aboutsummaryrefslogtreecommitdiffstats
path: root/agent (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* agent: Don't assume "OPENPGP.3" key means "Use-for-ssh:".NIIBE Yutaka2022-06-282-17/+3
| | | | | | | | | | * agent/command-ssh.c: Fix comments. * agent/findkey.c (public_key_from_file): Remove "OPENPGP.3" check. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Do not consider --min-passphrase-len for the magic wand.Werner Koch2022-06-271-10/+11
| | | | | * agent/call-pinentry.c (generate_pin): Lock to exactly 30 octets. * g10/gpg.c (main) <aGenRandom>: Add Level 30.
* agent: Flush before calling ftruncate.NIIBE Yutaka2022-06-231-0/+2
| | | | | | | | | | * agent/findkey.c (write_extended_private_key): Make sure it is flushed out. -- GnuPG-bug-id: 6035 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: KEYATTR only allows access to attribute.NIIBE Yutaka2022-06-231-0/+8
| | | | | | | | | * agent/command.c (cmd_keyattr): Check the ATTRNAME. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix KEYATTR command for --delete option.NIIBE Yutaka2022-06-231-1/+5
| | | | | | | | * agent/command.c (cmd_keyattr): Write the result. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add KEYATTR command.NIIBE Yutaka2022-06-224-7/+139
| | | | | | | | | | | | | | | | | * agent/agent.h (agent_raw_key_from_file): Add R_KEYMETA argument. (agent_update_private_key): New. * agent/command-ssh.c (data_sign): Follow the change of the function agent_raw_key_from_file. * agent/command.c (do_one_keyinfo): Likewise. (cmd_keyattr): New. (register_commands): Add an entry of cmd_keyattr. * agent/findkey.c (agent_update_private_key): New. (agent_raw_key_from_file): Add R_KEYMETA argument. -- GnuPG-bug-id: 5988 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,gpg,tools: Fix use of log_get_fd.NIIBE Yutaka2022-06-222-10/+2
| | | | | | | | | | | | | | * agent/call-daemon.c (daemon_start): Don't put file descriptor from log_get_fd to no_close_list. * agent/call-pinentry.c (start_pinentry): Likewise. * common/call-gpg.c (start_gpg): Likewise. * call-syshelp.c (start_syshelp): Likewise. * tools/gpg-connect-agent.c (main): Likewise. -- GnuPG-bug-id: 5921 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Improve "Insert the card" message.Werner Koch2022-06-171-1/+2
| | | | * agent/findkey.c (prompt_for_card): Don't print "(null").
* agent,ssh: Fix for make not-inserted OpenPGP.3 keys available for SSH.Werner Koch2022-06-151-5/+8
| | | | | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Do not bump key_counter for ignored keys. Also use opt.debug instead of opt.verbose and fix a memory leak. -- The error shown by "ssh-add -l" before this fix was: error fetching identities: incomplete messag Fixes-commit: 193fcc2f7a8cca5240ce50499c54f99235a87e1c GnuPG-bug-id: 5996
* agent: New option --no-user-trustlist and --sys-trustlist-name.Werner Koch2022-06-143-9/+53
| | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oNoUserTrustlist,oSysTrustlistName): New. (opts): Add new option names. (parse_rereadable_options): Parse options. (finalize_rereadable_options): Reset allow-mark-trusted for the new option. * agent/agent.h (opt): Add fields no_user_trustlist and sys_trustlist_name. * agent/trustlist.c (make_sys_trustlist_name): New. (read_one_trustfile): Use here. (read_trustfiles): Use here. Implement --no-user-trustlist. -- With the global options we can now avoid that a user changes the Root-CA trust by editing the trustlist.txt. However, to implement this we need a new option so that we don't need to rely on some magic like --no-allow-mark-trusted has been put into a force section. The second option makes system administration easier as it allows to keep the trustlist in a non-distributed file. GnuPG-bug-id: 5990
* Remove remaining support for WindowsCEWerner Koch2022-06-033-29/+9
| | | | --
* agent: Support --format=ssh option for READKEY.NIIBE Yutaka2022-06-021-13/+40
| | | | | | | | | | * agent/command.c (cmd_readkey): Handle --format=ssh to return key in SSH format. -- GnuPG-bug-id: 6012 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: New field "Prompt" to prevent asking card key insertion.NIIBE Yutaka2022-05-271-4/+21
| | | | | | | | | * agent/findkey.c (prompt_for_card): Add "Prompt" field handling. -- GnuPG-bug-id: 5987 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,ssh: Support "Use-for-ssh" flag in private key.NIIBE Yutaka2022-05-261-10/+22
