[git] Scute - branch, master, updated. scute-1.3.0-71-g5ef976c
by Damien Goutte-Gattat
cvs at cvs.gnupg.org
Thu Jul 6 20:52:59 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "PKCS#11 token on top of gpg-agent".
The branch, master has been updated
via 5ef976c40007ba2b062e9bd63e35bca894c3d9a0 (commit)
via ab5025ab91db937b80427bf7385b4c689e7fa9a6 (commit)
via 1be7674fea72aff49eb13ef96089c766a09239cb (commit)
via a8bfa6306a0114d1e4c3eeaecd15fb07439cb648 (commit)
from 10a19467bc2a95b4aa91176924a91be427d3157a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5ef976c40007ba2b062e9bd63e35bca894c3d9a0
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Wed Jul 5 21:52:25 2017 +0200
Update documentation files.
* AUTHORS: Update bug report submission URL.
* doc/website/contact.xhtml: Likewise.
* NEWS: Update for upcoming release.
* README: Replace libscute.so by scute.so. Indicate that GnuPG 2.1
is required for some features.
* doc/manual/scute.texi: Likewise.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/AUTHORS b/AUTHORS
index 39ab03a..1eba0f1 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,6 +1,6 @@
Package: scute
Maintainer: Marcus Brinkmann <marcus at g10code.com>
-Bug reports: bug-scute at g10code.com
+Bug reports: https://dev.gnupg.org/
Security related bug reports: security at gnupg.org
License: GPLv2+ with exception for Mozilla
diff --git a/NEWS b/NEWS
index dc84747..e6608bb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,16 @@
-Noteworthy changes in version 1.3.0 (2010-04-21)
+Noteworthy changes in version 1.5.0 (unreleased)
+------------------------------------------------
+
+ * Support for TLS 1.2 client authentication and S/MIME signing.
+
+ * Support for 4096 bit keys.
+
+ * Support for GnuPG 2.1.
+
+ * C_GenerateRandom is implemented.
+
+
+Noteworthy changes in version 1.4.0 (2010-04-21)
------------------------------------------------
* Update to libassuan 2.0.0 interface.
diff --git a/README b/README
index 7064b29..4cd9a12 100644
--- a/README
+++ b/README
@@ -42,6 +42,9 @@ At runtime:
* GnuPG 2.0, in particular: gpg-agent, scdaemon
* Pinentry
+Note that client authentication with TLS 1.2 and S/MIME signing
+require GnuPG 2.1.
+
Installation
============
@@ -52,7 +55,7 @@ instructions in the file INSTALL that accompanies this software.
After installation, you can configure Mozilla to use Scute by
visiting the preferences dialog in the "advanced" category, under
"Security Devices". There you can "load" the module from its
-installed path, e.g. "/usr/lib/libscute.so".
+installed path, e.g. "/usr/lib/scute.so".
Client Authentication
@@ -161,7 +164,7 @@ ask when establishing the initial connection).
To actually perform the client authentication, the client needs to set
up the web browser for use with Scute. The Scute PKCS #11 module,
-installed under /usr/lib/libscute.so by default, needs to be loaded as
+installed under /usr/lib/scute.so by default, needs to be loaded as
a security device in Firefox under
Preferences->Advanced->Security->Certificates->Security Devices->Load
When the security device is loaded, card insertion should cause the
diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi
index 7199edf..392cc98 100644
--- a/doc/manual/scute.texi
+++ b/doc/manual/scute.texi
@@ -262,7 +262,9 @@ configured:
@table @asis
@item GnuPG
Scute uses the GnuPG 2.0 framework to access the OpenPGP card and for
-certificate management. The minimum version required is 2.0.0.
+certificate management. The minimum version required is 2.0.0 for
+client authentication with TLS 1.0 and 1.1. Client authentication
+with TLS 1.2, email and document signing require GnuPG 2.1.0.
