+Noteworthy changes in version 2.1.4 (2015-05-12)
+------------------------------------------------
+
+ * gpg: Add command --quick-adduid to non-interacitivly add a new user
+ id to an existing key.
+
+ * gpg: Do no enable honor-keyserver-url by default. Make it work if
+ enabled.
+
+ * gpg: Display the serial number in the --card-staus output again.
+
+ * agent: Support for external password managers.
+ Add option --no-allow-external-cache.
+
+ * scdaemon: Improved handling of extended APDUs.
+
+ * Make HTTP proxies work again.
+
+ * All network access including DNS as been moved to Dirmngr.
+
+ * Allow building without LDAP support.
+
+ * Fixed lots of smaller bugs.
+
+
Noteworthy changes in version 2.1.3 (2015-04-11)
------------------------------------------------
char *startup_lc_ctype;
char *startup_lc_messages;
+ /* Enable pinentry debugging (--debug 1024 should also be used). */
+ int debug_pinentry;
+
/* Filename of the program to start as pinentry. */
const char *pinentry_program;
pinentry-mode=loopback is allowed. */
int allow_loopback_pinentry;
+ /* Allow the use of an external password cache. If this option is
+ enabled (which is the default) we send an option to Pinentry
+ to allow it to enable such a cache. */
+ int allow_external_cache;
+
int keep_tty; /* Don't switch the TTY (for pinentry) on request */
int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */
/*-- gpg-agent.c --*/
-void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */
+void agent_exit (int rc) GPGRT_GCC_A_NR; /* Also implemented in other tools */
gpg_error_t agent_copy_startup_env (ctrl_t ctrl);
const char *get_agent_socket_name (void);
const char *get_agent_ssh_socket_name (void);
GNUPG_GCC_A_SENTINEL(0);
gpg_error_t agent_print_status (ctrl_t ctrl, const char *keyword,
const char *format, ...)
- JNLIB_GCC_A_PRINTF(3,4);
+ GPGRT_GCC_A_PRINTF(3,4);
void bump_key_eventcounter (void);
void bump_card_eventcounter (void);
void start_command_handler (ctrl_t, gnupg_fd_t, gnupg_fd_t);
int agent_askpin (ctrl_t ctrl,
const char *desc_text, const char *prompt_text,
const char *inital_errtext,
- struct pin_entry_info_s *pininfo);
+ struct pin_entry_info_s *pininfo,
+ const char *keyinfo, cache_mode_t cache_mode);
int agent_get_passphrase (ctrl_t ctrl, char **retpass,
const char *desc, const char *prompt,
const char *errtext, int with_qualitybar);
/* Because access to the pinentry must be serialized (it is and shall
- be a global mutual dialog) we should better timeout further
- requests after some time. 2 minutes seem to be a reasonable
+ be a global mutually exclusive dialog) we better timeout pending
+ requests after some time. 1 minute seem to be a reasonable
time. */
#define LOCK_TIMEOUT (1*60)
log_error ("error flushing pending output: %s\n", strerror (errno));
/* At least Windows XP fails here with EBADF. According to docs
and Wine an fflush(NULL) is the same as _flushall. However
- the Wime implementaion does not flush stdin,stdout and stderr
- - see above. Lets try to ignore the error. */
+ the Wine implementaion does not flush stdin,stdout and stderr
+ - see above. Let's try to ignore the error. */
#ifndef HAVE_W32_SYSTEM
return unlock_pinentry (tmperr);
#endif
easier to read. We might want to add a new debug option to enable
pinentry logging. */
#ifdef ASSUAN_NO_LOGGING
- assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1);
+ assuan_set_flag (ctx, ASSUAN_NO_LOGGING, !opt.debug_pinentry);
#endif
/* Connect to the pinentry and perform initial handshaking. Note
return unlock_pinentry (rc);
}
+
+ if (opt.allow_external_cache)
+ {
+ /* Indicate to the pinentry that it may read from an external cache.
+
+ It is essential that the pinentry respect this. If the
+ cached password is not up to date and retry == 1, then, using
+ a version of GPG Agent that doesn't support this, won't issue
+ another pin request and the user won't get a chance to
+ correct the password. */
+ rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION)
+ return unlock_pinentry (rc);
+ }
+
+
{
/* Provide a few default strings for use by the pinentries. This
may help a pinentry to avoid implementing localization code. */
- static struct { const char *key, *value; } tbl[] = {
+ static struct { const char *key, *value; int what; } tbl[] = {
/* TRANSLATORS: These are labels for buttons etc used in
Pinentries. An underscore indicates that the next letter
should be used as an accelerator. Double the underscore for
the second vertical bar. */
{ "ok", N_("|pinentry-label|_OK") },
{ "cancel", N_("|pinentry-label|_Cancel") },
+ { "yes", N_("|pinentry-label|_Yes") },
+ { "no", N_("|pinentry-label|_No") },
{ "prompt", N_("|pinentry-label|PIN:") },
+ { "pwmngr", N_("|pinentry-label|_Save in password manager"), 1 },
+ { "cf-visi",N_("Do you really want to make your "
+ "passphrase visible on the screen?") },
+ { "tt-visi",N_("|pinentry-tt|Make passphrase visible") },
+ { "tt-hide",N_("|pinentry-tt|Hide passphrase") },
{ NULL, NULL}
};
char *optstr;
for (idx=0; tbl[idx].key; idx++)
{
+ if (!opt.allow_external_cache && tbl[idx].what == 1)
+ continue; /* No need for it. */
s = _(tbl[idx].value);
if (*s == '|' && (s2=strchr (s+1,'|')))
s = s2+1;
}
-/* Returns True is the pinentry is currently active. If WAITSECONDS is
+/* Returns True if the pinentry is currently active. If WAITSECONDS is
greater than zero the function will wait for this many seconds
before returning. */
int
/* Return a new malloced string by unescaping the string S. Escaping
is percent escaping and '+'/space mapping. A binary Nul will
silently be replaced by a 0xFF. Function returns NULL to indicate
- an out of memory status. PArsing stops at the end of the string or
+ an out of memory status. Parsing stops at the end of the string or
a white space character. */
static char *
unescape_passphrase_string (const unsigned char *s)
return 0;
}
+enum
+ {
+ PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0,
+ PINENTRY_STATUS_PIN_REPEATED = 1 << 8,
+ PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9
+ };
/* Check the button_info line for a close action. Also check for the
PIN_REPEATED flag. */
static gpg_error_t
-close_button_status_cb (void *opaque, const char *line)
+pinentry_status_cb (void *opaque, const char *line)
{
unsigned int *flag = opaque;
const char *args;
if ((args = has_leading_keyword (line, "BUTTON_INFO")))
{
if (!strcmp (args, "close"))
- *flag = 1;
+ *flag |= PINENTRY_STATUS_CLOSE_BUTTON;
}
else if (has_leading_keyword (line, "PIN_REPEATED"))
{
- *flag |= 256;
+ *flag |= PINENTRY_STATUS_PIN_REPEATED;
+ }
+ else if (has_leading_keyword (line, "PASSWORD_FROM_CACHE"))
+ {
+ *flag |= PINENTRY_STATUS_PASSWORD_FROM_CACHE;
}
return 0;
\f
/* Call the Entry and ask for the PIN. We do check for a valid PIN
number here and repeat it as long as we have invalid formed
- numbers. */
+ numbers. KEYINFO and CACHE_MODE are used to tell pinentry something
+ about the key. */
int
agent_askpin (ctrl_t ctrl,
const char *desc_text, const char *prompt_text,
const char *initial_errtext,
- struct pin_entry_info_s *pininfo)
+ struct pin_entry_info_s *pininfo,
+ const char *keyinfo, cache_mode_t cache_mode)
{
int rc;
char line[ASSUAN_LINELENGTH];
const char *errtext = NULL;
int is_pin = 0;
int saveflag;
- unsigned int close_button;
+ unsigned int pinentry_status;
if (opt.batch)
return 0; /* fixme: we should return BAD PIN */
if (rc)
return rc;
+ /* If we have a KEYINFO string and are normal, user, or ssh cache
+ mode, we tell that the Pinentry so it may use it for own caching
+ purposes. Most pinentries won't have this implemented and thus
+ we do not error out in this case. */
+ if (keyinfo && (cache_mode == CACHE_MODE_NORMAL
+ || cache_mode == CACHE_MODE_USER
+ || cache_mode == CACHE_MODE_SSH))
+ snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s",
+ cache_mode == CACHE_MODE_USER? 'u' :
+ cache_mode == CACHE_MODE_SSH? 's' : 'n',
+ keyinfo);
+ else
+ snprintf (line, DIM(line)-1, "SETKEYINFO --clear");
+
+ rc = assuan_transact (entry_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD)
+ return unlock_pinentry (rc);
+
snprintf (line, DIM(line)-1, "SETDESC %s", desc_text);
line[DIM(line)-1] = 0;
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
- close_button = 0;
+ pinentry_status = 0;
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx,
- close_button_status_cb, &close_button);
+ pinentry_status_cb, &pinentry_status);
assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
/* Change error code in case the window close button was clicked
to cancel the operation. */
- if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED)
+ if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON)
+ && gpg_err_code (rc) == GPG_ERR_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA)
if (!errtext)
{
- if (pininfo->with_repeat && (close_button & 256))
+ if (pininfo->with_repeat
+ && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED))
pininfo->repeat_okay = 1;
return unlock_pinentry (0); /* okay, got a PIN or passphrase */
}
+
+ if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE))
+ /* The password was read from the cache. Don't count this
+ against the retry count. */
+ pininfo->failed_tries --;
}
return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm;
int saveflag;
- unsigned int close_button;
+ unsigned int pinentry_status;
*retpass = NULL;
if (opt.batch)
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
- close_button = 0;
+ pinentry_status = 0;
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
inq_quality, entry_ctx,
- close_button_status_cb, &close_button);
+ pinentry_status_cb, &pinentry_status);
assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
/* Most pinentries out in the wild return the old Assuan error code
for canceled which gets translated to an assuan Cancel error and
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
/* Change error code in case the window close button was clicked
to cancel the operation. */
- if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED)
+ if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON)
+ && gpg_err_code (rc) == GPG_ERR_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
if (rc)
pi2->check_cb_arg = pi->pin;
next_try:
- err = agent_askpin (ctrl, description, NULL, initial_errtext, pi);
+ err = agent_askpin (ctrl, description, NULL, initial_errtext, pi, NULL, 0);
initial_errtext = NULL;
if (err)
goto out;
it already did the repetition check, ask to confirm it. */
if (*pi->pin && !pi->repeat_okay)
{
- err = agent_askpin (ctrl, description2, NULL, NULL, pi2);
+ err = agent_askpin (ctrl, description2, NULL, NULL, pi2, NULL, 0);
if (err == -1)
{ /* The re-entered one did not match and the user did not
hit cancel. */
err = try_do_unprotect_cb (pi);
}
if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE && !from_native)
- err = agent_askpin (ctrl, prompt, NULL, NULL, pi);
+ err = agent_askpin (ctrl, prompt, NULL, NULL, pi, NULL, 0);
skeyidx = pi_arg.skeyidx;
if (!err && r_passphrase && is_protected)
{
if (any_flags)
{
- rc = agent_askpin (ctrl, info, prompt, again_text, pi);
+ rc = agent_askpin (ctrl, info, prompt, again_text, pi, NULL, 0);
again_text = NULL;
if (!rc && newpin)
{
is_puk?
_("Repeat this PUK"):
_("Repeat this PIN")),
- prompt, NULL, pi2);
+ prompt, NULL, pi2, NULL, 0);
if (!rc && strcmp (pi->pin, pi2->pin))
{
again_text = (resetcode?
info? info:"",
info? ")":"") < 0)
desc = NULL;
- rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi);
+ rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi, NULL, 0);
xfree (desc);
}
const unsigned char *protected_key;
unsigned char *unprotected_key;
int change_required; /* Set by the callback to indicate that the
- user should chnage the passphrase. */
+ user should change the passphrase. */
};
arg.change_required = 0;
pi->check_cb_arg = &arg;
- rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi);
+ rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, hexgrip, cache_mode);
if (!rc)
{
assert (arg.unprotected_key);
if (arg.change_required)
{
+ /* The callback told as that the user should change their
+ passphrase. Present the dialog to do. */
size_t canlen, erroff;
gcry_sexp_t s_skey;
}
else
{
+ /* Passphrase is fine. */
agent_put_cache (hexgrip, cache_mode, pi->pin,
lookup_ttl? lookup_ttl (hexgrip) : 0);
agent_store_cache_hit (hexgrip);
pi2->check_cb_arg = pi->pin;
next_try:
- err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi);
+ err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0);
initial_errtext = NULL;
if (!err)
{
it already did the repetition check, ask to confirm it. */
if (*pi->pin && !pi->repeat_okay)
{
- err = agent_askpin (ctrl, text2, NULL, NULL, pi2);
+ err = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0);
if (err == -1)
{ /* The re-entered one did not match and the user did not
hit cancel. */
#endif
#include <npth.h>
-#define JNLIB_NEED_LOG_LOGV
-#define JNLIB_NEED_AFLOCAL
+#define GNUPG_COMMON_NEED_AFLOCAL
#include "agent.h"
#include <assuan.h> /* Malloc hooks and socket wrappers. */
oDebugLevel,
oDebugWait,
oDebugQuickRandom,
+ oDebugPinentry,
oNoGreeting,
oNoOptions,
oHomedir,
oNoAllowMarkTrusted,
oAllowPresetPassphrase,
oAllowLoopbackPinentry,
+ oNoAllowExternalCache,
oKeepTTY,
oKeepDISPLAY,
oSSHSupport,
ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
ARGPARSE_s_i (oDebugWait," debug-wait", "@"),
ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"),
+ ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")),
ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon",
/* */ N_("do not use the SCdaemon") ),
ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"),
+
+ ARGPARSE_s_s (oExtraSocket, "extra-socket",
+ /* */ N_("|NAME|accept some commands via NAME")),
+
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
ARGPARSE_s_n (oBatch, "batch", "@"),
ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing",
/* */ N_("do not use the PIN cache when signing")),
+ ARGPARSE_s_n (oNoAllowExternalCache, "no-allow-external-cache",
+ /* */ N_("disallow the use of an external password cache")),
ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted",
/* */ N_("disallow clients to mark keys as \"trusted\"")),
ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"),
/* */ N_("allow presetting passphrase")),
ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry",
N_("allow caller to override the pinentry")),
+
ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")),
ARGPARSE_s_n (oPuttySupport, "enable-putty-support",
#ifdef HAVE_W32_SYSTEM
/* */ "@"
#endif
),
- ARGPARSE_s_s (oExtraSocket, "extra-socket", "@"),
/* Dummy options for backward compatibility. */
ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"),
opt.verbose = 0;
opt.debug = 0;
opt.no_grab = 0;
+ opt.debug_pinentry = 0;
opt.pinentry_program = NULL;
opt.pinentry_touch_file = NULL;
opt.scdaemon_program = NULL;
opt.enable_passhrase_history = 0;
opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 1;
+ opt.allow_external_cache = 1;
opt.disable_scdaemon = 0;
disable_check_own_socket = 0;
return 1;
case oDebug: opt.debug |= pargs->r.ret_ulong; break;
case oDebugAll: opt.debug = ~0; break;
case oDebugLevel: debug_level = pargs->r.ret_str; break;
+ case oDebugPinentry: opt.debug_pinentry = 1; break;
case oLogFile:
if (!reread)
case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break;
+ case oNoAllowExternalCache: opt.allow_external_cache = 0;
+ break;
+
default:
return 0; /* not handled */
}
/* Please note that we may running SUID(ROOT), so be very CAREFUL
when adding any stuff between here and the call to INIT_SECMEM()
somewhere after the option parsing */
- log_set_prefix (GPG_AGENT_NAME, JNLIB_LOG_WITH_PREFIX|JNLIB_LOG_WITH_PID);
+ log_set_prefix (GPG_AGENT_NAME, GPGRT_LOG_WITH_PREFIX|GPGRT_LOG_WITH_PID);
/* Make sure that our subsystems are ready. */
i18n_init ();
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("ignore-cache-for-signing:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+ es_printf ("no-allow-external-cache:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("no-allow-mark-trusted:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("disable-scdaemon:%lu:\n",
if (logfile)
{
log_set_file (logfile);
- log_set_prefix (NULL, (JNLIB_LOG_WITH_PREFIX
- |JNLIB_LOG_WITH_TIME
- |JNLIB_LOG_WITH_PID));
+ log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
+ | GPGRT_LOG_WITH_TIME
+ | GPGRT_LOG_WITH_PID));
current_logfile = xstrdup (logfile);
}
}
log_get_prefix (&oldflags);
- log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED);
+ log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
opt.running_detached = 1;
}
server is not yet operational; this would lead to a hang. */
if (primary && !check_for_running_agent (1))
{
- log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX);
+ log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX);
log_set_file (NULL);
log_error (_("a gpg-agent is already running - "
"not starting a new one\n"));
# include <windows.h> /* To initialize the sockets. fixme */
#endif
-#define JNLIB_NEED_LOG_LOGV
#include "agent.h"
#include "simple-pwquery.h"
#include "i18n.h"
#include <fcntl.h> /* for setmode() */
#endif
-#define JNLIB_NEED_LOG_LOGV
#include "agent.h"
#include "i18n.h"
#include "get-passphrase.h"
Usage: $(basename $0) [OPTIONS]
Get the online version of the GnuPG software version database
Options:
- --skip-download Assume download has already been done.
- --skip-verify Do not check signatures
- --find-sha1sum Print the name of the sha1sum utility
- --help Print this help.
+ --skip-download Assume download has already been done.
+ --skip-verify Do not check signatures
+ --skip-selfcheck Do not check GnuPG version
+ --find-sha1sum Print the name of the sha1sum utility
+ --help Print this help.
EOF
exit $1
}
#
skip_download=no
skip_verify=no
+skip_selfcheck=no
find_sha1sum=no
while test $# -gt 0; do
case "$1" in
--skip-verify)
skip_verify=yes
;;
+ --skip-selfcheck)
+ skip_selfcheck=yes
+ ;;
--find-sha1sum)
find_sha1sum=yes
;;
# Check that the online version of GnuPG is not less than this version
# to help detect rollback attacks.
#
-gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
-if [ -z "$gnupg_ver" ]; then
- echo "GnuPG 2.1 version missing in swdb.lst!" >&2
- exit 1
-fi
-gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)
-if [ $(( $gnupg_ver_num >= $version_num )) = 0 ]; then
- echo "GnuPG version in swdb.lst is less than this version!" >&2
- echo " This version: $version" >&2
- echo " SWDB version: $gnupg_ver" >&2
- exit 1
+if [ $skip_selfcheck = no ]; then
+ gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
+ if [ -z "$gnupg_ver" ]; then
+ echo "GnuPG 2.1 version missing in swdb.lst!" >&2
+ exit 1
+ fi
+ gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)
+ if [ $(( $gnupg_ver_num >= $version_num )) = 0 ]; then
+ echo "GnuPG version in swdb.lst is less than this version!" >&2
+ echo " This version: $version" >&2
+ echo " SWDB version: $gnupg_ver" >&2
+ exit 1
+ fi
fi
@echo 'You may append INSTALL_PREFIX=<dir> for native builds.'
@echo 'Prepend TARGET with "git-" to build from GIT repos.'
@echo 'Prepend TARGET with "this-" to build from the source tarball.'
+ @echo 'Use SELFCHECK=0 for a non-released version.'
@echo 'Use CUSTOM_SWDB=1 for an already downloaded swdb.lst.'
SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1
# Set to 1 to really download the swdb.
UPD_SWDB=0
+# Set to 0 to skip the GnuPG version self-check
+SELFCHECK=1
+
# Set to the location of the directory with tarballs of
# external packages.
TARBALLS=$(shell pwd)/../tarballs
endif
endif
+ifeq ($(TARGETOS),w32)
+speedo_spkgs += pinentry
ifeq ($(WITH_GUI),1)
-speedo_spkgs += \
- pinentry gpa
-ifeq ($(TARGETOS),w32)
-speedo_spkgs += \
- gpgex
+speedo_spkgs += gpa gpgex
+endif
+
+else
+
+ifeq ($(WITH_GUI),1)
+speedo_spkgs += pinentry gpa
endif
+
endif
else
getswdb_options =
endif
+ifeq ($(SELFCHECK),0)
+getswdb_options += --skip-selfcheck
+endif
ifeq ($(UPD_SWDB),1)
SWDB := $(shell $(topsrc)/build-aux/getswdb.sh $(getswdb_options) && echo okay)
ifeq ($(strip $(SWDB)),)
endif
# Version numbers of the released packages
-gnupg_ver = $(shell cat $(topsrc)/VERSION)
+gnupg_ver_this = $(shell cat $(topsrc)/VERSION)
+
+gnupg_ver := $(shell awk '$$1=="gnupg21_ver" {print $$2}' swdb.lst)
libgpg_error_ver := $(shell awk '$$1=="libgpg_error_ver" {print $$2}' swdb.lst)
libgpg_error_sha1:= $(shell awk '$$1=="libgpg_error_sha1" {print $$2}' swdb.lst)
adns_sha1 := $(shell awk '$$1=="adns_sha1" {print $$2}' swdb.lst)
$(info Information from the version database)
-$(info GnuPG ..........: $(gnupg_ver))
+$(info GnuPG ..........: $(gnupg_ver) (building $(gnupg_ver_this)))
$(info Libgpg-error ...: $(libgpg_error_ver))
$(info Npth ...........: $(npth_ver))
$(info Libgcrypt ......: $(libgcrypt_ver))
LDFLAGS=-L$(idir)/lib
endif
-speedo_pkg_pinentry_configure = \
- --disable-pinentry-qt --disable-pinentry-qt4 --disable-pinentry-gtk \
- --enable-pinentry-gtk2 \
- --with-glib-prefix=$(idir) --with-gtk-prefix=$(idir) \
+
+ifeq ($(TARGETOS),w32)
+speedo_pkg_pinentry_configure = --disable-pinentry-gtk2
+else
+speedo_pkg_pinentry_configure = --enable-pinentry-gtk2
+endif
+speedo_pkg_pinentry_configure += \
+ --disable-pinentry-qt4 \
CPPFLAGS=-I$(idir)/include \
LDFLAGS=-L$(idir)/lib \
CXXFLAGS=-static-libstdc++
+
speedo_pkg_gpa_configure = \
--with-libiconv-prefix=$(idir) --with-libintl-prefix=$(idir) \
--with-gpgme-prefix=$(idir) --with-zlib=$(idir) \
1. Important Notes
==================
+This is the core part of the GnuPG system as used by several other
+frontend programs. This installer does not provide any graphical
+frontend and thus almost everything needs to be done on the command
+line. However, a small native Windows GUI tool is included which is
+used by GnuPG to ask for passphrases. It provides only the basic
+functionality and is installed under the name "pinentry-basic.exe".
