summaryrefslogtreecommitdiff
path: root/sm
diff options
context:
space:
mode:
authorDongHun Kwak <dh0128.kwak@samsung.com>2021-02-09 16:00:08 +0900
committerDongHun Kwak <dh0128.kwak@samsung.com>2021-02-09 16:00:08 +0900
commit158ef6d574d6bd975c94e86476cb1631e775a40c (patch)
treeb8b35f4bd31490137410f2b795b252f23ea5ee3e /sm
parent723cf5853fa655cec32478e13cd74b5b483fae7f (diff)
downloadgpg2-158ef6d574d6bd975c94e86476cb1631e775a40c.tar.gz
gpg2-158ef6d574d6bd975c94e86476cb1631e775a40c.tar.bz2
gpg2-158ef6d574d6bd975c94e86476cb1631e775a40c.zip
Imported Upstream version 2.1.11upstream/2.1.11
Diffstat (limited to 'sm')
-rw-r--r--sm/call-agent.c70
-rw-r--r--sm/call-dirmngr.c47
-rw-r--r--sm/certchain.c14
-rw-r--r--sm/encrypt.c7
-rw-r--r--sm/export.c2
-rw-r--r--sm/fingerprint.c1
-rw-r--r--sm/gpgsm.c2
-rw-r--r--sm/keydb.c54
-rw-r--r--sm/keydb.h6
-rw-r--r--sm/server.c2
10 files changed, 138 insertions, 67 deletions
diff --git a/sm/call-agent.c b/sm/call-agent.c
index c1457b6..c7d4c5a 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -76,6 +76,41 @@ struct import_key_parm_s
+/* Print a warning if the server's version number is less than our
+ version number. Returns an error code on a connection problem. */
+static gpg_error_t
+warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
+ const char *servername, int mode)
+{
+ gpg_error_t err;
+ char *serverversion;
+ const char *myversion = strusage (13);
+
+ err = get_assuan_server_version (ctx, mode, &serverversion);
+ if (err)
+ log_error (_("error getting version from '%s': %s\n"),
+ servername, gpg_strerror (err));
+ else if (!compare_version_strings (serverversion, myversion))
+ {
+ char *warn;
+
+ warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
+ servername, serverversion, myversion);
+ if (!warn)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ log_info (_("WARNING: %s\n"), warn);
+ gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
+ warn, NULL);
+ xfree (warn);
+ }
+ }
+ xfree (serverversion);
+ return err;
+}
+
+
/* Try to connect to the agent via socket or fork it off and work by
pipes. Handle the server's initial greeting */
static int
@@ -108,7 +143,8 @@ start_agent (ctrl_t ctrl)
log_info (_("no gpg-agent running in this session\n"));
}
}
- else if (!rc)
+ else if (!rc && !(rc = warn_version_mismatch (ctrl, agent_ctx,
+ GPG_AGENT_NAME, 0)))
{
/* Tell the agent that we support Pinentry notifications. No
error checking so that it will work also with older
@@ -128,18 +164,6 @@ start_agent (ctrl_t ctrl)
}
-
-static gpg_error_t
-membuf_data_cb (void *opaque, const void *buffer, size_t length)
-{
- membuf_t *data = opaque;
-
- if (buffer)
- put_membuf (data, buffer, length);
- return 0;
-}
-
-
/* This is the default inquiry callback. It mainly handles the
Pinentry notifications. */
static gpg_error_t
@@ -215,7 +239,7 @@ gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
init_membuf (&data, 1024);
rc = assuan_transact (agent_ctx, "PKSIGN",
- membuf_data_cb, &data, default_inq_cb, ctrl,
+ put_membuf_cb, &data, default_inq_cb, ctrl,
NULL, NULL);
if (rc)
{
@@ -282,7 +306,7 @@ gpgsm_scd_pksign (ctrl_t ctrl, const char *keyid, const char *desc,
snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hashopt, keyid);
line[DIM(line)-1] = 0;
rc = assuan_transact (agent_ctx, line,
- membuf_data_cb, &data, default_inq_cb, ctrl,
+ put_membuf_cb, &data, default_inq_cb, ctrl,
NULL, NULL);
if (rc)
{
@@ -392,7 +416,7 @@ gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
cipher_parm.ciphertext = ciphertext;
cipher_parm.ciphertextlen = ciphertextlen;
rc = assuan_transact (agent_ctx, "PKDECRYPT",
- membuf_data_cb, &data,
+ put_membuf_cb, &data,
inq_ciphertext_cb, &cipher_parm, NULL, NULL);
if (rc)
{