| | | | | | | | | | * agent/findkey.c (public_key_from_file): Support "Use-for-ssh" when it's in extended format. -- GnuPG-bug-id: 5985 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,ssh: Make not-inserted OpenPGP.3 keys available for SSH.NIIBE Yutaka2022-05-263-85/+206
| | | | | | | | | | | | | | | | | | * agent/agent.h (agent_ssh_key_from_file): New. * agent/command-ssh.c (get_ssh_keyinfo_on_cards): New. (ssh_send_available_keys): Loop on the GNUPG_PRIVATE_KEYS_DIR. Support keys by agent_ssh_key_from_file. (ssh_handler_request_identities): Move card key handling to ssh_send_available_keys. * agent/findkey.c (public_key_from_file): New. Adding handling for SSH. (agent_public_key_from_file): Use public_key_from_file. (agent_ssh_key_from_file): New. -- GnuPG-bug-id: 5996 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix get_keyinfo_on_cards.NIIBE Yutaka2022-05-261-2/+5
| | | | | | | | | * agent/command.c (get_keyinfo_on_cards): Make it static. Don't return bogus value on error. Return NULL when scdaemon is disabled. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Handle USAGE information in KEYINFO.NIIBE Yutaka2022-05-262-4/+25
| | | | | | | | | | | * agent/agent.h (struct card_key_info_s): Add USAGE field. * agent/call-scd.c (card_keyinfo_cb): Parse USAGE field. Allow optional SERIALNO, IDSTR, and USAGE fields. Fix releasing on possible allocation error. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.NIIBE Yutaka2022-05-252-5/+21
| | | | | | | | | | | | | * agent/call-scd.c (inq_needpin): Call assuan_begin_confidential and assuan_end_confidential, and wipe the memory after use. * agent/command.c (cmd_preset_passphrase): Likewise. (cmd_put_secret): Likewise. * scd/command.c (pin_cb): Likewise. -- GnuPG-bug-id: 5977 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Add missing assuan_end_confidential call.NIIBE Yutaka2022-05-251-0/+1
| | | | | | | | * agent/command.c (send_back_passphrase): Fix. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix a bug accessing after release when opt.verbose.NIIBE Yutaka2022-05-201-4/+4
| | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Don't release KEY_PUBLIC too early. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Factor out handling scanning over ssh keys.NIIBE Yutaka2022-05-201-42/+48
| | | | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): New. (ssh_handler_request_identities): Use ssh_send_available_keys. -- GnuPG-bug-id: 5985 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Show "Label:" field of private key when prompt the insertion.NIIBE Yutaka2022-05-201-24/+27
| | | | | | | | | | * agent/findkey.c (prompt_for_card): Use "Label:" field. (agent_key_from_file): Use KEYMETA. -- GnuPG-bug-id: 5986 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Move confirmation handling into findkey.c.NIIBE Yutaka2022-05-206-165/+151
| | | | | | | | | | | | | | | | | | * agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Fix API. (divert_pksign, divert_pkdecrypt): Likewise. * agent/divert-scd.c (ask_for_card): Remove. (divert_pksign, divert_pkdecrypt): Don't call ask_for_card. * agent/divert-tpm2.c (divert_tpm2_pksign, divert_tpm2_pkdecrypt): Remove DESC_TEXT argument. * agent/findkey.c (prompt_for_card): New (was: ask_for_card). (agent_key_from_file): Call prompt_for_card when it's a key on card. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change of API. * agent/pksign.c (agent_pksign_do): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Pop up dialog window for confirmation, when specified so.NIIBE Yutaka2022-05-192-0/+46
| | | | | | | | | * agent/findkey.c (agent_key_from_file): Support "Confirm:". -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Supply GRIP=NULL for agent_key_from_file, for real use.NIIBE Yutaka2022-05-193-18/+19
| | | | | | | | | | | | * agent/findkey.c (agent_key_from_file): Change the semantics of GRIP. Now, it's NULL for use by PKDECRYPT and PKSIGN/PKAUTH. * agent/pkdecrypt.c (agent_pkdecrypt): Set GRIP=NULL. * agent/pksign.c (agent_pksign_do): Likewise. -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Use module_tests for testing agent/.NIIBE Yutaka2022-04-262-2/+4
| | | | | | | | | * agent/Makefile.am (module_test): New. * agent/all-tests.scm: Use module_tests instead of TESTS. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Deprecate the --supervised options.Werner Koch2022-04-251-1/+4
| | | | | | | | * agent/gpg-agent.c (main): Mark --supervised as deprecated. * dirmngr/dirmngr.c (main): Ditto. -- The supervised thing causes more trouble than it pretends to solve.
