[svn] GnuPG - r4798 - in trunk: common doc g10 po scd
svn author wk
cvs at cvs.gnupg.org
Thu Jul 17 21:41:15 CEST 2008
Author: wk
Date: 2008-07-17 21:40:53 +0200 (Thu, 17 Jul 2008)
New Revision: 4798
Modified:
trunk/common/ChangeLog
trunk/common/exechelp.c
trunk/doc/DETAILS
trunk/doc/scdaemon.texi
trunk/g10/ChangeLog
trunk/g10/exec.c
trunk/g10/gpg.c
trunk/po/be.po
trunk/po/ca.po
trunk/po/cs.po
trunk/po/da.po
trunk/po/de.po
trunk/po/el.po
trunk/po/eo.po
trunk/po/es.po
trunk/po/et.po
trunk/po/fi.po
trunk/po/fr.po
trunk/po/gl.po
trunk/po/hu.po
trunk/po/id.po
trunk/po/it.po
trunk/po/ja.po
trunk/po/nb.po
trunk/po/pl.po
trunk/po/pt.po
trunk/po/pt_BR.po
trunk/po/ro.po
trunk/po/ru.po
trunk/po/sk.po
trunk/po/sv.po
trunk/po/tr.po
trunk/po/zh_CN.po
trunk/po/zh_TW.po
trunk/scd/ChangeLog
trunk/scd/app-openpgp.c
trunk/scd/command.c
Log:
Do not run the setuid test if running under as root proper.
Documentation fixes.
Some enhancements for the new OpenPGP Card.
Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/common/ChangeLog 2008-07-17 19:40:53 UTC (rev 4798)
@@ -1,3 +1,8 @@
+2008-07-17 Werner Koch <wk at g10code.com>
+
+ * exechelp.c (gnupg_spawn_process_detached): Do not run the setuid
+ test for root.
+
2008-06-26 Werner Koch <wk at g10code.com>
* estream.c (es_write_sanitized): Loose check for control
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/g10/ChangeLog 2008-07-17 19:40:53 UTC (rev 4798)
@@ -1,3 +1,8 @@
+2008-07-17 Werner Koch <wk at g10code.com>
+
+ * gpg.c (main): Do not run the setuid test for root.
+ * exec.c (exec_write): Ditto.
+
2008-06-25 Marcus Brinkmann <marcus at g10code.de>
* gpg.c (enum cmd_and_opt_values): Remove option
Modified: trunk/scd/ChangeLog
===================================================================
--- trunk/scd/ChangeLog 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/scd/ChangeLog 2008-07-17 19:40:53 UTC (rev 4798)
@@ -1,3 +1,10 @@
+2008-07-03 Werner Koch <wk at g10code.com>
+
+ * app-openpgp.c (do_readcert): New.
+ (app_local_s): Add fields IS_V2 and MAX_CERTLEN_3.
+ (app_select_openpgp): Set them and register do_readcert.
+ (do_setattr): Allow storing of the certificate.
+
2008-06-25 Werner Koch <wk at g10code.com>
* app-dinsig.c (do_sign): Allow for SHA256.
Modified: trunk/common/exechelp.c
===================================================================
--- trunk/common/exechelp.c 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/common/exechelp.c 2008-07-17 19:40:53 UTC (rev 4798)
@@ -826,7 +826,7 @@
pid_t pid;
int i;
- if (getuid() != geteuid())
+ if (getuid() && getuid() != geteuid())
return gpg_error (GPG_ERR_BUG);
if (access (pgmname, X_OK))
Modified: trunk/doc/DETAILS
===================================================================
--- trunk/doc/DETAILS 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/doc/DETAILS 2008-07-17 19:40:53 UTC (rev 4798)
@@ -338,7 +338,11 @@
KEYEXPIRED <expire-timestamp>
The key has expired. expire-timestamp is the expiration time
- in seconds after the epoch.
+ in seconds sice Epoch. This status line is not very useful
+ because it will also be emitted for expired subkeys even if
+ this subkey is not used. To check whether a key used to sign
+ a message has expired, the EXPKEYSIG status line is to be
+ used.