@@ -487,7 +511,7 @@ gpgsm_agent_genkey (ctrl_t ctrl,
if (!gk_parm.sexplen)
return gpg_error (GPG_ERR_INV_VALUE);
rc = assuan_transact (agent_ctx, "GENKEY",
- membuf_data_cb, &data,
+ put_membuf_cb, &data,
inq_genkey_parms, &gk_parm, NULL, NULL);
if (rc)
{
@@ -536,7 +560,7 @@ gpgsm_agent_readkey (ctrl_t ctrl, int fromcard, const char *hexkeygrip,
init_membuf (&data, 1024);
rc = assuan_transact (agent_ctx, line,
- membuf_data_cb, &data,
+ put_membuf_cb, &data,
default_inq_cb, ctrl, NULL, NULL);
if (rc)
{
@@ -931,6 +955,10 @@ gpgsm_agent_learn (ctrl_t ctrl)
if (rc)
return rc;
+ rc = warn_version_mismatch (ctrl, agent_ctx, SCDAEMON_NAME, 2);
+ if (rc)
+ return rc;
+
init_membuf (&data, 4096);
learn_parm.error = 0;
learn_parm.ctrl = ctrl;
@@ -1117,7 +1145,7 @@ gpgsm_agent_ask_passphrase (ctrl_t ctrl, const char *desc_msg, int repeat,
init_membuf_secure (&data, 64);
err = assuan_transact (agent_ctx, line,
- membuf_data_cb, &data,
+ put_membuf_cb, &data,
default_inq_cb, NULL, NULL, NULL);
if (err)
@@ -1157,7 +1185,7 @@ gpgsm_agent_keywrap_key (ctrl_t ctrl, int forexport,
init_membuf_secure (&data, 64);
err = assuan_transact (agent_ctx, line,
- membuf_data_cb, &data,
+ put_membuf_cb, &data,
default_inq_cb, ctrl, NULL, NULL);
if (err)
{
@@ -1251,7 +1279,7 @@ gpgsm_agent_export_key (ctrl_t ctrl, const char *keygrip, const char *desc,
init_membuf_secure (&data, 1024);
err = assuan_transact (agent_ctx, line,
- membuf_data_cb, &data,
+ put_membuf_cb, &data,
default_inq_cb, ctrl, NULL, NULL);
if (err)
{
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index b06397f..881c484 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -149,6 +149,41 @@ get_membuf (struct membuf *mb, size_t *len)
}
+/* Print a warning if the server's version number is less than our
+ version number. Returns an error code on a connection problem. */
+static gpg_error_t
+warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx,
+ const char *servername, int mode)
+{
+ gpg_error_t err;
+ char *serverversion;
+ const char *myversion = strusage (13);
+
+ err = get_assuan_server_version (ctx, mode, &serverversion);
+ if (err)
+ log_error (_("error getting version from '%s': %s\n"),
+ servername, gpg_strerror (err));
+ else if (!compare_version_strings (serverversion, myversion))
+ {
+ char *warn;
+
+ warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
+ servername, serverversion, myversion);
+ if (!warn)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ log_info (_("WARNING: %s\n"), warn);
+ gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0",
+ warn, NULL);
+ xfree (warn);
+ }
+ }
+ xfree (serverversion);
+ return err;
+}
+
+
/* This function prepares the dirmngr for a new session. The
audit-events option is used so that other dirmngr clients won't get
disturbed by such events. */
@@ -158,6 +193,9 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
struct keyserver_spec *server;
if (!err)
+ err = warn_version_mismatch (ctrl, ctx, DIRMNGR_NAME, 0);
+
+ if (!err)
{
err = assuan_transact (ctx, "OPTION audit-events=1",
NULL, NULL, NULL, NULL, NULL, NULL);
@@ -181,9 +219,11 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err)
server->host, server->port, user, pass, base);
line[DIM (line) - 1] = 0;
- err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
- if (gpg_err_code (err) == GPG_ERR_ASS_UNKNOWN_CMD)
- err = 0; /* Allow the use of old dirmngr versions. */
+ assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ /* The code below is not required becuase we don't return an error. */
+ /* err = [above call] */
+ /* if (gpg_err_code (err) == GPG_ERR_ASS_UNKNOWN_CMD) */
+ /* err = 0; /\* Allow the use of old dirmngr versions. *\/ */
server = server->next;
}
@@ -402,7 +442,6 @@ unhexify_fpr (const char *hexstr, unsigned char *fpr)