@item Pinentry
Pinentry is a dependency of GnuPG 2.0, so it also needs to be installed
diff --git a/doc/website/contact.xhtml b/doc/website/contact.xhtml
index 2e070d7..7fbe731 100644
--- a/doc/website/contact.xhtml
+++ b/doc/website/contact.xhtml
@@ -61,7 +61,7 @@
<h2>Bug Reports</h2>
<p>
All bug reports should be submitted to our <a
- href="http://bugs.g10code.com/">bug tracking system</a> or
+ href="https://dev.gnupg.org/">bug tracking system</a> or
sent via e-mail to the <a
href="http://lists.gnupg.org/mailman/listinfo/gnupg-devel">GnuPG
development mailing list.</a> Sensitive information can also
commit ab5025ab91db937b80427bf7385b4c689e7fa9a6
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Tue Jun 6 12:39:08 2017 +0200
Add safety check against bad card certificate.
* src/agent.c (scute_agent_get_cert): Reject card certificate if
it does not start with an ASN.1 sequence tag.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/src/agent.c b/src/agent.c
index cecf570..cfc9a56 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -1043,7 +1043,7 @@ scute_agent_get_cert (int no, struct cert *cert)
err = assuan_transact (agent_ctx, cmd, get_cert_data_cb, &cert_s,
NULL, NULL, NULL, NULL);
/* Just to be safe... */
- if (!err && cert_s.cert_der_len <= 16)
+ if (!err && (cert_s.cert_der_len <= 16 || cert_s.cert_der[0] != 0x30))
{
DEBUG (DBG_INFO, "bad card certificate rejected");
err = gpg_error (GPG_ERR_BAD_CERT);
commit 1be7674fea72aff49eb13ef96089c766a09239cb
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Mon Jan 16 11:32:45 2017 +0100
Cleanup now unused code.
* src/agent.c (build_w32_commandline_copy): Removed.
(build_w32_commandline): Removed.
(spawn_process_detached): Removed.
* src/get-path.c (get_gpg_agent_path): Removed.
(standard_homedir): Removed.
(default_homedir): Removed.
(make_filename): Removed.
* src/support.h: Removed corresponding prototypes.
* configure.ac: Removed --with-gpg-agent option.
--
This patch removes functions that were only used to find the
socket for GnuPG Agent and that are not needed anymore.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/configure.ac b/configure.ac
index 8567a3a..d05785e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -231,14 +231,12 @@ esac
AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")
GPGSM_DEFAULT=no
-GPG_AGENT_DEFAULT=no
GPG_CONNECT_AGENT_DEFAULT=no
have_w32_system=no
case "${host}" in
*-mingw32*)
# special stuff for Windoze NT
GPGSM_DEFAULT='c:\\gnupg\\gpgsm.exe'
- GPG_AGENT_DEFAULT='c:\\gnupg\\gpg-agent.exe'
GPG_CONNECT_AGENT_DEFAULT='c:\\gnupg\\gpg-connect-agent.exe'
have_w32_system=yes
;;
@@ -373,41 +371,6 @@ if test "$ok" = "maybe"; then
fi
gpgsm_ok="$ok"
-# GPG_AGENT
-NO_OVERRIDE=no
-AC_ARG_WITH(gpg-agent,
- AC_HELP_STRING([--with-gpg-agent=PATH], [use GPG Agent binary at PATH]),
- GPG_AGENT=$withval, NO_OVERRIDE=yes)
-if test "$NO_OVERRIDE" = "yes" || test "$GPG_AGENT" = "yes"; then
- GPG_AGENT=
- NO_OVERRIDE=yes
- if test "$cross_compiling" != "yes"; then
- AC_PATH_PROG(GPG_AGENT, gpg-agent)
- fi
- if test -z "$GPG_AGENT"; then
- GPG_AGENT="$GPG_AGENT_DEFAULT"
- fi
-fi
-if test "$GPG_AGENT" = no; then
- if test "$NO_OVERRIDE" = "yes"; then
- if test "$cross_compiling" != "yes"; then
- AC_MSG_WARN([
-***
-*** Could not find GPG Agent, install GPG Agent or use --with-gpg-agent=PATH to enable it
-***])
- else
- AC_MSG_ERROR([
-***
-*** Can not determine path to GPG Agent when cross-compiling, use --with-gpg-agent=PATH
-***])
- fi
- fi
-else
- AC_DEFINE_UNQUOTED(GPG_AGENT_PATH, "$GPG_AGENT", [Path to the GPG_AGENT binary.])
