aboutsummaryrefslogtreecommitdiffstats
path: root/agent (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* tests: Use module_tests for testing agent/.NIIBE Yutaka2022-04-262-2/+4
| | | | | | | | | * agent/Makefile.am (module_test): New. * agent/all-tests.scm: Use module_tests instead of TESTS. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Deprecate the --supervised options.Werner Koch2022-04-251-1/+4
| | | | | | | | * agent/gpg-agent.c (main): Mark --supervised as deprecated. * dirmngr/dirmngr.c (main): Ditto. -- The supervised thing causes more trouble than it pretends to solve.
* agent: Not writing password into file.NIIBE Yutaka2022-04-221-35/+20
| | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke pattern check program. -- GnuPG-bug-id: 5917 Signed-off-by: NIIBE Yutaka <[email protected]>
* ssh: Returned faked response for the new session-bind extension.Werner Koch2022-04-141-0/+14
| | | | | | | | | | | | | | | | * agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New. (SSH_OPT_CONSTRAIN_EXTENSION): New. (ssh_handler_add_identity): Ignore them. (ssh_handler_extension): Take success for session-bind. -- OpenSSH 8.9 does not gracefully allow communication with older agent implementations. Until this new OpenSSH feature has been settled we return a faked response. Code has not yet been tested. GnuPG-bug-id: 5931
* agent: Ignore MD5 Fingerprints for ssh keysJakub Jelen2022-04-141-2/+4
| | | | | | | | -- * agent/command-ssh.c (add_control_entry): Ignore failure of the MD5 digest Signed-off-by: Jakub Jelen <[email protected]>
* agent: Fix for possible support of Cygwin OpenSSH.NIIBE Yutaka2022-04-071-1/+5
| | | | | | | | | | | * agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen. -- With new (not-yet-released) libgpg-error, gpg-agent should be able to handle connection from Cygwin version of OpenSSH. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:w32: Fix for use of socket.NIIBE Yutaka2022-04-041-7/+7
| | | | | | | | | | * agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for socket, until call of socket API. (start_command_handler_ssh): Don't convert here. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: KEYTOCARD prefers to specified time.NIIBE Yutaka2022-03-281-12/+11
| | | | | | | | | | * agent/command.c (cmd_keytocard): Timestamp at "Created:" field is only used when time is not specified. -- Fixes-commit: c795be79c14fac01b984bdc2e2041d2141f27612 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Use "Created:" field for creation time.NIIBE Yutaka2022-03-255-21/+36
| | | | | | | | | | | | | | * agent/agent.h (agent_key_from_file): Change the declaration. * agent/findkey.c (agent_key_from_file): Return timestamp. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change. * agent/pksign.c (agent_pkdecrypt): Likewise. * agent/command.c (cmd_passwd, cmd_export_key): Likewise. (cmd_keytocard): Use timestamp in private key file in "Created:". -- GnuPG-bug-id: 5538 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Print the correct daemon name in presence of a --foo-program.Werner Koch2022-02-271-1/+2
| | | | | | | | * agent/call-daemon.c (wait_child_thread): Print the correct name. -- This makes sure that the log print the actual used name if for example --pinentry-program was used.
* agent: New flag "qual" for the trustlist.txt.Werner Koch2022-02-271-15/+17
| | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Add flag "qual". (read_one_trustfile): Rename arg "allow_include" to "systrust" and change callers. Parse new flag "qual". (istrusted_internal): Print all flags. * sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag. * sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified". * sm/certchain.c (do_validate_chain): Take care of the qualified flag.
* ssh: Fix adding an ed25519 key with a zero length comment.Werner Koch2022-01-281-4/+10
| | | | | | | | | | | | | | | | * agent/command-ssh.c (sexp_key_construct): Do not put an empty string into an S-expression. (stream_read_string): Do not not try to a read a zero length block. -- Actually we could handles this different by not putting a comment tag into the s-expression, however this requires more code and at other places we already return "(none)" instead of an empty comment. The second fix is more or less a cosmetic thing to get better error messages in case the underlying read system call returns an error. GnuPG-bug-id: 5794
* agent: always use hexgrip when storing key passwordJames Bottomley via Gnupg-devel2022-01-241-4/+15
| | | | | | | | | | | -- The current code uses the binary ctrl->keygrip, but all the passphrase storage engines expect this to be a string, so convert the binary keygrip to a hex one before passing it in as the keyid. This fixes a crash seen in some libsecret implementations where a non-ascii keyid isn't well handled. Signed-off-by: James Bottomley <[email protected]>
* agent: Fix comment for .po generation.NIIBE Yutaka2021-12-211-3/+3
| | | | | | | | | * agent/call-pinentry.c (setup_formatted_passphrase): Move comment to inside. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Print the non-option warning earlier.Werner Koch2021-11-141-10/+10
| | | | | | | | * agent/gpg-agent.c (main): Move detection up. -- The problem is that PARGS is re-used and when detecting a possible incorrect use, the flag that "--" has already been seen has gone.