;
if (*s || (n != 40))
return 0; /* no fingerprint (invalid or wrong length). */
- n /= 2;
for (s=hexstr, n=0; *s; s += 2, n++)
fpr[n] = xtoi_2 (s);
return 1; /* okay */
diff --git a/sm/certchain.c b/sm/certchain.c
index d43147e..b884d3d 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -405,7 +405,9 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
}
while (!*p || *p == '\n' || *p == '#');
- /* parse line */
+ /* Parse line. Note that the line has always a LF and spacep
+ does not consider a LF a space. Thus strpbrk will always
+ succeed. */
for (allowed=line; spacep (allowed); allowed++)
;
p = strpbrk (allowed, " :\n");
@@ -1389,10 +1391,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
exptime, listmode, listfp,
(depth && is_root)? -1: depth);
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
- {
- any_expired = 1;
- rc = 0;
- }
+ any_expired = 1;
else if (rc)
goto leave;
@@ -1409,7 +1408,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
if (gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH)
{
any_no_policy_match = 1;
- rc = 1;
+ rc = 1; /* Be on the safe side and set RC. */
}
else if (rc)
goto leave;
@@ -1612,7 +1611,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
/* The find next did not work or returned an
identical certificate. We better stop here
to avoid infinite checks. */
- rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
+ /* No need to set RC because it is not used:
+ rc = gpg_error (GPG_ERR_BAD_SIGNATURE); */
ksba_cert_release (tmp_cert);
}
else
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 54a8bd1..c677a42 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -212,8 +212,11 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, unsigned char **encval)
gcry_sexp_release (s_pkey);
/* Reformat it. */
- rc = make_canon_sexp (s_ciph, encval, NULL);
- gcry_sexp_release (s_ciph);
+ if (!rc)
+ {
+ rc = make_canon_sexp (s_ciph, encval, NULL);
+ gcry_sexp_release (s_ciph);
+ }
return rc;
}
diff --git a/sm/export.c b/sm/export.c
index 1dce106..d3dc9b9 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -103,7 +103,7 @@ insert_duptable (duptable_t *table, unsigned char *fpr, int *exists)
#error cannot handle a table larger than 16 bits or smaller than 8 bits
#elif DUPTABLE_BITS > 8
idx <<= (DUPTABLE_BITS - 8);
- idx |= (fpr[1] & ~(~0 << 4));
+ idx |= (fpr[1] & ~(~0U << 4));
#endif
for (t = table[idx]; t; t = t->next)
diff --git a/sm/fingerprint.c b/sm/fingerprint.c
index a82945e..8d2b800 100644
--- a/sm/fingerprint.c
+++ b/sm/fingerprint.c
@@ -192,7 +192,6 @@ gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array)
gcry_sexp_release (s_pkey);
if (!array)
{
- rc = gpg_error (GPG_ERR_GENERAL);
log_error ("can't calculate keygrip\n");
return NULL;
}
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 262781c..a0b7038 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -630,7 +630,7 @@ build_list (const char *text, const char * (*mapf)(int), int (*chkf)(int))
}
}
if (p)
- p = stpcpy(p, "\n" );
+ strcpy (p, "\n" );
return list;
}
diff --git a/sm/keydb.c b/sm/keydb.c
index 02b353a..f5705cb 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -107,7 +107,7 @@ try_make_homedir (const char *fname)
locked. This lock check does not work if the directory itself is
not yet available. If R_CREATED is not NULL it will be set to true
if the function created a new keybox. */
-static int
+static gpg_error_t
maybe_create_keybox (char *filename, int force, int *r_created)
{
dotlock_t lockhd = NULL;
@@ -237,13 +237,13 @@ maybe_create_keybox (char *filename, int force, int *r_created)
* does not exist. If AUTO_CREATED is not NULL it will be set to true
* if the function has created a new keybox.