+Other software using this core component may install a different
+version of such a tool under the name "pinentry.exe" or configure the
+gpg-agent to use that version.
+
See https://gnupg.org for latest news. HowTo documents and manuals
can be found there but some have also been installed on your machine.
-Developing GnuPG and keeping it in a healthy state is a full time job
-for at least two experienced developers. We currently do not have the
-financial resources to even fully pay one person. To change that
-please consider to donate at https://gnupg.org/donate/ .
+Development and maintenance of GnuPG is mostly financed by donations;
+please see https://gnupg.org/donate/ for details.
2. Record of Changes
SectionEnd
!endif
-!ifdef WITH_GUI
Section "-pinentry" SEC_pinentry
SetOutPath "$INSTDIR\bin"
- File /oname=pinentry.exe "bin/pinentry-gtk-2.exe"
+ File /oname=pinentry-basic.exe "bin/pinentry-w32.exe"
SectionEnd
-!endif
!ifdef WITH_GUI
Section "gpa" SEC_gpa
SectionEnd
!endif
-!ifdef WITH_GUI
Section "-un.pinentry"
- Delete "$INSTDIR\bin\pinentry.exe"
+ Delete "$INSTDIR\bin\pinentry-basic.exe"
SectionEnd
-!endif
!ifdef WITH_GUI
Section "-un.gtk+"
GnuPG is
- Copyright (C) 1997-1998, 2013-2014 Werner Koch
- Copyright (C) 1998-2013 Free Software Foundation, Inc.
- Copyright (C) 2003-2013 g10 Code GmbH
+ Copyright (C) 1997-2015 Werner Koch
+ Copyright (C) 1994-2015 Free Software Foundation, Inc.
+ Copyright (C) 2003-2015 g10 Code GmbH
Copyright (C) 2002 Klarälvdalens Datakonsult AB
Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper <drepper@gnu.ai.mit.edu>
Copyright (C) 1994 X Consortium
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA
-
-GPA is
-
- Copyright (C) 2000-2002 G-N-U GmbH (http://www.g-n-u.de)
- Copyright (C) 2002-2003 Miguel Coca.
- Copyright (C) 2005, 2006, 2008, 2012, 2014 g10 Code GmbH.
- Copyright (C) 1998-2000 Free Software Foundation, Inc.
- Copyright (C) 2000-2001 Werner Koch
- Copyright (C) 2000-2002 Timo Schulz
-
- GPA is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- GPA is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, see <http://www.gnu.org/licenses/>.
-
-
GPGME is
Copyright (C) 2000 Werner Koch (dd9jn)
along with this program; if not, see <http://www.gnu.org/licenses/>.
-GLIB is
-
- Copyright (C) 1995-1997 Peter Mattis, Spencer Kimball and Josh MacDonald
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
-
- Modified by the GLib Team and others 1997-2000. See the AUTHORS
- file for a list of people on the GLib Team. See the ChangeLog
- files for a list of changes. These files are distributed with
- GLib at ftp://ftp.gtk.org/pub/gtk/.
-
-
-Pthreads-win32 is
-
- Copyright(C) 1998 John E. Bossom
- Copyright(C) 1999,2002 Pthreads-win32 contributors
-
- Most of this is work available under the GNU Lesser General Public
- License as published by the Free Software Foundation version 2.1 of
- the License. The detailed terms are given in the file COPYING in
- the source distribution; that very file may not be modified and thus
- it is not possible to include it here.
-
-
NSIS is
Copyright (C) 1999-2005 Nullsoft, Inc.
commit log, and generate a top-level ChangeLog file from logs at
"make dist". See doc/HACKING for details.
+ [Update 2015-04-24: README.jnlib has been removed and all
+ references to JNLIB, except for this file, have been removed.]
+
2010-03-10 Werner Koch <wk@g10code.com>
See gnupg/common/ChangeLog for newer changes.
## Process this file with automake to produce Makefile.in
EXTRA_DIST = mkstrtable.awk exaudit.awk exstatus.awk ChangeLog-2011 \
- audit-events.h status-codes.h README.jnlib ChangeLog.jnlib \
+ audit-events.h status-codes.h ChangeLog.jnlib \
ChangeLog-2011.include w32info-rc.h.in gnupg.ico tls-ca.pem
noinst_LIBRARIES = libcommon.a libcommonpth.a libgpgrl.a \
if !HAVE_W32CE_SYSTEM
noinst_LIBRARIES += libsimple-pwquery.a
endif
-noinst_PROGRAMS = $(jnlib_tests) $(module_tests) $(module_maint_tests)
-TESTS = $(jnlib_tests) $(module_tests)
+noinst_PROGRAMS = $(module_tests) $(module_maint_tests)
+TESTS = $(module_tests)
BUILT_SOURCES = audit-events.h status-codes.h
include $(top_srcdir)/am/cmacros.am
-jnlib_sources = \
- libjnlib-config.h \
+
+common_sources = \
+ common-defs.h \
+ util.h i18n.c i18n.h \
types.h host2net.h dynload.h w32help.h \
mapstrings.c stringhelp.c stringhelp.h \
strlist.c strlist.h \
argparse.c argparse.h \
logging.c logging.h \
dotlock.c dotlock.h \
- mischelp.c mischelp.h
-
-if HAVE_W32_SYSTEM
-jnlib_sources += w32-reg.c w32-afunix.c w32-afunix.h
-endif
-
-
-common_sources = \
- common-defs.h \
- util.h i18n.c i18n.h \
+ mischelp.c mischelp.h \
status.c status.h\
shareddefs.h \
openpgpdefs.h \
signal.c \
audit.c audit.h \
srv.h \
- dns-cert.c dns-cert.h \
- pka.c pka.h \
localename.c \
session-env.c session-env.h \
userids.c userids.h \
agent-opt.c \
helpfile.c
+if HAVE_W32_SYSTEM
+common_sources += w32-reg.c w32-afunix.c w32-afunix.h
+endif
+
# Sources possible requiring a TLS library are put into a separate
# conveince library.
tls_sources = \
get-passphrase.c get-passphrase.h
-libcommon_a_SOURCES = $(jnlib_sources) $(common_sources) $(without_npth_sources)
+libcommon_a_SOURCES = $(common_sources) $(without_npth_sources)
if USE_DNS_SRV
libcommon_a_SOURCES += srv.c
endif
libcommon_a_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS) -DWITHOUT_NPTH=1
-libcommonpth_a_SOURCES = $(jnlib_sources) $(common_sources)
+libcommonpth_a_SOURCES = $(common_sources)
if USE_DNS_SRV
libcommonpth_a_SOURCES += srv.c
endif
#
# Module tests
#
-t_jnlib_src = t-support.c t-support.h
-jnlib_tests = t-stringhelp t-timestuff
-if HAVE_W32_SYSTEM
-jnlib_tests += t-w32-reg
-endif
-module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil \
- t-session-env t-openpgp-oid t-ssh-utils t-dns-cert \
- t-pka t-mapstrings t-zb32 t-mbox-util
+module_tests = t-stringhelp t-timestuff \
+ t-convert t-percent t-gettime t-sysutils t-sexputil \
+ t-session-env t-openpgp-oid t-ssh-utils \
+ t-mapstrings t-zb32 t-mbox-util
if !HAVE_W32CE_SYSTEM
module_tests += t-exechelp
endif
+if HAVE_W32_SYSTEM
+module_tests += t-w32-reg
+endif
if MAINTAINER_MODE
module_maint_tests = t-helpfile t-b64 t-http
module_maint_tests =
endif
+t_extra_src = t-support.h
t_common_cflags = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS) \
$(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
$(LIBINTL) $(LIBICONV)
-# jnlib tests
-t_stringhelp_SOURCES = t-stringhelp.c $(t_jnlib_src)
+# Common tests
+t_stringhelp_SOURCES = t-stringhelp.c $(t_extra_src)
t_stringhelp_LDADD = $(t_common_ldadd)
-t_timestuff_SOURCES = t-timestuff.c $(t_jnlib_src)
+t_timestuff_SOURCES = t-timestuff.c $(t_extra_src)
t_timestuff_LDADD = $(t_common_ldadd)
-if HAVE_W32_SYSTEM
-t_w32_reg_SOURCES = t-w32-reg.c $(t_jnlib_src)
-t_w32_reg_LDADD = $(t_common_ldadd)
-endif
-
-# common tests
t_convert_LDADD = $(t_common_ldadd)
t_percent_LDADD = $(t_common_ldadd)
t_gettime_LDADD = $(t_common_ldadd)
t_session_env_LDADD = $(t_common_ldadd)
t_openpgp_oid_LDADD = $(t_common_ldadd)
t_ssh_utils_LDADD = $(t_common_ldadd)
-t_dns_cert_LDADD = $(t_common_ldadd) $(DNSLIBS)
-t_pka_LDADD = $(t_common_ldadd) $(DNSLIBS)
t_mapstrings_LDADD = $(t_common_ldadd)
t_zb32_LDADD = $(t_common_ldadd)
t_mbox_util_LDADD = $(t_common_ldadd)
+# System specific test
+if HAVE_W32_SYSTEM
+t_w32_reg_SOURCES = t-w32-reg.c $(t_extra_src)
+t_w32_reg_LDADD = $(t_common_ldadd)
+endif
+
# http tests
t_http_SOURCES = t-http.c
t_http_CFLAGS = $(t_common_cflags) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS)
+++ /dev/null
-JNLIB - This is a collection of utility function which are too small
-to put into a library. The code here is licensed under the LGPL.
-
-libjnlib-config.h should be be modified for each project to make these
-functions fit into the software. Mainly these are memory functions in
-case you need another allocator.
-
-Files which make up jnlib:
- README.jnlib
- ChangeLog.jnlib
- libjnlib-config.h
- argparse.c
- argparse.h
- dotlock.c
- dotlock.h
- dynload.h
- logging.c
- logging.h
- mischelp.c
- mischelp.h
- stringhelp.c
- stringhelp.h
- strlist.c
- strlist.h
- types.h
- utf8conv.c
- utf8conv.h
- w32-afunix.c
- w32-afunix.h
- w32-reg.c
- w32help.h
- xmalloc.c
- xmalloc.h
- t-stringhelp.c
- t-support.c
- t-support.h
- t-timestuff.c
- t-w32-reg.c
-
-
-Here is a template Makefile.am for these jnlib modules:
-===8<==================================================
-EXTRA_DIST = README
-noinst_PROGRAMS = $(module_tests)
-TESTS = $(module_tests)
-
-AM_CPPFLAGS = -I$(top_srcdir)/intl
-
-# We need libgcrypt because libjnlib-config includes gcrypt.h
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS)
-
-noinst_LIBRARIES = libjnlib.a
-
-libjnlib_a_SOURCES = \
- libjnlib-config.h \
- stringhelp.c stringhelp.h \
- strlist.c strlist.h \
- utf8conv.c utf8conv.h \
- argparse.c argparse.h \
- logging.c logging.h \
- dotlock.c dotlock.h \
- types.h mischelp.c mischelp.h dynload.h w32help.h \
- xmalloc.c xmalloc.h
-
-if HAVE_W32_SYSTEM
-libjnlib_a_SOURCES += w32-reg.c w32-afunix.c w32-afunix.h
-endif
-
-#
-# Module tests.
-#
-# These tests should only be used at the canonical location of jnlib
-# which is the GnuPG package. The reason for this is that t-support.c
-# defines replacements for the actual used memory allocation functions
-# so that there is no dependency on libgcrypt.
-#
-module_tests = t-stringhelp t-timestuff
-if HAVE_W32_SYSTEM
-module_tests += t-w32-reg
-endif
-
-t_jnlib_src = t-support.c t-support.h
-t_jnlib_ldadd = libjnlib.a $(LIBINTL) $(LIBICONV)
-# For W32 we need libgpg-error because it provides gettext.
-if HAVE_W32_SYSTEM
-t_jnlib_ldadd += $(GPG_ERROR_LIBS)
-endif
-
-t_stringhelp_SOURCES = t-stringhelp.c $(t_jnlib_src)
-t_stringhelp_LDADD = $(t_jnlib_ldadd)
-
-t_timestuff_SOURCES = t-timestuff.c $(t_jnlib_src)
-t_timestuff_LDADD = $(t_jnlib_ldadd)
-
-if HAVE_W32_SYSTEM
-t_w32_reg_SOURCES = t-w32-reg.c $(t_jnlib_src)
-t_w32_reg_LDADD = $(t_jnlib_ldadd)
-endif
-==>8===================================================
* Copyright (C) 1998-2001, 2006-2008, 2012 Free Software Foundation, Inc.
* Copyright (C) 1997-2001, 2006-2008, 2013-2015 Werner Koch
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
#include <errno.h>
#ifdef GNUPG_MAJOR_VERSION
-# include "libjnlib-config.h"
+# include "util.h"
+# include "common-defs.h"
+# include "i18n.h"
# include "mischelp.h"
# include "stringhelp.h"
# include "logging.h"
-# ifdef JNLIB_NEED_UTF8CONV
-# include "utf8conv.h"
-# endif
+# include "utf8conv.h"
#endif /*GNUPG_MAJOR_VERSION*/
#include "argparse.h"
# ifndef DIM
# define DIM(v) (sizeof(v)/sizeof((v)[0]))
# endif
-# define jnlib_malloc(a) malloc ((a))
-# define jnlib_realloc(a,b) realloc ((a), (b))
-# define jnlib_strdup(a) strdup ((a))
-# define jnlib_free(a) free ((a))
-# define jnlib_log_error my_log_error
-# define jnlib_log_bug my_log_bug
-# define trim_spaces(a) my_trim_spaces ((a))
+# define xtrymalloc(a) malloc ((a))
+# define xtryrealloc(a,b) realloc ((a), (b))
+# define xtrystrdup(a) strdup ((a))
+# define xfree(a) free ((a))
+# define log_error my_log_error
+# define log_bug my_log_bug
+# define trim_spaces(a) my_trim_spaces ((a))
# define map_static_macro_string(a) (a)
#endif /*!GNUPG_MAJOR_VERSION*/
arg->err = 0;
arg->flags |= 1<<15; /* Mark as initialized. */
if ( *arg->argc < 0 )
- jnlib_log_bug ("invalid argument for arg_parse\n");
+ log_bug ("invalid argument for arg_parse\n");
}
s = _("out of core");
else
s = _("invalid option");
- jnlib_log_error ("%s:%u: %s\n", filename, *lineno, s);
+ log_error ("%s:%u: %s\n", filename, *lineno, s);
}
else
{
s = arg->internal.last? arg->internal.last:"[??]";
if ( arg->r_opt == ARGPARSE_MISSING_ARG )
- jnlib_log_error (_("missing argument for option \"%.50s\"\n"), s);
+ log_error (_("missing argument for option \"%.50s\"\n"), s);
else if ( arg->r_opt == ARGPARSE_INVALID_ARG )
- jnlib_log_error (_("invalid argument for option \"%.50s\"\n"), s);
+ log_error (_("invalid argument for option \"%.50s\"\n"), s);
else if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG )
- jnlib_log_error (_("option \"%.50s\" does not expect an "
- "argument\n"), s );
+ log_error (_("option \"%.50s\" does not expect an argument\n"), s);
else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND )
- jnlib_log_error (_("invalid command \"%.50s\"\n"), s);
+ log_error (_("invalid command \"%.50s\"\n"), s);
else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_OPTION )
- jnlib_log_error (_("option \"%.50s\" is ambiguous\n"), s);
+ log_error (_("option \"%.50s\" is ambiguous\n"), s);
else if ( arg->r_opt == ARGPARSE_AMBIGUOUS_COMMAND )
- jnlib_log_error (_("command \"%.50s\" is ambiguous\n"),s );
+ log_error (_("command \"%.50s\" is ambiguous\n"),s );
else if ( arg->r_opt == ARGPARSE_OUT_OF_CORE )
- jnlib_log_error ("%s\n", _("out of core\n"));
+ log_error ("%s\n", _("out of core\n"));
else
- jnlib_log_error (_("invalid option \"%.50s\"\n"), s);
+ log_error (_("invalid option \"%.50s\"\n"), s);
}
if (arg->err != ARGPARSE_PRINT_WARNING)
exit (2);
(void)name;
(void)value;
#if 0
- ALIAS_DEF a = jnlib_xmalloc( sizeof *a );
+ ALIAS_DEF a = xmalloc( sizeof *a );
a->name = name;
a->value = value;
a->next = (ALIAS_DEF)arg->internal.aliases;
name[namelen] = 0;
if (!ignore_invalid_option_p (arg, name))
{
- item = jnlib_malloc (sizeof *item + namelen);
+ item = xtrymalloc (sizeof *item + namelen);
if (!item)
return 1;
strcpy (item->name, name);
for (item = arg->internal.iio_list; item; item = tmpitem)
{
tmpitem = item->next;
- jnlib_free (item);
+ xfree (item);
}
arg->internal.iio_list = NULL;
}
}
if (!p || !*p)
{
- jnlib_free (buffer);
+ xfree (buffer);
arg->r_opt = ARGPARSE_INVALID_ALIAS;
}
else
if (!buffer)
{
keyword[i] = 0;
- buffer = jnlib_strdup (keyword);
+ buffer = xtrystrdup (keyword);
if (!buffer)
arg->r_opt = ARGPARSE_OUT_OF_CORE;
}
p[strlen(p)-1] = 0;
}
if (!set_opt_arg (arg, opts[idx].flags, p))
- jnlib_free(buffer);
+ xfree (buffer);
}
}
break;
char *tmp;
size_t tmplen = buflen + 50;
- tmp = jnlib_realloc (buffer, tmplen);
+ tmp = xtryrealloc (buffer, tmplen);
if (tmp)
{
buflen = tmplen;
}
else
{
- jnlib_free (buffer);
+ xfree (buffer);
arg->r_opt = ARGPARSE_OUT_OF_CORE;
break;
}
else
{
size_t tmplen = DIM(keyword) + 50;
- buffer = jnlib_malloc (tmplen);
+ buffer = xtrymalloc (tmplen);
if (buffer)
{
buflen = tmplen;
if ( o->description && *o->description == '|' )
{
const char *s;
-#ifdef JNLIB_NEED_UTF8CONV
int is_utf8 = is_native_utf8 ();
-#endif
s=o->description+1;
if ( *s != '=' )
continuation bytes (10xxxxxx) if we are on a native utf8
terminal. */
for (; *s && *s != '|'; s++ )
-#ifdef JNLIB_NEED_UTF8CONV
if ( is_utf8 && (*s&0xc0) != 0x80 )
-#endif
n++;
}
return n;
/* argparse.h - Argument parser for option handling.
* Copyright (C) 1998,1999,2000,2001,2006 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_ARGPARSE_H
-#define LIBJNLIB_ARGPARSE_H
+#ifndef GNUPG_COMMON_ARGPARSE_H
+#define GNUPG_COMMON_ARGPARSE_H
#include <stdio.h>
void set_strusage (const char *(*f)( int ));
void argparse_register_outfnc (int (*fnc)(int, const char *));
-#endif /*LIBJNLIB_ARGPARSE_H*/
+#endif /*GNUPG_COMMON_ARGPARSE_H*/
#include <locale.h>
#endif
-#define JNLIB_NEED_LOG_LOGV
#include "i18n.h"
#include "util.h"
#include "exechelp.h"
return 0; /* Assuan debugging is not enabled. */
if (msg)
- log_string (JNLIB_LOG_DEBUG, msg);
+ log_string (GPGRT_LOG_DEBUG, msg);
return 1;
}
gpg_error_t print_assuan_status (assuan_context_t ctx,
const char *keyword,
const char *format,
- ...) JNLIB_GCC_A_PRINTF(3,4);
+ ...) GPGRT_GCC_A_PRINTF(3,4);
gpg_error_t vprint_assuan_status (assuan_context_t ctx,
const char *keyword,
const char *format,
- va_list arg_ptr) JNLIB_GCC_A_PRINTF(3,0);
+ va_list arg_ptr) GPGRT_GCC_A_PRINTF(3,0);
#endif /*GNUPG_COMMON_ASSHELP_H*/
\f
static void writeout_para (audit_ctx_t ctx,
- const char *format, ...) JNLIB_GCC_A_PRINTF(2,3);
+ const char *format, ...) GPGRT_GCC_A_PRINTF(2,3);
static void writeout_li (audit_ctx_t ctx, const char *oktext,
- const char *format, ...) JNLIB_GCC_A_PRINTF(3,4);
+ const char *format, ...) GPGRT_GCC_A_PRINTF(3,4);
static void writeout_rem (audit_ctx_t ctx,
- const char *format, ...) JNLIB_GCC_A_PRINTF(2,3);
+ const char *format, ...) GPGRT_GCC_A_PRINTF(2,3);
/* Add NAME to the list of help tags. NAME needs to be a const string
#ifndef GNUPG_COMMON_COMMON_DEFS_H
#define GNUPG_COMMON_COMMON_DEFS_H
+
+/* Dummy replacement for getenv. */
+#ifndef HAVE_GETENV
+#define getenv(a) (NULL)
+#endif
+
+#ifdef HAVE_W32CE_SYSTEM
+#define getpid() GetCurrentProcessId ()
+#endif
+
+
/*-- ttyio.c --*/
void tty_private_set_rl_hooks (void (*init_stream) (FILE *),
void (*set_completer) (rl_completion_func_t*),
/* Convert HEXSTRING consisting of hex characters into string and
store that at BUFFER. HEXSTRING is either delimited by end of
string or a white space character. The function makes sure that
- the resulting string in BUFFER is terminated by a Nul character.
+ the resulting string in BUFFER is terminated by a Nul byte. Note
+ that the retruned string may include embedded Nul bytes; the extra
+ Nul byte at the end is used to make sure tha the result can always
+ be used as a C-string.
+
BUFSIZE is the availabe length of BUFFER; if the converted result
- plus a possible required Nul character does not fit into this
+ plus a possible required extra Nul character does not fit into this
buffer, the function returns NULL and won't change the existing
- conent of buffer. In-place conversion is possible as long as
+ content of BUFFER. In-place conversion is possible as long as
BUFFER points to HEXSTRING.
- If BUFFER is NULL and bufsize is 0 the function scans HEXSTRING but
+ If BUFFER is NULL and BUFSIZE is 0 the function scans HEXSTRING but
does not store anything. This may be used to find the end of
- hexstring.
+ HEXSTRING.
