~ubuntu-branches/ubuntu/jaunty/gnupg2/jaunty-security

Committer: Bazaar Package Importer
Author(s): Eric Dorland
Date: 2008-04-28 03:22:20 UTC
mfrom: (1.1.10 upstream)
mto: This revision was merged to the branch mainline in revision 6.
Revision ID: james.westby@ubuntu.com-20080428032220-a8rl6klzavd4nvr4

Tags: 2.0.9-2

http://bugs.debian.org/459462

http://bugs.debian.org/477691

http://bugs.debian.org/462951

http://bugs.debian.org/476999

* The "I've neglected you too long" release.

* debian/control:
  - Add recommends on gnupg-agent for gpgsm and gnupg2, since they need
    it under most circumstances. (Closes: #459462, #477691)
  - Depend on pinentry instead of recommend, and move pinentry-gtk2 to the
    front of the alternatives list. (Closes: #462951)
* keyserver/gpgkeys_curl.c, keyserver/gpgkeys_hkp.c: Fix FTBFS with gcc
  4.3 strictness on bitfields combined with curl. (Closes: #476999)

files added:
common/audit-events.h

common/audit.c

common/audit.h

common/exaudit.awk

common/exstatus.awk

common/helpfile.c

common/localename.c

common/mkstrtable.awk

common/status-codes.h

common/status.c

common/status.h

common/t-helpfile.c

common/t-sexputil.c

doc/help.be.txt

doc/help.ca.txt

doc/help.cs.txt

doc/help.da.txt

doc/help.de.txt

doc/help.el.txt

doc/help.eo.txt

doc/help.es.txt

doc/help.et.txt

doc/help.fi.txt

doc/help.fr.txt

doc/help.gl.txt

doc/help.hu.txt

doc/help.id.txt

doc/help.it.txt

doc/help.ja.txt

doc/help.nb.txt

doc/help.pl.txt

doc/help.pt.txt

doc/help.pt_BR.txt

doc/help.ro.txt

doc/help.ru.txt

doc/help.sk.txt

doc/help.sv.txt

doc/help.tr.txt

doc/help.txt

doc/help.zh_CN.txt

doc/help.zh_TW.txt

g10/cpr.c

tests/openpgp/bug894-test.asc

tests/openpgp/import.test

tests/pkits

tests/pkits/ChangeLog

tests/pkits/Makefile.am

tests/pkits/Makefile.in

tests/pkits/README

tests/pkits/basic-certificate-revocation

tests/pkits/certificate-policies

tests/pkits/common.sh

tests/pkits/delta-crls

tests/pkits/distribution-points

tests/pkits/import-all-certs

tests/pkits/inhibit-any-policy

tests/pkits/inhibit-policy-mapping

tests/pkits/inittests

tests/pkits/key-usage

tests/pkits/name-constraints

tests/pkits/policy-mappings

tests/pkits/private-certificate-extensions

tests/pkits/require-explicit-policy

tests/pkits/runtest

tests/pkits/signature-verification

tests/pkits/validate-all-certs

tests/pkits/validity-periods

tests/pkits/verifying-basic-constraints

tests/pkits/verifying-name-chaining

tests/pkits/verifying-paths-self-issued

files removed:
common/errors.h

g10/status.c

g10/status.h

files modified:
ABOUT-NLS

AUTHORS

ChangeLog

Makefile.in

NEWS

README

THANKS

TODO

VERSION

aclocal.m4

agent/ChangeLog

agent/Makefile.in

agent/agent.h

agent/call-pinentry.c

agent/call-scd.c

agent/command-ssh.c

agent/command.c

agent/genkey.c

agent/gpg-agent.c

agent/protect-tool.c

common/ChangeLog

common/Makefile.am

common/Makefile.in

common/asshelp.c

common/asshelp.h

common/exechelp.c

common/exechelp.h

common/homedir.c

common/i18n.c

common/i18n.h

common/iobuf.c

common/membuf.h

common/pka.c

common/sexp-parse.h

common/sexputil.c

common/simple-pwquery.c

common/sysutils.c

common/sysutils.h

common/util.h

common/xreadline.c

config.guess

config.h.in

config.sub

configure

configure.ac

debian/changelog

debian/control

debian/rules

debian/watch

doc/ChangeLog

doc/DETAILS

doc/Makefile.am

doc/Makefile.in

doc/TRANSLATE

doc/com-certs.pem