*/
-int
+gpg_error_t
keydb_add_resource (const char *url, int force, int secret, int *auto_created)
{
static int any_secret, any_public;
const char *resname = url;
char *filename = NULL;
- int rc = 0;
+ gpg_error_t err = 0;
KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
if (auto_created)
@@ -264,7 +264,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
else if (strchr (resname, ':'))
{
log_error ("invalid key resource URL '%s'\n", url );
- rc = gpg_error (GPG_ERR_GENERAL);
+ err = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
#endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
@@ -312,20 +312,24 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
{
case KEYDB_RESOURCE_TYPE_NONE:
log_error ("unknown type of key resource '%s'\n", url );
- rc = gpg_error (GPG_ERR_GENERAL);
+ err = gpg_error (GPG_ERR_GENERAL);
goto leave;
case KEYDB_RESOURCE_TYPE_KEYBOX:
- rc = maybe_create_keybox (filename, force, auto_created);
- if (rc)
+ err = maybe_create_keybox (filename, force, auto_created);
+ if (err)
goto leave;
/* Now register the file */
{
- void *token = keybox_register_file (filename, secret);
- if (!token)
- ; /* already registered - ignore it */
+ void *token;
+
+ err = keybox_register_file (filename, secret, &token);
+ if (gpg_err_code (err) == GPG_ERR_EEXIST)
+ ; /* Already registered - ignore. */
+ else if (err)
+ ; /* Other error. */
else if (used_resources >= MAX_KEYDB_RESOURCES)
- rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
+ err = gpg_error (GPG_ERR_RESOURCE_LIMIT);
else
{
all_resources[used_resources].type = rt;
@@ -358,21 +362,21 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
default:
log_error ("resource type of '%s' not supported\n", url);
- rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ err = gpg_error (GPG_ERR_NOT_SUPPORTED);
goto leave;
}
/* fixme: check directory permissions and print a warning */
leave:
- if (rc)
- log_error ("keyblock resource '%s': %s\n", filename, gpg_strerror(rc));
+ if (err)
+ log_error ("keyblock resource '%s': %s\n", filename, gpg_strerror (err));
else if (secret)
any_secret = 1;
else
any_public = 1;
xfree (filename);
- return rc;
+ return err;
}
@@ -924,10 +928,11 @@ keydb_rebuild_caches (void)
/*
* Start the next search on this handle right at the beginning
*/
-int
+gpg_error_t
keydb_search_reset (KEYDB_HANDLE hd)
{
- int i, rc = 0;
+ int i;
+ gpg_error_t rc = 0;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -946,8 +951,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
break;
}
}
- return rc; /* fixme: we need to map error codes or share them with
- all modules*/
+ return rc;
}
/*
@@ -976,8 +980,10 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
NULL, &skipped);
break;
}
- if (rc == -1) /* EOF -> switch to next resource */
- hd->current++;
+ if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
+ { /* EOF -> switch to next resource */
+ hd->current++;
+ }
else if (!rc)
hd->found = hd->current;
}
@@ -1291,11 +1297,7 @@ keydb_clear_some_cert_flags (ctrl_t ctrl, strlist_t names)
{
rc = classify_user_id (sl->d, desc+ndesc, 0);
if (rc)
- {
- log_error ("key '%s' not found: %s\n",
- sl->d, gpg_strerror (rc));
- rc = 0;
- }
+ log_error ("key '%s' not found: %s\n", sl->d, gpg_strerror (rc));
else
ndesc++;
}
diff --git a/sm/keydb.h b/sm/keydb.h
index aec31c3..3c0f2d6 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -31,8 +31,8 @@ typedef struct keydb_handle *KEYDB_HANDLE;
/*-- keydb.c --*/
-int keydb_add_resource (const char *url, int force, int secret,
- int *auto_created);
+gpg_error_t keydb_add_resource (const char *url, int force, int secret,
+ int *auto_created);
KEYDB_HANDLE keydb_new (int secret);
void keydb_release (KEYDB_HANDLE hd);
int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);
@@ -54,7 +54,7 @@ int keydb_delete (KEYDB_HANDLE hd, int unlock);
int keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved);
void keydb_rebuild_caches (void);
-int keydb_search_reset (KEYDB_HANDLE hd);
+gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
int keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc);
int keydb_search_first (KEYDB_HANDLE hd);
int keydb_search_next (KEYDB_HANDLE hd);
diff --git a/sm/server.c b/sm/server.c
index f0512ef..e21c6a4 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -1083,7 +1083,7 @@ cmd_getauditlog (assuan_context_t ctx, char *line)
opt_data = has_option (line, "--data");
opt_html = has_option (line, "--html");
- line = skip_options (line);
+ /* Not needed: line = skip_options (line); */
if (!ctrl->audit)
return gpg_error (GPG_ERR_NO_DATA);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-16 05:46:03 +0000