On sucess the function returns a pointer to the next character
after HEXSTRING (which is either end-of-string or a the next white
- space). If BUFLEN is not NULL the strlen of buffer is stored
- there; this will even be done if BUFFER has been passed as NULL. */
+ space). If BUFLEN is not NULL the number of valid vytes in BUFFER
+ is stored there (an extra Nul byte is not counted); this will even
+ be done if BUFFER has been passed as NULL. */
const char *
hex2str (const char *hexstring, char *buffer, size_t bufsize, size_t *buflen)
{
for (s=hexstring, count=0; hexdigitp (s) && hexdigitp (s+1); s += 2, count++)
;
if (*s && (!isascii (*s) || !isspace (*s)) )
- return NULL; /* Not followed by Nul or white space. */
+ {
+ gpg_err_set_errno (EINVAL);
+ return NULL; /* Not followed by Nul or white space. */
+ }
/* We need to append a nul character. However we don't want that if
the hexstring already ends with "00". */
need_nul = ((s == hexstring) || !(s[-2] == '0' && s[-1] == '0'));
if (buffer)
{
if (count > bufsize)
- return NULL; /* Too long. */
+ {
+ gpg_err_set_errno (EINVAL);
+ return NULL; /* Too long. */
+ }
for (s=hexstring, idx=0; hexdigitp (s) && hexdigitp (s+1); s += 2)
((unsigned char*)buffer)[idx++] = xtoi_2 (s);
}
if (buflen)
- *buflen = count - 1;
+ *buflen = count - need_nul;
return s;
}
{
if (r_count)
*r_count = 0;
- gpg_err_set_errno (EINVAL);
return NULL;
}
if (r_count)
* Copyright (C) 1998, 2000, 2001, 2003, 2004,
* 2005, 2006, 2008, 2010, 2011 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
#endif
#ifdef GNUPG_MAJOR_VERSION
-# include "libjnlib-config.h"
+# include "util.h"
+# include "common-defs.h"
# include "stringhelp.h" /* For stpcpy and w32_strerror. */
#endif
#ifdef HAVE_W32CE_SYSTEM
/* In GnuPG we use wrappers around the malloc fucntions. If they are
not defined we assume that this code is used outside of GnuPG and
fall back to the regular malloc functions. */
-#ifndef jnlib_malloc
-# define jnlib_malloc(a) malloc ((a))
-# define jnlib_calloc(a,b) calloc ((a), (b))
-# define jnlib_free(a) free ((a))
+#ifndef xtrymalloc
+# define xtrymalloc(a) malloc ((a))
+# define xtrycalloc(a,b) calloc ((a), (b))
+# define xfree(a) free ((a))
#endif
-/* Wrapper to set ERRNO. */
-#ifndef jnlib_set_errno
-# ifdef HAVE_W32CE_SYSTEM
-# define jnlib_set_errno(e) gpg_err_set_errno ((e))
-# else
-# define jnlib_set_errno(e) do { errno = (e); } while (0)
-# endif
+/* Wrapper to set ERRNO (required for W32CE). */
+#ifdef GPG_ERROR_VERSION
+# define my_set_errno(e) gpg_err_set_errno ((e))
+#else
+# define my_set_errno(e) do { errno = (e); } while (0)
#endif
/* Gettext macro replacement. */
expected_len = 10 + 1 + h->nodename_len + 1;
if ( expected_len >= sizeof buffer_space)
{
- buffer = jnlib_malloc (expected_len);
+ buffer = xtrymalloc (expected_len);
if (!buffer)
return -1;
}
my_info_2 ("error opening lockfile '%s': %s\n",
h->lockname, strerror(errno) );
if (buffer != buffer_space)
- jnlib_free (buffer);
- jnlib_set_errno (e); /* Need to return ERRNO here. */
+ xfree (buffer);
+ my_set_errno (e); /* Need to return ERRNO here. */
return -1;
}
my_info_1 ("error reading lockfile '%s'\n", h->lockname );
close (fd);
if (buffer != buffer_space)
- jnlib_free (buffer);
- jnlib_set_errno (0); /* Do not return an inappropriate ERRNO. */
+ xfree (buffer);
+ my_set_errno (0); /* Do not return an inappropriate ERRNO. */
return -1;
}
p += res;
{
my_info_1 ("invalid size of lockfile '%s'\n", h->lockname);
if (buffer != buffer_space)
- jnlib_free (buffer);
- jnlib_set_errno (0); /* Better don't return an inappropriate ERRNO. */
+ xfree (buffer);
+ my_set_errno (0); /* Better don't return an inappropriate ERRNO. */
return -1;
}
{
my_error_2 ("invalid pid %d in lockfile '%s'\n", pid, h->lockname);
if (buffer != buffer_space)
- jnlib_free (buffer);
- jnlib_set_errno (0);
+ xfree (buffer);
+ my_set_errno (0);
return -1;
}
*same_node = 1;
if (buffer != buffer_space)
- jnlib_free (buffer);
+ xfree (buffer);
return pid;
}
#endif /*HAVE_POSIX_SYSTEM */
return -1;
nlink = (unsigned int)sb.st_nlink;
- lname = jnlib_malloc (strlen (tname) + 1 + 1);
+ lname = xtrymalloc (strlen (tname) + 1 + 1);
if (!lname)
return -1;
strcpy (lname, tname);
res = 1; /* No hardlink support. */
unlink (lname);
- jnlib_free (lname);
+ xfree (lname);
return res;
}
#endif /*HAVE_POSIX_SYSTEM */
all_lockfiles = h;
tnamelen = dirpartlen + 6 + 30 + strlen(nodename) + 10 + 1;
- h->tname = jnlib_malloc (tnamelen + 1);
+ h->tname = xtrymalloc (tnamelen + 1);
if (!h->tname)
{
all_lockfiles = h->next;
UNLOCK_all_lockfiles ();
- jnlib_free (h);
+ xfree (h);
return NULL;
}
h->nodename_len = strlen (nodename);
do
{
- jnlib_set_errno (0);
+ my_set_errno (0);
fd = open (h->tname, O_WRONLY|O_CREAT|O_EXCL,
S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR );
}
UNLOCK_all_lockfiles ();
my_error_2 (_("failed to create temporary file '%s': %s\n"),
h->tname, strerror(errno));
- jnlib_free (h->tname);
- jnlib_free (h);
+ xfree (h->tname);
+ xfree (h);
return NULL;
}
if ( write (fd, pidstr, 11 ) != 11 )
goto write_failed;
}
- h->lockname = jnlib_malloc (strlen (file_to_lock) + 6 );
+ h->lockname = xtrymalloc (strlen (file_to_lock) + 6 );
if (!h->lockname)
{
all_lockfiles = h->next;
UNLOCK_all_lockfiles ();
unlink (h->tname);
- jnlib_free (h->tname);
- jnlib_free (h);
+ xfree (h->tname);
+ xfree (h);
return NULL;
}
strcpy (stpcpy (h->lockname, file_to_lock), EXTSEP_S "lock");
if ( fd != -1 )
close (fd);
unlink (h->tname);
- jnlib_free (h->tname);
- jnlib_free (h);
+ xfree (h->tname);
+ xfree (h);
return NULL;
}
#endif /*HAVE_POSIX_SYSTEM*/
h->next = all_lockfiles;
all_lockfiles = h;
- h->lockname = jnlib_malloc ( strlen (file_to_lock) + 6 );
+ h->lockname = xtrymalloc ( strlen (file_to_lock) + 6 );
if (!h->lockname)
{
all_lockfiles = h->next;
UNLOCK_all_lockfiles ();
- jnlib_free (h);
+ xfree (h);
return NULL;
}
strcpy (stpcpy(h->lockname, file_to_lock), EXTSEP_S "lock");
NULL, OPEN_ALWAYS, 0, NULL);
else
h->lockhd = INVALID_HANDLE_VALUE;
- jnlib_free (wname);
+ xfree (wname);
#else
h->lockhd = CreateFile (h->lockname,
GENERIC_READ|GENERIC_WRITE,
all_lockfiles = h->next;
UNLOCK_all_lockfiles ();
my_error_2 (_("can't create '%s': %s\n"), h->lockname, w32_strerror (-1));
- jnlib_free (h->lockname);
- jnlib_free (h);
+ xfree (h->lockname);
+ xfree (h);
return NULL;
}
return h;
if (flags)
{
- jnlib_set_errno (EINVAL);
+ my_set_errno (EINVAL);
return NULL;
}
- h = jnlib_calloc (1, sizeof *h);
+ h = xtrycalloc (1, sizeof *h);
if (!h)
return NULL;
h->extra_fd = -1;
unlink (h->lockname);
if (h->tname && !h->use_o_excl)
unlink (h->tname);
- jnlib_free (h->tname);
+ xfree (h->tname);
}
#endif /*HAVE_POSIX_SYSTEM*/
#else /* !HAVE_DOSISH_SYSTEM */
dotlock_destroy_unix (h);
#endif /* HAVE_DOSISH_SYSTEM */
- jnlib_free (h->lockname);
+ xfree (h->lockname);
}
- jnlib_free(h);
+ xfree(h);
}
do
{
- jnlib_set_errno (0);
+ my_set_errno (0);
fd = open (h->lockname, O_WRONLY|O_CREAT|O_EXCL,
S_IRUSR|S_IRGRP|S_IROTH|S_IWUSR );
}
goto again;
}
- jnlib_set_errno (EACCES);
+ my_set_errno (EACCES);
return -1;
}
#endif /*HAVE_POSIX_SYSTEM*/
/* dotlock.h - dotfile locking declarations
* Copyright (C) 2000, 2001, 2006, 2011 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef LIBJNLIB_DOTLOCK_H
-#define LIBJNLIB_DOTLOCK_H
+#ifndef GNUPG_COMMON_DOTLOCK_H
+#define GNUPG_COMMON_DOTLOCK_H
/* See dotlock.c for a description. */
#ifdef __cplusplus
}
#endif
-#endif /*LIBJNLIB_DOTLOCK_H*/
+#endif /*GNUPG_COMMON_DOTLOCK_H*/
/* dynload.h - Wrapper functions for run-time dynamic loading
* Copyright (C) 2003, 2010 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_DYNLOAD_H
-#define LIBJNLIB_DYNLOAD_H
+#ifndef GNUPG_COMMON_DYNLOAD_H
+#define GNUPG_COMMON_DYNLOAD_H
#ifndef __MINGW32__
# include <dlfcn.h>
#ifdef HAVE_W32CE_SYSTEM
wchar_t *wname = utf8_to_wchar (name);
hd = wname? LoadLibrary (wname) : NULL;
- _jnlib_free (wname);
+ xfree (wname);
#else
hd = LoadLibrary (name);
#endif
#ifdef HAVE_W32CE_SYSTEM
wchar_t *wsym = utf8_to_wchar (sym);
void *fnc = wsym? GetProcAddress (hd, wsym) : NULL;
- _jnlib_free (wsym);
+ xfree (wsym);
#else
void *fnc = GetProcAddress (hd, sym);
#endif
return -1;
}
# endif /*__MINGW32__*/
-#endif /*LIBJNLIB_DYNLOAD_H*/
+#endif /*GNUPG_COMMON_DYNLOAD_H*/
#include <stdio.h>
#include <stdlib.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
#include <string.h>
#include <errno.h>
#include <assert.h>
if (max_fds == -1)
max_fds = 256; /* Arbitrary limit. */
+ /* AIX returns INT32_MAX instead of a proper value. We assume that
+ this is always an error and use an arbitrary limit. */
+#ifdef INT32_MAX
+ if (max_fds == INT32_MAX)
+ max_fds = 256;
+#endif
+
return max_fds;
}
{
unsigned int flags;
log_get_prefix (&flags);
- log_set_prefix (NULL, (flags | JNLIB_LOG_NO_REGISTRY));
+ log_set_prefix (NULL, (flags | GPGRT_LOG_NO_REGISTRY));
}
/* FIXME: We should read the file to detect special flags
and print a warning if we don't understand them */
* Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010,
* 2011 Free Software Foundation, Inc.
* Copyright (C) 2014 Werner Koch
- * Copyright (C) 2015 g10 Code GmbH
+ * Copyright (C) 2015 g10 Code GmbH
*
* This file is part of GnuPG.
*
}
+/* Return true if STRING is likely "hostname:port" or only "hostname". */
+static int
+is_hostname_port (const char *string)
+{
+ int colons = 0;
+
+ if (!string || !*string)
+ return 0;
+ for (; *string; string++)
+ {
+ if (*string == ':')
+ {
+ if (colons)
+ return 0;
+ if (!string[1])
+ return 0;
+ colons++;
+ }
+ else if (!colons && strchr (" \t\f\n\v_@[]/", *string))
+ return 0; /* Invalid characters in hostname. */
+ else if (colons && !digitp (string))
+ return 0; /* Not a digit in the port. */
+ }
+ return 1;
+}
+
+
/*
* Send a HTTP request to the server
* Returns 0 if the request was successful
if (proxy)
http_proxy = proxy;
- err = parse_uri (&uri, http_proxy, 0,
- !!(hd->flags & HTTP_FLAG_FORCE_TLS));
+ err = parse_uri (&uri, http_proxy, 1, 0);
+ if (gpg_err_code (err) == GPG_ERR_INV_URI
+ && is_hostname_port (http_proxy))
+ {
+ /* Retry assuming a "hostname:port" string. */
+ char *tmpname = strconcat ("http://", http_proxy, NULL);
+ if (tmpname && !parse_uri (&uri, tmpname, 0, 0))
+ err = 0;
+ xfree (tmpname);
+ }
+
+ if (err)
+ ;
+ else if (!strcmp (uri->scheme, "http") || !strcmp (uri->scheme, "socks4"))
+ ;
+ else if (!strcmp (uri->scheme, "socks5h"))
+ err = gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED);
+ else
+ err = gpg_err_make (default_errsource, GPG_ERR_INV_URI);
+
if (err)
{
log_error ("invalid HTTP proxy (%s): %s\n",
#define KEYSERVER_KEY_EXISTS 7 /* key already exists */
#define KEYSERVER_KEY_INCOMPLETE 8 /* key incomplete (EOF) */
#define KEYSERVER_UNREACHABLE 9 /* unable to contact keyserver */
-#define KEYSERVER_TIMEOUT 10 /* timeout while accessing keyserver */
/* Must be 127 due to shell internal magic. */
#define KEYSERVER_SCHEME_NOT_FOUND 127
+++ /dev/null
-/* libjnlib-config.h - local configuration of the jnlib functions
- * Copyright (C) 2000, 2001, 2006 Free Software Foundation, Inc.
- *
- * This file is part of JNLIB, which is a subsystem of GnuPG.
- *
- * JNLIB is free software; you can redistribute it and/or modify it
- * under the terms of either
- *
- * - the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 3 of the License, or (at
- * your option) any later version.
- *
- * or
- *
- * - the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * or both in parallel, as here.
- *
- * JNLIB is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copies of the GNU General Public License
- * and the GNU Lesser General Public License along with this program;
- * if not, see <http://www.gnu.org/licenses/>.
- */
-
-/****************
- * This header is to be included only by the files in this directory
- * it should not be used by other modules.
- */
-
-#ifndef LIBJNLIB_CONFIG_H
-#define LIBJNLIB_CONFIG_H
-
-#include <gcrypt.h> /* gcry_malloc & Cie. */
-#include "logging.h"
-
-/* We require support for utf-8 conversion. */
-#define JNLIB_NEED_UTF8CONV 1
-
-
-
-#if !defined(JNLIB_NEED_UTF8CONV) && defined(HAVE_W32_SYSTEM)
-#define JNLIB_NEED_UTF8CONV 1
-#endif
-
-/* Gettext stuff */
-#ifdef USE_SIMPLE_GETTEXT
-# include <gpg-error.h>
-# define _(a) gettext (a)
-# define N_(a) (a)
-
-#else
-#ifdef HAVE_LOCALE_H
-# include <locale.h>
-#endif
-
-#ifdef ENABLE_NLS
-# include <libintl.h>
-# define _(a) gettext (a)
-# ifdef gettext_noop
-# define N_(a) gettext_noop (a)
-# else
-# define N_(a) (a)
-# endif
-#else
-# define _(a) (a)
-# define N_(a) (a)
-#endif
-#endif /* !USE_SIMPLE_GETTEXT */
-
-/* Malloc functions to be used by jnlib. */
-#define jnlib_malloc(a) gcry_malloc( (a) )
-#define jnlib_calloc(a,b) gcry_calloc( (a), (b) )
-#define jnlib_realloc(a,b) gcry_realloc( (a), (b) )
-#define jnlib_strdup(a) gcry_strdup( (a) )
-#define jnlib_xmalloc(a) gcry_xmalloc( (a) )
-#define jnlib_xcalloc(a,b) gcry_xcalloc( (a), (b) )
-#define jnlib_xrealloc(a,n) gcry_xrealloc( (a), (n) )
-#define jnlib_xstrdup(a) gcry_xstrdup( (a) )
-#define jnlib_free(a) gcry_free( (a) )
-
-/* Logging functions to be used by jnlib. */
-#define jnlib_log_debug log_debug
-#define jnlib_log_info log_info
-#define jnlib_log_error log_error
-#define jnlib_log_fatal log_fatal
-#define jnlib_log_bug log_bug
-
-/* Wrapper to set ERRNO. */
-#ifdef HAVE_W32CE_SYSTEM
-# define jnlib_set_errno(e) gpg_err_set_errno ((e))
-#else
-# define jnlib_set_errno(e) do { errno = (e); } while (0)
-#endif
-
-/* Dummy replacement for getenv. */
-#ifndef HAVE_GETENV
-#define getenv(a) (NULL)
-#endif
-
-#ifdef HAVE_W32CE_SYSTEM
-#define getpid() GetCurrentProcessId ()
-#endif
-
-#endif /*LIBJNUTIL_CONFIG_H*/
* Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006,
* 2009, 2010 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
#include <assert.h>
-#define JNLIB_NEED_LOG_LOGV 1
-#define JNLIB_NEED_AFLOCAL 1
-#include "libjnlib-config.h"
+#define GNUPG_COMMON_NEED_AFLOCAL 1
+#include "util.h"
+#include "i18n.h"
+#include "common-defs.h"
#include "logging.h"
#ifdef HAVE_W32_SYSTEM
void *addrbuf = NULL;
#endif /*HAVE_INET_PTON*/
- addrstr = jnlib_malloc (strlen (name) + 1);
+ addrstr = xtrymalloc (strlen (name) + 1);
if (!addrstr)
addrlen = 0; /* This indicates an error. */
else if (*name == '[')
p = strchr (addrstr, ']');
if (!p || p[1] != ':' || !parse_portno (p+2, &port))
{
- jnlib_set_errno (EINVAL);
+ gpg_err_set_errno (EINVAL);
addrlen = 0;
}
else
srvr_addr = (struct sockaddr *)&srvr_addr_in6;
addrlen = sizeof srvr_addr_in6;
#else
- jnlib_set_errno (EAFNOSUPPORT);
+ gpg_err_set_errno (EAFNOSUPPORT);
addrlen = 0;
#endif
}
p = strchr (addrstr, ':');
if (!p || !parse_portno (p+1, &port))
{
- jnlib_set_errno (EINVAL);
+ gpg_err_set_errno (EINVAL);
addrlen = 0;
}
else
#endif /*!HAVE_INET_PTON*/
}
- jnlib_free (addrstr);
+ xfree (addrstr);
}
cookie->fd = addrlen? socket (pf, SOCK_STREAM, 0) : -1;
if (cookie->fd != -1 && cookie->fd != 2)
sock_close (cookie->fd);
- jnlib_free (cookie);
+ xfree (cookie);
log_socket = -1;
return 0;
}
/* The xmalloc below is justified because we can expect that this
function is called only during initialization and there is no
easy way out of this error condition. */
- cookie = jnlib_xmalloc (sizeof *cookie + (name? strlen (name):0));
+ cookie = xmalloc (sizeof *cookie + (name? strlen (name):0));
strcpy (cookie->name, name? name:"");
cookie->quiet = 0;
cookie->is_socket = 0;
prefix_buffer[sizeof (prefix_buffer)-1] = 0;
}
- with_prefix = (flags & JNLIB_LOG_WITH_PREFIX);
- with_time = (flags & JNLIB_LOG_WITH_TIME);
- with_pid = (flags & JNLIB_LOG_WITH_PID);
- running_detached = (flags & JNLIB_LOG_RUN_DETACHED);
+ with_prefix = (flags & GPGRT_LOG_WITH_PREFIX);
+ with_time = (flags & GPGRT_LOG_WITH_TIME);
+ with_pid = (flags & GPGRT_LOG_WITH_PID);
+ running_detached = (flags & GPGRT_LOG_RUN_DETACHED);
#ifdef HAVE_W32_SYSTEM
- no_registry = (flags & JNLIB_LOG_NO_REGISTRY);
+ no_registry = (flags & GPGRT_LOG_NO_REGISTRY);
#endif
}
{
*flags = 0;
if (with_prefix)
- *flags |= JNLIB_LOG_WITH_PREFIX;
+ *flags |= GPGRT_LOG_WITH_PREFIX;
if (with_time)
- *flags |= JNLIB_LOG_WITH_TIME;
+ *flags |= GPGRT_LOG_WITH_TIME;
if (with_pid)
- *flags |= JNLIB_LOG_WITH_PID;
+ *flags |= GPGRT_LOG_WITH_PID;
if (running_detached)
- *flags |= JNLIB_LOG_RUN_DETACHED;
+ *flags |= GPGRT_LOG_RUN_DETACHED;
#ifdef HAVE_W32_SYSTEM
if (no_registry)
- *flags |= JNLIB_LOG_NO_REGISTRY;
+ *flags |= GPGRT_LOG_NO_REGISTRY;
#endif
}
return prefix_buffer;
: read_w32_registry_string (NULL, GNUPG_REGISTRY_DIR,
"DefaultLogFile"));
log_set_file (tmp && *tmp? tmp : NULL);
- jnlib_free (tmp);
+ xfree (tmp);
#else
log_set_file (NULL); /* Make sure a log stream has been set. */
#endif
}
es_flockfile (logstream);
- if (missing_lf && level != JNLIB_LOG_CONT)
+ if (missing_lf && level != GPGRT_LOG_CONT)
es_putc_unlocked ('\n', logstream );
missing_lf = 0;
- if (level != JNLIB_LOG_CONT)
+ if (level != GPGRT_LOG_CONT)
{ /* Note this does not work for multiple line logging as we would
* need to print to a buffer first */
if (with_time && !force_prefixes)
switch (level)
{
- case JNLIB_LOG_BEGIN: break;
- case JNLIB_LOG_CONT: break;
- case JNLIB_LOG_INFO: break;
- case JNLIB_LOG_WARN: break;
- case JNLIB_LOG_ERROR: break;
- case JNLIB_LOG_FATAL: es_fputs_unlocked ("Fatal: ",logstream ); break;
- case JNLIB_LOG_BUG: es_fputs_unlocked ("Ohhhh jeeee: ", logstream); break;
- case JNLIB_LOG_DEBUG: es_fputs_unlocked ("DBG: ", logstream ); break;
+ case GPGRT_LOG_BEGIN: break;
+ case GPGRT_LOG_CONT: break;
+ case GPGRT_LOG_INFO: break;
+ case GPGRT_LOG_WARN: break;
+ case GPGRT_LOG_ERROR: break;
+ case GPGRT_LOG_FATAL: es_fputs_unlocked ("Fatal: ",logstream ); break;
+ case GPGRT_LOG_BUG: es_fputs_unlocked ("Ohhhh jeeee: ", logstream); break;
+ case GPGRT_LOG_DEBUG: es_fputs_unlocked ("DBG: ", logstream ); break;
default:
es_fprintf_unlocked (logstream,"[Unknown log level %d]: ", level);
break;
missing_lf = 1;
}
- if (level == JNLIB_LOG_FATAL)
+ if (level == GPGRT_LOG_FATAL)
{
if (missing_lf)
es_putc_unlocked ('\n', logstream);
es_funlockfile (logstream);
exit (2);
}
- else if (level == JNLIB_LOG_BUG)
+ else if (level == GPGRT_LOG_BUG)
{
if (missing_lf)
es_putc_unlocked ('\n', logstream );
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (JNLIB_LOG_INFO, 0, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_INFO, 0, fmt, arg_ptr);
va_end (arg_ptr);
}
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (JNLIB_LOG_ERROR, 0, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_ERROR, 0, fmt, arg_ptr);
va_end (arg_ptr);
/* Protect against counter overflow. */
if (errorcount < 30000)
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (JNLIB_LOG_FATAL, 0, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_FATAL, 0, fmt, arg_ptr);
va_end (arg_ptr);
abort (); /* Never called; just to make the compiler happy. */
}
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (JNLIB_LOG_BUG, 0, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_BUG, 0, fmt, arg_ptr);
va_end (arg_ptr);
abort (); /* Never called; just to make the compiler happy. */
}
va_list arg_ptr ;
va_start (arg_ptr, fmt);
- do_logv (JNLIB_LOG_DEBUG, 0, fmt, arg_ptr);
+ do_logv (GPGRT_LOG_DEBUG, 0, fmt, arg_ptr);
va_end (arg_ptr);
}
va_list arg_ptr;
va_start (arg_ptr, fmt);
- do_logv (fmt ? JNLIB_LOG_CONT : JNLIB_LOG_BEGIN, 0, fmt, arg_ptr);
+ do_logv (fmt ? GPGRT_LOG_CONT : GPGRT_LOG_BEGIN, 0, fmt, arg_ptr);
va_end (arg_ptr);
}
void
log_flush (void)
{
- do_log_ignore_arg (JNLIB_LOG_CONT, NULL);
+ do_log_ignore_arg (GPGRT_LOG_CONT, NULL);
}
void
bug_at( const char *file, int line, const char *func )
{
- log_log (JNLIB_LOG_BUG, ("... this is a bug (%s:%d:%s)\n"), file, line, func);
+ log_log (GPGRT_LOG_BUG, ("... this is a bug (%s:%d:%s)\n"), file, line, func);
