[svn] GnuPG - r5183 - in trunk: doc g10 g13 jnlib sm
svn author wk
cvs at cvs.gnupg.org
Mon Oct 19 11:18:47 CEST 2009
Author: wk
Date: 2009-10-19 11:18:46 +0200 (Mon, 19 Oct 2009)
New Revision: 5183
Modified:
trunk/doc/gpgsm.texi
trunk/g10/ChangeLog
trunk/g10/mainproc.c
trunk/g10/options.h
trunk/g10/server.c
trunk/g13/call-gpg.c
trunk/g13/call-gpg.h
trunk/g13/create.c
trunk/g13/create.h
trunk/g13/g13.c
trunk/g13/server.c
trunk/jnlib/ChangeLog
trunk/jnlib/strlist.c
trunk/jnlib/strlist.h
trunk/sm/ChangeLog
trunk/sm/gpgsm.c
Log:
[g13] Add RECIPEINT and CREATE command.
[sm] Chnage --include-certs default
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g10/ChangeLog 2009-10-19 09:18:46 UTC (rev 5183)
@@ -1,3 +1,9 @@
+2009-10-19 Werner Koch <wk at g10code.com>
+
+ * options.h (glo_ctrl): Add field LASTERR.
+ * mainproc.c (proc_encrypted): Set LASTERR.
+ * server.c (cmd_decrypt): Check LASTERR.
+
2009-10-02 Werner Koch <wk at g10code.com>
* server.c (cmd_encrypt, cmd_decrypt): Implement.
Modified: trunk/jnlib/ChangeLog
===================================================================
--- trunk/jnlib/ChangeLog 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/jnlib/ChangeLog 2009-10-19 09:18:46 UTC (rev 5183)
@@ -1,3 +1,7 @@
+2009-10-19 Werner Koch <wk at g10code.com>
+
+ * strlist.c (add_to_strlist_try): New.
+
2009-09-22 Werner Koch <wk at g10code.com>
* dotlock.h (DOTLOCK): Rename to dotlock_t. Change all users.
Modified: trunk/sm/ChangeLog
===================================================================
--- trunk/sm/ChangeLog 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/sm/ChangeLog 2009-10-19 09:18:46 UTC (rev 5183)
@@ -1,3 +1,9 @@
+2009-10-16 Werner Koch <wk at g10code.com>
+
+ * gpgsm.c (default_include_certs): Change to -2.
+ (DEFAULT_INCLUDE_CERTS): New.
+ (DEFAULT_CIPHER_ALGO): New. Use instead of hardcoded "3DES".
+
2009-09-30 Werner Koch <wk at g10code.com>
* gpgsm.c (main): Remove obsolete GCRYCTL_DISABLE_INTERNAL_LOCKING.
Modified: trunk/doc/gpgsm.texi
===================================================================
--- trunk/doc/gpgsm.texi 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/doc/gpgsm.texi 2009-10-19 09:18:46 UTC (rev 5183)
@@ -560,8 +560,8 @@
-1 includes all certs, 0 does not include any certs, 1 includes only
the signers cert (this is the default) and all other positive
values include up to @var{n} certificates starting with the signer cert.
+The default is -2.