- AC_DEFINE(ENABLE_GPG_AGENT,1, [Whether GPG Agent support is enabled])
-fi
-AM_CONDITIONAL(HAVE_GPG_AGENT, test "$GPG_AGENT" != "no")
-
# GPG_CONNECT_AGENT
NO_OVERRIDE=no
AC_ARG_WITH(gpg-connect-agent,
diff --git a/src/agent.c b/src/agent.c
index 6ee106c..cecf570 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -79,155 +79,6 @@ gnupg_allow_set_foregound_window (pid_t pid)
}
-#ifdef HAVE_W32_SYSTEM
-/* Helper function to build_w32_commandline. */
-static char *
-build_w32_commandline_copy (char *buffer, const char *string)
-{
- char *p = buffer;
- const char *s;
-
- if (!*string) /* Empty string. */
- p = stpcpy (p, "\"\"");
- else if (strpbrk (string, " \t\n\v\f\""))
- {
- /* Need top do some kind of quoting. */
- p = stpcpy (p, "\"");
- for (s=string; *s; s++)
- {
- *p++ = *s;
- if (*s == '\"')
- *p++ = *s;
- }
- *p++ = '\"';
- *p = 0;
- }
- else
- p = stpcpy (p, string);
-
- return p;
-}
-
-
-/* Build a command line for use with W32's CreateProcess. On success
- CMDLINE gets the address of a newly allocated string. */
-static gpg_error_t
-build_w32_commandline (const char *pgmname, const char * const *argv,
- char **cmdline)
-{
- int i, n;
- const char *s;
- char *buf, *p;
-
- *cmdline = NULL;
- n = 0;
- s = pgmname;
- n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */
- for (; *s; s++)
- if (*s == '\"')
- n++; /* Need to double inner quotes. */
- for (i=0; (s=argv[i]); i++)
- {
- n += strlen (s) + 1 + 2; /* (1 space, 2 quoting */
- for (; *s; s++)
- if (*s == '\"')
- n++; /* Need to double inner quotes. */
- }
- n++;
-
- buf = p = malloc (n);
- if (!buf)
- return gpg_error_from_syserror ();
-
- p = build_w32_commandline_copy (p, pgmname);
- for (i=0; argv[i]; i++)
- {
- *p++ = ' ';
- p = build_w32_commandline_copy (p, argv[i]);
- }
-
- *cmdline= buf;
- return 0;
-}
-
-
-/* Spawn a new process and immediately detach from it. The name of
- the program to exec is PGMNAME and its arguments are in ARGV (the
- programname is automatically passed as first argument). An error
- is returned if pgmname is not executable; to make this work it is
- necessary to provide an absolute file name. All standard file
- descriptors are connected to /dev/null. */
-static gpg_error_t
-spawn_process_detached (const char *pgmname, const char *argv[])
-{
- gpg_error_t err;
- SECURITY_ATTRIBUTES sec_attr;
- PROCESS_INFORMATION pi =
- {
- NULL, /* Returns process handle. */
- 0, /* Returns primary thread handle. */
- 0, /* Returns pid. */
- 0 /* Returns tid. */
- };
- STARTUPINFO si;
- int cr_flags;
- char *cmdline;
-
- if (access (pgmname, X_OK))
- return gpg_error_from_syserror ();
-
- /* Prepare security attributes. */
- memset (&sec_attr, 0, sizeof sec_attr );