abort (); /* Never called; just to make the compiler happy. */
}
#else
void
bug_at( const char *file, int line )
{
- log_log (JNLIB_LOG_BUG, _("you found a bug ... (%s:%d)\n"), file, line);
+ log_log (GPGRT_LOG_BUG, _("you found a bug ... (%s:%d)\n"), file, line);
abort (); /* Never called; just to make the compiler happy. */
}
#endif
* Copyright (C) 1999, 2000, 2001, 2004, 2006,
* 2010 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_LOGGING_H
-#define LIBJNLIB_LOGGING_H
+#ifndef GNUPG_COMMON_LOGGING_H
+#define GNUPG_COMMON_LOGGING_H
#include <stdio.h>
+#include <stdarg.h>
#include "mischelp.h"
#include "w32help.h"
-/* Flag values for log_set_prefix. */
-#define JNLIB_LOG_WITH_PREFIX 1
-#define JNLIB_LOG_WITH_TIME 2
-#define JNLIB_LOG_WITH_PID 4
-#define JNLIB_LOG_RUN_DETACHED 256
-#define JNLIB_LOG_NO_REGISTRY 512
-
int log_get_errorcount (int clear);
void log_inc_errorcount (void);
void log_set_file( const char *name );
int log_get_fd(void);
estream_t log_get_stream (void);
-#ifdef JNLIB_GCC_M_FUNCTION
- void bug_at( const char *file, int line, const char *func ) JNLIB_GCC_A_NR;
+#ifdef GPGRT_GCC_M_FUNCTION
+ void bug_at( const char *file, int line, const char *func ) GPGRT_GCC_A_NR;
# define BUG() bug_at( __FILE__ , __LINE__, __FUNCTION__ )
#else
void bug_at( const char *file, int line );
# define BUG() bug_at( __FILE__ , __LINE__ )
#endif
-/* To avoid mandatory inclusion of stdarg and other stuff, do it only
- if explicitly requested to do so. */
-#ifdef JNLIB_NEED_LOG_LOGV
-#include <stdarg.h>
+/* Flag values for log_set_prefix. */
+#define GPGRT_LOG_WITH_PREFIX 1
+#define GPGRT_LOG_WITH_TIME 2
+#define GPGRT_LOG_WITH_PID 4
+#define GPGRT_LOG_RUN_DETACHED 256
+#define GPGRT_LOG_NO_REGISTRY 512
+
+/* Log levels as used by log_log. */
enum jnlib_log_levels {
- JNLIB_LOG_BEGIN,
- JNLIB_LOG_CONT,
- JNLIB_LOG_INFO,
- JNLIB_LOG_WARN,
- JNLIB_LOG_ERROR,
- JNLIB_LOG_FATAL,
- JNLIB_LOG_BUG,
- JNLIB_LOG_DEBUG
+ GPGRT_LOG_BEGIN,
+ GPGRT_LOG_CONT,
+ GPGRT_LOG_INFO,
+ GPGRT_LOG_WARN,
+ GPGRT_LOG_ERROR,
+ GPGRT_LOG_FATAL,
+ GPGRT_LOG_BUG,
+ GPGRT_LOG_DEBUG
};
-void log_log (int level, const char *fmt, ...) JNLIB_GCC_A_PRINTF(2,3);
+void log_log (int level, const char *fmt, ...) GPGRT_GCC_A_PRINTF(2,3);
void log_logv (int level, const char *fmt, va_list arg_ptr);
void log_string (int level, const char *string);
-#endif /*JNLIB_NEED_LOG_LOGV*/
-void log_bug( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
-void log_fatal( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2);
-void log_error( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
-void log_info( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
-void log_debug( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
-void log_printf( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2);
+void log_bug( const char *fmt, ... ) GPGRT_GCC_A_NR_PRINTF(1,2);
+void log_fatal( const char *fmt, ... ) GPGRT_GCC_A_NR_PRINTF(1,2);
+void log_error( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2);
+void log_info( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2);
+void log_debug( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2);
+void log_printf( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2);
void log_flush (void);
/* Print a hexdump of BUFFER. With TEXT passes as NULL print just the
void log_clock (const char *string);
-#endif /*LIBJNLIB_LOGGING_H*/
+#endif /*GNUPG_COMMON_LOGGING_H*/
void put_membuf (membuf_t *mb, const void *buf, size_t len);
void put_membuf_str (membuf_t *mb, const char *string);
void put_membuf_printf (membuf_t *mb, const char *format,
- ...) JNLIB_GCC_A_PRINTF(2,3);
+ ...) GPGRT_GCC_A_PRINTF(2,3);
void *get_membuf (membuf_t *mb, size_t *len);
void *get_membuf_shrink (membuf_t *mb, size_t *len);
const void *peek_membuf (membuf_t *mb, size_t *len);
#include <stdlib.h>
#include <errno.h>
-#define JNLIB_NEED_LOG_LOGV
#include "util.h"
#include "iobuf.h"
#include "i18n.h"
/* Map the log levels. */
switch (level)
{
- case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break;
- case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break;
- case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break;
- case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break;
- case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
- case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break;
- case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
- default: level = JNLIB_LOG_ERROR; break;
+ case GCRY_LOG_CONT: level = GPGRT_LOG_CONT; break;
+ case GCRY_LOG_INFO: level = GPGRT_LOG_INFO; break;
+ case GCRY_LOG_WARN: level = GPGRT_LOG_WARN; break;
+ case GCRY_LOG_ERROR:level = GPGRT_LOG_ERROR; break;
+ case GCRY_LOG_FATAL:level = GPGRT_LOG_FATAL; break;
+ case GCRY_LOG_BUG: level = GPGRT_LOG_BUG; break;
+ case GCRY_LOG_DEBUG:level = GPGRT_LOG_DEBUG; break;
+ default: level = GPGRT_LOG_ERROR; break;
}
log_logv (level, fmt, arg_ptr);
}
/* mischelp.c - Miscellaneous helper functions
* Copyright (C) 1998, 2000, 2001, 2006, 2007 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
#endif /*!HAVE_W32_SYSTEM*/
#include <errno.h>
-#include "libjnlib-config.h"
+#include "util.h"
+#include "common-defs.h"
#include "stringhelp.h"
#include "utf8conv.h"
#include "mischelp.h"
-/* Because we can't use our jnlib_free macro in inline functions we
- provide this wrapper. */
-void
-_jnlib_free (void *p)
-{
- if (p)
- jnlib_free (p);
-}
-
-
/* Check whether the files NAME1 and NAME2 are identical. This is for
example achieved by comparing the inode numbers of the files. */
int
file1 = CreateFile (wname, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
else
file1 = INVALID_HANDLE_VALUE;
- jnlib_free (wname);
+ xfree (wname);
}
#else
file1 = CreateFile (name1, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
file2 = CreateFile (wname, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
else
file2 = INVALID_HANDLE_VALUE;
- jnlib_free (wname);
+ xfree (wname);
}
#else
file2 = CreateFile (name2, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
/* System time is UTC thus the conversion is pretty easy. */
if (!SystemTimeToFileTime (&st, &ft))
{
- jnlib_set_errno (EINVAL);
+ gpg_err_set_errno (EINVAL);
return (time_t)(-1);
}
* Copyright (C) 1999, 2000, 2001, 2002, 2003,
* 2006, 2007, 2009 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_MISCHELP_H
-#define LIBJNLIB_MISCHELP_H
+#ifndef GNUPG_COMMON_MISCHELP_H
+#define GNUPG_COMMON_MISCHELP_H
-/* Because we can't use the internal jnlib_free macro in inline
- functions we provide a wrapper function as well. */
-void _jnlib_free (void *p);
-
/* Check whether the files NAME1 and NAME2 are identical. This is for
example achieved by comparing the inode numbers of the files. */
int same_file_p (const char *name1, const char *name2);
#define DIMof(type,member) DIM(((type *)0)->member)
-#undef JNLIB_GCC_HAVE_PUSH_PRAGMA
+#undef GPGRT_GCC_HAVE_PUSH_PRAGMA
#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
-# define JNLIB_GCC_M_FUNCTION 1
-# define JNLIB_GCC_A_NR __attribute__ ((noreturn))
+# define GPGRT_GCC_M_FUNCTION 1 /* __FUNCTION__ macro is available. */
+# define GPGRT_GCC_A_NR __attribute__ ((noreturn))
# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4 )
-# define JNLIB_GCC_HAVE_PUSH_PRAGMA 1
-# define JNLIB_GCC_A_PRINTF( f, a ) \
+# define GPGRT_GCC_HAVE_PUSH_PRAGMA 1
+# define GPGRT_GCC_A_PRINTF( f, a ) \
__attribute__ ((format (__gnu_printf__,f,a)))
-# define JNLIB_GCC_A_NR_PRINTF( f, a ) \
+# define GPGRT_GCC_A_NR_PRINTF( f, a ) \
__attribute__ ((noreturn, format (__gnu_printf__,f,a)))
# else
-# define JNLIB_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a)))
-# define JNLIB_GCC_A_NR_PRINTF( f, a ) \
+# define GPGRT_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a)))
+# define GPGRT_GCC_A_NR_PRINTF( f, a ) \
__attribute__ ((noreturn, format (printf,f,a)))
# endif
#else
-# define JNLIB_GCC_A_NR
-# define JNLIB_GCC_A_PRINTF( f, a )
-# define JNLIB_GCC_A_NR_PRINTF( f, a )
+# define GPGRT_GCC_A_NR
+# define GPGRT_GCC_A_PRINTF( f, a )
+# define GPGRT_GCC_A_NR_PRINTF( f, a )
#endif
/* Include hacks which are mainly required for Slowaris. */
-#ifdef JNLIB_NEED_AFLOCAL
+#ifdef GNUPG_COMMON_NEED_AFLOCAL
#ifndef HAVE_W32_SYSTEM
# include <sys/socket.h>
# include <sys/un.h>
# define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \
+ strlen ((ptr)->sun_path))
#endif /*SUN_LEN*/
-#endif /*JNLIB_NEED_AFLOCAL*/
+#endif /*GNUPG_COMMON_NEED_AFLOCAL*/
-#endif /*LIBJNLIB_MISCHELP_H*/
+#endif /*GNUPG_COMMON_MISCHELP_H*/
+++ /dev/null
-/* pka.c - DNS Public Key Association RR access
- * Copyright (C) 2005, 2009 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- * - the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 3 of the License, or (at
- * your option) any later version.
- *
- * or
- *
- * - the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "util.h"
-#include "mbox-util.h"
-#include "dns-cert.h"
-#include "pka.h"
-
-
-/* For the given email ADDRESS lookup the PKA information in the DNS.
-
- On success the fingerprint is stored at FPRBUF and the URI will be
- returned in an allocated buffer. Note that the URI might be a zero
- length string as this information is optional. Caller must xfree
- the returned string. FPRBUFLEN gives the size of the expected
- fingerprint (usually 20).
-
- On error NULL is returned and the FPRBUF is not defined. */
-char *
-get_pka_info (const char *address, void *fprbuf, size_t fprbuflen)
-{
- char *result = NULL;
- char *mbox;
- char *domain; /* Points to mbox. */
- char hashbuf[20];
- char *hash = NULL;
- char *name = NULL;
- unsigned char *fpr = NULL;
- size_t fpr_len;
- char *url = NULL;
-
- mbox = mailbox_from_userid (address);
- if (!mbox)
- goto leave;
- domain = strchr (mbox, '@');
- if (!domain)
- goto leave;
- *domain++ = 0;
-
- gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
- hash = zb32_encode (hashbuf, 8*20);
- if (!hash)
- goto leave;
- name = strconcat (hash, "._pka.", domain, NULL);
- if (!name)
- goto leave;
-
- if (get_dns_cert (name, DNS_CERTTYPE_IPGP, NULL, &fpr, &fpr_len, &url))
- goto leave;
- if (!fpr)
- goto leave;
-
- /* Return the fingerprint. */
- if (fpr_len != fprbuflen)
- {
- /* fprintf (stderr, "get_dns_cert failed: fprlen (%zu/%zu)\n", */
- /* fpr_len, fprbuflen); */
- goto leave;
- }
- memcpy (fprbuf, fpr, fpr_len);
-
- /* We return the URL or an empty string. */
- if (!url)
- url = xtrycalloc (1, 1);
- result = url;
- url = NULL;
-
- leave:
- xfree (fpr);
- xfree (url);
- xfree (name);
- xfree (hash);
- xfree (mbox);
- return result;
-}
+++ /dev/null
-/* pka.h - DNS Public Key Association RR access definitions
- * Copyright (C) 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of either
- *
- * - the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 3 of the License, or (at
- * your option) any later version.
- *
- * or
- *
- * - the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * or both in parallel, as here.
- *
- * This file is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-#ifndef GNUPG_COMMON_PKA_H
-#define GNUPG_COMMON_PKA_H
-
-char *get_pka_info (const char *address, void *fprbuf, size_t fprbuflen);
-
-
-#endif /*GNUPG_COMMON_PKA_H*/
#include <locale.h>
#endif
-#define JNLIB_NEED_AFLOCAL
+#define GNUPG_COMMON_NEED_AFLOCAL
#include "../common/mischelp.h"
#ifdef HAVE_W32_SYSTEM
#include "../common/w32-afunix.h"
#define SIMPLE_PWQUERY_IMPLEMENTATION 1
#include "simple-pwquery.h"
-#if defined(SPWQ_USE_LOGGING) && !defined(HAVE_JNLIB_LOGGING)
-# undef SPWQ_USE_LOGGING
-#endif
-
#ifndef _
#define _(a) (a)
#endif
#include <gcrypt.h>
#include "../common/logging.h"
-/* Try to write error message using the standard log mechanism. The
- current implementation requires that the HAVE_JNLIB_LOGGING is also
- defined. */
+/* Try to write error message using the standard gnupg log mechanism. */
#define SPWQ_USE_LOGGING 1
/* Memory allocation functions used by the implementation. Note, that
* Copyright (C) 2014 Werner Koch
* Copyright (C) 2015 g10 Code GmbH
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
#endif
#include "util.h"
-#include "libjnlib-config.h"
+#include "common-defs.h"
#include "utf8conv.h"
#include "sysutils.h"
#include "stringhelp.h"
{
if (xmode)
BUG ();
- jnlib_set_errno (EINVAL);
+ gpg_err_set_errno (EINVAL);
return NULL;
}
argc++;
needed += strlen (argv[argc]);
if (argc >= DIM (argv)-1)
{
- jnlib_set_errno (EINVAL);
+ gpg_err_set_errno (EINVAL);
return NULL;
}
argc++;
* 2006, 2007, 2009 Free Software Foundation, Inc.
* 2015 g10 Code GmbH
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_STRINGHELP_H
-#define LIBJNLIB_STRINGHELP_H
+#ifndef GNUPG_COMMON_STRINGHELP_H
+#define GNUPG_COMMON_STRINGHELP_H
#include "types.h"
/*-- mapstrings.c --*/
const char *map_static_macro_string (const char *string);
-#endif /*LIBJNLIB_STRINGHELP_H*/
+#endif /*GNUPG_COMMON_STRINGHELP_H*/
* Copyright (C) 1998, 2000, 2001, 2006 Free Software Foundation, Inc.
* Copyright (C) 2015 g10 Code GmbH
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
#include <stdarg.h>
#include <ctype.h>
-#include "libjnlib-config.h"
+#include "util.h"
+#include "common-defs.h"
#include "strlist.h"
-#ifdef JNLIB_NEED_UTF8CONV
#include "utf8conv.h"
-#endif
void
free_strlist( strlist_t sl )
for(; sl; sl = sl2 ) {
sl2 = sl->next;
- jnlib_free(sl);
+ xfree(sl);
}
}
{
strlist_t sl;
- sl = jnlib_xmalloc( sizeof *sl + strlen(string));
+ sl = xmalloc( sizeof *sl + strlen(string));
sl->flags = 0;
strcpy(sl->d, string);
sl->next = *list;
{
strlist_t sl;
- sl = jnlib_malloc (sizeof *sl + strlen (string));
+ sl = xtrymalloc (sizeof *sl + strlen (string));
if (sl)
{
sl->flags = 0;
/* Same as add_to_strlist() but if IS_UTF8 is *not* set, a conversion
to UTF-8 is done. This function terminates the process on memory
shortage. */
-#ifdef JNLIB_NEED_UTF8CONV
strlist_t
add_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
{
{
char *p = native_to_utf8( string );
sl = add_to_strlist( list, p );
- jnlib_free ( p );
+ xfree ( p );
}
return sl;
}
-#endif /* JNLIB_NEED_UTF8CONV*/
/* Add STRING to the LIST at the end. This function terminates the
{
strlist_t r, sl;
- sl = jnlib_xmalloc( sizeof *sl + strlen(string));
+ sl = xmalloc( sizeof *sl + strlen(string));
sl->flags = 0;
strcpy(sl->d, string);
sl->next = NULL;
}
-#ifdef JNLIB_NEED_UTF8CONV
strlist_t
append_to_strlist2( strlist_t *list, const char *string, int is_utf8 )
{
{
char *p = native_to_utf8 (string);
sl = append_to_strlist( list, p );
- jnlib_free( p );
+ xfree( p );
}
return sl;
}
-#endif /* JNLIB_NEED_UTF8CONV */
/* Return a copy of LIST. This function terminates the process on
last = &newlist;
for (; list; list = list->next)
{
- sl = jnlib_xmalloc (sizeof *sl + strlen (list->d));
+ sl = xmalloc (sizeof *sl + strlen (list->d));
sl->flags = list->flags;
strcpy(sl->d, list->d);
sl->next = NULL;
if(sl)
{
- str=jnlib_xmalloc(strlen(sl->d)+1);
+ str = xmalloc(strlen(sl->d)+1);
strcpy(str,sl->d);
*list=sl->next;
- jnlib_free(sl);
+ xfree(sl);
}
return str;
/* strlist.h
* Copyright (C) 1998, 2000, 2001, 2006 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_STRLIST_H
-#define LIBJNLIB_STRLIST_H
+#ifndef GNUPG_COMMON_STRLIST_H
+#define GNUPG_COMMON_STRLIST_H
struct string_list
{
#define FREE_STRLIST(a) do { free_strlist((a)); (a) = NULL ; } while(0)
-#endif /*LIBJNLIB_STRLIST_H*/
+#endif /*GNUPG_COMMON_STRLIST_H*/
#define pass() do { ; } while(0)
#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\
__FILE__,__LINE__, (a)); \
- exit (1); \
+ /*exit (1)*/; \
} while(0)
static struct {
const char *hex;
const char *str;
+ int len; /* Length of STR. This may included embedded nuls. */
int off;
int no_alloc_test;
} tests[] = {
/* Simple tests. */
{ "112233445566778899aabbccddeeff1122",
"\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
- 34 },
+ 17, 34 },
{ "112233445566778899aabbccddeeff1122 blah",
"\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
- 34 },
+ 17, 34 },
{ "112233445566778899aabbccddeeff1122\tblah",
"\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
- 34 },
+ 17, 34 },
{ "112233445566778899aabbccddeeff1122\nblah",
"\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
- 34 },
+ 17, 34 },
/* Valid tests yielding an empty string. */
{ "00",
"",
- 2 },
+ 1, 2 },
{ "00 x",
"",
- 2 },
+ 1, 2 },
{ "",
"",
- 0 },
+ 0, 0 },
{ " ",
"",
- 0 },
+ 0, 0 },
/* Test trailing Nul feature. */
- { "112233445566778899aabbccddeeff112200",
- "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
- 36 },
- { "112233445566778899aabbccddeeff112200 ",
- "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22",
- 36 },
+ { "112233445566778899aabbccddeeff1100",
+ "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x00",
+ 17, 34 },
+ { "112233445566778899aabbccddeeff1100 ",
+ "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x00",
+ 17, 34 },
/* Test buffer size. (buffer is of length 20) */
{ "6162636465666768696A6b6c6D6e6f70717273",
"abcdefghijklmnopqrs",
- 38 },
+ 19, 38 },
{ "6162636465666768696A6b6c6D6e6f7071727300",
"abcdefghijklmnopqrs",
- 40 },
+ 20, 40 },
{ "6162636465666768696A6b6c6D6e6f7071727374",
NULL,
- 0, 1 },
+ 0, 0, 1 },
{ "6162636465666768696A6b6c6D6e6f707172737400",
NULL,
- 0, 1 },
+ 0, 0, 1 },
{ "6162636465666768696A6b6c6D6e6f707172737475",
NULL,
- 0, 1 },
+ 0, 0, 1 },
/* Invalid tests. */
- { "112233445566778899aabbccddeeff1122334", NULL, 0 },
- { "112233445566778899AABBCCDDEEFF1122334", NULL, 0 },
- { "112233445566778899AABBCCDDEEFG11223344", NULL, 0 },
- { "0:0112233445566778899aabbccddeeff11223344", NULL, 0 },
- { "112233445566778899aabbccddeeff11223344:", NULL, 0 },
- { "112233445566778899aabbccddeeff112233445", NULL, 0 },
- { "112233445566778899aabbccddeeff1122334455", NULL, 0, 1 },
- { "112233445566778899aabbccddeeff11223344blah", NULL, 0 },
- { "0", NULL, 0 },
- { "00:", NULL, 0 },
- { "00x", NULL, 0 },
-
- { NULL, NULL, 0 }
+ { "112233445566778899aabbccddeeff1122334", NULL, 0, 0 },
+ { "112233445566778899AABBCCDDEEFF1122334", NULL, 0, 0 },
+ { "112233445566778899AABBCCDDEEFG11223344", NULL, 0, 0 },
+ { "0:0112233445566778899aabbccddeeff11223344", NULL, 0, 0 },
+ { "112233445566778899aabbccddeeff11223344:", NULL, 0, 0 },
+ { "112233445566778899aabbccddeeff112233445", NULL, 0, 0 },
+ { "112233445566778899aabbccddeeff1122334455", NULL, 0, 0, 1 },
+ { "112233445566778899aabbccddeeff11223344blah", NULL, 0, 0 },
+ { "0", NULL, 0, 0 },
+ { "00:", NULL, 0, 0 },
+ { "00x", NULL, 0, 0 },
+
+ { NULL, NULL, 0, 0 }
};
int idx;
fail (idx);
else if (tail - tests[idx].hex != tests[idx].off)
fail (idx);
- else if (strlen (buffer) != count)
+ else if (tests[idx].len != count)
fail (idx);
}
else
fail (idx);
else if (tail - tmpbuf != tests[idx].off)
fail (idx);
- else if (strlen (tmpbuf) != count)
+ else if (tests[idx].len != count)
fail (idx);
}
else
+++ /dev/null
-/* t-pak.c - Module test for pka.c
- * Copyright (C) 2015 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <assert.h>
-
-#include "util.h"
-#include "pka.h"
-
-
-int
-main (int argc, char **argv)
-{
- unsigned char fpr[20];
- char *url;
- char const *name;
- int i;
-
- if (argc)
- {
- argc--;
- argv++;
- }
-
- if (!argc)
- name = "wk@gnupg.org";
- else if (argc == 1)
- name = *argv;
- else
- {
- fputs ("usage: t-pka [userid]\n", stderr);
- return 1;
- }
-
- printf ("User id ...: %s\n", name);
-
- url = get_pka_info (name, fpr, sizeof fpr);
- printf ("Fingerprint: ");
- if (url)
- {
- for (i = 0; i < sizeof fpr; i++)
- printf ("%02X", fpr[i]);
- }
- else
- printf ("[not found]");
-
- putchar ('\n');
-
- printf ("URL .......: %s\n", (url && *url)? url : "[none]");
-
- xfree (url);
-
- return 0;
-}
* Copyright (C) 2007 Free Software Foundation, Inc.