doc/debugging.texi

doc/examples/gpgconf.conf

doc/examples/trustlist.txt

doc/gnupg.info

doc/gnupg.info-1

doc/gnupg.info-2

doc/gpg-agent.texi

doc/gpg.texi

doc/gpgsm.texi

doc/qualified.txt

doc/scdaemon.texi

doc/specify-user-id.texi

doc/stamp-vti

doc/tools.texi

doc/version.texi

doc/yat2m.c

g10/ChangeLog

g10/Makefile.am

g10/Makefile.in

g10/armor.c

g10/build-packet.c

g10/call-agent.c

g10/card-util.c

g10/cipher.c

g10/dearmor.c

g10/decrypt.c

g10/delkey.c

g10/encode.c

g10/encr-data.c

g10/export.c

g10/getkey.c

g10/gpg.c

g10/helptext.c

g10/import.c

g10/keydb.c

g10/keyedit.c

g10/keygen.c

g10/keylist.c

g10/keyserver.c

g10/main.h

g10/mainproc.c

g10/mdfilter.c

g10/misc.c

g10/options.h

g10/options.skel

g10/parse-packet.c

g10/passphrase.c

g10/pkclist.c

g10/pubkey-enc.c

g10/revoke.c

g10/seckey-cert.c

g10/server.c

g10/sign.c

g10/skclist.c

g10/tdbdump.c

g10/tdbio.c

g10/textfilter.c

g10/trustdb.c

g10/verify.c

gl/Makefile.in

gl/allocsa.h

gl/m4/allocsa.m4

gl/m4/gnulib-comp.m4

include/ChangeLog

include/Makefile.in

include/cipher.h

jnlib/ChangeLog

jnlib/Makefile.in

jnlib/argparse.c

jnlib/dotlock.c

jnlib/logging.c

jnlib/stringhelp.c

jnlib/stringhelp.h

jnlib/w32-afunix.c

jnlib/w32-afunix.h

jnlib/w32-gettext.c

jnlib/w32help.h

kbx/ChangeLog

kbx/Makefile.in

kbx/keybox-blob.c

keyserver/ChangeLog

keyserver/Makefile.in

keyserver/gpgkeys_curl.c

keyserver/gpgkeys_hkp.c

keyserver/gpgkeys_ldap.c

m4/ChangeLog

m4/Makefile.in

m4/gettext.m4

m4/iconv.m4

m4/ldap.m4

m4/lib-link.m4

m4/po.m4

po/ChangeLog

po/Makefile.in.in

po/POTFILES.in

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/nb.gmo

po/nb.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scd/ChangeLog

scd/Makefile.in

scd/app-openpgp.c

scd/command.c

scd/scdaemon.c

scd/scdaemon.h

scripts/ChangeLog

scripts/config.guess

scripts/config.rpath

scripts/config.sub

sm/ChangeLog

sm/Makefile.in

sm/call-agent.c

sm/call-dirmngr.c

sm/certchain.c

sm/certdump.c

sm/certlist.c

sm/encrypt.c

sm/export.c

sm/gpgsm.c

sm/gpgsm.h

sm/import.c

sm/keylist.c

sm/misc.c

sm/qualified.c

sm/server.c

sm/sign.c

sm/verify.c

tests/ChangeLog

tests/Makefile.am

tests/Makefile.in

tests/asschk.c

tests/openpgp/ChangeLog

tests/openpgp/Makefile.am

tests/openpgp/Makefile.in

tests/openpgp/armdetach.test

tests/openpgp/armdetachm.test

tests/openpgp/armencrypt.test

tests/openpgp/armencryptp.test

tests/openpgp/armor.test

tests/openpgp/armsignencrypt.test

tests/openpgp/armsigs.test

tests/openpgp/clearsig.test

tests/openpgp/conventional-mdc.test

tests/openpgp/conventional.test

tests/openpgp/decrypt-dsa.test

tests/openpgp/decrypt.test

tests/openpgp/defs.inc *

tests/openpgp/detach.test

tests/openpgp/detachm.test

tests/openpgp/encrypt-dsa.test

tests/openpgp/encrypt.test

tests/openpgp/encryptp.test

tests/openpgp/genkey1024.test

tests/openpgp/mds.test

tests/openpgp/multisig.test

tests/openpgp/seat.test

tests/openpgp/signencrypt-dsa.test

tests/openpgp/signencrypt.test

tests/openpgp/sigs-dsa.test

tests/openpgp/sigs.test

tests/openpgp/verify.test

tests/openpgp/version.test

tools/ChangeLog

tools/Makefile.am

tools/Makefile.in

tools/gpg-connect-agent.c

tools/gpgconf-comp.c

tools/gpgconf.c

tools/gpgconf.h

tools/no-libgcrypt.c

tools/symcryptrun.c

version

Show diffs side-by-side

added added

removed removed

agent/gpg-agent.c

#define JNLIB_NEED_LOG_LOGV

#include "agent.h"

