_control_s): Add new caching vars. * g10/gpg.c (gpg_deinit_default_ctrl): Release cache. * g10/call-agent.c (agent_probe_any_secret_key): Init and try to use the keygrip cache. (agent_genkey): Clear the cache. (agent_import_key): Ditto. * g10/keylist.c (list_all, list_one): Pass ctrl to agent_probe_any_secret_key. * g10/getkey.c (lookup): Ditto. -- With this change we first ask the agent for a list of all secret keygrips and use that list instead of asking the agent for each public key. Speeds up my "gpg -K" with a lot of secret and public keys by more than 25%. Signed-off-by: Werner Koch <[email protected]>
* agent: Use SHA-256 for SSH fingerprint by defaultWerner Koch2021-05-121-2/+2
| | | | | | | | | | | * agent/gpg-agent.c (parse_rereadable_options): Change default ssh fingerprint digest. (main): Ditto. -- Co-authored-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5434 Signed-off-by: Werner Koch <[email protected]>
* A few minor code cleanups and typo fixes.Werner Koch2021-05-111-1/+1
| | | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Remove double check of ERR. * g10/getkey.c (get_pubkey_byname): Remove double use of break. * g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to failed malloc. Signed-off-by: Werner Koch <[email protected]>
* agent,w32: Silence the get_peercred failed diagnosticWerner Koch2021-04-231-1/+6
| | | | --
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 01:11:00 +0000