* 2015 g10 Code GmbH
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
static void
test_strsplit (void)
{
- int test_count = 0;
- void test (const char *s, char delim, char replacement,
- const char *fields_expected[])
- {
- char *s2;
- int field_count;
- char **fields;
- int field_count_expected;
- int i;
-
- /* Count the fields. */
- for (field_count_expected = 0;
- fields_expected[field_count_expected];
- field_count_expected ++)
- ;
-
- test_count ++;
-
- /* We need to copy s since strsplit modifies it in place. */
- s2 = xstrdup (s);
- fields = strsplit (s2, delim, replacement, &field_count);
-
- if (field_count != field_count_expected)
- fail (test_count * 1000);
-
- for (i = 0; i < field_count_expected; i ++)
- if (strcmp (fields_expected[i], fields[i]) != 0)
- {
- printf ("For field %d, expected '%s', but got '%s'\n",
- i, fields_expected[i], fields[i]);
- fail (test_count * 1000 + i + 1);
- }
-
- xfree (s2);
- }
-
- {
- const char *expected_result[] =
- { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL };
- test ("a:bc:cde:fghi:jklmn::foo:", ':', '\0', expected_result);
- }
-
- {
- const char *expected_result[] =
- { "!a!bc!!def!", "a!bc!!def!", "bc!!def!", "!def!", "def!", "", NULL };
- test (",a,bc,,def,", ',', '!', expected_result);
- }
-
- {
- const char *expected_result[] = { "", NULL };
- test ("", ':', ',', expected_result);
- }
+ struct {
+ const char *s;
+ char delim;
+ char replacement;
+ const char *fields_expected[10];
+ } tv[] = {
+ {
+ "a:bc:cde:fghi:jklmn::foo:", ':', '\0',
+ { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL }
+ },
+ {
+ ",a,bc,,def,", ',', '!',
+ { "!a!bc!!def!", "a!bc!!def!", "bc!!def!", "!def!", "def!", "", NULL }
+ },
+ {
+ "", ':', ',',
+ { "", NULL }
+ }
+ };
+
+ int tidx;
+
+ for (tidx = 0; tidx < DIM(tv); tidx++)
+ {
+ char *s2;
+ int field_count;
+ char **fields;
+ int field_count_expected;
+ int i;
+
+ /* Count the fields. */
+ for (field_count_expected = 0;
+ tv[tidx].fields_expected[field_count_expected];
+ field_count_expected ++)
+ ;
+
+ /* We need to copy s since strsplit modifies it in place. */
+ s2 = xstrdup (tv[tidx].s);
+ fields = strsplit (s2, tv[tidx].delim, tv[tidx].replacement,
+ &field_count);
+
+ if (field_count != field_count_expected)
+ fail (tidx * 1000);
+
+ for (i = 0; i < field_count_expected; i ++)
+ if (strcmp (tv[tidx].fields_expected[i], fields[i]) != 0)
+ {
+ printf ("For field %d, expected '%s', but got '%s'\n",
+ i, tv[tidx].fields_expected[i], fields[i]);
+ fail (tidx * 1000 + i + 1);
+ }
+
+ xfree (s2);
+ }
}
int
/* t-support.c - helper functions for the regression tests.
* Copyright (C) 2007 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
\f
/* Stubs for gpg-error functions required because some compilers do
not eliminate the supposed-to-be-unused-inline-functions and thus
- require functions called from these inline fucntions. Although we
- do not use gpg-error, gpg-error.h may get included via gcrypt.h if
- it happens to be used used in libjnlib-config.h. */
+ require functions called from these inline functions. */
#ifndef GPG_ERROR_H /* Don't do this if gpg-error.h has been included. */
int
gpg_err_code_from_errno (int err)
/* t-support.h - Helper for the regression tests
* Copyright (C) 2007 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_T_SUPPORT_H
-#define LIBJNLIB_T_SUPPORT_H 1
+#ifndef GNUPG_COMMON_T_SUPPORT_H
+#define GNUPG_COMMON_T_SUPPORT_H 1
#ifdef GCRYPT_VERSION
#error The regression tests should not include with gcrypt.h
} while(0)
-#endif /*LIBJNLIB_T_SUPPORT_H*/
+#endif /*GNUPG_COMMON_T_SUPPORT_H*/
/* t-timestuff.c - Regression tests for time functions
* Copyright (C) 2007 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
/* t-w32-reg.c - Regression tests for W32 registry functions
* Copyright (C) 2010 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
/* types.h - define some extra types
* Copyright (C) 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_TYPES_H
-#define LIBJNLIB_TYPES_H
+#ifndef GNUPG_COMMON_TYPES_H
+#define GNUPG_COMMON_TYPES_H
#ifdef HAVE_INTTYPES_H
# include <inttypes.h>
# define GNUPG_GCC_A_SENTINEL(a)
#endif
-#endif /*LIBJNLIB_TYPES_H*/
+#endif /*GNUPG_COMMON_TYPES_H*/
* Copyright (C) 1994, 1998, 1999, 2000, 2001, 2003, 2006,
* 2008, 2010 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
# include <iconv.h>
#endif
-#include "libjnlib-config.h"
+#include "util.h"
+#include "common-defs.h"
+#include "i18n.h"
#include "stringhelp.h"
#include "utf8conv.h"
if (no_translation)
{
/* Already utf-8 encoded. */
- buffer = jnlib_xstrdup (orig_string);
+ buffer = xstrdup (orig_string);
}
else if (!use_iconv)
{
if (*s & 0x80)
length++;
}
- buffer = jnlib_xmalloc (length + 1);
+ buffer = xmalloc (length + 1);
for (p = (unsigned char *)buffer, s = string; *s; s++)
{
if ( (*s & 0x80 ))
if ((*s & 0x80))
length += 5; /* We may need up to 6 bytes for the utf8 output. */
}
- buffer = jnlib_xmalloc (length + 1);
+ buffer = xmalloc (length + 1);
inptr = string;
inbytes = strlen (string);
if (!buffer)
{
/* Allocate the buffer after the first pass. */
- buffer = p = jnlib_xmalloc (n + 1);
+ buffer = p = xmalloc (n + 1);
}
else if (with_iconv)
{
if (cd == (iconv_t)-1)
{
handle_iconv_error (active_charset_name, "utf-8", 1);
- jnlib_free (buffer);
+ xfree (buffer);
return utf8_to_native (string, length, delim);
}
outbytes = n * MB_LEN_MAX;
if (outbytes / MB_LEN_MAX != n)
BUG (); /* Actually an overflow. */
- outbuf = outptr = jnlib_xmalloc (outbytes);
+ outbuf = outptr = xmalloc (outbytes);
if ( iconv (cd, (ICONV_CONST char **)&inptr, &inbytes,
&outptr, &outbytes) == (size_t)-1)
{
"utf-8", active_charset_name, strerror (errno));
shown = 1;
/* Didn't worked out. Try again but without iconv. */
- jnlib_free (buffer);
+ xfree (buffer);
buffer = NULL;
- jnlib_free (outbuf);
+ xfree (outbuf);
outbuf = do_utf8_to_native (string, length, delim, 0);
}
else /* Success. */
/* We could realloc the buffer now but I doubt that it
makes much sense given that it will get freed
anyway soon after. */
- jnlib_free (buffer);
+ xfree (buffer);
}
iconv_close (cd);
return outbuf;
n = WideCharToMultiByte (CP_UTF8, 0, string, -1, NULL, 0, NULL, NULL);
if (n < 0)
{
- jnlib_set_errno (EINVAL);
+ gpg_err_set_errno (EINVAL);
return NULL;
}
- result = jnlib_malloc (n+1);
+ result = xtrymalloc (n+1);
if (!result)
return NULL;
n = WideCharToMultiByte (CP_UTF8, 0, string, -1, result, n, NULL, NULL);
if (n < 0)
{
- jnlib_free (result);
- jnlib_set_errno (EINVAL);
+ xfree (result);
+ gpg_err_set_errno (EINVAL);
result = NULL;
}
return result;
n = MultiByteToWideChar (CP_UTF8, 0, string, -1, NULL, 0);
if (n < 0)
{
- jnlib_set_errno (EINVAL);
+ gpg_err_set_errno (EINVAL);
return NULL;
}
nbytes = (size_t)(n+1) * sizeof(*result);
if (nbytes / sizeof(*result) != (n+1))
{
- jnlib_set_errno (ENOMEM);
+ gpg_err_set_errno (ENOMEM);
return NULL;
}
- result = jnlib_malloc (nbytes);
+ result = xtrymalloc (nbytes);
if (!result)
return NULL;
n = MultiByteToWideChar (CP_UTF8, 0, string, -1, result, n);
if (n < 0)
{
- free (result);
- jnlib_set_errno (EINVAL);
+ xfree (result);
+ gpg_err_set_errno (EINVAL);
result = NULL;
}
return result;
/* utf8conf.h
* Copyright (C) 2003, 2006 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_UTF8CONF_H
-#define LIBJNLIB_UTF8CONF_H
+#ifndef GNUPG_COMMON_UTF8CONF_H
+#define GNUPG_COMMON_UTF8CONF_H
int set_native_charset (const char *newset);
const char *get_native_charset (void);
#endif /*HAVE_W32_SYSTEM*/
-#endif /*LIBJNLIB_UTF8CONF_H*/
+#endif /*GNUPG_COMMON_UTF8CONF_H*/
/* util.h - Utility functions for GnuPG
* Copyright (C) 2001, 2002, 2003, 2004, 2009 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
void setup_libgcrypt_logging (void);
/* Same as estream_asprintf but die on memory failure. */
-char *xasprintf (const char *fmt, ...) JNLIB_GCC_A_PRINTF(1,2);
+char *xasprintf (const char *fmt, ...) GPGRT_GCC_A_PRINTF(1,2);
/* This is now an alias to estream_asprintf. */
-char *xtryasprintf (const char *fmt, ...) JNLIB_GCC_A_PRINTF(1,2);
+char *xtryasprintf (const char *fmt, ...) GPGRT_GCC_A_PRINTF(1,2);
/* Replacement for gcry_cipher_algo_name. */
const char *gnupg_cipher_algo_name (int algo);
/* w32-afunix.c - AF_UNIX emulation for Windows (Client only).
* Copyright (C) 2004, 2006 g10 Code GmbH
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
/* w32-afunix.h - AF_UNIX emulation for Windows
* Copyright (C) 2004, 2006 g10 Code GmbH
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
/* w32-reg.c - MS-Windows Registry access
* Copyright (C) 1999, 2002, 2007 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
#endif
#include <windows.h>
-#include "libjnlib-config.h"
+#include "util.h"
+#include "common-defs.h"
#include "utf8conv.h"
#include "w32help.h"
{
if (root)
{
- jnlib_free (wdir);
+ xfree (wdir);
return NULL; /* No need for a RegClose, so return immediately. */
}
/* It seems to be common practise to fall back to HKLM. */
if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, wdir, 0, KEY_READ, &key_handle) )
{
- jnlib_free (wdir);
+ xfree (wdir);
return NULL; /* Still no need for a RegClose. */
}
}
- jnlib_free (wdir);
+ xfree (wdir);
if (name)
{
nbytes = 2;
if (RegQueryValueEx (key_handle, wname, 0, NULL, NULL, &nbytes))
goto leave;
- result = jnlib_malloc ((n1=nbytes+2));
+ result = xtrymalloc ((n1=nbytes+2));
if (!result)
goto leave;
if (RegQueryValueEx (key_handle, wname, 0, &type, result, &n1))
{
- jnlib_free (result);
+ xfree (result);
result = NULL;
goto leave;
}
{
wchar_t *tmp = (void*)result;
result = wchar_to_utf8 (tmp);
- jnlib_free (tmp);
+ xfree (tmp);
}
leave:
- jnlib_free (wname);
+ xfree (wname);
RegCloseKey (key_handle);
return result;
#else /*!HAVE_W32CE_SYSTEM*/
nbytes = 1;
if (RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes ) )
goto leave;
- result = jnlib_malloc ((n1=nbytes+1));
+ result = xtrymalloc ((n1=nbytes+1));
if (!result)
goto leave;
if (RegQueryValueEx( key_handle, name, 0, &type, result, &n1 ))
{
- jnlib_free (result);
+ xfree (result);
result = NULL;
goto leave;
}
char *tmp;
n1 += 1000;
- tmp = jnlib_malloc (n1+1);
+ tmp = xtrymalloc (n1+1);
if (!tmp)
goto leave;
nbytes = ExpandEnvironmentStrings (result, tmp, n1);
if (nbytes && nbytes > n1)
{
- jnlib_free (tmp);
+ xfree (tmp);
n1 = nbytes;
- tmp = jnlib_malloc (n1 + 1);
+ tmp = xtrymalloc (n1 + 1);
if (!tmp)
goto leave;
nbytes = ExpandEnvironmentStrings (result, tmp, n1);
if (nbytes && nbytes > n1)
{
/* Oops - truncated, better don't expand at all. */
- jnlib_free (tmp);
+ xfree (tmp);
goto leave;
}
tmp[nbytes] = 0;
- jnlib_free (result);
+ xfree (result);
result = tmp;
}
else if (nbytes)
{
/* Okay, reduce the length. */
tmp[nbytes] = 0;
- jnlib_free (result);
- result = jnlib_malloc (strlen (tmp)+1);
+ xfree (result);
+ result = xtrymalloc (strlen (tmp)+1);
if (!result)
result = tmp;
else
{
strcpy (result, tmp);
- jnlib_free (tmp);
+ xfree (tmp);
}
}
else
{
/* Error - don't expand. */
- jnlib_free (tmp);
+ xfree (tmp);
}
}
/* w32help.h - W32 speicif functions
* Copyright (C) 2007 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_W32HELP_H
-#define LIBJNLIB_W32HELP_H
+#ifndef GNUPG_COMMON_W32HELP_H
+#define GNUPG_COMMON_W32HELP_H
#ifdef HAVE_W32_SYSTEM
/*-- w32-reg.c --*/
#endif /*HAVE_W32CE_SYSTEM*/
#endif /*HAVE_W32_SYSTEM*/
-#endif /*LIBJNLIB_MISCHELP_H*/
+#endif /*GNUPG_COMMON_MISCHELP_H*/
/* xmalloc.c - standard malloc wrappers
* Copyright (C) 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
/* xmalloc.h
* Copyright (C) 1999, 2000, 2001, 2006 Free Software Foundation, Inc.
*
- * This file is part of JNLIB, which is a subsystem of GnuPG.
+ * This file is part of GnuPG.
*
- * JNLIB is free software; you can redistribute it and/or modify it
+ * GnuPG is free software; you can redistribute it and/or modify it
* under the terms of either
*
* - the GNU Lesser General Public License as published by the Free
*
* or both in parallel, as here.
*
- * JNLIB is distributed in the hope that it will be useful, but
+ * GnuPG is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef LIBJNLIB_XMALLOC_H
-#define LIBJNLIB_XMALLOC_H
+#ifndef GNUPG_COMMON_XMALLOC_H
+#define GNUPG_COMMON_XMALLOC_H
void *xmalloc( size_t n );
void *xrealloc( void *a, size_t n );
char *xstrcat2( const char *a, const char *b );
-#endif /*LIBJNLIB_XMALLOC_H*/
+#endif /*GNUPG_COMMON_XMALLOC_H*/
m4_define([mym4_package],[gnupg])
m4_define([mym4_major], [2])
m4_define([mym4_minor], [1])
-m4_define([mym4_micro], [3])
+m4_define([mym4_micro], [4])
# To start a new development series, i.e a new major or minor number
# you need to mark an arbitrary commit before the first beta release
/* Tell Libgcrypt not to include deprecated definitions. */
#define GCRYPT_NO_DEPRECATED 1
-/* We use jnlib, so tell other modules about it. */
-#define HAVE_JNLIB_LOGGING 1
-
/* Our HTTP code is used in estream mode. */
#define HTTP_USE_ESTREAM 1
AC_MSG_NOTICE([checking for header files])
AC_HEADER_STDC
AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h \
- pty.h utmp.h pwd.h inttypes.h signal.h sys/select.h])
+ pty.h utmp.h pwd.h inttypes.h signal.h sys/select.h \
+ signal.h])
AC_HEADER_TIME
AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo])
AC_CHECK_FUNCS([ttyname rand ftello fsync stat lstat])
+AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
+ memrchr isascii timegm getrusage setrlimit stat setlocale \
+ flockfile funlockfile fopencookie funopen getpwnam getpwuid \
+ getenv inet_pton strpbrk])
if test "$have_android_system" = yes; then
# On Android ttyname is a stub but prints an error message.
fi
#
-# These are needed by the jnlib parts in common.
-# Note: We already checked pwd.h.
-AC_CHECK_HEADERS([signal.h])
-AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol \
- memrchr isascii timegm getrusage setrlimit stat setlocale \
- flockfile funlockfile fopencookie funopen getpwnam getpwuid \
- getenv inet_pton strpbrk])
-# end jnlib checks.
-
-
-#
# W32 specific test
#
GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
Please note that earlier entries are found in the top level
ChangeLog.
- [Update after merge with GnuPG: see ./ChangeLog.1]
+ [Update after merge with GnuPG: These old ChangeLog entries are
+ found below up to ==END OLDEST CHANGELOG==]
+==BEGIN OLDEST CHANGELOG==
+
+2004-10-04 Werner Koch <wk@g10code.com>
+
+ * src/dirmngr.c: Changed an help entry description.
+
+2004-09-30 Werner Koch <wk@g10code.com>
+
+ * src/dirmngr.c (i18n_init): Always use LC_ALL.
+
+2004-09-28 Werner Koch <wk@g10code.com>
+
+ Released 0.5.6.
+
+ * config.guess, config.sub: Updated.
+
+2004-06-21 Werner Koch <wk@g10code.com>
+
+ * src/crlfetch.c (crl_fetch): Bad hack to use the right attribute.
+
+2004-05-13 Werner Koch <wk@gnupg.org>
+
+ Released 0.5.5.
+
+ * src/ldap.c (start_cert_fetch_ldap, start_cert_fetch_ldap): More
+ detailed error messages.
+
+ * src/crlcache.c (update_dir): Handle i-records properly.
+
+2004-04-29 Werner Koch <wk@gnupg.org>
+
+ Released 0.5.4.
+
+ * src/crlcache.h (crl_cache_result_t): Add CRL_CACHE_CANTUSE.
+ * src/server.c (cmd_isvalid): Handle it here.
+ * src/crlcache.c (crl_cache_isvalid): Issue this code if the CRL
+ cant be used.
+ (open_dir): Parse new fields 8,9 and 10 as well as the invalid flag.
+ (write_dir_line_crl): Write new fields.
+ (get_crl_number, get_auth_key_id): New.