Note, that TIMESTAMP may either be a number with seconds since
epoch or an ISO 8601 string which can be detected by the
Modified: trunk/doc/scdaemon.texi
===================================================================
--- trunk/doc/scdaemon.texi 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/doc/scdaemon.texi 2008-07-17 19:40:53 UTC (rev 4798)
@@ -470,11 +470,12 @@
@subsection Return a certificate
@example
- READCERT @var{hexified_certid}
+ READCERT @var{hexified_certid}|@var{keyid}
@end example
This function is used to read a certificate identified by
- at var{hexified_certid} from the card.
+ at var{hexified_certid} from the card. With OpenPGP cards the keyid
+ at code{OpenPGP.3} may be used to rad the certticate of version 2 cards.
@node Scdaemon READKEY
Modified: trunk/g10/exec.c
===================================================================
--- trunk/g10/exec.c 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/g10/exec.c 2008-07-17 19:40:53 UTC (rev 4798)
@@ -318,9 +318,9 @@
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
- setuid privs. Just in case, bomb out if we are. */
- if(getuid()!=geteuid())
- BUG();
+ setuid privs. Just in case, bomb out if we are (and are not root). */
+ if (getuid () && getuid () != geteuid ())
+ BUG ();
#endif
if(program==NULL && args_in==NULL)
Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/g10/gpg.c 2008-07-17 19:40:53 UTC (rev 4798)
@@ -2015,9 +2015,9 @@
got_secmem = 1;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
- setuid privs. Just in case, bomb out if we are. */
- if(getuid()!=geteuid())
- BUG();
+ setuid privs. Just in case, bomb out if we are (and are not root). */
+ if (getuid () && getuid () != geteuid ())
+ BUG ();
#endif
maybe_setuid = 0;
Modified: trunk/po/be.po [not shown]
Modified: trunk/po/ca.po [not shown]
Modified: trunk/po/cs.po [not shown]
Modified: trunk/po/da.po [not shown]
Modified: trunk/po/de.po [not shown]
Modified: trunk/po/el.po [not shown]
Modified: trunk/po/eo.po [not shown]
Modified: trunk/po/es.po [not shown]
Modified: trunk/po/et.po [not shown]
Modified: trunk/po/fi.po [not shown]
Modified: trunk/po/fr.po [not shown]
Modified: trunk/po/gl.po [not shown]
Modified: trunk/po/hu.po [not shown]
Modified: trunk/po/id.po [not shown]
Modified: trunk/po/it.po [not shown]
Modified: trunk/po/ja.po [not shown]
Modified: trunk/po/nb.po [not shown]
Modified: trunk/po/pl.po [not shown]
Modified: trunk/po/pt.po [not shown]
Modified: trunk/po/pt_BR.po [not shown]
Modified: trunk/po/ro.po [not shown]
Modified: trunk/po/ru.po [not shown]
Modified: trunk/po/sk.po [not shown]
Modified: trunk/po/sv.po [not shown]
Modified: trunk/po/tr.po [not shown]
Modified: trunk/po/zh_CN.po [not shown]
Modified: trunk/po/zh_TW.po [not shown]
Modified: trunk/scd/app-openpgp.c
===================================================================
--- trunk/scd/app-openpgp.c 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/scd/app-openpgp.c 2008-07-17 19:40:53 UTC (rev 4798)
@@ -85,6 +85,7 @@
{ 0x0102, 0, 0, 0, 0, 0, 0, "Private DO 2"},
{ 0x0103, 0, 0, 0, 0, 0, 0, "Private DO 3"},
{ 0x0104, 0, 0, 0, 0, 0, 0, "Private DO 4"},
+ { 0x7F21, 1, 0, 1, 0, 0, 0, "Cardholder certificate"},
{ 0 }
};
@@ -120,10 +121,12 @@
/* Keep track of card capabilities. */
struct
{
+ unsigned int is_v2:1; /* This is a v2.0 compatible card. */
unsigned int get_challenge:1;
unsigned int key_import:1;
unsigned int change_force_chv:1;
unsigned int private_dos:1;