* agent: Not writing password into file.NIIBE Yutaka2022-04-221-35/+20
| | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke pattern check program. -- GnuPG-bug-id: 5917 Signed-off-by: NIIBE Yutaka <[email protected]>
* ssh: Returned faked response for the new session-bind extension.Werner Koch2022-04-141-0/+14
| | | | | | | | | | | | | | | | * agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New. (SSH_OPT_CONSTRAIN_EXTENSION): New. (ssh_handler_add_identity): Ignore them. (ssh_handler_extension): Take success for session-bind. -- OpenSSH 8.9 does not gracefully allow communication with older agent implementations. Until this new OpenSSH feature has been settled we return a faked response. Code has not yet been tested. GnuPG-bug-id: 5931
* agent: Ignore MD5 Fingerprints for ssh keysJakub Jelen2022-04-141-2/+4
| | | | | | | | -- * agent/command-ssh.c (add_control_entry): Ignore failure of the MD5 digest Signed-off-by: Jakub Jelen <[email protected]>
* agent: Fix for possible support of Cygwin OpenSSH.NIIBE Yutaka2022-04-071-1/+5
| | | | | | | | | | | * agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen. -- With new (not-yet-released) libgpg-error, gpg-agent should be able to handle connection from Cygwin version of OpenSSH. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent:w32: Fix for use of socket.NIIBE Yutaka2022-04-041-7/+7
| | | | | | | | | | * agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for socket, until call of socket API. (start_command_handler_ssh): Don't convert here. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: KEYTOCARD prefers to specified time.NIIBE Yutaka2022-03-281-12/+11
| | | | | | | | | | * agent/command.c (cmd_keytocard): Timestamp at "Created:" field is only used when time is not specified. -- Fixes-commit: c795be79c14fac01b984bdc2e2041d2141f27612 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Use "Created:" field for creation time.NIIBE Yutaka2022-03-255-21/+36
| | | | | | | | | | | | | | * agent/agent.h (agent_key_from_file): Change the declaration. * agent/findkey.c (agent_key_from_file): Return timestamp. * agent/pkdecrypt.c (agent_pkdecrypt): Follow the change. * agent/pksign.c (agent_pkdecrypt): Likewise. * agent/command.c (cmd_passwd, cmd_export_key): Likewise. (cmd_keytocard): Use timestamp in private key file in "Created:". -- GnuPG-bug-id: 5538 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Print the correct daemon name in presence of a --foo-program.Werner Koch2022-02-271-1/+2
| | | | | | | | * agent/call-daemon.c (wait_child_thread): Print the correct name. -- This makes sure that the log print the actual used name if for example --pinentry-program was used.
* agent: New flag "qual" for the trustlist.txt.Werner Koch2022-02-271-15/+17
| | | | | | | | | | * agent/trustlist.c (struct trustitem_s): Add flag "qual". (read_one_trustfile): Rename arg "allow_include" to "systrust" and change callers. Parse new flag "qual". (istrusted_internal): Print all flags. * sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag. * sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified". * sm/certchain.c (do_validate_chain): Take care of the qualified flag.