+ (crl_cache_insert): Fill new fields. Mark the entry invalid if
+ the CRL is too old after an update or an unknown critical
+ extension was seen.
+ (list_one_crl_entry): Print the new fields.
+
+2004-04-28 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Requires libksba 0.9.6.
+
+ * src/dirmngr.c: New option --ocsp-signer.
+ * src/dirmngr.h (opt): Renamed member OCSP_REPONDERS to
+ OCSP_RESPONDER and made ist a simple string. Add OCSP_SIGNER.
+ * src/ocsp.c (ocsp_isvalid): Changed it accordingly.
+ (ocsp_isvalid): Pass the ocsp_signer to check_signature.
+ (check_signature): New arg SIGNER_FPR. Use it to retrieve the
+ certificate. Factored out common code to ..
+ (check_signature_core): .. New.
+
+2004-04-27 Werner Koch <wk@gnupg.org>
+
+ * src/server.c (start_command_handler): Keep track of the first
+ connection.
+ (dirmngr_tick): New.
+ * src/ldap.c (attr_fetch_fun_reader): Call it from time to time.
+
+2004-04-23 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c (main): Removed the add-servers option from the
+ gpgconf list. It is not really useful.
+
+2004-04-02 Thomas Schwinge <schwinge@nic-nac-project.de>
+
+ * autogen.sh: Added ACLOCAL_FLAGS.
+
+2004-04-13 Werner Koch <wk@gnupg.org>
+
+ * src/crlcache.c (update_dir): Do not double close FPOUT.
+
+2004-04-09 Werner Koch <wk@gnupg.org>
+
+ * src/cdblib.c (cdb_make_start): Wipeout the entire buffer to
+ shutup valgrind.
+ (ewrite): Fixed writing bad data on EINTR.
+
+ * src/ldap.c (get_attr_from_result_ldap): Fixed bad copy and
+ terminate of a string.
+
+ * src/crlfetch.c (crl_fetch): Fixed freeing of VALUE on error.
+
+2004-04-07 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.h (server_control_s): Add member force_crl_refresh.
+ * src/server.c (option_handler): New.
+ (start_command_handler): Register option handler
+ * src/crlcache.c (crl_cache_isvalid): Add arg FORCE_REFRESH.
+ (crl_cache_insert): Record last refresh in memory.
+
+ * src/server.c (inquire_cert_and_load_crl): Renamed from
+ inquire_cert.
+
+2004-04-06 Werner Koch <wk@gnupg.org>
+
+ Released 0.5.3
+
+ * doc/dirmngr.texi: Updated.
+ * doc/texinfo.tex: Updated.
+
+2004-04-05 Werner Koch <wk@gnupg.org>
+
+ * src/ocsp.c (ocsp_isvalid): Check THIS_UPDATE.
+
+ * src/misc.c (add_isotime): New.
+ (date2jd, jd2date, days_per_month, days_per_year): New. Taken from
+ my ancient (1988) code used in Wedit (time2.c).
+
+2004-04-02 Werner Koch <wk@gnupg.org>
+
+ * autogen.sh: Check gettext version.
+ * configure.ac: Add AM_GNU_GETTEXT.
+
+2004-04-02 gettextize <bug-gnu-gettext@gnu.org>
+
+ * Makefile.am (SUBDIRS): Add intl.
+ (EXTRA_DIST): Add config.rpath.
+ * configure.ac (AC_CONFIG_FILES): Add intl/Makefile,
+
+2004-04-02 Werner Koch <wk@gnupg.org>
+
+ Add i18n at most places.
+
+ * src/dirmngr.c (i18n_init): New.
+ (main): Call it.
+ * src/dirmngr.h: Add i18n stuff.
+
+2004-04-01 Werner Koch <wk@gnupg.org>
+
+ * src/misc.c (get_fingerprint_hexstring): New.
+
+ * src/server.c (dirmngr_status): New.
+
+2004-03-26 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Add AC_SYS_LARGEFILE.
+
+ * doc/dirmngr.texi: Changed the license to the GPL as per message
+ by Mathhias Kalle Dalheimer of Klaralvdalens-Datakonsult dated
+ Jan 7, 2004.
+ * doc/fdl.texi: Removed.
+
+2004-03-25 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c (main): New command --fetch-crl.
+
+2004-03-23 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c: New option --allow-ocsp.
+ * src/server.c (cmd_isvalid): Make use of allow_ocsp.
+
+2004-03-17 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c (main) <gpgconf>: Fixed default value quoting.
+
+2004-03-16 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c (main): Add ocsp-responder to the gpgconf list.
+ Add option --debug-level.
+ (set_debug): New.
+
+2004-03-15 Werner Koch <wk@gnupg.org>
+
+ * src/misc.c (canon_sexp_to_grcy): New.
+
+2004-03-12 Werner Koch <wk@gnupg.org>
+
+ * src/crlfetch.c (crl_fetch): Hack to substitute http for https.
+
+2004-03-10 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c (parse_ldapserver_file): Don't skip the entire
+ file on errors.
+
+2004-03-09 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c (my_ksba_hash_buffer): New.
+ (main): Initialize the internal libksba hashing.
+
+ * src/server.c (get_issuer_cert_local): Renamed to ...
+ (get_cert_local): ... this. Changed all callers. Allow NULL for
+ ISSUER to return the current target cert.
+ (get_issuing_cert_local): New.
+ (do_get_cert_local): Moved common code to here.
+
+2004-03-06 Werner Koch <wk@gnupg.org>
+
+ Released 0.5.2.
+
+ * configure.ac: Fixed last change to check the API version of
+ libgcrypt.
+
+2004-03-05 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Also check the SONAME of libgcrypt.
+
+2004-03-03 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c: New option --ocsp-responder.
+ * src/dirmngr.h (opt): Add member OCSP_RESPONDERS.
+
+2004-02-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * src/server.c (start_command_handler): Corrected typo and made
+ dirmngr output it's version in the greeting message.
+
+2004-02-24 Marcus Brinkmann <marcus@g10code.de>
+
+ * src/dirmngr.c (DEFAULT_ADD_SERVERS): Removed. If this were
+ true, there'd be no way to disable it.
+ (main): Dump options in new gpgconf format.
+
+2004-02-11 Werner Koch <wk@gnupg.org>
+
+ * autogen.sh (check_version): Removed bashism and simplified.
+
+2004-02-06 Moritz Schulte <mo@g10code.com>
+
+ * src/crlfetch.c (crl_fetch_default): Do not dereference VALUE,
+ when checking for non-zero.
+
+2004-02-01 Marcus Brinkmann <marcus@g10code.de>
+
+ * src/dirmngr.c (DEFAULT_ADD_SERVERS, DEFAULT_MAX_REPLIES)
+ (DEFAULT_LDAP_TIMEOUT): New macros.
+ (main): Use them.
+ (enum cmd_and_opt_values): New command aGPGConfList.
+ (main): Add handler here.
+
+2004-01-17 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Added AC_CHECK_FUNCS tests again, because the
+ other test occurrences belong to the jnlib tests block.
+
+2004-01-15 Moritz Schulte <mo@g10code.com>
+
+ * configure.ac: Fixed funopen replacement mechanism; removed
+ unnecessary AC_CHECK_FUNCS calls.
+
+2004-01-14 Werner Koch <wk@gnupg.org>
+
+ * src/crlcache.c (list_one_crl_entry): Don't use putchar.
+
+ * src/server.c (cmd_listcrls): New.
+
+2003-12-23 Werner Koch <wk@gnupg.org>
+
+ Released 0.5.1.
+
+2003-12-17 Werner Koch <wk@gnupg.org>
+
+ * configure.ac (CFLAGS): Add -Wformat-noliteral in gcc +
+ maintainer mode.
+ (NEED_LIBASSUAN_VERSION): Bump up to 0.6.2.
+
+2003-12-16 Werner Koch <wk@gnupg.org>
+
+ * configure.ac: Update the tests for jnlib.
+ * src/dirmngr.c (main): Ignore SIGPIPE in server mode.
+
+2003-12-12 Werner Koch <wk@gnupg.org>
+
+ * src/crlcache.c (hash_dbfile): Also hash version info of the
+ cache file format.
+
+ * src/Makefile.am (dirmngr_SOURCES): Add http.h.
+
+ * configure.ac: Removed checking for DB2. Add checking for mmap.
+ * src/cdb.h, src/cdblib.h: New. Add a few comments from the
+ original man page and fixed typos.
+ * src/cdblib.c (cdb_findinit, cdb_findnext): Modified to allow
+ walking over all entries.
+ * src/crlcache.h: Removed DB2/4 cruft.
+ (release_one_cache_entry, lock_db_file, crl_parse_insert)
+ (crl_cache_insert, crl_cache_isvalid, list_one_crl_entry): Use the
+ new CDB interface.
+
+ * src/dirmngr.c: Beautified the help messages.
+ (wrong_args): New.
+ (main): new option --force. Revamped the command handling code.
+ Allow to pass multiple CRLS as well as stdin to --local-crl.
+ * src/crlcache.c (crl_cache_insert): Make --force work.
+
+2003-12-11 Werner Koch <wk@gnupg.org>
+
+ * src/crlfetch.c (crl_fetch): Enhanced to allow fetching binary
+ data using HTTP.
+ * src/http.c, src/http.h: Replaced by the code from gnupg 1.3 and
+ modified acording to our needs.
+ (read_line): New. Based on the code from GnuPG's iobuf_read_line.
+ * configure.ac: Check for getaddrinfo.
+
+ * src/dirmngr.c (parse_ldapserver_file): Close the stream.
+ (main): Free ldapfile.
+
+ * src/ocsp.c, src/ocsp.h: New. Albeit not functionality.
+
+ * src/server.c (inquire_cert): Catch EOF when reading dist points.
+
+ * src/crlcache.c (hash_dbfile, check_dbfile): New.
+ (lock_db_file, crl_cache_insert): Use them here to detect
+ corrupted CRL files.
+ (open_dir): Read the new dbfile hash field.
+
+ * src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to retrun
+ a stream.
+ (fun_reader, fun_closer, setup_funopen): New.
+ * src/server.c (inquire_cert): Changed to use the new stream interface
+ of crlfetch.c.
+
+2003-12-10 Werner Koch <wk@gnupg.org>
+
+ * src/funopen.c: New.
+ * configure.ac (funopen): Add test.
+ * src/Makefile.am (dirmngr_LDADD): Add LIBOBJS.
+
+ * src/crlcache.c (next_line_from_file): Remove the limit on the
+ line length.
+ (crl_cache_new): Removed.
+ (open_dbcontent): New.
+ (crl_cache_init): Use it here.
+ (crl_cache_flush): The DB content fie is now in the cache
+ directory, so we can simplify it.
+ (make_db_file_name, lock_db_file, unlock_db_file): New.
+ (release_cache): Close the cached DB files.
+ (crl_cache_isvalid): Make use of the new lock_db_file.
+ (crl_cache_insert): Changed to take a stream as argument.
+ (crl_parse_insert): Rewritten to use a temporary DB and to avoid
+ using up large amounts of memory.
+ (db_entry_new): Removed.
+ (release_cache,release_one_cache_entry): Splitted up.
+ (find_entry): Take care of the new deleted flag.
+ (crl_cache_load): Simplified becuase we can now pass a FP to the
+ insert code.
+ (save_contents): Removed.
+ (update_dir): New.
+ (open_dbcontent_file): Renamed to open_dir_file.
+ (check_dbcontent_version): Renamed to check_dir_version.
+ (open_dbcontent): Renamed to open_dir.
+
+ * src/dirmngr.c: New option --faked-system-time.
+ * src/misc.c (faked_time_p, set_time, get_time): New. Taken from GnuPG.
+ (check_isotime): New.
+ (unpercent_string): New.
+
+2003-12-09 Werner Koch <wk@gnupg.org>
+
+ * src/crlcache.h (DBDIR,DBCONTENTFILE): Changed value.
+
+ * autogen.sh: Reworked.
+ * README.CVS: New.
+ * configure.ac: Added min_automake_version.
+
+2003-12-03 Werner Koch <wk@gnupg.org>
+
+ * src/server.c (cmd_lookup): Send an END line after each
+ certificate.
+
+2003-11-28 Werner Koch <wk@gnupg.org>
+
+ * src/Makefile.am (dirmngr_LDADD): Remove DB_LIBS
+ because it never got defined and -ldb{2,4} is implictly set
+ by the AC_CHECK_LIB test in configure.
+
+ * src/crlcache.c (mydbopen): DB4 needs an extra parameter; I
+ wonder who ever tested DB4 support. Add an error statement in
+ case no DB support is configured.
+
+ * tests/Makefile.am: Don't use AM_CPPFLAGS but AM_CFLAGS, replaced
+ variables by configure templates.
+ * src/Makefile.am: Ditto.
+
+2003-11-19 Werner Koch <wk@gnupg.org>
+
+ * src/crlcache.c (list_one_crl_entry): Define X to nothing for non
+ DB4 systems. Thanks to Luca M. G. Centamore.
+
+2003-11-17 Werner Koch <wk@gnupg.org>
+
+ Released 0.5.0
+
+ * src/crlcache.c (crl_cache_new): Fixed eof detection.
+
+ * src/server.c (cmd_loadcrl): Do the unescaping.
+
+ * doc/dirmngr.texi: Added a history section for this modified
+ version.
+
+2003-11-14 Werner Koch <wk@gnupg.org>
+
+ * tests/asschk.c: New. Taken from GnuPG.
+ * tests/Makefile.am: Added asschk.
+
+2003-11-13 Werner Koch <wk@gnupg.org>
+
+ * src/ldap.c (fetch_next_cert_ldap): Get the pattern switching
+ right.
+
+ * tests/test-dirmngr.c: Replaced a couple of deprecated types.
+
+ * configure.ac (GPG_ERR_SOURCE_DEFAULT): Added.
+ (fopencookie, asprintf): Removed unneeded test.
+ (PRINTABLE_OS_NAME): Updated the test from gnupg.
+ (CFLAGS): Do full warnings only in maintainer mode. Add flag
+ --enable gcc-warnings to override it and to enable even more
+ warnings.
+ * acinclude.m4: Removed the libgcrypt test.
+
+ * src/ldap.c (get_attr_from_result_ldap): Simplified the binary
+ hack and return a proper gpg error.
+ (attr_fetch_ldap_internal): Changed error handling.
+ (attr_fetch_ldap): Reworked. Return configuration error if no
+ servers are configured.
+ (url_fetch_ldap, add_server_to_servers)
+ (url_fetch_ldap_internal): Reworked.
+ (struct cert_fetch_context_s): New to get rid of a global state.
+ (start_cert_fetch_ldap): Allocate context and do a bind with a
+ timeout. Parse pattern.
+ (end_cert_fetch_ldap): Take context and don't return anything.
+ (find_next_pattern): Removed.
+ (parse_one_pattern): Redone.
+ (get_cert_ldap): Redone.
+ * src/server.c (cmd_lookup): Changed for changed fetch functions.
+
+ * doc/dirmngr.texi: Reworked a bit to get rid of tex errors.
+
+ * configure.ac: Enable makeinfo test.
+
+ * src/crlcache.c (crl_cache_insert): Fixed for latest KSBA API
+ changes.
+ * tests/test-dirmngr.c (main): Ditto. Also added some more error
+ checking.
+
+2003-11-11 Werner Koch <wk@gnupg.org>
+
+ * src/cert.c (hashify_data, hexify_data, serial_hex)
+ (serial_to_buffer): Moved all to ...
+ * src/misc.c: .. here.
+ * src/Makefile.am (cert.c, cert.h): Removed.
+ * cert.c, cert.h: Removed.
+
+ * m4/: New.
+ * configure.ac, Makefile.am: Include m4 directory support, updated
+ required library versions.
+
+ * src/cert.c (make_cert): Removed.
+
+ * src/ldap.c (fetch_next_cert_ldap): Return a gpg style error.
+
+ * src/misc.h (copy_time): New.
+ * src/misc.c (get_isotime): New.
+ (iso_string2time, iso_time2string): Removed.
+ (unhexify): New.
+
+ * src/crlcache.h (DBCONTENTSVERSION): Bumbed to 0.6.
+ * src/crlcache.c (finish_sig_check): New. Factored out from
+ crl_parse_insert and entirely redone.
+ (do_encode_md): Removed.
+ (print_time): Removed
+ (crl_cache_isvalid): Reworked.
+
+2003-11-10 Werner Koch <wk@gnupg.org>
+
+ * src/crlcache.c (make_db_val, parse_db_val): Removed.
+
+ * src/cert.c (serial_to_buffer): New.
+
+ * src/server.c (get_issuer_cert_local): Rewritten.
+
+ * src/crlcache.c (crl_parse_insert): Rewritten. Takes now a CTRL
+ instead of the Assuan context. Changed caller accordingly.
+ (get_issuer_cert): Cleaned up.
+
+ * src/crlfetch.c (crl_fetch): Changed VALUE to unsigned char* for
+ documentation reasons. Make sure that VALUE is released on error.
+ (crl_fetch_default, ca_cert_fetch): Ditto.
+
+ * src/crlcache.c (release_cache): New.
+ (crl_cache_deinit): Use it here.
+ (crl_cache_flush): Redone.
+ (save_contents): Redone.
+ (crl_cache_list, list_one_crl_entry): Print error messages.
+
+2003-11-06 Werner Koch <wk@gnupg.org>
+
+ * src/crlcache.c (create_directory_if_needed, cleanup_cache_dir):
+ New. Factored out from crl_cache_new and mostly rewritten.
+ (crl_cache_new): Rewritten.
+ (next_line_from_file): New.
+ (find_entry): Cleaned up.
+ (crl_cache_deinit): Cleaned up.
+
+ * src/dirmngr.c (dirmngr_init_default_ctrl): New stub.
+ * src/dirmngr.h (ctrl_t): New.
+ (DBG_ASSUAN,...): Added the usual debug test macros.
+ * src/server.c: Removed the GET_PTR cruft, replaced it by ctrl_t.
+ Removed the recursion flag.
+ (get_issuer_cert_local): Allow for arbitary large
+ certificates. 4096 is definitely too small.
+ (inquire_cert): Ditto.
+ (start_command_handler): Set a hello line and call the default
+ init function.
+ (cmd_isvalid): Rewritten.
+ (inquire_cert): Removed unused arg LINE. General cleanup.
+ (map_assuan_err,map_to_assuan_status): New. Taken from gnupg 1.9.
+ (cmd_lookup): Rewritten.
+ (cmd_loadcrl): Started to rewrite it.
+
+2003-10-29 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.c (parse_ldapserver_file): Entirely rewritten.
+ (cleanup): New.
+ (main): Cleaned up.
+
+2003-10-28 Werner Koch <wk@gnupg.org>
+
+ * src/dirmngr.h: Renamed dirmngr_opt to opt.
+
+ * src/dirmngr.c (parse_ldapserver_file, free_ldapservers_list):
+ Moved with this file. Cleaned up. Replaced too deep recursion in
+ the free function.
+
+2003-10-21 Werner Koch <wk@gnupg.org>
+
+ Changed all occurrences of assuan.h to use use the system provided
+ one.
+ * src/server.c (register_commands): Adjusted for Assuan API change.
+
+2003-08-14 Werner Koch <wk@gnupg.org>
+
+ * src/Makefile.am: s/LIBKSBA_/KSBA_/. Changed for external Assuan lib.
+ * tests/Makefile.am: Ditto.
+
+ * configure.ac: Partly restructured, add standard checks for
+ required libraries, removed included libassuan.
+ * Makefile.am (SUBDIRS): Removed assuan becuase we now use the
+ libassuan package.
+
+ * src/dirmngr.c (main): Properly initialize Libgcrypt and libksba.
+
+2003-08-13 Werner Koch <wk@gnupg.org>
+
+ * src/server.c (get_issuer_cert_local): Print error using
+ assuan_strerror.
+
+ * src/crlcache.c (do_encode_md, start_sig_check): Adjust for
+ changed Libgcrypt API.
+
+2003-06-19 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * configure.ac: Upped version to 0.4.7-cvs.
+
+2003-06-19 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * configure.ac: Release 0.4.6.
+
+2003-06-17 Bernhard Reiter <bernhard@intevation.de>
+
+ * src/ldap.c (url_fetch_ldap()):
+ try other default servers when an url with hostname failed
+ * AUTHORS: added Steffen and Werner
+ * THANKS: Thanked people in the ChangeLog and the Ägypten-Team
+
+
+2003-06-16 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * configure.ac, src/crlcache.h, src/crlcache.c: Added db4 support.
+ * src/Makefile.am, tests/Makefile.am: Removed automake warning.
+ * tests/test-dirmngr.c: Removed a warning.
+
+2003-05-12 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * doc/Makefile.am: Added dirmngr.ops to DISTCLEANFILES.
+ * ChangeLog, doc/ChangeLog, src/ChangeLog: Merged dirmngr ChangeLogs
+ into one toplevel file.
+ * acinclude.m4, configure.ac: Renamed PFX to PATH for consistency.
+
+2003-05-12 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * src/ldap.c: Fixed end-of-certificates-list indication.
+
+2003-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * src/server.c: Fixed iteration over server list
+
+2003-02-23 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * src/crlcache.h, src/crlcache.c, src/dirmngr.c: Implemented --flush command.
+
+2003-02-07 Marcus Brinkmann <marcus@g10code.de>
+
+ * configure.ac: Release 0.4.4.
+
+2003-02-05 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * src/ldap.c: Try harder with and without ";binary" in the
+ attribute name when fetching certificates.
+ * src/ldap.c, src/server.c: Support multiple userCertificate attributes
+ per entry.
+
+2003-02-04 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * src/ldap.c: Include the sn attribute in the search filter.
+ Better log messages.
+
+2002-11-20 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Doc updates (fixes #1373)
+ * Fix for #1419 (crash in free_ldapservers_list())
+ * Fix for #1375. Dirmngr now asks back with an INQUIRE SENDCERT before
+ querying the LDAP servers for an issuer certificate to validate a CRL
+
+2002-11-12 Werner Koch <wk@gnupg.org>
+
+ * config.sub, config.guess: Updated from ftp.gnu.org/gnu/config
+ to version 2002-11-08.
+
+2002-11-12 Werner Koch <wk@gnupg.org>
+
+ * dirmngr.c (main) <load_crl_filename>: Better pass NULL instead
+ of an unitialized Assuan context. Let's hope that the other
+ functions can cope with this.
+
+2002-10-25 Bernhard Reiter <bernhard@intevation.de>
+
+ * src/ldap.c (get_attr_from_result_ldap()):
+ added value extraction retry for CRLs and Certs without ";binary"
+ * changed version number to reflect cvs status to "0.4.3-cvs"
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * dirmngr.c (main): Changed default homedir to .gnupg.