-
@item --cipher-algo @var{oid}
@opindex cipher-algo
Use the cipher algorithm with the ASN.1 object identifier @var{oid} for
Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g10/mainproc.c 2009-10-19 09:18:46 UTC (rev 5183)
@@ -581,6 +581,7 @@
}
}
else if( result == G10ERR_BAD_SIGN ) {
+ glo_ctrl.lasterr = result;
log_error(_("WARNING: encrypted message has been manipulated!\n"));
write_status( STATUS_BADMDC );
write_status( STATUS_DECRYPTION_FAILED );
@@ -593,6 +594,7 @@
c->dek->s2k_cacheid);
passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
}
+ glo_ctrl.lasterr = result;
write_status( STATUS_DECRYPTION_FAILED );
log_error(_("decryption failed: %s\n"), g10_errstr(result));
/* Hmmm: does this work when we have encrypted using multiple
Modified: trunk/g10/options.h
===================================================================
--- trunk/g10/options.h 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g10/options.h 2009-10-19 09:18:46 UTC (rev 5183)
@@ -257,6 +257,11 @@
struct {
int in_auto_key_retrieve; /* True if we are doing an
auto_key_retrieve. */
+ /* Hack to store the last error. We currently need it because the
+ proc_packet machinery is not able to reliabale return error
+ codes. Thus for the --server purposes we store some of the error
+ codes here. FIXME! */
+ gpg_error_t lasterr;
} glo_ctrl;
#define DBG_PACKET_VALUE 1 /* debug packet reading/writing */
Modified: trunk/g10/server.c
===================================================================
--- trunk/g10/server.c 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g10/server.c 2009-10-19 09:18:46 UTC (rev 5183)
@@ -362,7 +362,10 @@
if (out_fd == -1)
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+ glo_ctrl.lasterr = 0;
err = decrypt_message_fd (inp_fd, out_fd);
+ if (!err)
+ err = glo_ctrl.lasterr;
/* Close and reset the fds. */
close_message_fd (ctrl);
Modified: trunk/g13/call-gpg.c
===================================================================
--- trunk/g13/call-gpg.c 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g13/call-gpg.c 2009-10-19 09:18:46 UTC (rev 5183)
@@ -43,7 +43,7 @@
gpg_error_t err;
assuan_context_t ctx = NULL;
const char *pgmname;
- const char *argv[7];
+ const char *argv[10];
int no_close_list[5];
int i;
char line[ASSUAN_LINELENGTH];
@@ -86,6 +86,8 @@
argv[i++] = "--debug=1024";
argv[i++] = "-z";
argv[i++] = "0";
+ argv[i++] = "--trust-model";
+ argv[i++] = "always";
argv[i++] = NULL;
i = 0;
@@ -326,7 +328,7 @@
*/
gpg_error_t
gpg_encrypt_blob (ctrl_t ctrl, const void *plain, size_t plainlen,
- void **r_ciph, size_t *r_ciphlen)
+ strlist_t keys, void **r_ciph, size_t *r_ciphlen)
{
gpg_error_t err;
assuan_context_t ctx;
@@ -336,6 +338,8 @@
pth_t reader_tid = NULL;
gpg_error_t writer_err, reader_err;
membuf_t reader_mb;
+ char line[ASSUAN_LINELENGTH];
+ strlist_t sl;
*r_ciph = NULL;
*r_ciphlen = 0;
@@ -376,13 +380,16 @@
outbound_fds[0] = -1; /* The thread owns the FD now. */
/* Run the encryption. */
- err = assuan_transact (ctx, "RECIPIENT alpha at example.net",
- NULL, NULL, NULL, NULL, NULL, NULL);
- if (err)
+ for (sl = keys; sl; sl = sl->next)
{
- log_error ("the engine's RECIPIENT command failed: %s <%s>\n",
+ snprintf (line, sizeof line, "RECIPIENT -- %s", sl->d);
+ err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (err)
+ {
+ log_error ("the engine's RECIPIENT command failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
- goto leave;
+ goto leave;
+ }
}
err = assuan_transact (ctx, "ENCRYPT", NULL, NULL, NULL, NULL, NULL, NULL);
Modified: trunk/g13/call-gpg.h
===================================================================
--- trunk/g13/call-gpg.h 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g13/call-gpg.h 2009-10-19 09:18:46 UTC (rev 5183)