+ unsigned int max_certlen_3:16;
} extcap;
/* Flags used to control the application. */
@@ -740,11 +743,12 @@
{
char tmp[50];
- sprintf (tmp, "gc=%d ki=%d fc=%d pd=%d",
+ sprintf (tmp, "gc=%d ki=%d fc=%d pd=%d mcl3=%u",
app->app_local->extcap.get_challenge,
app->app_local->extcap.key_import,
app->app_local->extcap.change_force_chv,
- app->app_local->extcap.private_dos);
+ app->app_local->extcap.private_dos,
+ app->app_local->extcap.max_certlen_3);
send_status_info (ctrl, table[idx].name, tmp, strlen (tmp), NULL, 0);
return 0;
}
@@ -1274,7 +1278,48 @@
#endif
}
+/* Read the statdard certificate of an OpenPGP v2 card. It is
+ returned in a freshly allocated buffer with that address stored at
+ CERT and the length of the certificate stored at CERTLEN. CERTID
+ needs to be set to "OpenPGP.3". */
+static gpg_error_t
+do_readcert (app_t app, const char *certid,
+ unsigned char **cert, size_t *certlen)
+{
+#if GNUPG_MAJOR_VERSION > 1
+ gpg_error_t err;
+ unsigned char *buffer;
+ size_t buflen;
+ void *relptr;
+ *cert = NULL;
+ *certlen = 0;
+ if (strcmp (certid, "OPENPGP.3"))
+ return gpg_error (GPG_ERR_INV_ID);
+ if (app->app_local->extcap.is_v2)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+
+ relptr = get_one_do (app, 0x00C4, &buffer, &buflen, NULL);
+ if (!relptr)
+ return gpg_error (GPG_ERR_NOT_FOUND);
+
+ *cert = xtrymalloc (buflen);
+ if (!*cert)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ memcpy (*cert, buffer, buflen);
+ *certlen = buflen;
+ err = 0;
+ }
+ xfree (relptr);
+ return err;
+#else
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
+}
+
+
/* Verify a CHV either using using the pinentry or if possibile by
using a keypad. PINCB and PINCB_ARG describe the usual callback
for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only
@@ -1588,6 +1633,7 @@
int tag;
int need_chv;
int special;
+ unsigned int need_v2:1;
} table[] = {
{ "DISP-NAME", 0x005B, 3 },
{ "LOGIN-DATA", 0x005E, 3, 2 },
@@ -1602,6 +1648,7 @@
{ "PRIVATE-DO-2", 0x0102, 3 },
{ "PRIVATE-DO-3", 0x0103, 2 },
{ "PRIVATE-DO-4", 0x0104, 3 },
+ { "CERT-3", 0x7F21, 3, 0, 1 },
{ NULL, 0 }
};
@@ -1610,6 +1657,8 @@
;
if (!table[idx].name)
return gpg_error (GPG_ERR_INV_NAME);
+ if (!table[idx].need_v2)
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
switch (table[idx].need_chv)
{
@@ -2719,6 +2768,9 @@
goto leave;
}
+ if (app->card_version >= 0x0200)
+ app->app_local->extcap.is_v2 = 1;
+
relptr = get_one_do (app, 0x00C4, &buffer, &buflen, NULL);
if (!relptr)
{
@@ -2743,6 +2795,11 @@
app->app_local->extcap.change_force_chv = !!(*buffer & 0x10);
app->app_local->extcap.private_dos = !!(*buffer & 0x08);
}
+ if (buflen >= 10)
+ {
+ /* Available with v2 cards. */
+ app->app_local->extcap.max_certlen_3 = (buffer[4] << 8 | buffer[5]);
+ }
xfree (relptr);
/* Some of the first cards accidently don't set the
@@ -2757,6 +2814,7 @@
app->fnc.deinit = do_deinit;
app->fnc.learn_status = do_learn_status;
+ app->fnc.readcert = do_readcert;
app->fnc.readkey = do_readkey;
app->fnc.getattr = do_getattr;
app->fnc.setattr = do_setattr;
Modified: trunk/scd/command.c
===================================================================
--- trunk/scd/command.c 2008-06-26 19:21:45 UTC (rev 4797)
+++ trunk/scd/command.c 2008-07-17 19:40:53 UTC (rev 4798)
@@ -611,7 +611,7 @@
�
-/* READCERT <hexified_certid>
+/* READCERT <hexified_certid>|<keyid>
Note, that this function may even be used on a locked card.
*/
More information about the Gnupg-commits
mailing list