[git] GnuPG - branch, master, updated. gnupg-2.1.5-28-g2c9c46e
by Werner Koch
cvs at cvs.gnupg.org
Mon Jun 29 11:10:17 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 2c9c46e2a2b8f9a1bdc1ef46a135b5fc7d1a8073 (commit)
from d2fdf2e1b6cd447bb1c36df0ac7d8e669802fa22 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2c9c46e2a2b8f9a1bdc1ef46a135b5fc7d1a8073
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 29 11:03:58 2015 +0200
gpgsm: Add command option "offline".
* sm/server.c (option_handler): Add "offline".
(cmd_getinfo): Ditto.
* sm/certchain.c (is_cert_still_valid):
(do_validate_chain):
* sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
of --disable-dirmngr.
* sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
ctrl->offline.
--
Adding this option makes it easier to implement the corresponding
feature in gpgme.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index 21e9372..2bcbec5 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -462,6 +462,7 @@ will not have on your local keybox), the operator can tell both your IP
address and the time when you verified the signature.
+ at anchor{gpgsm-option --validation-model}
@item --validation-model @var{name}
@opindex validation-model
This option changes the default validation model. The only possible
@@ -554,6 +555,7 @@ may be given (@pxref{how-to-specify-a-user-id}).
Write output to @var{file}. The default is to write it to stdout.
+ at anchor{gpgsm-option --with-key-data}
@item --with-key-data
@opindex with-key-data
Displays extra information with the @code{--list-keys} commands. Especially
@@ -561,6 +563,7 @@ a line tagged @code{grp} is printed which tells you the keygrip of a
key. This string is for example used as the file name of the
secret key.
+ at anchor{gpgsm-option --with-validation}
@item --with-validation
@opindex with-validation
When doing a key listing, do a full validation check for each key and
@@ -1152,7 +1155,9 @@ Assuan manual for details.
* GPGSM EXPORT:: Export certificates.
* GPGSM IMPORT:: Import certificates.
* GPGSM DELETE:: Delete certificates.
+* GPGSM GETAUDITLOG:: Retrieve an audit log.
* GPGSM GETINFO:: Information about the process
+* GPGSM OPTION:: Session options.
@end menu
@@ -1342,6 +1347,7 @@ may be issued as a progress indicator.
@node GPGSM LISTKEYS
@subsection List available keys
+ at anchor{gpgsm-cmd listkeys}
To list the keys in the internal database or using an external key
provider, the command:
@@ -1441,6 +1447,23 @@ this requires that the usual escape quoting rules are done.
The certificates must be specified unambiguously otherwise an error is
returned.
+ at node GPGSM GETAUDITLOG
+ at subsection Retrieve an audit log.
+ at anchor{gpgsm-cmd getauditlog}
+
+This command is used to retrieve an audit log.
+
+ at example
+GETAUDITLOG [--data] [--html]
+ at end example
+
+If @option{--data} is used, the audit log is send using D-lines
+instead of being sent to the file descriptor given by an OUTPUT
+command. If @option{--html} is used, the output is formated as an
+XHTML block. This is designed to be incorporated into a HTML
+document.
+
+
@node GPGSM GETINFO
@subsection Return information about the process
@@ -1457,10 +1480,113 @@ Return the version of the program.
@item pid
Return the process id of the process.
@item agent-check
-Return success if the agent is running.
+Return OK if the agent is running.
@item cmd_has_option @var{cmd} @var{opt}
-Return success if the command @var{cmd} implements the option @var{opt}.
+Return OK if the command @var{cmd} implements the option @var{opt}.
The leading two dashes usually used with @var{opt} shall not be given.
+ at item offline
+Return OK if the connection is in offline mode. This may be either
+due to a @code{OPTION offline=1} or due to @command{gpgsm} being
+started with option @option{--disable-dirmngr}.
+ at end table
+
+ at node GPGSM OPTION
+ at subsection Session options.
+
+The standard Assuan option handler supports these options.
+
+ at example
+OPTION @var{name}[=@var{value}]
+ at end example
+
+These @var{name}s are recognized:
+
+ at table @code
+
+ at item putenv
+Change the session's environment to be passed via gpg-agent to
+Pinentry. @var{value} is a string of the form
+ at code{<KEY>[=[<STRING>]]}. If only @code{<KEY>} is given the
+environment variable @code{<KEY>} is removed from the session
+environment, if @code{<KEY>=} is given that environment variable is
+set to the empty string, and if @code{<STRING>} is given it is set to
+that string.
+
+ at item display
+Set the session environment variable @code{DISPLAY} is set to @var{value}.
+ at item ttyname
+Set the session environment variable @code{GPG_TTY} is set to @var{value}.
+ at item ttytype
+Set the session environment variable @code{TERM} is set to @var{value}.
+ at item lc-ctype
+Set the session environment variable @code{LC_CTYPE} is set to @var{value}.
+ at item lc-messages
+Set the session environment variable @code{LC_MESSAGES} is set to @var{value}.
+ at item xauthority
+Set the session environment variable @code{XAUTHORITY} is set to @var{value}.
+ at item pinentry-user-data
+Set the session environment variable @code{PINENTRY_USER_DATA} is set
+to @var{value}.
+
+ at item include-certs
+This option overrides the command line option
+ at option{--include-certs}. A @var{value} of -2 includes all
+certificates except for the root certificate, -1 includes all
+certicates, 0 does not include any certicates, 1 includes only the
+signers certicate and all other positive values include up to
+ at var{value} certificates starting with the signer cert.