+
+2002-08-07 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Added configure check to examine whether db2 cursor() uses 3 or
+ 4 parameters.
+
+2002-07-31 Werner Koch <wk@gnupg.org>
+
+ * doc/dirmngr.texi: Fixed the structure and added menu entries
+ for the other nodes.
+
+2002-07-30 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Added doc dir and first steps towards manual.
+
+2002-07-29 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Got rid of the default server for CRL lookup. We now use the
+ same list of servers that we use for cert. lookup.
+
+2002-07-29 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * New option --add-servers to allow dirmngr to add LDAP servers
+ found in CRL distribution points to the list of servers it
+ searches. NOTE: The added servers are only active in the currently
+ running dirmngr -- the info isn't written to persistens storage.
+
+2002-07-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Default LDAP timeout is 100 seconds now.
+
+ * Use DB2 instead of DB1. Check for libresolv, fixed bug when
+ libldap was found in the default search path.
+
+2002-07-22 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Implemented --load-crl <filename> option. Also available as
+ LOADCRL assuan command when in server mode.
+
+2002-07-22 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Implemented new option --ldaptimeout to specify the number of seconds to
+ wait for an LDAP request before timeout.
+
+ * Added --list-crls option to print the contents of the CRL cache
+ * Added some items to the dbcontents file to make printout nicer
+ and updated it's version number
+
+2002-07-02 Werner Koch <wk@gnupg.org>
+
+ * crlcache.c (crl_parse_insert): Fixed log_debug format string.
+
+2002-07-02 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * configure.ac: Use DB->get() return value correctly.
+
+2002-06-28 Werner Koch <wk@gnupg.org>
+
+ * crlcache.c (crl_parse_insert): Keep track of newly allocated
+ ENTRY so that we don't free existing errors after a bad signature.
+
+ * dirmngr.h: Include prototype for start_command_handler.
+
+ * crlfetch.c, crlcache.c, http.c, cert.c, ldap.c: Include
+ config.h.
+
+ * crlcache.c (crl_parse_insert): Fixed format type specifiers for
+ time_t variables in log_debug.
+
+ * error.h: Use log_debug instead of dirmngr_debug. Changed all
+ callers.
+ * Makefile.am (dirmngr_SOURCES): Removed error.c
+
+ * dirmngr.c (main): Register gcrypt malloc functions with ksba so
+ that we don't run into problems by using the wrong free function.
+ The gcrypt malloc function have the additional benefit of a
+ providing allocation sanity checks when compiled with that
+ feature.
+
+ * crlcache.c (get_issuer_cert): Use xfree instead of ksba_free.
+
+
+2002-06-27 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * ldap.c: Look for both userCertificate and caCertificate
+
+2002-06-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * configure.ac: Upped version number to 0.3.1
+
+2002-06-25 Werner Koch <wk@gnupg.org>
+
+ * server.c (cmd_lookup): Use assuan_write_status which ensures a
+ correct syntax.
+
+2002-06-20 Werner Koch <wk@gnupg.org>
+
+ * crlcache.c (crl_cache_isvalid): Started with some nicer logging.
+ However, this will need a lot more work.
+ (get_issuer_cert): Ditto.
+
+ * dirmngr.c (main): Changed required libgcrypt version and don't
+ print the prefix when using a logfile.
+
+2002-06-20 Werner Koch <wk@gnupg.org>
+
+ * tests/Makefile.am (TESTS): Removed test-dirmngr because it
+ is not a proper test program.
+ (EXTRA_DIST): Removed the non-existent test certificate.
+
+2002-05-21 Werner Koch <wk@gnupg.org>
+
+ * server.c (start_command_handler): Enable assuan debugging.
+
+2002-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Replaced gdbm check with db1 check
+
+2002-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Replaced gdbm with db1, updated file format version
+
+2002-03-01 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Added gdbm configure check
+
+2002-01-23 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Return ASSUAN_CRL_Too_Old if the CRL is too old
+
+
+2002-01-17 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ Added commandline options --ldapserver <host> --ldapport <port>
+ --ldapuser <user> --ldappassword <passwd>.
+
+ Cleaned up CRL parsing, signature evaluation a bit, changed
+ datetime format in config file to ISO, added version string to
+ contents format and cache file clean up code in case of mismatch.
+
+2002-01-14 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
+
+ * Use dirmngr_opt.homedir for storing the db. Added Makefile.am to
+ tests, bugfixes.
+
+ * First code.
+ Things that work:
+ Loading/saving database (paths hardcoded)
+ Fetching CRL from hardcoded server, parsing and inserting in database
+ Answer ISVALID xxx.yyy requests
+
+ Things that are missing:
+ Some error-checking/handling
+ Proper autoconf handling of gdbm and OpenLDAP
+ Signature checking downloaded CRLs
+ Answer LOOKUP requests
+ ...
+
+ How to test:
+ cd tests
+ ldapsearch -v -x -h www.trustcenter.de -b '<some-users-DN>' userCertificate -t
+ cp /tmp/<cert-file> testcert.der
+ ./test-dirmngr
+
+==END OLDEST CHANGELOG==
Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010,
2011 Free Software Foundation, Inc.
+[ This is the ChangeLog from the former keyserver/ directory which
+ kept the old gpgkeys_* keyserver access helpers. We keep it here
+ to document the history of certain keyserver relates features. ]
+
2011-12-01 Werner Koch <wk@g10code.com>
NB: ChangeLog files are no longer manually maintained. Starting
+++ /dev/null
-There are old Dirmngr ChangeLog entries.
-
-2004-10-04 Werner Koch <wk@g10code.com>
-
- * src/dirmngr.c: Changed an help entry description.
-
-2004-09-30 Werner Koch <wk@g10code.com>
-
- * src/dirmngr.c (i18n_init): Always use LC_ALL.
-
-2004-09-28 Werner Koch <wk@g10code.com>
-
- Released 0.5.6.
-
- * config.guess, config.sub: Updated.
-
-2004-06-21 Werner Koch <wk@g10code.com>
-
- * src/crlfetch.c (crl_fetch): Bad hack to use the right attribute.
-
-2004-05-13 Werner Koch <wk@gnupg.org>
-
- Released 0.5.5.
-
- * src/ldap.c (start_cert_fetch_ldap, start_cert_fetch_ldap): More
- detailed error messages.
-
- * src/crlcache.c (update_dir): Handle i-records properly.
-
-2004-04-29 Werner Koch <wk@gnupg.org>
-
- Released 0.5.4.
-
- * src/crlcache.h (crl_cache_result_t): Add CRL_CACHE_CANTUSE.
- * src/server.c (cmd_isvalid): Handle it here.
- * src/crlcache.c (crl_cache_isvalid): Issue this code if the CRL
- cant be used.
- (open_dir): Parse new fields 8,9 and 10 as well as the invalid flag.
- (write_dir_line_crl): Write new fields.
- (get_crl_number, get_auth_key_id): New.
- (crl_cache_insert): Fill new fields. Mark the entry invalid if
- the CRL is too old after an update or an unknown critical
- extension was seen.
- (list_one_crl_entry): Print the new fields.
-
-2004-04-28 Werner Koch <wk@gnupg.org>
-
- * configure.ac: Requires libksba 0.9.6.
-
- * src/dirmngr.c: New option --ocsp-signer.
- * src/dirmngr.h (opt): Renamed member OCSP_REPONDERS to
- OCSP_RESPONDER and made ist a simple string. Add OCSP_SIGNER.
- * src/ocsp.c (ocsp_isvalid): Changed it accordingly.
- (ocsp_isvalid): Pass the ocsp_signer to check_signature.
- (check_signature): New arg SIGNER_FPR. Use it to retrieve the
- certificate. Factored out common code to ..
- (check_signature_core): .. New.
-
-2004-04-27 Werner Koch <wk@gnupg.org>
-
- * src/server.c (start_command_handler): Keep track of the first
- connection.
- (dirmngr_tick): New.
- * src/ldap.c (attr_fetch_fun_reader): Call it from time to time.
-
-2004-04-23 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c (main): Removed the add-servers option from the
- gpgconf list. It is not really useful.
-
-2004-04-02 Thomas Schwinge <schwinge@nic-nac-project.de>
-
- * autogen.sh: Added ACLOCAL_FLAGS.
-
-2004-04-13 Werner Koch <wk@gnupg.org>
-
- * src/crlcache.c (update_dir): Do not double close FPOUT.
-
-2004-04-09 Werner Koch <wk@gnupg.org>
-
- * src/cdblib.c (cdb_make_start): Wipeout the entire buffer to
- shutup valgrind.
- (ewrite): Fixed writing bad data on EINTR.
-
- * src/ldap.c (get_attr_from_result_ldap): Fixed bad copy and
- terminate of a string.
-
- * src/crlfetch.c (crl_fetch): Fixed freeing of VALUE on error.
-
-2004-04-07 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.h (server_control_s): Add member force_crl_refresh.
- * src/server.c (option_handler): New.
- (start_command_handler): Register option handler
- * src/crlcache.c (crl_cache_isvalid): Add arg FORCE_REFRESH.
- (crl_cache_insert): Record last refresh in memory.
-
- * src/server.c (inquire_cert_and_load_crl): Renamed from
- inquire_cert.
-
-2004-04-06 Werner Koch <wk@gnupg.org>
-
- Released 0.5.3
-
- * doc/dirmngr.texi: Updated.
- * doc/texinfo.tex: Updated.
-
-2004-04-05 Werner Koch <wk@gnupg.org>
-
- * src/ocsp.c (ocsp_isvalid): Check THIS_UPDATE.
-
- * src/misc.c (add_isotime): New.
- (date2jd, jd2date, days_per_month, days_per_year): New. Taken from
- my ancient (1988) code used in Wedit (time2.c).
-
-2004-04-02 Werner Koch <wk@gnupg.org>
-
- * autogen.sh: Check gettext version.
- * configure.ac: Add AM_GNU_GETTEXT.
-
-2004-04-02 gettextize <bug-gnu-gettext@gnu.org>
-
- * Makefile.am (SUBDIRS): Add intl.
- (EXTRA_DIST): Add config.rpath.
- * configure.ac (AC_CONFIG_FILES): Add intl/Makefile,
-
-2004-04-02 Werner Koch <wk@gnupg.org>
-
- Add i18n at most places.
-
- * src/dirmngr.c (i18n_init): New.
- (main): Call it.
- * src/dirmngr.h: Add i18n stuff.
-
-2004-04-01 Werner Koch <wk@gnupg.org>
-
- * src/misc.c (get_fingerprint_hexstring): New.
-
- * src/server.c (dirmngr_status): New.
-
-2004-03-26 Werner Koch <wk@gnupg.org>
-
- * configure.ac: Add AC_SYS_LARGEFILE.
-
- * doc/dirmngr.texi: Changed the license to the GPL as per message
- by Mathhias Kalle Dalheimer of Klaralvdalens-Datakonsult dated
- Jan 7, 2004.
- * doc/fdl.texi: Removed.
-
-2004-03-25 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c (main): New command --fetch-crl.
-
-2004-03-23 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c: New option --allow-ocsp.
- * src/server.c (cmd_isvalid): Make use of allow_ocsp.
-
-2004-03-17 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c (main) <gpgconf>: Fixed default value quoting.
-
-2004-03-16 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c (main): Add ocsp-responder to the gpgconf list.
- Add option --debug-level.
- (set_debug): New.
-
-2004-03-15 Werner Koch <wk@gnupg.org>
-
- * src/misc.c (canon_sexp_to_grcy): New.
-
-2004-03-12 Werner Koch <wk@gnupg.org>
-
- * src/crlfetch.c (crl_fetch): Hack to substitute http for https.
-
-2004-03-10 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c (parse_ldapserver_file): Don't skip the entire
- file on errors.
-
-2004-03-09 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c (my_ksba_hash_buffer): New.
- (main): Initialize the internal libksba hashing.
-
- * src/server.c (get_issuer_cert_local): Renamed to ...
- (get_cert_local): ... this. Changed all callers. Allow NULL for
- ISSUER to return the current target cert.
- (get_issuing_cert_local): New.
- (do_get_cert_local): Moved common code to here.
-
-2004-03-06 Werner Koch <wk@gnupg.org>
-
- Released 0.5.2.
-
- * configure.ac: Fixed last change to check the API version of
- libgcrypt.
-
-2004-03-05 Werner Koch <wk@gnupg.org>
-
- * configure.ac: Also check the SONAME of libgcrypt.
-
-2004-03-03 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c: New option --ocsp-responder.
- * src/dirmngr.h (opt): Add member OCSP_RESPONDERS.
-
-2004-02-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * src/server.c (start_command_handler): Corrected typo and made
- dirmngr output it's version in the greeting message.
-
-2004-02-24 Marcus Brinkmann <marcus@g10code.de>
-
- * src/dirmngr.c (DEFAULT_ADD_SERVERS): Removed. If this were
- true, there'd be no way to disable it.
- (main): Dump options in new gpgconf format.
-
-2004-02-11 Werner Koch <wk@gnupg.org>
-
- * autogen.sh (check_version): Removed bashism and simplified.
-
-2004-02-06 Moritz Schulte <mo@g10code.com>
-
- * src/crlfetch.c (crl_fetch_default): Do not dereference VALUE,
- when checking for non-zero.
-
-2004-02-01 Marcus Brinkmann <marcus@g10code.de>
-
- * src/dirmngr.c (DEFAULT_ADD_SERVERS, DEFAULT_MAX_REPLIES)
- (DEFAULT_LDAP_TIMEOUT): New macros.
- (main): Use them.
- (enum cmd_and_opt_values): New command aGPGConfList.
- (main): Add handler here.
-
-2004-01-17 Werner Koch <wk@gnupg.org>
-
- * configure.ac: Added AC_CHECK_FUNCS tests again, because the
- other test occurrences belong to the jnlib tests block.
-
-2004-01-15 Moritz Schulte <mo@g10code.com>
-
- * configure.ac: Fixed funopen replacement mechanism; removed
- unnecessary AC_CHECK_FUNCS calls.
-
-2004-01-14 Werner Koch <wk@gnupg.org>
-
- * src/crlcache.c (list_one_crl_entry): Don't use putchar.
-
- * src/server.c (cmd_listcrls): New.
-
-2003-12-23 Werner Koch <wk@gnupg.org>
-
- Released 0.5.1.
-
-2003-12-17 Werner Koch <wk@gnupg.org>
-
- * configure.ac (CFLAGS): Add -Wformat-noliteral in gcc +
- maintainer mode.
- (NEED_LIBASSUAN_VERSION): Bump up to 0.6.2.
-
-2003-12-16 Werner Koch <wk@gnupg.org>
-
- * configure.ac: Update the tests for jnlib.
- * src/dirmngr.c (main): Ignore SIGPIPE in server mode.
-
-2003-12-12 Werner Koch <wk@gnupg.org>
-
- * src/crlcache.c (hash_dbfile): Also hash version info of the
- cache file format.
-
- * src/Makefile.am (dirmngr_SOURCES): Add http.h.
-
- * configure.ac: Removed checking for DB2. Add checking for mmap.
- * src/cdb.h, src/cdblib.h: New. Add a few comments from the
- original man page and fixed typos.
- * src/cdblib.c (cdb_findinit, cdb_findnext): Modified to allow
- walking over all entries.
- * src/crlcache.h: Removed DB2/4 cruft.
- (release_one_cache_entry, lock_db_file, crl_parse_insert)
- (crl_cache_insert, crl_cache_isvalid, list_one_crl_entry): Use the
- new CDB interface.
-
- * src/dirmngr.c: Beautified the help messages.
- (wrong_args): New.
- (main): new option --force. Revamped the command handling code.
- Allow to pass multiple CRLS as well as stdin to --local-crl.
- * src/crlcache.c (crl_cache_insert): Make --force work.
-
-2003-12-11 Werner Koch <wk@gnupg.org>
-
- * src/crlfetch.c (crl_fetch): Enhanced to allow fetching binary
- data using HTTP.
- * src/http.c, src/http.h: Replaced by the code from gnupg 1.3 and
- modified acording to our needs.
- (read_line): New. Based on the code from GnuPG's iobuf_read_line.
- * configure.ac: Check for getaddrinfo.
-
- * src/dirmngr.c (parse_ldapserver_file): Close the stream.
- (main): Free ldapfile.
-
- * src/ocsp.c, src/ocsp.h: New. Albeit not functionality.
-
- * src/server.c (inquire_cert): Catch EOF when reading dist points.
-
- * src/crlcache.c (hash_dbfile, check_dbfile): New.
- (lock_db_file, crl_cache_insert): Use them here to detect
- corrupted CRL files.
- (open_dir): Read the new dbfile hash field.
-
- * src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to retrun
- a stream.
- (fun_reader, fun_closer, setup_funopen): New.
- * src/server.c (inquire_cert): Changed to use the new stream interface
- of crlfetch.c.
-
-2003-12-10 Werner Koch <wk@gnupg.org>
-
- * src/funopen.c: New.
- * configure.ac (funopen): Add test.
- * src/Makefile.am (dirmngr_LDADD): Add LIBOBJS.
-
- * src/crlcache.c (next_line_from_file): Remove the limit on the
- line length.
- (crl_cache_new): Removed.
- (open_dbcontent): New.
- (crl_cache_init): Use it here.
- (crl_cache_flush): The DB content fie is now in the cache
- directory, so we can simplify it.
- (make_db_file_name, lock_db_file, unlock_db_file): New.
- (release_cache): Close the cached DB files.
- (crl_cache_isvalid): Make use of the new lock_db_file.
- (crl_cache_insert): Changed to take a stream as argument.
- (crl_parse_insert): Rewritten to use a temporary DB and to avoid
- using up large amounts of memory.
- (db_entry_new): Removed.
- (release_cache,release_one_cache_entry): Splitted up.
- (find_entry): Take care of the new deleted flag.
- (crl_cache_load): Simplified becuase we can now pass a FP to the
- insert code.
- (save_contents): Removed.
- (update_dir): New.
- (open_dbcontent_file): Renamed to open_dir_file.
- (check_dbcontent_version): Renamed to check_dir_version.
- (open_dbcontent): Renamed to open_dir.
-
- * src/dirmngr.c: New option --faked-system-time.
- * src/misc.c (faked_time_p, set_time, get_time): New. Taken from GnuPG.
- (check_isotime): New.
- (unpercent_string): New.
-
-2003-12-09 Werner Koch <wk@gnupg.org>
-
- * src/crlcache.h (DBDIR,DBCONTENTFILE): Changed value.
-
- * autogen.sh: Reworked.
- * README.CVS: New.
- * configure.ac: Added min_automake_version.
-
-2003-12-03 Werner Koch <wk@gnupg.org>
-
- * src/server.c (cmd_lookup): Send an END line after each
- certificate.
-
-2003-11-28 Werner Koch <wk@gnupg.org>
-
- * src/Makefile.am (dirmngr_LDADD): Remove DB_LIBS
- because it never got defined and -ldb{2,4} is implictly set
- by the AC_CHECK_LIB test in configure.
-
- * src/crlcache.c (mydbopen): DB4 needs an extra parameter; I
- wonder who ever tested DB4 support. Add an error statement in
- case no DB support is configured.
-
- * tests/Makefile.am: Don't use AM_CPPFLAGS but AM_CFLAGS, replaced
- variables by configure templates.
- * src/Makefile.am: Ditto.
-
-2003-11-19 Werner Koch <wk@gnupg.org>
-
- * src/crlcache.c (list_one_crl_entry): Define X to nothing for non
- DB4 systems. Thanks to Luca M. G. Centamore.
-
-2003-11-17 Werner Koch <wk@gnupg.org>
-
- Released 0.5.0
-
- * src/crlcache.c (crl_cache_new): Fixed eof detection.
-
- * src/server.c (cmd_loadcrl): Do the unescaping.
-
- * doc/dirmngr.texi: Added a history section for this modified
- version.
-
-2003-11-14 Werner Koch <wk@gnupg.org>
-
- * tests/asschk.c: New. Taken from GnuPG.
- * tests/Makefile.am: Added asschk.
-
-2003-11-13 Werner Koch <wk@gnupg.org>
-
- * src/ldap.c (fetch_next_cert_ldap): Get the pattern switching
- right.
-
- * tests/test-dirmngr.c: Replaced a couple of deprecated types.
-
- * configure.ac (GPG_ERR_SOURCE_DEFAULT): Added.
- (fopencookie, asprintf): Removed unneeded test.
- (PRINTABLE_OS_NAME): Updated the test from gnupg.
- (CFLAGS): Do full warnings only in maintainer mode. Add flag
- --enable gcc-warnings to override it and to enable even more
- warnings.
- * acinclude.m4: Removed the libgcrypt test.
-
- * src/ldap.c (get_attr_from_result_ldap): Simplified the binary
- hack and return a proper gpg error.
- (attr_fetch_ldap_internal): Changed error handling.
- (attr_fetch_ldap): Reworked. Return configuration error if no
- servers are configured.
- (url_fetch_ldap, add_server_to_servers)
- (url_fetch_ldap_internal): Reworked.
- (struct cert_fetch_context_s): New to get rid of a global state.
- (start_cert_fetch_ldap): Allocate context and do a bind with a
- timeout. Parse pattern.
- (end_cert_fetch_ldap): Take context and don't return anything.
- (find_next_pattern): Removed.
- (parse_one_pattern): Redone.
- (get_cert_ldap): Redone.
- * src/server.c (cmd_lookup): Changed for changed fetch functions.
-
- * doc/dirmngr.texi: Reworked a bit to get rid of tex errors.
-
- * configure.ac: Enable makeinfo test.
-
- * src/crlcache.c (crl_cache_insert): Fixed for latest KSBA API
- changes.
- * tests/test-dirmngr.c (main): Ditto. Also added some more error
- checking.
-
-2003-11-11 Werner Koch <wk@gnupg.org>
-
- * src/cert.c (hashify_data, hexify_data, serial_hex)
- (serial_to_buffer): Moved all to ...
- * src/misc.c: .. here.
- * src/Makefile.am (cert.c, cert.h): Removed.
- * cert.c, cert.h: Removed.
-
- * m4/: New.
- * configure.ac, Makefile.am: Include m4 directory support, updated
- required library versions.
-
- * src/cert.c (make_cert): Removed.
-
- * src/ldap.c (fetch_next_cert_ldap): Return a gpg style error.
-
- * src/misc.h (copy_time): New.
- * src/misc.c (get_isotime): New.
- (iso_string2time, iso_time2string): Removed.
- (unhexify): New.
-
- * src/crlcache.h (DBCONTENTSVERSION): Bumbed to 0.6.
- * src/crlcache.c (finish_sig_check): New. Factored out from
- crl_parse_insert and entirely redone.
- (do_encode_md): Removed.