- sec_attr.nLength = sizeof sec_attr;
- sec_attr.bInheritHandle = FALSE;
-
- /* Build the command line. */
- err = build_w32_commandline (pgmname, argv, &cmdline);
- if (err)
- return err;
-
- /* Start the process. */
- memset (&si, 0, sizeof si);
- si.cb = sizeof (si);
- si.dwFlags = STARTF_USESHOWWINDOW;
- si.wShowWindow = SW_MINIMIZE;
-
- cr_flags = (CREATE_DEFAULT_ERROR_MODE
- | GetPriorityClass (GetCurrentProcess ())
- | CREATE_NEW_PROCESS_GROUP
- | DETACHED_PROCESS);
- DEBUG (DBG_INFO, "CreateProcess(detached), path=`%s' cmdline=`%s'\n",
- pgmname, cmdline);
- if (!CreateProcess (pgmname, /* Program to start. */
- cmdline, /* Command line arguments. */
- &sec_attr, /* Process security attributes. */
- &sec_attr, /* Thread security attributes. */
- FALSE, /* Inherit handles. */
- cr_flags, /* Creation flags. */
- NULL, /* Environment. */
- NULL, /* Use current drive/directory. */
- &si, /* Startup information. */
- &pi /* Returns process information. */
- ))
- {
- DEBUG (DBG_CRIT, "CreateProcess(detached) failed: %i\n",
- GetLastError ());
- free (cmdline);
- return gpg_error (GPG_ERR_GENERAL);
- }
- free (cmdline);
- cmdline = NULL;
-
- DEBUG (DBG_INFO, "CreateProcess(detached) ready: hProcess=%p hThread=%p"
- " dwProcessID=%d dwThreadId=%d\n", pi.hProcess, pi.hThread,
- (int) pi.dwProcessId, (int) pi.dwThreadId);
-
- CloseHandle (pi.hThread);
-
- return 0;
-}
-#endif
-
/* Establish a connection to a running GPG agent. */
static gpg_error_t
diff --git a/src/get-path.c b/src/get-path.c
index cb0a136..bb24b12 100644
--- a/src/get-path.c
+++ b/src/get-path.c
@@ -33,13 +33,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <assert.h>
-#include <errno.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <signal.h>
-#include <fcntl.h>
-#include <stdarg.h>
#ifdef HAVE_W32_SYSTEM
#include <windows.h>
#include <shlobj.h>
@@ -49,23 +42,6 @@
#include "support.h"
#ifdef HAVE_W32_SYSTEM
-#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
-#elif defined(__VMS)
-#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg"
-#else
-#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
-#endif
-
-#ifdef HAVE_DOSISH_SYSTEM
-#define DIRSEP_C '\\'
-#define DIRSEP_S "\\"
-#else
-#define DIRSEP_C '/'
-#define DIRSEP_S "/"
-#endif
-
-
-#ifdef HAVE_W32_SYSTEM
#define RTLD_LAZY 0
static __inline__ void *
@@ -319,23 +295,6 @@ get_gpgsm_path (void)
const char *
-get_gpg_agent_path (void)
-{
- static const char *pgmname;
-
-#ifdef HAVE_W32_SYSTEM
- if (!pgmname)
- pgmname = find_program_in_inst_dir ("gpg-agent.exe");
- if (!pgmname)
- pgmname = find_program_at_standard_place ("GNU\\GnuPG\\gpg-agent.exe");
-#endif
- if (!pgmname)
- pgmname = GPG_AGENT_PATH;