* agent,dirmngr: New option --steal-socketWerner Koch2021-11-131-8/+20
| | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. (create_server_socket): Implement option. * dirmngr/dirmngr.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. Add comment to eventually implement it. -- Note that --steal-socket has currently no effect on dirmngr because dirmngr does this anway. Signed-off-by: Werner Koch <[email protected]>
* agent: Avoid uninitialized buffer.Jakub Jelen2021-11-121-1/+1
| | | | | | | | | | | * agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to avoid its use on unexpected inputs. -- GnuPG-bug-id: 5393 Co-authored-by: NIIBE Yutaka <[email protected]> Signed-off-by: Jakub Jelen <[email protected]>
* agent: Correctly free memory on error path.Jakub Jelen2021-11-121-1/+4
| | | | | | | | | * agent/protect.c (merge_lists): Free memory on error. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2021-10-052-2/+2
| | | | | | | | | | | | | | | | * agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix calibrate_get_time use of clock_gettime.NIIBE Yutaka2021-10-051-1/+22
| | | | | | | | | | | * agent/protect.c (USE_CLOCK_GETTIME): New macro. (calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME. -- GnuPG-bug-id: 5623 Fixes-commit: 380bce13d94ff03c96e39ac1d834f382c5c730a1 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix segv in GET_PASSPHRASE (regression)Werner Koch2021-09-071-1/+1
| | | | | | | | | * agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always NULL. -- Fixes-commit: b89b1f35c29ceaebe39b31444936aa66c9297f2c GnuPG-bug-id: 5577
* agent: Use the sysconfdir for a pattern file.Werner Koch2021-08-181-1/+28
| | | | * agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
* agent: Ignore passphrase constraints for a generated passphrase.Werner Koch2021-08-183-34/+69
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
* agent: Improve the GENPIN callback.Werner Koch2021-08-181-9/+14
| | | | | | * agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ... (DEFAULT_GENPIN_BITS): this and increase to 150. (generate_pin): Make sure that we use at least 128 bits.
* agent: Fix for zero length help string in pinentry hints.Werner Koch2021-08-181-13/+31
| | | | | | | | | | | | * agent/call-pinentry.c: Remove unused assert.h. (inq_cb): Fix use use of assuan_end_confidential in case of nested use. (do_getpin): Ditto. (setup_formatted_passphrase): Escape the help string. (setup_enforced_constraints): Ignore empty help strings. -- (Ported from 2.2)
* agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pientWerner Koch2021-08-131-1/+8
| | | | * agent/call-pinentry.c (atfork_core): Pass DISPLAY.
* agent: New option --check-sym-passphrase-pattern.Werner Koch2021-08-135-25/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oCheckSymPassphrasePattern): New. (opts): Add --check-sym-passphrase-pattern. (parse_rereadable_options): Set option. (main): Return option info. * tools/gpgconf-comp.c: Add new option. * agent/agent.h (opt): Add var check_sym_passphrase_pattern. (struct pin_entry_info_s): Add var constraints_flags. (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. (CHECK_CONSTRAINTS_NEW_SYMKEY): New. * agent/genkey.c (check_passphrase_pattern): Rename to ... (do_check_passphrase_pattern): this to make code reading easier. Handle the --check-sym-passphrase-pattern option. (check_passphrase_constraints): Replace arg no_empty by a generic flags arg. Also handle --check-sym-passphrase-pattern here. * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass CHECK_CONSTRAINTS_NEW_SYMKEY flag. * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. (struct inq_cb_parm_s): New. (inq_cb): Use new struct for parameter passing. Pass flags to teh constraints checking. (do_getpin): Pass constraints flag down. (agent_askpin): Take constrainst flag from the supplied pinentry struct. -- Requirements for a passphrase to protect a private key and for a passphrase used for symmetric encryption are different. Thus a the use of a different pattern file will be useful. Note that a pattern file can be used to replace the other passphrase constraints options and thus we don't need to duplicate them for symmetric encryption. GnuPG-bug-id: 5517 Signed-off-by: Werner Koch <[email protected]>
* agent: Make --pinentry-formatted-passphrase a simple flagIngo Klöcker2021-08-123-21/+5