#include <assuan.h> /* Malloc hooks */

#include <assuan.h> /* Malloc hooks and socket wrappers. */

#include "i18n.h"

#include "mkdtemp.h" /* Gnulib replacement. */

#include "sysutils.h"

#ifdef HAVE_W32_SYSTEM

# include "../jnlib/w32-afunix.h"

#endif

#include "setenv.h"

#include "gc-opt-flags.h"

oTTYtype,

oLCctype,

oLCmessages,

oXauthority,

oScdaemonProgram,

oDefCacheTTL,

oDefCacheTTLSSH,

147

146

{ oTTYtype, "ttytype", 2, "@" },

148

147

{ oLCctype, "lc-ctype", 2, "@" },

149

148

{ oLCmessages, "lc-messages", 2, "@" },

150

{ oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")},

149

{ oXauthority, "xauthority", 2, "@" },

150

{ oKeepTTY, "keep-tty", 0, N_("ignore requests to change the TTY")},

151

{ oKeepDISPLAY, "keep-display",

152

0, N_("ignore requests to change the X display")},

153

207

/* Name of the communication socket used for ssh-agent-emulation. */

208

static char *socket_name_ssh;

209

210

/* We need to keep track of the server's nonces (these are dummies for

211

POSIX systems). */

212

static assuan_sock_nonce_t socket_nonce;

213

static assuan_sock_nonce_t socket_nonce_ssh;

214

215

210

216

/* Default values for options passed to the pinentry. */

211

217

static char *default_display;

212

218

static char *default_ttyname;

213

219

static char *default_ttytype;

214

220

static char *default_lc_ctype;

215

221

static char *default_lc_messages;

222

static char *default_xauthority;

216

223

217

224

/* Name of a config file, which will be reread on a HUP if it is not NULL. */

218

225

static char *config_filename;

236

243

237

244

static char *create_socket_name (int use_standard_socket,

238

245

char *standard_name, char *template);

239

static int create_server_socket (int is_standard_name, char *name);

246

static gnupg_fd_t create_server_socket (int is_standard_name, char *name,

247

int is_ssh,

248

assuan_sock_nonce_t *nonce);

240

249

static void create_directories (void);

241

250

242

251

static void agent_init_default_ctrl (ctrl_t ctrl);

243

252

static void agent_deinit_default_ctrl (ctrl_t ctrl);

244

253

245

static void handle_connections (int listen_fd, int listen_fd_ssh);

254

static void handle_connections (gnupg_fd_t listen_fd,

255

gnupg_fd_t listen_fd_ssh);

246

256

static int check_for_running_agent (int silent, int mode);

247

257

248

258

/* Pth wrapper function definitions. */

477

487

char *logfile = NULL;

478

488

int debug_wait = 0;

479

489

int gpgconf_list = 0;

480

int standard_socket = 0;

490

int use_standard_socket = 0;

481

491

gpg_error_t err;

482

492

const char *env_file_name = NULL;

483

493

526

536

/* Set default options. */

527

537

parse_rereadable_options (NULL, 0); /* Reset them to default values. */

528

538

#ifdef HAVE_W32_SYSTEM

529

standard_socket = 1; /* Under Windows we always use a standard

530

socket. */

539

use_standard_socket = 1; /* Under Windows we always use a standard

540

socket. */

531

541

#endif

532

542

533

543

shell = getenv ("SHELL");

553

563

opt.startup_lc_messages = getenv ("LC_MESSAGES");

554

564

if (opt.startup_lc_messages)

555

565

opt.startup_lc_messages = xstrdup (opt.startup_lc_messages);

566

opt.startup_xauthority = getenv ("XAUTHORITY");

567

if (opt.startup_xauthority)

568

opt.startup_xauthority = xstrdup (opt.startup_xauthority);

569

opt.startup_pinentry_user_data = getenv ("PINENTRY_USER_DATA");

570

if (opt.startup_pinentry_user_data)

571

opt.startup_pinentry_user_data = xstrdup (opt.startup_pinentry_user_data);

556

572

557

573

/* Check whether we have a config file on the commandline */

558

574

orig_argc = argc;

656

672

case oTTYtype: default_ttytype = xstrdup (pargs.r.ret_str); break;