- return pgmname;
-}
-
-
-const char *
get_gpg_connect_agent_path (void)
{
static const char *pgmname;
@@ -350,161 +309,3 @@ get_gpg_connect_agent_path (void)
pgmname = GPG_CONNECT_AGENT_PATH;
return pgmname;
}
-
-
-
-/* Home directory. */
-
-#ifdef HAVE_W32_SYSTEM
-#ifndef CSIDL_APPDATA
-#define CSIDL_APPDATA 0x001a
-#endif
-#ifndef CSIDL_LOCAL_APPDATA
-#define CSIDL_LOCAL_APPDATA 0x001c
-#endif
-#ifndef CSIDL_COMMON_APPDATA
-#define CSIDL_COMMON_APPDATA 0x0023
-#endif
-#ifndef CSIDL_FLAG_CREATE
-#define CSIDL_FLAG_CREATE 0x8000
-#endif
-#endif /*HAVE_W32_SYSTEM*/
-
-/* Get the standard home directory. In general this function should
- not be used as it does not consider a registry value (under W32) or
- the GNUPGHOME environment variable. It is better to use
- default_homedir(). */
-const char *
-standard_homedir (void)
-{
-#ifdef HAVE_W32_SYSTEM
- static const char *dir;
-
- if (!dir)
- {
- char path[MAX_PATH];
-
- /* It might be better to use LOCAL_APPDATA because this is
- defined as "non roaming" and thus more likely to be kept
- locally. For private keys this is desired. However, given
- that many users copy private keys anyway forth and back,
- using a system roaming services might be better than to let
- them do it manually. A security conscious user will anyway
- use the registry entry to have better control. */
- if (w32_shgetfolderpath (NULL, CSIDL_APPDATA|CSIDL_FLAG_CREATE,
- NULL, 0, path) >= 0)
- {
- char *tmp = malloc (strlen (path) + 6 +1);
- if (tmp)
- {
- strcpy (stpcpy (tmp, path), "\\gnupg");
- dir = tmp;
-
- /* Try to create the directory if it does not yet exists. */
- if (access (dir, F_OK))
- CreateDirectory (dir, NULL);
- }
- }
-
- if (!dir)
- dir = GNUPG_DEFAULT_HOMEDIR;
- }
- return dir;
-#else/*!HAVE_W32_SYSTEM*/
- return GNUPG_DEFAULT_HOMEDIR;
-#endif /*!HAVE_W32_SYSTEM*/
-}
-
-/* Set up the default home directory. The usual --homedir option
- should be parsed later. */
-const char *
-default_homedir (void)
-{
- const char *dir;
-
- dir = getenv ("GNUPGHOME");
-#ifdef HAVE_W32_SYSTEM
- if (!dir || !*dir)
- {
- static const char *saved_dir;
-
- if (!saved_dir)
- {
- if (!dir || !*dir)
- {
- char *tmp;
-
- tmp = read_w32_registry_string (NULL, "Software\\GNU\\GnuPG",
- "HomeDir");
- if (tmp && *tmp)
- {
- free (tmp);
- tmp = NULL;
- }
- if (tmp)
- saved_dir = tmp;
- }
-
- if (!saved_dir)
- saved_dir = standard_homedir ();
- }
- dir = saved_dir;
- }
-#endif /*HAVE_W32_SYSTEM*/
- if (!dir || !*dir)
- dir = GNUPG_DEFAULT_HOMEDIR;
-
- return dir;
-}
-
-
-/* Construct a filename from the NULL terminated list of parts. Tilde
- expansion is done here. */
-char *
-make_filename (const char *first_part, ...)