@@ -22,6 +22,7 @@
gpg_error_t gpg_encrypt_blob (ctrl_t ctrl,
const void *plain, size_t plainlen,
+ strlist_t keys,
void **r_ciph, size_t *r_ciphlen);
gpg_error_t gpg_decrypt_blob (ctrl_t ctrl, const void *ciph, size_t ciphlen,
void **r_plain, size_t *r_plainlen);
Modified: trunk/g13/create.c
===================================================================
--- trunk/g13/create.c 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g13/create.c 2009-10-19 09:18:46 UTC (rev 5183)
@@ -106,12 +106,13 @@
concatenation of both with the CMS packet being the last. */
static gpg_error_t
encrypt_keyblob (ctrl_t ctrl, void *keyblob, size_t keybloblen,
+ strlist_t keys,
void **r_encblob, size_t *r_encbloblen)
{
gpg_error_t err;
/* FIXME: For now we only implement OpenPGP. */
- err = gpg_encrypt_blob (ctrl, keyblob, keybloblen,
+ err = gpg_encrypt_blob (ctrl, keyblob, keybloblen, keys,
r_encblob, r_encbloblen);
return err;
@@ -217,10 +218,11 @@
/* Create a new container under the name FILENAME and intialize it
- using the current settings. If the file already exists an error is
- returned. */
+ using the current settings. KEYS is a list of public keys to which
+ the container will be encrypted. If the file already exists an
+ error is returned. */
gpg_error_t
-g13_create_container (ctrl_t ctrl, const char *filename)
+g13_create_container (ctrl_t ctrl, const char *filename, strlist_t keys)
{
gpg_error_t err;
dotlock_t lock;
@@ -233,6 +235,9 @@
tupledesc_t tuples = NULL;
unsigned int dummy_rid;
+ if (!keys)
+ return gpg_error (GPG_ERR_NO_PUBKEY);
+
/* A quick check to see that no container with that name already
exists. */
if (!access (filename, F_OK))
@@ -284,7 +289,7 @@
goto leave;
/* Encrypt that keyblob. */
- err = encrypt_keyblob (ctrl, keyblob, keybloblen,
+ err = encrypt_keyblob (ctrl, keyblob, keybloblen, keys,
&enckeyblob, &enckeybloblen);
if (err)
goto leave;
Modified: trunk/g13/create.h
===================================================================
--- trunk/g13/create.h 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g13/create.h 2009-10-19 09:18:46 UTC (rev 5183)
@@ -20,7 +20,8 @@
#ifndef G13_CREATE_H
#define G13_CREATE_H
-gpg_error_t g13_create_container (ctrl_t ctrl, const char *filename);
+gpg_error_t g13_create_container (ctrl_t ctrl, const char *filename,
+ strlist_t keys);
#endif /*G13_CREATE_H*/
Modified: trunk/g13/g13.c
===================================================================
--- trunk/g13/g13.c 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g13/g13.c 2009-10-19 09:18:46 UTC (rev 5183)
@@ -47,6 +47,7 @@
aNull = 0,
oQuiet = 'q',
oVerbose = 'v',
+ oRecipient = 'r',
aGPGConfList = 500,
aGPGConfTest,
@@ -91,8 +92,6 @@
oDryRun,
oNoDetach,
- oRecipient,
-
oNoRandomSeedFile,
oFakedSystemTime
};
@@ -308,30 +307,6 @@
}
-/* Helper to add recipients to a list. */
-static int
-add_encryption_key (ctrl_t ctrl, const char *name,
- void /*FIXME*/ *keylist, int is_cms)
-{
- /* FIXME: Decide whether to add a CMS or OpenPGP key and then add
- the key to a list. */
- /* int rc = foo_add_to_certlist (ctrl, name, 0, recplist, is_encrypt_to); */
- /* if (rc) */
- /* { */
- /* if (recp_required) */
- /* { */
- /* log_error ("can't encrypt to `%s': %s\n", name, gpg_strerror (rc)); */
- /* gpgsm_status2 (ctrl, STATUS_INV_RECP, */
- /* get_inv_recpsgnr_code (rc), name, NULL); */
- /* } */
- /* else */
- /* log_info (_("NOTE: won't be able to encrypt to `%s': %s\n"), */
- /* name, gpg_strerror (rc)); */
- /* } */
- return 0; /* Key is good. */
-}
-
-
int
main ( int argc, char **argv)
{
@@ -664,18 +639,20 @@
/* Parse all given encryption keys. This does a lookup of the keys
and stops if any of the given keys was not found. */
+#if 0 /* Currently not implemented. */
if (!nokeysetup)