657

673

case oLCctype: default_lc_ctype = xstrdup (pargs.r.ret_str); break;

658

674

case oLCmessages: default_lc_messages = xstrdup (pargs.r.ret_str);

675

case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);

659

676

break;

660

677

661

case oUseStandardSocket: standard_socket = 1; break;

662

case oNoUseStandardSocket: standard_socket = 0; break;

678

case oUseStandardSocket: use_standard_socket = 1; break;

679

case oNoUseStandardSocket: use_standard_socket = 0; break;

663

680

664

681

case oFakedSystemTime:

665

682

{

845

862

agent_exit (1);

846

863

}

847

864

agent_init_default_ctrl (ctrl);

848

start_command_handler (ctrl, -1, -1);

865

start_command_handler (ctrl, GNUPG_INVALID_FD, GNUPG_INVALID_FD);

849

866

agent_deinit_default_ctrl (ctrl);

850

867

xfree (ctrl);

851

868

}

853

870

; /* NOTREACHED */

854

871

else

855

872

{ /* Regular server mode */

856

int fd;

857

int fd_ssh;

873

gnupg_fd_t fd;

874

gnupg_fd_t fd_ssh;

858

875

pid_t pid;

859

876

860

877

/* Remove the DISPLAY variable so that a pinentry does not

870

887

871

888

872

889

/* Create the sockets. */

873

socket_name = create_socket_name (standard_socket,

890

socket_name = create_socket_name (use_standard_socket,

874

891

"S.gpg-agent",

875

892

"/tmp/gpg-XXXXXX/S.gpg-agent");

876

893

if (opt.ssh_support)

877

socket_name_ssh = create_socket_name (standard_socket,

894

socket_name_ssh = create_socket_name (use_standard_socket,

878

895

"S.gpg-agent.ssh",

879

896

"/tmp/gpg-XXXXXX/S.gpg-agent.ssh");

880

897

881

fd = create_server_socket (standard_socket, socket_name);

898

fd = create_server_socket (use_standard_socket, socket_name, 0,

899

&socket_nonce);

882

900

if (opt.ssh_support)

883

fd_ssh = create_server_socket (standard_socket, socket_name_ssh);

901

fd_ssh = create_server_socket (use_standard_socket, socket_name_ssh, 1,

902

&socket_nonce_ssh);

884

903

else

885

fd_ssh = -1;

904

fd_ssh = GNUPG_INVALID_FD;

886

905

887

906

/* If we are going to exec a program in the parent, we record

888

907

the PID, so that the child may check whether the program is

1079

1098

}

1080

1099

#endif /*!HAVE_W32_SYSTEM*/

1081

1100

1082

handle_connections (fd, opt.ssh_support ? fd_ssh : -1);

1083

close (fd);

1101

handle_connections (fd, opt.ssh_support ? fd_ssh : GNUPG_INVALID_FD);

1102

assuan_sock_close (fd);

1084

1103

}

1085

1104

1086

1105

return 0;

1109

1128

static void

1110

1129

agent_init_default_ctrl (ctrl_t ctrl)

1111

1130

{

1112

ctrl->connection_fd = -1;

1113

1114

1131

/* Note we ignore malloc errors because we can't do much about it

1115

1132

and the request will fail anyway shortly after this

1116

1133

initialization. */

1133

1150

if (ctrl->lc_messages)

1134

1151

free (ctrl->lc_messages);

1135

1152

ctrl->lc_messages = default_lc_messages? strdup (default_lc_messages) : NULL;

1153

1154

if (ctrl->xauthority)

1155

free (ctrl->xauthority);

1156

ctrl->xauthority = default_xauthority? strdup (default_xauthority) : NULL;

1157

1158

if (ctrl->pinentry_user_data)

1159

free (ctrl->pinentry_user_data);

1160

ctrl->pinentry_user_data = NULL;

1136

1161

}

1137

1162

1138

1163

1149

1174

free (ctrl->lc_ctype);

1150

1175

if (ctrl->lc_messages)

1151

1176

free (ctrl->lc_messages);

1177

if (ctrl->xauthority)

1178

free (ctrl->xauthority);

1179

if (ctrl->pinentry_user_data)

1180

free (ctrl->pinentry_user_data);

1152

1181

}

1153

1182

1154

1183

/* Reread parts of the configuration. Note, that this function is

1218

1247

}

1219

1248

1220

1249

1250

/* Under W32, this function returns the handle of the scdaemon

1251

notification event. Calling it the first time creates that

1252

event. */

1253

#ifdef HAVE_W32_SYSTEM

1254

void *

1255

get_agent_scd_notify_event (void)