-{
- va_list arg_ptr;
- size_t n;
- const char *s;
- char *name;
- char *home;
- char *p;
-
- va_start (arg_ptr, first_part);
- n = strlen (first_part) + 1;
- while ((s = va_arg (arg_ptr, const char *)))
- n += strlen (s) + 1;
- va_end (arg_ptr);
-
- home = NULL;
- if (*first_part == '~' && first_part[1] == '/'
- && (home = getenv("HOME")) && *home)
- n += strlen (home);
-
- name = malloc (n);
- if (! name)
- return NULL;
- p = (home
- ? stpcpy (stpcpy (name,home), first_part + 1)
- : stpcpy (name, first_part));
-
- va_start (arg_ptr, first_part);
- while ((s = va_arg(arg_ptr, const char *)))
- p = stpcpy (stpcpy (p,"/"), s);
- va_end (arg_ptr);
-
-#ifdef HAVE_W32_SYSTEM
- /* We better avoid mixing slashes and backslashes and prefer
- backslashes. There is usual no problem with mixing them, however
- a very few W32 API calls can't grok plain slashes. Printing
- filenames with mixed slashes also looks a bit strange. */
- if (strchr (name, '\\'))
- {
- for (p = name; *p; p++)
- if (*p == '/')
- *p = '\\';
- }
-#endif
-
- return name;
-}
diff --git a/src/support.h b/src/support.h
index 739d124..38149ad 100644
--- a/src/support.h
+++ b/src/support.h
@@ -84,17 +84,8 @@ stpcpy (char *a, const char *b)
const char *get_gpgsm_path (void);
-const char *get_gpg_agent_path (void);
const char *get_gpg_connect_agent_path (void);
-/* Set up the default home directory. The usual --homedir option
- should be parsed later. */
-const char *default_homedir (void);
-
-/* Construct a filename from the NULL terminated list of parts. Tilde
- expansion is done here. */
-char *make_filename (const char *first_part, ...);
-
#endif /* !SUPPORT_H */
commit a8bfa6306a0114d1e4c3eeaecd15fb07439cb648
Author: Damien Goutte-Gattat <dgouttegattat at incenp.org>
Date: Mon Jan 16 11:49:18 2017 +0100
Get GPG Agent's socket directly from the agent.
* src/agent.c (agent_connect): Call gpg-connect-agent to get
the socket for a running agent.
* src/get-path.c (get_gpg_connect_agent_path): New function.
* src/support.h (get_gpg_connect_agent_path): New prototype.
* configure.ac: New option --with-gpg-connect-agent-path.
--
This patch replaces all the logic needed to find the socket for
a running GnuPG Agent by a single call to gpg-connect-agent.
This will ensure we will always be able to find the agent,
without having to duplicate the logic already implemented in
GnuPG. Gpg-connect-agent will also take care of starting the
agent if it's not already running.
GnuPG-bug-id: 3195
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
diff --git a/configure.ac b/configure.ac
index 1e4137d..8567a3a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -232,12 +232,14 @@ AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")
GPGSM_DEFAULT=no
GPG_AGENT_DEFAULT=no
+GPG_CONNECT_AGENT_DEFAULT=no
have_w32_system=no
case "${host}" in
*-mingw32*)
# special stuff for Windoze NT
GPGSM_DEFAULT='c:\\gnupg\\gpgsm.exe'
GPG_AGENT_DEFAULT='c:\\gnupg\\gpg-agent.exe'
+ GPG_CONNECT_AGENT_DEFAULT='c:\\gnupg\\gpg-connect-agent.exe'
have_w32_system=yes
;;
*)
@@ -406,6 +408,41 @@ else
fi
AM_CONDITIONAL(HAVE_GPG_AGENT, test "$GPG_AGENT" != "no")
+# GPG_CONNECT_AGENT
+NO_OVERRIDE=no
+AC_ARG_WITH(gpg-connect-agent,
+ AC_HELP_STRING([--with-gpg-connect-agent=PATH],
+ [use gpg-connect-agent binary at PATH]),
+ GPG_CONNECT_AGENT=$withval, NO_OVERRIDE=yes)
+if test "$NO_OVERRIDE" = "yes" || test "$GPG_CONNECT_AGENT" = "yes"; then
+ GPG_CONNECT_AGENT=
+ NO_OVERRIDE=yes
+ if test "$cross_compiling" != "yes"; then
+ AC_PATH_PROG(GPG_CONNECT_AGENT, gpg-connect-agent)
+ fi
+ if test -z "$GPG_CONNECT_AGENT"; then
+ GPG_CONNECT_AGENT="$GPG_CONNECT_AGENT_DEFAULT"
+ fi
+fi
+if test "$GPG_CONNECT_AGENT" = no; then
+ if test "$NO_OVERRIDE" = "yes"; then
+ if test "$cross_compiling" != "yes"; then
+ AC_MSG_WARN([
+***
+*** Could not find gpg-connect-agent, use --with-gpg-connect-agent=PATH to enable it
+***])
+ else
+ AC_MSG_WARN([
+***
+*** Can not determine path to gpg-connect-agent when cross-compiling, use --with-gpg-connect-agent=PATH
+***])
+ fi
+ fi
+else
+ AC_DEFINE_UNQUOTED(GPG_CONNECT_AGENT_PATH, "$GPG_CONNECT_AGENT",
+ [Path to the GPG_CONNECT_AGENT binary.])