{
strlist_t sl;
int failed = 0;
for (sl = recipients; sl; sl = sl->next)
- if (add_encryption_key (&ctrl, sl->d, NULL /* FIXME*/, 0))
+ if (check_encryption_key ())
failed = 1;
if (failed)
g13_exit (1);
}
-
+#endif /*0*/
+
/* Dispatch command. */
switch (cmd)
{
@@ -715,7 +692,7 @@
if (argc != 1)
wrong_args ("--create filename");
start_idle_task ();
- err = g13_create_container (&ctrl, argv[0]);
+ err = g13_create_container (&ctrl, argv[0], recipients);
if (err)
log_error ("error creating a new container: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
Modified: trunk/g13/server.c
===================================================================
--- trunk/g13/server.c 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/g13/server.c 2009-10-19 09:18:46 UTC (rev 5183)
@@ -29,10 +29,10 @@
#include <assuan.h>
#include "i18n.h"
#include "keyblob.h"
-#include "./server.h"
-#include "./mount.h"
+#include "server.h"
+#include "mount.h"
+#include "create.h"
-
/* Local data for this server module. A pointer to this is stored in
the CTRL object of each connection. */
struct server_local_s
@@ -42,6 +42,7 @@
char *containername; /* Malloced active containername. */
+ strlist_t recipients; /* List of recipients. */
};
@@ -187,6 +188,8 @@
xfree (ctrl->server_local->containername);
ctrl->server_local->containername = NULL;
+ FREE_STRLIST (ctrl->server_local->recipients);
+
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
}
@@ -359,18 +362,13 @@
cmd_recipient (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
- gpg_error_t err;
+ gpg_error_t err = 0;
- (void)ctrl;
- err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
- /* err = gpgsm_add_to_certlist (ctrl, line, 0, */
- /* &ctrl->server_local->recplist, 0); */
- /* if (err) */
- /* { */
- /* gpgsm_status2 (ctrl, STATUS_INV_RECP, */
- /* get_inv_recpsgnr_code (rc), line, NULL); */
- /* } */
+ line = skip_options (line);
+ if (!add_to_strlist_try (&ctrl->server_local->recipients, line))
+ err = gpg_error_from_syserror ();
+
return leave_cmd (ctx, err);
}
@@ -386,6 +384,7 @@
gpg_error_t err;
(void)ctrl;
+ (void)line;
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
return leave_cmd (ctx, err);
@@ -402,16 +401,50 @@
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
+ char *p, *pend;
+ size_t len;
- (void)ctrl;
-
/* First we close the active container. */
xfree (ctrl->server_local->containername);
ctrl->server_local->containername = NULL;
+ /* Parse the line. */
+ line = skip_options (line);
+ for (p=line; *p && !spacep (p); p++)
+ ;
+ pend = p;
+ while (spacep(p))
+ p++;
+ if (*p || pend == line)
+ {
+ err = gpg_error (GPG_ERR_ASS_SYNTAX);
+ goto leave;
+ }
+ *pend = 0;
+ /* Unescape the line and check for embedded Nul bytes. */
+ len = percent_plus_unescape_inplace (line, 0);
+ line[len] = 0;
+ if (!len || memchr (line, 0, len))
+ {
+ err = gpg_error (GPG_ERR_INV_NAME);
+ goto leave;
+ }
- err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ /* Create container. */
+ err = g13_create_container (ctrl, line, ctrl->server_local->recipients);
+
+ if (!err)
+ {
+ FREE_STRLIST (ctrl->server_local->recipients);
+
+ /* Store the filename. */
+ ctrl->server_local->containername = xtrystrdup (line);
+ if (!ctrl->server_local->containername)
+ err = gpg_error_from_syserror ();
+
+ }
+ leave:
return leave_cmd (ctx, err);
}
@@ -617,6 +650,7 @@
log_info ("Assuan accept problem: %s\n", gpg_strerror (err));
leave:
+ reset_notify (ctx); /* Release all items hold by SERVER_LOCAL. */
if (ctrl->server_local)
{
xfree (ctrl->server_local);
Modified: trunk/jnlib/strlist.c
===================================================================
--- trunk/jnlib/strlist.c 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/jnlib/strlist.c 2009-10-19 09:18:46 UTC (rev 5183)