1256

{

1257

static HANDLE the_event;

1258

1259

if (!the_event)

1260

{

1261

SECURITY_ATTRIBUTES sa = { sizeof (SECURITY_ATTRIBUTES), NULL, TRUE};

1262

1263

the_event = CreateEvent ( &sa, FALSE, FALSE, NULL);

1264

if (!the_event)

1265

log_error ("can't create scd notify event: %s\n", w32_strerror (-1) );

1266

}

1267

return the_event;

1268

}

1269

#endif /*HAVE_W32_SYSTEM*/

1270

1271

1221

1272

1222

1273

/* Create a name for the socket. With USE_STANDARD_SOCKET given as

1223

1274

true using STANDARD_NAME in the home directory or if given as

1267

1318

1268

1319

1269

1320

/* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates

1270

whether a non-random socket is used. Returns the file descriptor or

1271

terminates the process in case of an error. */

1272

static int

1273

create_server_socket (int is_standard_name, char *name)

1321

whether a non-random socket is used. Returns the file descriptor

1322

or terminates the process in case of an error. Not that this

1323

function needs to be used for the regular socket first and only then

1324

for the ssh socket. */

1325

static gnupg_fd_t

1326

create_server_socket (int is_standard_name, char *name, int is_ssh,

1327

assuan_sock_nonce_t *nonce)

1274

1328

{

1275

1329

struct sockaddr_un *serv_addr;

1276

1330

socklen_t len;

1277

int fd;

1331

gnupg_fd_t fd;

1278

1332

int rc;

1279

1333

1280

#ifdef HAVE_W32_SYSTEM

1281

fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);

1282

#else

1283

fd = socket (AF_UNIX, SOCK_STREAM, 0);

1284

#endif

1285

if (fd == -1)

1334

fd = assuan_sock_new (AF_UNIX, SOCK_STREAM, 0);

1335

if (fd == ASSUAN_INVALID_FD)

1286

1336

{

1287

1337

log_error (_("can't create socket: %s\n"), strerror (errno));

1288

1338

agent_exit (2);

1291

1341

serv_addr = xmalloc (sizeof (*serv_addr));

1292

1342

memset (serv_addr, 0, sizeof *serv_addr);

1293

1343

serv_addr->sun_family = AF_UNIX;

1294

assert (strlen (name) + 1 < sizeof (serv_addr->sun_path));

1344

if (strlen (name) + 1 >= sizeof (serv_addr->sun_path))

1345

{

1346

log_error (_("socket name `%s' is too long\n"), name);

1347

agent_exit (2);

1348

}

1295

1349

strcpy (serv_addr->sun_path, name);

1296

1350

len = (offsetof (struct sockaddr_un, sun_path)

1297

1351

+ strlen (serv_addr->sun_path) + 1);

1298

1352

1299

#ifdef HAVE_W32_SYSTEM

1300

rc = _w32_sock_bind (fd, (struct sockaddr*) serv_addr, len);

1301

if (is_standard_name && rc == -1 && errno == WSAEADDRINUSE)

1302

{

1303

if (!check_for_running_agent (1, 1))

1304

{

1305

log_error (_("a gpg-agent is already running - "

1306

"not starting a new one\n"));

1307

*name = 0; /* Inhibit removal of the socket by cleanup(). */

1308

close (fd);

1309

agent_exit (2);

1310

}

1311

1312

remove (name);

1313

rc = _w32_sock_bind (fd, (struct sockaddr*) serv_addr, len);

1314

}

1315

#else

1316

rc = bind (fd, (struct sockaddr*) serv_addr, len);

1353

rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);

1317

1354

if (is_standard_name && rc == -1 && errno == EADDRINUSE)

1318

1355

{

1319

if (!check_for_running_agent (1, 1))

1356

/* Check whether a gpg-agent is already running on the standard

1357

socket. We do this test only if this is not the ssh socket.