+fi
+
# Checks for header files.
AC_HEADER_STDC
diff --git a/src/agent.c b/src/agent.c
index 75d4933..6ee106c 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -233,151 +233,59 @@ spawn_process_detached (const char *pgmname, const char *argv[])
static gpg_error_t
agent_connect (assuan_context_t *ctx_r)
{
- /* If we ever failed to connect via a socket we will force the use
- of the pipe based server for the lifetime of the process. */
- static int force_pipe_server = 0;
-
gpg_error_t err = 0;
- char *infostr;
- char *ptr;
assuan_context_t ctx = NULL;
+ char buffer[255];
+ FILE *p;
- err = assuan_new (&ctx);
- if (err)
- return err;
-
- restart:
-
- infostr = force_pipe_server ? NULL : getenv ("GPG_AGENT_INFO");
- if (!infostr || !*infostr)
- {
- char *sockname;
-
- /* First check whether we can connect at the standard
- socket. */
- sockname = make_filename (default_homedir (), "S.gpg-agent", NULL);
- if (! sockname)
- return gpg_error_from_errno (errno);
-
- err = assuan_socket_connect (ctx, sockname, 0, 0);
- if (err)
- {
- const char *agent_program;
-
- /* With no success start a new server. */
- DEBUG (DBG_INFO, "no running GPG agent at %s, starting one\n",
- sockname);
-
- agent_program = get_gpg_agent_path ();
-
+ /* Use gpg-connect-agent to obtain the socket name
+ * directly from the agent itself. */
+ snprintf (buffer, sizeof buffer, "%s 'GETINFO socket_name' /bye",
+ get_gpg_connect_agent_path ());
#ifdef HAVE_W32_SYSTEM
- {
- /* Under Windows we start the server in daemon mode. This
- is because the default is to use the standard socket
- and thus there is no need for the GPG_AGENT_INFO
- envvar. This is possible as we don't have a real unix
- domain socket but use a plain file and thus there is no
- need to care about non-local file systems. */
- const char *argv[3];
-
- argv[0] = "--daemon";
- argv[1] = "--use-standard-socket";
- argv[2] = NULL;
-
- err = spawn_process_detached (agent_program, argv);
- if (err)
- DEBUG (DBG_CRIT, "failed to start agent `%s': %s\n",
- agent_program, gpg_strerror (err));
- else
- {
- /* Give the agent some time to prepare itself. */
- Sleep (3 * 1000);
- /* Now try again to connect the agent. */
- err = assuan_socket_connect (ctx_r, sockname, 0, 0);
- }
- }
-#else /*!HAVE_W32_SYSTEM*/
- {
- const char *pgmname;
- const char *argv[3];
- int no_close_list[3];
- int i;
-
- if ( !(pgmname = strrchr (agent_program, '/')))
- pgmname = agent_program;
- else
- pgmname++;
-
- argv[0] = pgmname;
- argv[1] = "--server";
- argv[2] = NULL;
-
- i=0;
- no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
- no_close_list[i] = -1;
-
- /* Connect to the agent and perform initial handshaking. */
- err = assuan_pipe_connect (ctx, agent_program, argv,
- no_close_list, NULL, NULL, 0);
- }
-#endif /*!HAVE_W32_SYSTEM*/
- }
- free (sockname);
- }
- else
+ p = _popen (buffer, "r");
+#else
+ p = popen (buffer, "r");
+#endif
+ if (p)
{
- int pid;
- int protocol_version;
+ int ret;
- infostr = strdup (infostr);
- if (!infostr)
- return gpg_error_from_errno (errno);
-
- if (!(ptr = strchr (infostr, PATHSEP_C)) || ptr == infostr)
- {