@@ -57,6 +57,25 @@
}
+/* Add STRING to the LIST at the front. This function returns NULL
+ and sets ERRNO on memory shortage. */
+strlist_t
+add_to_strlist_try (strlist_t *list, const char *string)
+{
+ strlist_t sl;
+
+ sl = jnlib_malloc (sizeof *sl + strlen (string));
+ if (sl)
+ {
+ sl->flags = 0;
+ strcpy (sl->d, string);
+ sl->next = *list;
+ *list = sl;
+ }
+ return sl;
+}
+
+
/* Same as add_to_strlist() but if IS_UTF8 is *not* set, a conversion
to UTF-8 is done. This function terminates the process on memory
shortage. */
Modified: trunk/jnlib/strlist.h
===================================================================
--- trunk/jnlib/strlist.h 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/jnlib/strlist.h 2009-10-19 09:18:46 UTC (rev 5183)
@@ -30,6 +30,7 @@
void free_strlist (strlist_t sl);
strlist_t add_to_strlist (strlist_t *list, const char *string);
+strlist_t add_to_strlist_try (strlist_t *list, const char *string);
strlist_t add_to_strlist2( strlist_t *list, const char *string, int is_utf8);
Modified: trunk/sm/gpgsm.c
===================================================================
--- trunk/sm/gpgsm.c 2009-10-17 19:15:15 UTC (rev 5182)
+++ trunk/sm/gpgsm.c 2009-10-19 09:18:46 UTC (rev 5183)
@@ -402,13 +402,26 @@
/* Option --enable-special-filenames */
static int allow_special_filenames;
-/* Default value for include-certs. */
-static int default_include_certs = 1; /* Only include the signer's cert. */
+/* Default value for include-certs. We need an extra macro for
+ gpgconf-list because the variable will be changed by the command
+ line option.
+ It is often cumbersome to locate intermediate certificates, thus by
+ default we include all certificates in the chain. However we leave
+ out the root certificate because that would make it too easy for
+ the recipient to import that root certificate. A root certificate
+ should be installed only after due checks and thus it won't help to
+ send it along with each message. */
+#define DEFAULT_INCLUDE_CERTS -2 /* Include all certs but root. */
+static int default_include_certs = DEFAULT_INCLUDE_CERTS;
+
/* Whether the chain mode shall be used for validation. */
static int default_validation_model;
+/* The default cipher algo. */
+#define DEFAULT_CIPHER_ALGO "3DES" /*des-EDE3-CBC*/
+
static char *build_list (const char *text,
const char *(*mapf)(int), int (*chkf)(int));
static void set_cmd (enum cmd_and_opt_values *ret_cmd,
@@ -897,7 +910,7 @@
/* Note: If you change this default cipher algorithm , please
remember to update the Gpgconflist entry as well. */
- opt.def_cipher_algoid = "3DES"; /*des-EDE3-CBC*/
+ opt.def_cipher_algoid = DEFAULT_CIPHER_ALGO;
opt.homedir = default_homedir ();
@@ -1606,14 +1619,16 @@
printf ("disable-crl-checks:%lu:\n", GC_OPT_FLAG_NONE);
printf ("disable-trusted-cert-crl-check:%lu:\n", GC_OPT_FLAG_NONE);
printf ("enable-ocsp:%lu:\n", GC_OPT_FLAG_NONE);
- printf ("include-certs:%lu:1:\n", GC_OPT_FLAG_DEFAULT);
+ printf ("include-certs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT,
+ DEFAULT_INCLUDE_CERTS);
printf ("disable-policy-checks:%lu:\n", GC_OPT_FLAG_NONE);
printf ("auto-issuer-key-retrieve:%lu:\n", GC_OPT_FLAG_NONE);
printf ("disable-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);
#ifndef HAVE_W32_SYSTEM
printf ("prefer-system-dirmngr:%lu:\n", GC_OPT_FLAG_NONE);
#endif
- printf ("cipher-algo:%lu:\"3DES:\n", GC_OPT_FLAG_DEFAULT);
+ printf ("cipher-algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
+ DEFAULT_CIPHER_ALGO);
printf ("p12-charset:%lu:\n", GC_OPT_FLAG_DEFAULT);
printf ("default-key:%lu:\n", GC_OPT_FLAG_DEFAULT);
printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_DEFAULT);
More information about the Gnupg-commits
mailing list