1358

For ssh we assume that a test for gpg-agent has already been

1359

done and reuse the requested ssh socket. Testing the

1360

ssh-socket is not possible because at this point, though we

1361

know the new Assuan socket, the Assuan server and thus the

1362

ssh-agent server is not yet operational. This would lead to

1363

a hang. */

1364

if (!is_ssh && !check_for_running_agent (1, 1))

1320

1365

{

1321

1366

log_error (_("a gpg-agent is already running - "

1322

"not starting a new one\n"));

1367

"not starting a new one\n"));

1323

1368

*name = 0; /* Inhibit removal of the socket by cleanup(). */

1324

close (fd);

1369

assuan_sock_close (fd);

1325

1370

agent_exit (2);

1326

1371

}

1327

1372

remove (name);

1328

rc = bind (fd, (struct sockaddr*) serv_addr, len);

1373

rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);

1329

1374

}

1330

#endif

1375

if (rc != -1

1376

&& (rc=assuan_sock_get_nonce ((struct sockaddr*)serv_addr, len, nonce)))

1377

log_error (_("error getting nonce for the socket\n"));

1331

1378

if (rc == -1)

1332

1379

{

1333

1380

/* We use gpg_strerror here because it allows us to get strings

1336

1383

serv_addr->sun_path,

1337

1384

gpg_strerror (gpg_error_from_errno (errno)));

1338

1385

1339

close (fd);

1386

assuan_sock_close (fd);

1340

1387

if (is_standard_name)

1341

1388

*name = 0; /* Inhibit removal of the socket by cleanup(). */

1342

1389

agent_exit (2);

1343

1390

}

1344

1391

1345

if (listen (fd, 5 ) == -1)

1392

if (listen (FD2INT(fd), 5 ) == -1)

1346

1393

{

1347

1394

log_error (_("listen() failed: %s\n"), strerror (errno));

1348

close (fd);

1395

assuan_sock_close (fd);

1349

1396

agent_exit (2);

1350

1397

}

1351

1398

1472

1519

}

1473

1520

1474

1521

1475

/* A global fucntion which allows us to call the reload stuff from

1476

other palces too. This is only used when build for W32. */

1522

/* A global function which allows us to call the reload stuff from

1523

other places too. This is only used when build for W32. */

1477

1524

void

1478

1525

agent_sighup_action (void)

1479

1526

{

1527

log_info ("SIGHUP received - "

1528

"re-reading configuration and flushing cache\n");

1480

1529

agent_flush_cache ();

1481

1530

reread_configuration ();

1482

1531

agent_reload_trustlist ();

1484

1533

1485

1534

1486

1535

static void

1536

agent_sigusr2_action (void)

1537

{

1538

if (opt.verbose)

1539

log_info ("SIGUSR2 received - checking smartcard status\n");

1540

/* Nothing to check right now. We only increment a counter. */

1541

bump_card_eventcounter ();

1542

}

1543

1544

1545

static void

1487

1546

handle_signal (int signo)

1488

1547

{

1489

1548

switch (signo)

1490

1549

{

1491

1550

#ifndef HAVE_W32_SYSTEM

1492

1551

case SIGHUP:

1493

log_info ("SIGHUP received - "

1494

"re-reading configuration and flushing cache\n");

1495

1552

agent_sighup_action ();

1496

1553

break;

1497

1554

1503

1560

break;

1504

1561

1505

1562

case SIGUSR2:

1506

if (opt.verbose)

1507

log_info ("SIGUSR2 received - checking smartcard status\n");

1508

/* Nothing to check right now. We only increment a counter. */

1509

bump_card_eventcounter ();

1563

agent_sigusr2_action ();

1510

1564

break;

1511

1565

1512

1566

case SIGTERM:

1538

1592

}

1539

1593

1540

1594

1595

/* Check the nonce on a new connection. This is a NOP unless we we

1596

are using our Unix domain socket emulation under Windows. */

1597

static int

1598

check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)

1599

{

1600

if (assuan_sock_check_nonce (ctrl->thread_startup.fd, nonce))

1601

{

1602

log_info (_("error reading nonce on fd %d: %s\n"),

1603

FD2INT(ctrl->thread_startup.fd), strerror (errno));

1604

assuan_sock_close (ctrl->thread_startup.fd);

1605

xfree (ctrl);

1606

return -1;

1607

}

1608

else

1609

return 0;

1610

}

1611

1612

1541

1613

/* This is the standard connection thread's main function. */

1542

1614

static void *

1543

1615

start_connection_thread (void *arg)

1544

1616

{

1545

1617

ctrl_t ctrl = arg;

1546

1618

1619

if (check_nonce (ctrl, &socket_nonce))

1620

return NULL;

1621

1547

1622

agent_init_default_ctrl (ctrl);

1548

1623

if (opt.verbose)

1549

1624

log_info (_("handler 0x%lx for fd %d started\n"),

1550

(long)pth_self (), ctrl->thread_startup.fd);

1625

(long)pth_self (), FD2INT(ctrl->thread_startup.fd));