- DEBUG (DBG_CRIT, "malformed GPG_AGENT_INFO environment variable");
- free (infostr);
- force_pipe_server = 1;
- goto restart;
- }
-
- *(ptr++) = 0;
- pid = atoi (ptr);
- while (*ptr && *ptr != PATHSEP_C)
- ptr++;
- protocol_version = *ptr ? atoi (ptr + 1) : 0;
- if (protocol_version != 1)
- {
- DEBUG (DBG_CRIT, "GPG agent protocol version '%d' not supported",
- protocol_version);
- free (infostr);
- force_pipe_server = 1;
- goto restart;
- }
+ ret = fscanf (p, "D %254s\nOK\n", buffer);
+ if (ret == EOF) /* I/O error? */
+ err = gpg_error_from_errno (errno);
+ else if (ret != 1) /* Unexpected reply */
+ err = gpg_error (GPG_ERR_NO_AGENT);
- err = assuan_socket_connect (ctx, infostr, pid, 0);
- free (infostr);
- if (err)
- {
- DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err));
- force_pipe_server = 1;
- goto restart;
- }
+ pclose (p);
}
+ else
+ err = gpg_error_from_errno (errno);
- if (err)
+ /* Then connect to the socket we got. */
+ if (!err)
{
- assuan_release (ctx);
- DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err));
- return gpg_error (GPG_ERR_NO_AGENT);
+ err = assuan_new (&ctx);
+ if (!err)
+ {
+ err = assuan_socket_connect (ctx, buffer, 0, 0);
+ if (!err)
+ {
+ *ctx_r = ctx;
+ if (_scute_debug_flags & DBG_ASSUAN)
+ assuan_set_log_stream (*ctx_r, _scute_debug_stream);
+ }
+ else
+ assuan_release (ctx);
+ }
}
- if (_scute_debug_flags & DBG_ASSUAN)
- assuan_set_log_stream (*ctx_r, _scute_debug_stream);
-
- *ctx_r = ctx;
+ /* We do not try any harder. If gpg-connect-agent somehow failed
+ * to give us a suitable socket, we probably cannot do better. */
+ if (err)
+ DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err));
- return 0;
+ return err;
}
diff --git a/src/get-path.c b/src/get-path.c
index 0abd863..cb0a136 100644
--- a/src/get-path.c
+++ b/src/get-path.c
@@ -335,6 +335,23 @@ get_gpg_agent_path (void)
}
+const char *
+get_gpg_connect_agent_path (void)
+{
+ static const char *pgmname;
+
+#ifdef HAVE_W32_SYSTEM
+ if (!pgmname)
+ pgmname = find_program_in_inst_dir ("gpg-connect-agent.exe");
+ if (!pgmname)
+ pgmname = find_program_at_standard_place ("GNU\\GnuPG\\gpg-connect-agent.exe");
+#endif
+ if (!pgmname)
+ pgmname = GPG_CONNECT_AGENT_PATH;
+ return pgmname;
+}
+
+
/* Home directory. */
diff --git a/src/support.h b/src/support.h
index 3356224..739d124 100644
--- a/src/support.h
+++ b/src/support.h
@@ -85,6 +85,7 @@ stpcpy (char *a, const char *b)
const char *get_gpgsm_path (void);
const char *get_gpg_agent_path (void);
+const char *get_gpg_connect_agent_path (void);
/* Set up the default home directory. The usual --homedir option
should be parsed later. */
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 2 +-
NEWS | 14 +-
README | 7 +-
configure.ac | 36 +++---
doc/manual/scute.texi | 4 +-
doc/website/contact.xhtml | 2 +-
src/agent.c | 323 ++++++----------------------------------------
src/get-path.c | 190 +--------------------------
src/support.h | 10 +-
9 files changed, 87 insertions(+), 501 deletions(-)
hooks/post-receive
--
PKCS#11 token on top of gpg-agent
http://git.gnupg.org
More information about the Gnupg-commits
mailing list