* ssh: Fix adding an ed25519 key with a zero length comment.Werner Koch2022-01-281-4/+10
| | | | | | | | | | | | | | | | * agent/command-ssh.c (sexp_key_construct): Do not put an empty string into an S-expression. (stream_read_string): Do not not try to a read a zero length block. -- Actually we could handles this different by not putting a comment tag into the s-expression, however this requires more code and at other places we already return "(none)" instead of an empty comment. The second fix is more or less a cosmetic thing to get better error messages in case the underlying read system call returns an error. GnuPG-bug-id: 5794
* agent: always use hexgrip when storing key passwordJames Bottomley via Gnupg-devel2022-01-241-4/+15
| | | | | | | | | | | -- The current code uses the binary ctrl->keygrip, but all the passphrase storage engines expect this to be a string, so convert the binary keygrip to a hex one before passing it in as the keyid. This fixes a crash seen in some libsecret implementations where a non-ascii keyid isn't well handled. Signed-off-by: James Bottomley <[email protected]>
* agent: Fix comment for .po generation.NIIBE Yutaka2021-12-211-3/+3
| | | | | | | | | * agent/call-pinentry.c (setup_formatted_passphrase): Move comment to inside. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Print the non-option warning earlier.Werner Koch2021-11-141-10/+10
| | | | | | | | * agent/gpg-agent.c (main): Move detection up. -- The problem is that PARGS is re-used and when detecting a possible incorrect use, the flag that "--" has already been seen has gone.
* agent,dirmngr: New option --steal-socketWerner Koch2021-11-131-8/+20
| | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. (create_server_socket): Implement option. * dirmngr/dirmngr.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. Add comment to eventually implement it. -- Note that --steal-socket has currently no effect on dirmngr because dirmngr does this anway. Signed-off-by: Werner Koch <[email protected]>
* agent: Avoid uninitialized buffer.Jakub Jelen2021-11-121-1/+1
| | | | | | | | | | | * agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to avoid its use on unexpected inputs. -- GnuPG-bug-id: 5393 Co-authored-by: NIIBE Yutaka <[email protected]> Signed-off-by: Jakub Jelen <[email protected]>
* agent: Correctly free memory on error path.Jakub Jelen2021-11-121-1/+4
| | | | | | | | | * agent/protect.c (merge_lists): Free memory on error. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2021-10-052-2/+2
| | | | | | | | | | | | | | | | * agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix calibrate_get_time use of clock_gettime.NIIBE Yutaka2021-10-051-1/+22
| | | | | | | | | | | * agent/protect.c (USE_CLOCK_GETTIME): New macro. (calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME. -- GnuPG-bug-id: 5623 Fixes-commit: 380bce13d94ff03c96e39ac1d834f382c5c730a1 Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix segv in GET_PASSPHRASE (regression)Werner Koch2021-09-071-1/+1
| | | | | | | | | * agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always NULL. -- Fixes-commit: b89b1f35c29ceaebe39b31444936aa66c9297f2c GnuPG-bug-id: 5577
* agent: Use the sysconfdir for a pattern file.Werner Koch2021-08-181-1/+28
| | | | * agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
* agent: Ignore passphrase constraints for a generated passphrase.Werner Koch2021-08-183-34/+69
| | | | | | | | | | | | | | | | | | | | | * agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
* agent: Improve the GENPIN callback.Werner Koch2021-08-181-9/+14
| | | | | | * agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ... (DEFAULT_GENPIN_BITS): this and increase to 150. (generate_pin): Make sure that we use at least 128 bits.
* agent: Fix for zero length help string in pinentry hints.Werner Koch2021-08-181-13/+31
| | | | | | | | | | | | * agent/call-pinentry.c: Remove unused assert.h. (inq_cb): Fix use use of assuan_end_confidential in case of nested use. (do_getpin): Ditto. (setup_formatted_passphrase): Escape the help string. (setup_enforced_constraints): Ignore empty help strings. -- (Ported from 2.2)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 14:13:16 +0000