1551

1626

1552

start_command_handler (ctrl, -1, ctrl->thread_startup.fd);

1627

start_command_handler (ctrl, GNUPG_INVALID_FD, ctrl->thread_startup.fd);

1553

1628

if (opt.verbose)

1554

1629

log_info (_("handler 0x%lx for fd %d terminated\n"),

1555

(long)pth_self (), ctrl->thread_startup.fd);

1630

(long)pth_self (), FD2INT(ctrl->thread_startup.fd));

1556

1631

1557

1632

agent_deinit_default_ctrl (ctrl);

1558

1633

xfree (ctrl);

1566

1641

{

1567

1642

ctrl_t ctrl = arg;

1568

1643

1644

if (check_nonce (ctrl, &socket_nonce_ssh))

1645

return NULL;

1646

1569

1647

agent_init_default_ctrl (ctrl);

1570

1648

if (opt.verbose)

1571

1649

log_info (_("ssh handler 0x%lx for fd %d started\n"),

1572

(long)pth_self (), ctrl->thread_startup.fd);

1650

(long)pth_self (), FD2INT(ctrl->thread_startup.fd));

1573

1651

1574

1652

start_command_handler_ssh (ctrl, ctrl->thread_startup.fd);

1575

1653

if (opt.verbose)

1576

1654

log_info (_("ssh handler 0x%lx for fd %d terminated\n"),

1577

(long)pth_self (), ctrl->thread_startup.fd);

1655

(long)pth_self (), FD2INT(ctrl->thread_startup.fd));

1578

1656

1579

1657

agent_deinit_default_ctrl (ctrl);

1580

1658

xfree (ctrl);

1585

1663

/* Connection handler loop. Wait for connection requests and spawn a

1586

1664

thread after accepting a connection. */

1587

1665

static void

1588

handle_connections (int listen_fd, int listen_fd_ssh)

1666

handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)

1589

1667

{

1590

1668

pth_attr_t tattr;

1591

1669

pth_event_t ev, time_ev;

1595

1673

socklen_t plen;

1596

1674

fd_set fdset, read_fdset;

1597

1675

int ret;

1598

int fd;

1676

gnupg_fd_t fd;

1599

1677

int nfd;

1600

1678

1601

1679

tattr = pth_attr_new();

1614

1692

pth_sigmask (SIG_UNBLOCK, &sigs, NULL);

1615

1693

ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);

1616

1694

#else

1695

# ifdef PTH_EVENT_HANDLE

1696

sigs = 0;

1697

ev = pth_event (PTH_EVENT_HANDLE, get_agent_scd_notify_event ());

1698

signo = 0;

1699

# else

1700

/* Use a dummy event. */

1617

1701

sigs = 0;

1618

1702

ev = pth_event (PTH_EVENT_SIGS, &sigs, &signo);

1703

# endif

1619

1704

#endif

1620

1705

time_ev = NULL;

1621

1706

1622

1707

FD_ZERO (&fdset);

1623

FD_SET (listen_fd, &fdset);

1624

nfd = listen_fd;

1625

if (listen_fd_ssh != -1)

1708

FD_SET (FD2INT (listen_fd), &fdset);

1709

nfd = FD2INT (listen_fd);

1710

if (listen_fd_ssh != GNUPG_INVALID_FD)

1626

1711

{

1627

FD_SET (listen_fd_ssh, &fdset);

1628

if (listen_fd_ssh > nfd)

1629

nfd = listen_fd_ssh;

1712

FD_SET ( FD2INT(listen_fd_ssh), &fdset);

1713

if (FD2INT (listen_fd_ssh) > nfd)

1714

nfd = FD2INT (listen_fd_ssh);

1630

1715

}

1631

1716

1632

1717

for (;;)

1668

1753

|| (time_ev && pth_event_occurred (time_ev)))

1669

1754

{

1670

1755

if (pth_event_occurred (ev))

1671

handle_signal (signo);

1756

{

1757

#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)

1758

agent_sigusr2_action ();

1759

#else

1760

handle_signal (signo);

1761

#endif

1762

}

1672

1763

if (time_ev && pth_event_occurred (time_ev))

1673

1764

{

1674

1765

pth_event_free (time_ev, PTH_FREE_ALL);

1685

1776

1686

1777

if (pth_event_occurred (ev))

1687

1778

{

1779

#if defined(HAVE_W32_SYSTEM) && defined(PTH_EVENT_HANDLE)

1780

agent_sigusr2_action ();

1781

#else

1688

1782

handle_signal (signo);