+
+ at item list-mode
+ at xref{gpgsm-cmd listkeys}.
+
+ at item list-to-output
+If @var{value} is true the output of the list commands
+(@pxref{gpgsm-cmd listkeys}) is written to the file descriptor set
+with the last OUTPUT command. If @var{value} is false the output is
+written via data lines; this is the default.
+
+ at item with-validation
+If @var{value} is true for each listed certificate the validation
+status is printed. This may result in the download of a CRL or the
+user being asked about the trustworthiness of a root certificate. The
+default is given by a command line option (@pxref{gpgsm-option
+--with-validation}).
+
+
+ at item with-secret
+If @var{value} is true certificates with a corresponding private key
+are marked by the list commands.
+
+ at item validation-model
+This option overrides the command line option
+ at option{validation-model} for the session.
+(@pxref{gpgsm-option --validation-model}.)
+
+ at item with-key-data
+This option globally enables the command line option
+ at option{--with-key-data}. (@pxref{gpgsm-option --with-key-data}.)
+
+ at item enable-audit-log
+If @var{value} is true data to write an audit log is gathered.
+(@pxref{gpgsm-cmd getauditlog}.)
+
+ at item allow-pinentry-notify
+If this option is used notifications about the launch of a Pinentry
+are passed back to the client.
+
+ at item with-ephemeral-keys
+If @var{value} is true ephemeral certificates are included in the
+output of the list commands.
+
+ at item no-encrypt-to
+If this option is used all keys set by the command line option
+ at option{--encrypt-to} are ignored.
+
+ at item offline
+If @var{value} is true or @var{value} is not given all network access
+is disabled for this session. This is the same as the command line
+option @option{--disable-dirmngr}.
+
@end table
@mansect see also
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index 8e4841b..bfb80fb 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -198,7 +198,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
gpg_error_t err;
assuan_context_t ctx;
- if (opt.disable_dirmngr)
+ if (opt.disable_dirmngr || ctrl->offline)
return gpg_error (GPG_ERR_NO_DIRMNGR);
if (*ctx_r)
diff --git a/sm/certchain.c b/sm/certchain.c
index 5e7121c..579ca9e 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -957,7 +957,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
{
gpg_error_t err;
- if (opt.no_crl_check && !ctrl->use_ocsp)
+ if (ctrl->offline || (opt.no_crl_check && !ctrl->use_ocsp))
{
audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK,
gpg_error (GPG_ERR_NOT_ENABLED));
@@ -1749,9 +1749,9 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
if (opt.no_policy_check)
log_info ("policies not checked due to %s option\n",
"--disable-policy-checks");
- if (opt.no_crl_check && !ctrl->use_ocsp)
+ if (ctrl->offline || (opt.no_crl_check && !ctrl->use_ocsp))
log_info ("CRLs not checked due to %s option\n",
- "--disable-crl-checks");
+ ctrl->offline ? "offline" : "--disable-crl-checks");
}
if (!rc)
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 39c3c40..977494c 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -2067,6 +2067,7 @@ gpgsm_init_default_ctrl (struct server_control_s *ctrl)
ctrl->include_certs = default_include_certs;
ctrl->use_ocsp = opt.enable_ocsp;
ctrl->validation_model = default_validation_model;
+ ctrl->offline = opt.disable_dirmngr;
}
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 187ed83..9fc74c3 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -201,6 +201,7 @@ struct server_control_s
int validation_model; /* 0 := standard model (shell),
1 := chain model,
2 := STEED model. */
+ int offline; /* If true gpgsm won't do any network access. */
};
diff --git a/sm/server.c b/sm/server.c
index 0bee5b2..571b079 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -309,6 +309,16 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl->server_local->no_encrypt_to = 1;
}
+ else if (!strcmp (key, "offline"))
+ {
+ /* We ignore this option if gpgsm has been started with
+ --disable-dirmngr (which also sets offline). */
+ if (!opt.disable_dirmngr)
+ {
+ int i = *value? !!atoi (value) : 1;
+ ctrl->offline = i;
+ }
+ }
else
err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
@@ -1093,10 +1103,12 @@ static const char hlp_getinfo[] =
" pid - Return the process id of the server.\n"
" agent-check - Return success if the agent is running.\n"
" cmd_has_option CMD OPT\n"
- " - Returns OK if the command CMD implements the option OPT.";
+ " - Returns OK if the command CMD implements the option OPT.\n"
+ " offline - Returns OK if the conenction is in offline mode.";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
+ ctrl_t ctrl = assuan_get_pointer (ctx);
int rc = 0;
if (!strcmp (line, "version"))
@@ -1113,7 +1125,6 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
else if (!strcmp (line, "agent-check"))
{
- ctrl_t ctrl = assuan_get_pointer (ctx);
rc = gpgsm_agent_send_nop (ctrl);
}
else if (!strncmp (line, "cmd_has_option", 14)
@@ -1148,6 +1159,10 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
}
}
+ else if (!strcmp (line, "offline"))
+ {
+ rc = ctrl->offline? 0 : gpg_error (GPG_ERR_GENERAL);
+ }
else
rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
-----------------------------------------------------------------------
Summary of changes:
doc/gpgsm.texi | 130 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
sm/call-dirmngr.c | 2 +-
sm/certchain.c | 6 +--
sm/gpgsm.c | 1 +
sm/gpgsm.h | 1 +
sm/server.c | 19 +++++++-
6 files changed, 151 insertions(+), 8 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list