| | | | | | | | | | | | | | * agent/agent.h (opt): Change type of pinentry_formatted_passphrase to int (as for other flags). * agent/call-pinentry.c (setup_formatted_passphrase): Remove no longer needed translated strings. Write option without value to Assuan connection. * agent/gpg-agent.c (opts): Use ARGPARSE_s_n for oPinentryFormattedPassphrase. (parse_rereadable_options): Set option to 1. -- GnuPG-bug-id: 5553, 5517
* agent: Add checkpin inquiry for pinentryIngo Klöcker2021-08-101-0/+104
| | | | | | | | | | | | | | | | * agent/call-pinentry.c (inq_cb): Handle checkpin inquiry. (setup_enforced_constraints): New. (agent_get_passphrase): Call setup_enforced_constraints if new passphrase is requested. -- This implements the gpg-agent side for checking whether a new passphrase entered by the user in pinentry satisfies the passphrase constraints. Performing a checkpin inquiry is only allowed if the passphrase constraints are enforced. setup_enforced_constraints sends necessary options and translated strings to pinentry. GnuPG-bug-id: 5517, 5532
* agent: New option --pinentry-formatted-passphraseIngo Klöcker2021-08-103-0/+80
| | | | | | | | | | | | * agent/agent.h (opt): Add field pinentry_formatted_passphrase. * agent/call-pinentry.c (setup_formatted_passphrase): New. (agent_get_passphrase): Pass option to pinentry. * agent/gpg-agent.c (oPinentryFormattedPassphrase): New. (opts): Add option. (parse_rereadable_options): Set option. -- GnuPG-bug-id: 5517
* agent: Add translatable text for Caps Lock hintIngo Klöcker2021-07-211-0/+1
| | | | | | | * agent/call-pinentry.c (start_pinentry): Add new default text. -- GnuPG-bug-id: 4950
* agent: Fix regression in agent_get_shadow_info_type.Werner Koch2021-06-251-2/+6
| | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): Return the correct value. -- Fixes-commit: 33a2362e566c0e0d7011abf2e5fa5704d7cb4206 GnuPG-bug-id: 5393
* agent: Fix importing protected secret key.NIIBE Yutaka2021-06-091-21/+49
| | | | | | | | | | * agent/cvt-openpgp.c (do_unprotect): Only modify SKEY when it is correctly decrypted. -- GnuPG-bug-id: 5122 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Appropriate error code for importing key with no passwd.NIIBE Yutaka2021-06-041-0/+2
| | | | | | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Return GPG_ERR_BAD_SECKEY. -- When non-protected case, error at gcry_pk_testkey results GPG_ERR_BAD_PASSPHRASE. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix calling handle_pincache_put.NIIBE Yutaka2021-05-281-1/+1
| | | | | | | | | | * agent/call-scd.c (padding_info_cb): Fix the argument. -- GnuPG-bug-id: 5436 Reported-by: Bogdan Luca Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix memory leaksJakub Jelen2021-05-203-22/+30
| | | | | | | | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): free wctp * agent/call-scd.c (agent_card_pksign): return error instead of noop (card_keyinfo_cb): free keyinfo. Restructure to avoid a goto backwards. * agent/protect.c (agent_get_shadow_info_type): allocate only as a last action. Catch xtrymalloc failure. (agent_is_tpm2_key): Free buf. -- Signed-off-by: Jakub Jelen <[email protected]> Additional changes are: - Restructure to avoid a goto backwards. - Catch xtrymalloc failure. GnuPG-bug-id: 5393 Signed-off-by: Werner Koch <[email protected]>
* agent: Avoid memory leaks in error code paths.Jakub Jelen2021-05-205-8/+22
| | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_genkey): Use goto instead of return. * agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto. * agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct pointer (agent_genkey): Release memory * agent/gpg-agent.c (check_own_socket): Free sockname * agent/protect-tool.c (read_key): Free buf. (agent_askpin): Free passphrase -- Signed-off-by: Jakub Jelen <[email protected]> Changed original patch to not add a free before a GPG_ERR_BUG. Signed-off-by: Werner Koch <[email protected]> GnuPG-bug-id: 5393
* gpg: Improve speed of secret key listing.Werner Koch2021-05-191-34/+143
| | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_keyinfo): Factor some code out to ... (get_keyinfo_on_cards): ... new. (cmd_havekey): Add --list mode. * g10/gpg.h (struct server_control_s): Add new caching vars. * g10/gpg.c (gpg_deinit_default_ctrl): Release cache. * g10/call-agent.c (agent_probe_any_secret_key): Init and try to use the keygrip cache. (agent_genkey): Clear the cache. (agent_import_key): Ditto. * g10/keylist.c (list_all, list_one): Pass ctrl to agent_probe_any_secret_key. * g10/getkey.c (lookup): Ditto. -- With this change we first ask the agent for a list of all secret keygrips and use that list instead of asking the agent for each public key. Speeds up my "gpg -K" with a lot of secret and public keys by more than 25%. Signed-off-by: Werner Koch <[email protected]>
* agent: Use SHA-256 for SSH fingerprint by defaultWerner Koch2021-05-121-2/+2
| | | | | | | | | | | * agent/gpg-agent.c (parse_rereadable_options): Change default ssh fingerprint digest. (main): Ditto. -- Co-authored-by: Jakub Jelen <[email protected]> GnuPG-bug-id: 5434 Signed-off-by: Werner Koch <[email protected]>
* A few minor code cleanups and typo fixes.Werner Koch2021-05-111-1/+1
| | | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Remove double check of ERR. * g10/getkey.c (get_pubkey_byname): Remove double use of break. * g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to failed malloc. Signed-off-by: Werner Koch <[email protected]>
* agent,w32: Silence the get_peercred failed diagnosticWerner Koch2021-04-231-1/+6
| | | | --
* gpg: Allow decryption w/o public key but with correct card inserted.Werner Koch2021-04-231-5/+13
| | | | | | | | | | | * agent/command.c (cmd_readkey): Add option --no-data and special handling for $SIGNKEYID and $AUTHKEYID. * g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR output. * g10/skclist.c (enum_secret_keys): Automagically get a missing public key for the current card. Signed-off-by: Werner Koch <[email protected]>
* agent: Require verbose level 2 for handler started/terminated notices.Werner Koch2021-04-231-2/+2
| | | | | * agent/gpg-agent.c (do_start_connection_thread): Silence diags even more.
* agent: Silence error messages for READKEY --cardWerner Koch2021-04-212-6/+9
| | | | | * agent/command.c (cmd_readkey): Test for shadow key before creating it.
* Support log-file option from common.conf for all daemon.Werner Koch2021-04-201-1/+27
| | | | | | | | | | | | | | | | * agent/gpg-agent.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * dirmngr/dirmngr.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * kbx/keyboxd.c: Include comopt.h. (main): Read log-file option from common.conf. (reread_configuration): Ditto. * scd/scdaemon.c: Include comopt.h. (main): Read log-file option from common.conf. Signed-off-by: Werner Koch <[email protected]>
* agent,kbx: Add LIBASSUAN_CLFAGS.Jakub Jelen2021-04-131-0/+2
| | | | | | | | | | | | * agent/Makefile.am (gpg_preset_passphrase_CFLAGS, t_protect_CFLAGS): Add LIBASSUAN_CFLAGS. * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Likewise. -- GnuPG-bug-id: 5389 Signed-off-by: Jakub Jelen <[email protected]>
* agent: Skip unknown unknown ssh curves seen on cards.Werner Koch2021-03-291-6/+16
| | | | | | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Skip unknown curves. -- For example when using my standard ed25519 token and testing cards with only Brainpool support, the ssh-agent failed due to the unknown curves seen on the card. This patches fixes this by ignoring keys with unknown curves. Signed-off-by: Werner Koch <[email protected]>
* agent: Add debug output for failed RSA signature verificationWerner Koch2021-03-261-0/+8
| | | | | | | | | | | | * agent/pksign.c (agent_pksign_do): Support ECC and DSA verification and print some debug info in the error case. -- Note that the addition of do_encode_dsa has no immediate effect because we use the code only for RSA. However, for debugging it can be useful to change the code to check also other created signatures. Signed-off-by: Werner Koch <[email protected]>
* agent: Simplify a function.Werner Koch2021-03-181-32/+23
| | | | | | | * agent/findkey.c (agent_public_key_from_file): Use a membuf instead of handcounting space. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --no-auto-trust-new-key.Beta-2.3.0-beta1655Werner Koch2021-03-151-1/+1
| | | | | | | | | * g10/gpg.c (oNoAutoTrustNewKey): New. (opts): Add --no-auto-trust-new-key. (main): Set it. * g10/options.h (opt): Add flags.no_auto_trust_new_key. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 21:10:39 +0000