1783

#endif

1689

1784

}

1690

1785

1691

1786

if (time_ev && pth_event_occurred (time_ev))

1701

1796

new thread. Thus we need to block those signals. */

1702

1797

pth_sigmask (SIG_BLOCK, &sigs, &oldsigs);

1703

1798

1704

if (FD_ISSET (listen_fd, &read_fdset))

1799

if (FD_ISSET (FD2INT (listen_fd), &read_fdset))

1705

1800

{

1706

1801

ctrl_t ctrl;

1707

1802

1708

1803

plen = sizeof paddr;

1709

fd = pth_accept (listen_fd, (struct sockaddr *)&paddr, &plen);

1710

if (fd == -1)

1804

fd = INT2FD (pth_accept (FD2INT(listen_fd),

1805

(struct sockaddr *)&paddr, &plen));

1806

if (fd == GNUPG_INVALID_FD)

1711

1807

{

1712

1808

log_error ("accept failed: %s\n", strerror (errno));

1713

1809

}

1715

1811

{

1716

1812

log_error ("error allocating connection control data: %s\n",

1717

1813

strerror (errno) );

1718

close (fd);

1814

assuan_sock_close (fd);

1719

1815

}

1720

1816

else

1721

1817

{

1722

1818

char threadname[50];

1723

1819

1724

1820

snprintf (threadname, sizeof threadname-1,

1725

"conn fd=%d (gpg)", fd);

1821

"conn fd=%d (gpg)", FD2INT(fd));

1726

1822

threadname[sizeof threadname -1] = 0;

1727

1823

pth_attr_set (tattr, PTH_ATTR_NAME, threadname);

1728

1824

ctrl->thread_startup.fd = fd;

1730

1826

{

1731

1827

log_error ("error spawning connection handler: %s\n",

1732

1828

strerror (errno) );

1733

close (fd);

1829

assuan_sock_close (fd);

1734

1830

xfree (ctrl);

1735

1831

}

1736

1832

}

1737

fd = -1;

1833

fd = GNUPG_INVALID_FD;

1738

1834

}

1739

1835

1740

if (listen_fd_ssh != -1 && FD_ISSET (listen_fd_ssh, &read_fdset))

1836

if (listen_fd_ssh != GNUPG_INVALID_FD

1837

&& FD_ISSET ( FD2INT (listen_fd_ssh), &read_fdset))

1741

1838

{

1742

1839

ctrl_t ctrl;

1743

1840

1744

1841

plen = sizeof paddr;

1745

fd = pth_accept (listen_fd_ssh, (struct sockaddr *)&paddr, &plen);

1746

if (fd == -1)

1842

fd = INT2FD(pth_accept (FD2INT(listen_fd_ssh),

1843

(struct sockaddr *)&paddr, &plen));

1844

if (fd == GNUPG_INVALID_FD)

1747

1845

{

1748

1846

log_error ("accept failed for ssh: %s\n", strerror (errno));

1749

1847

}

1751

1849

{

1752

1850

log_error ("error allocating connection control data: %s\n",

1753

1851

strerror (errno) );

1754

close (fd);

1852

assuan_sock_close (fd);

1755

1853

}

1756

1854

else

1757

1855

{

1759

1857

1760

1858

agent_init_default_ctrl (ctrl);

1761

1859

snprintf (threadname, sizeof threadname-1,

1762

"conn fd=%d (ssh)", fd);

1860

"conn fd=%d (ssh)", FD2INT(fd));

1763

1861

threadname[sizeof threadname -1] = 0;

1764

1862

pth_attr_set (tattr, PTH_ATTR_NAME, threadname);

1765

1863

ctrl->thread_startup.fd = fd;

1767

1865

{

1768

1866

log_error ("error spawning ssh connection handler: %s\n",

1769

1867

strerror (errno) );

1770

close (fd);

1868

assuan_sock_close (fd);

1771

1869

xfree (ctrl);

1772

1870

}

1773

1871

}

1774

fd = -1;

1872

fd = GNUPG_INVALID_FD;

1775

1873

}

1776

1874

1777

1875

/* Restore the signal mask. */

1788

1886

1789

1887

1790

1888

/* Figure out whether an agent is available and running. Prints an

1791

error if not. If SILENT is true, no mesdsages are printed. Usually

1889

error if not. If SILENT is true, no messages are printed. Usually

1792

1890

started with MODE 0. Returns 0 if the agent is running. */

1793

1891

static int

1794

1892

check_for_running_agent (int silent, int mode)

Older »