- (print_time): Removed
- (crl_cache_isvalid): Reworked.
-
-2003-11-10 Werner Koch <wk@gnupg.org>
-
- * src/crlcache.c (make_db_val, parse_db_val): Removed.
-
- * src/cert.c (serial_to_buffer): New.
-
- * src/server.c (get_issuer_cert_local): Rewritten.
-
- * src/crlcache.c (crl_parse_insert): Rewritten. Takes now a CTRL
- instead of the Assuan context. Changed caller accordingly.
- (get_issuer_cert): Cleaned up.
-
- * src/crlfetch.c (crl_fetch): Changed VALUE to unsigned char* for
- documentation reasons. Make sure that VALUE is released on error.
- (crl_fetch_default, ca_cert_fetch): Ditto.
-
- * src/crlcache.c (release_cache): New.
- (crl_cache_deinit): Use it here.
- (crl_cache_flush): Redone.
- (save_contents): Redone.
- (crl_cache_list, list_one_crl_entry): Print error messages.
-
-2003-11-06 Werner Koch <wk@gnupg.org>
-
- * src/crlcache.c (create_directory_if_needed, cleanup_cache_dir):
- New. Factored out from crl_cache_new and mostly rewritten.
- (crl_cache_new): Rewritten.
- (next_line_from_file): New.
- (find_entry): Cleaned up.
- (crl_cache_deinit): Cleaned up.
-
- * src/dirmngr.c (dirmngr_init_default_ctrl): New stub.
- * src/dirmngr.h (ctrl_t): New.
- (DBG_ASSUAN,...): Added the usual debug test macros.
- * src/server.c: Removed the GET_PTR cruft, replaced it by ctrl_t.
- Removed the recursion flag.
- (get_issuer_cert_local): Allow for arbitary large
- certificates. 4096 is definitely too small.
- (inquire_cert): Ditto.
- (start_command_handler): Set a hello line and call the default
- init function.
- (cmd_isvalid): Rewritten.
- (inquire_cert): Removed unused arg LINE. General cleanup.
- (map_assuan_err,map_to_assuan_status): New. Taken from gnupg 1.9.
- (cmd_lookup): Rewritten.
- (cmd_loadcrl): Started to rewrite it.
-
-2003-10-29 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.c (parse_ldapserver_file): Entirely rewritten.
- (cleanup): New.
- (main): Cleaned up.
-
-2003-10-28 Werner Koch <wk@gnupg.org>
-
- * src/dirmngr.h: Renamed dirmngr_opt to opt.
-
- * src/dirmngr.c (parse_ldapserver_file, free_ldapservers_list):
- Moved with this file. Cleaned up. Replaced too deep recursion in
- the free function.
-
-2003-10-21 Werner Koch <wk@gnupg.org>
-
- Changed all occurrences of assuan.h to use use the system provided
- one.
- * src/server.c (register_commands): Adjusted for Assuan API change.
-
-2003-08-14 Werner Koch <wk@gnupg.org>
-
- * src/Makefile.am: s/LIBKSBA_/KSBA_/. Changed for external Assuan lib.
- * tests/Makefile.am: Ditto.
-
- * configure.ac: Partly restructured, add standard checks for
- required libraries, removed included libassuan.
- * Makefile.am (SUBDIRS): Removed assuan becuase we now use the
- libassuan package.
-
- * src/dirmngr.c (main): Properly initialize Libgcrypt and libksba.
-
-2003-08-13 Werner Koch <wk@gnupg.org>
-
- * src/server.c (get_issuer_cert_local): Print error using
- assuan_strerror.
-
- * src/crlcache.c (do_encode_md, start_sig_check): Adjust for
- changed Libgcrypt API.
-
-2003-06-19 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * configure.ac: Upped version to 0.4.7-cvs.
-
-2003-06-19 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * configure.ac: Release 0.4.6.
-
-2003-06-17 Bernhard Reiter <bernhard@intevation.de>
-
- * src/ldap.c (url_fetch_ldap()):
- try other default servers when an url with hostname failed
- * AUTHORS: added Steffen and Werner
- * THANKS: Thanked people in the ChangeLog and the Ägypten-Team
-
-
-2003-06-16 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * configure.ac, src/crlcache.h, src/crlcache.c: Added db4 support.
- * src/Makefile.am, tests/Makefile.am: Removed automake warning.
- * tests/test-dirmngr.c: Removed a warning.
-
-2003-05-12 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * doc/Makefile.am: Added dirmngr.ops to DISTCLEANFILES.
- * ChangeLog, doc/ChangeLog, src/ChangeLog: Merged dirmngr ChangeLogs
- into one toplevel file.
- * acinclude.m4, configure.ac: Renamed PFX to PATH for consistency.
-
-2003-05-12 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * src/ldap.c: Fixed end-of-certificates-list indication.
-
-2003-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * src/server.c: Fixed iteration over server list
-
-2003-02-23 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * src/crlcache.h, src/crlcache.c, src/dirmngr.c: Implemented --flush command.
-
-2003-02-07 Marcus Brinkmann <marcus@g10code.de>
-
- * configure.ac: Release 0.4.4.
-
-2003-02-05 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * src/ldap.c: Try harder with and without ";binary" in the
- attribute name when fetching certificates.
- * src/ldap.c, src/server.c: Support multiple userCertificate attributes
- per entry.
-
-2003-02-04 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * src/ldap.c: Include the sn attribute in the search filter.
- Better log messages.
-
-2002-11-20 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Doc updates (fixes #1373)
- * Fix for #1419 (crash in free_ldapservers_list())
- * Fix for #1375. Dirmngr now asks back with an INQUIRE SENDCERT before
- querying the LDAP servers for an issuer certificate to validate a CRL
-
-2002-11-12 Werner Koch <wk@gnupg.org>
-
- * config.sub, config.guess: Updated from ftp.gnu.org/gnu/config
- to version 2002-11-08.
-
-2002-11-12 Werner Koch <wk@gnupg.org>
-
- * dirmngr.c (main) <load_crl_filename>: Better pass NULL instead
- of an unitialized Assuan context. Let's hope that the other
- functions can cope with this.
-
-2002-10-25 Bernhard Reiter <bernhard@intevation.de>
-
- * src/ldap.c (get_attr_from_result_ldap()):
- added value extraction retry for CRLs and Certs without ";binary"
- * changed version number to reflect cvs status to "0.4.3-cvs"
-
-2002-08-21 Werner Koch <wk@gnupg.org>
-
- * dirmngr.c (main): Changed default homedir to .gnupg.
-
-2002-08-07 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Added configure check to examine whether db2 cursor() uses 3 or
- 4 parameters.
-
-2002-07-31 Werner Koch <wk@gnupg.org>
-
- * doc/dirmngr.texi: Fixed the structure and added menu entries
- for the other nodes.
-
-2002-07-30 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Added doc dir and first steps towards manual.
-
-2002-07-29 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Got rid of the default server for CRL lookup. We now use the
- same list of servers that we use for cert. lookup.
-
-2002-07-29 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * New option --add-servers to allow dirmngr to add LDAP servers
- found in CRL distribution points to the list of servers it
- searches. NOTE: The added servers are only active in the currently
- running dirmngr -- the info isn't written to persistens storage.
-
-2002-07-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Default LDAP timeout is 100 seconds now.
-
- * Use DB2 instead of DB1. Check for libresolv, fixed bug when
- libldap was found in the default search path.
-
-2002-07-22 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Implemented --load-crl <filename> option. Also available as
- LOADCRL assuan command when in server mode.
-
-2002-07-22 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Implemented new option --ldaptimeout to specify the number of seconds to
- wait for an LDAP request before timeout.
-
- * Added --list-crls option to print the contents of the CRL cache
- * Added some items to the dbcontents file to make printout nicer
- and updated it's version number
-
-2002-07-02 Werner Koch <wk@gnupg.org>
-
- * crlcache.c (crl_parse_insert): Fixed log_debug format string.
-
-2002-07-02 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * configure.ac: Use DB->get() return value correctly.
-
-2002-06-28 Werner Koch <wk@gnupg.org>
-
- * crlcache.c (crl_parse_insert): Keep track of newly allocated
- ENTRY so that we don't free existing errors after a bad signature.
-
- * dirmngr.h: Include prototype for start_command_handler.
-
- * crlfetch.c, crlcache.c, http.c, cert.c, ldap.c: Include
- config.h.
-
- * crlcache.c (crl_parse_insert): Fixed format type specifiers for
- time_t variables in log_debug.
-
- * error.h: Use log_debug instead of dirmngr_debug. Changed all
- callers.
- * Makefile.am (dirmngr_SOURCES): Removed error.c
-
- * dirmngr.c (main): Register gcrypt malloc functions with ksba so
- that we don't run into problems by using the wrong free function.
- The gcrypt malloc function have the additional benefit of a
- providing allocation sanity checks when compiled with that
- feature.
-
- * crlcache.c (get_issuer_cert): Use xfree instead of ksba_free.
-
-
-2002-06-27 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * ldap.c: Look for both userCertificate and caCertificate
-
-2002-06-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * configure.ac: Upped version number to 0.3.1
-
-2002-06-25 Werner Koch <wk@gnupg.org>
-
- * server.c (cmd_lookup): Use assuan_write_status which ensures a
- correct syntax.
-
-2002-06-20 Werner Koch <wk@gnupg.org>
-
- * crlcache.c (crl_cache_isvalid): Started with some nicer logging.
- However, this will need a lot more work.
- (get_issuer_cert): Ditto.
-
- * dirmngr.c (main): Changed required libgcrypt version and don't
- print the prefix when using a logfile.
-
-2002-06-20 Werner Koch <wk@gnupg.org>
-
- * tests/Makefile.am (TESTS): Removed test-dirmngr because it
- is not a proper test program.
- (EXTRA_DIST): Removed the non-existent test certificate.
-
-2002-05-21 Werner Koch <wk@gnupg.org>
-
- * server.c (start_command_handler): Enable assuan debugging.
-
-2002-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Replaced gdbm check with db1 check
-
-2002-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Replaced gdbm with db1, updated file format version
-
-2002-03-01 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Added gdbm configure check
-
-2002-01-23 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Return ASSUAN_CRL_Too_Old if the CRL is too old
-
-
-2002-01-17 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- Added commandline options --ldapserver <host> --ldapport <port>
- --ldapuser <user> --ldappassword <passwd>.
-
- Cleaned up CRL parsing, signature evaluation a bit, changed
- datetime format in config file to ISO, added version string to
- contents format and cache file clean up code in case of mismatch.
-
-2002-01-14 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * Use dirmngr_opt.homedir for storing the db. Added Makefile.am to
- tests, bugfixes.
-
- * First code.
- Things that work:
- Loading/saving database (paths hardcoded)
- Fetching CRL from hardcoded server, parsing and inserting in database
- Answer ISVALID xxx.yyy requests
-
- Things that are missing:
- Some error-checking/handling
- Proper autoconf handling of gdbm and OpenLDAP
- Signature checking downloaded CRLs
- Answer LOOKUP requests
- ...
-
- How to test:
- cd tests
- ldapsearch -v -x -h www.trustcenter.de -b '<some-users-DN>' userCertificate -t
- cp /tmp/<cert-file> testcert.der
- ./test-dirmngr
-
-Local Variables:
-buffer-read-only: t
-End:
## Process this file with automake to produce Makefile.in
-EXTRA_DIST = OAUTHORS ONEWS ChangeLog.1 ChangeLog-2011
+EXTRA_DIST = OAUTHORS ONEWS ChangeLog-2011
bin_PROGRAMS = dirmngr dirmngr-client
certcache.c certcache.h \
cdb.h cdblib.c misc.c dirmngr-err.h \
ocsp.c ocsp.h validate.c validate.h \
+ dns-cert.c dns-cert.h \
ks-action.c ks-action.h ks-engine.h \
- ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c \
- ks-engine-ldap.c \
- ldap-parse-uri.c ldap-parse-uri.h
+ ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
if USE_LDAP
dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
- ldap-wrapper.h $(ldap_url) $(extraldap_src)
+ ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \
+ ks-engine-ldap.c $(ldap_url) $(extraldap_src)
ldaplibs = $(LDAPLIBS)
else
ldaplibs =
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \
$(DNSLIBS) $(LIBINTL) $(LIBICONV)
-module_tests = t-ldap-parse-uri
+module_tests = t-dns-cert
+
+if USE_LDAP
+module_tests += t-ldap-parse-uri
+endif
+
t_ldap_parse_uri_SOURCES = \
t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \
$(ldap_url) $(t_common_src)
t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd)
+t_dns_cert_SOURCES = t-dns-cert.c dns-cert.c
+t_dns_cert_LDADD = $(t_common_ldadd)
+
$(PROGRAMS) : $(libcommon) $(libcommonpth) $(libcommontls) $(libcommontlsnpth)
char *free_this = NULL;
int redirects_left = 2; /* We allow for 2 redirect levels. */
-#ifndef USE_LDAP
- (void)ctrl;
-#endif
-
*reader = NULL;
if (!url)
err = http_open_document (&hd, url, NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0),
- opt.http_proxy, NULL, NULL, NULL);
+ ctrl->http_proxy, NULL, NULL, NULL);
switch ( err? 99999 : http_get_status_code (hd) )
{
#include <gpg-error.h>
#include <assuan.h>
-#define JNLIB_NEED_LOG_LOGV
#include "../common/logging.h"
#include "../common/argparse.h"
#include "../common/stringhelp.h"
early_system_init ();
set_strusage (my_strusage);
log_set_prefix ("dirmngr-client",
- JNLIB_LOG_WITH_PREFIX);
+ GPGRT_LOG_WITH_PREFIX);
/* For W32 we need to initialize the socket subsystem. Becuase we
don't use Pth we need to do this explicit. */
#endif /*HTTP_USE_GNUTLS*/
-#define JNLIB_NEED_LOG_LOGV
-#define JNLIB_NEED_AFLOCAL
+#define GNUPG_COMMON_NEED_AFLOCAL
#include "dirmngr.h"
#include <assuan.h>
if (logfile)
{
log_set_file (logfile);
- log_set_prefix (NULL, (JNLIB_LOG_WITH_PREFIX
- |JNLIB_LOG_WITH_TIME
- |JNLIB_LOG_WITH_PID));
+ log_set_prefix (NULL, (GPGRT_LOG_WITH_PREFIX
+ |GPGRT_LOG_WITH_TIME
+ |GPGRT_LOG_WITH_PID));
current_logfile = xstrdup (logfile);
}
}
log_get_prefix (&oldflags);
- log_set_prefix (NULL, oldflags | JNLIB_LOG_RUN_DETACHED);
+ log_set_prefix (NULL, oldflags | GPGRT_LOG_RUN_DETACHED);
opt.running_detached = 1;
if (chdir("/"))
for (; !rc && argc; argc--, argv++)
rc = crl_cache_load (&ctrlbuf, *argv);
}
+ dirmngr_deinit_default_ctrl (&ctrlbuf);
}
else if (cmd == aFetchCRL)
{
argv[0], gpg_strerror (rc));
crl_close_reader (reader);
}
+ dirmngr_deinit_default_ctrl (&ctrlbuf);
}
else if (cmd == aFlush)
{
void
dirmngr_init_default_ctrl (ctrl_t ctrl)
{
- (void)ctrl;
+ if (opt.http_proxy)
+ ctrl->http_proxy = xstrdup (opt.http_proxy);
+}
+
- /* Nothing for now. */
+void
+dirmngr_deinit_default_ctrl (ctrl_t ctrl)
+{
+ if (!ctrl)
+ return;
+ xfree (ctrl->http_proxy);
+ ctrl->http_proxy = NULL;
}
}
-#if JNLIB_GCC_HAVE_PUSH_PRAGMA
+#if GPGRT_GCC_HAVE_PUSH_PRAGMA
# pragma GCC push_options
# pragma GCC optimize ("no-strict-overflow")
#endif
}
return 0;
}
-#if JNLIB_GCC_HAVE_PUSH_PRAGMA
+#if GPGRT_GCC_HAVE_PUSH_PRAGMA
# pragma GCC pop_options
#endif
int disable_http; /* Do not use HTTP at all. */
int disable_ldap; /* Do not use LDAP at all. */
int honor_http_proxy; /* Honor the http_proxy env variable. */
- const char *http_proxy; /* Use given HTTP proxy. */
+ const char *http_proxy; /* The default HTTP proxy. */
const char *ldap_proxy; /* Use given LDAP proxy. */
int only_ldap_proxy; /* Only use the LDAP proxy; no fallback. */
int ignore_http_dp; /* Ignore HTTP CRL distribution points. */
response. */
int audit_events; /* Send audit events to client. */
+ char *http_proxy; /* The used http_proxy or NULL. */
};
/*-- dirmngr.c --*/
void dirmngr_exit( int ); /* Wrapper for exit() */
void dirmngr_init_default_ctrl (ctrl_t ctrl);
+void dirmngr_deinit_default_ctrl (ctrl_t ctrl);
void dirmngr_sighup_action (void);
#endif
-#define JNLIB_NEED_LOG_LOGV
#include <gpg-error.h>
#include "../common/logging.h"
#include "../common/argparse.h"
#ifdef USE_LDAPWRAPPER
set_strusage (my_strusage);
- log_set_prefix ("dirmngr_ldap", JNLIB_LOG_WITH_PREFIX);
+ log_set_prefix ("dirmngr_ldap", GPGRT_LOG_WITH_PREFIX);
/* Setup I18N and common subsystems. */
i18n_init();
{
unsigned int oldflags;
log_get_prefix (&oldflags);
- log_set_prefix (NULL, oldflags | JNLIB_LOG_WITH_PID);
+ log_set_prefix (NULL, oldflags | GPGRT_LOG_WITH_PID);
}
break;
/* Returns 0 on success or an error code. If a PGP CERT record was
- found, a new estream with that key will be returned at R_KEY and
+ found, the malloced data is returned at (R_KEY, R_KEYLEN) and
the other return parameters are set to NULL/0. If an IPGP CERT
record was found the fingerprint is stored as an allocated block at
R_FPR and its length at R_FPRLEN; an URL is is allocated as a
returns the first CERT found with a supported type; it is expected
that only one CERT record is used. If WANT_CERTTYPE is one of the
supported certtypes only records wih this certtype are considered
- and the first found is returned. R_KEY is optional. */
+ and the first found is returned. (R_KEY,R_KEYLEN) are optional. */
gpg_error_t
get_dns_cert (const char *name, int want_certtype,
- estream_t *r_key,
+ void **r_key, size_t *r_keylen,
unsigned char **r_fpr, size_t *r_fprlen, char **r_url)
{
#ifdef USE_DNS_CERT
if (r_key)
*r_key = NULL;
+ if (r_keylen)
+ *r_keylen = 0;
*r_fpr = NULL;
*r_fprlen = 0;
*r_url = NULL;
if (want_certtype && want_certtype != ctype)
; /* Not of the requested certtype. */
- else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11 && r_key)
+ else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11 && r_key && r_keylen)
{
/* CERT type is PGP. Gpg checks for a minimum length of 11,
thus we do the same. */
- *r_key = es_fopenmem_init (0, "rwb", data, datalen);
+ *r_key = xtrymalloc (datalen);
if (!*r_key)
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
else
- err = 0;
+ {
+ memcpy (*r_key, data, datalen);
+ *r_keylen = datalen;
+ err = 0;
+ }
goto leave;
}
else if (ctype == DNS_CERTTYPE_IPGP && datalen && datalen < 1023
if (r_key)
*r_key = NULL;
+ if (r_keylen)
+ *r_keylen = 0;
*r_fpr = NULL;
*r_fprlen = 0;
*r_url = NULL;
/* 15 bytes takes us to here */
if (want_certtype && want_certtype != ctype)
; /* Not of the requested certtype. */
- else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key)
+ else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen)
{
/* PGP type */
- *r_key = es_fopenmem_init (0, "rwb", pt, dlen);
+ *r_key = xtrymalloc (dlen);
if (!*r_key)
err = gpg_err_make (default_errsource,
gpg_err_code_from_syserror ());
else
- err = 0;
+ {
+ memcpy (*r_key, pt, dlen);
+ *r_keylen = dlen;
+ err = 0;
+ }
goto leave;
}
else if (ctype == DNS_CERTTYPE_IPGP
(void)name;
if (r_key)
*r_key = NULL;
+ if (r_keylen)
+ *r_keylen = NULL;
*r_fpr = NULL;
*r_fprlen = 0;
*r_url = NULL;
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef GNUPG_COMMON_DNS_CERT_H
-#define GNUPG_COMMON_DNS_CERT_H
+#ifndef GNUPG_DIRMNGR_DNS_CERT_H
+#define GNUPG_DIRMNGR_DNS_CERT_H
#define DNS_CERTTYPE_ANY 0 /* Internal catch all type. */
gpg_error_t get_dns_cert (const char *name, int want_certtype,
- estream_t *r_key,
+ void **r_key, size_t *r_keylen,
unsigned char **r_fpr, size_t *r_fprlen,
char **r_url);
-#endif /*GNUPG_COMMON_DNS_CERT_H*/
+#endif /*GNUPG_DIRMNGR_DNS_CERT_H*/
#include "misc.h"
#include "ks-engine.h"
#include "ks-action.h"
-#include "ldap-parse-uri.h"
+#if USE_LDAP
+# include "ldap-parse-uri.h"
+#endif
/* Called by the engine's help functions to print the actual help. */
gpg_error_t
}
else
{
+#if USE_LDAP
if (ldap_uri_p (url))
err = ldap_parse_uri (&parsed_uri, url);
else
- err = http_parse_uri (&parsed_uri, url, 1);
+#endif
+ {
+ err = http_parse_uri (&parsed_uri, url, 1);
+ }
if (err)
return err;
err = ks_finger_help (ctrl, parsed_uri);
if (!err)
err = ks_kdns_help (ctrl, parsed_uri);
+#if USE_LDAP
if (!err)
err = ks_ldap_help (ctrl, parsed_uri);
+#endif
if (!parsed_uri)
ks_print_help (ctrl,
for (uri = keyservers; !err && uri; uri = uri->next)
{
int is_http = uri->parsed_uri->is_http;
- int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
- || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
- || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
+ int is_ldap = 0;
+#if USE_LDAP
+ is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
+ || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
+ || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
+#endif
if (is_http || is_ldap)
{
any_server = 1;
- if (is_http)
- err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
- else if (is_ldap)
+#if USE_LDAP
+ if (is_ldap)
err = ks_ldap_search (ctrl, uri->parsed_uri, patterns->d, &infp);
+ else
+#endif
+ {
+ err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp);
+ }
if (!err)
{
for (uri = keyservers; !err && uri; uri = uri->next)
{
int is_http = uri->parsed_uri->is_http;
- int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
- || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
- || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
+ int is_ldap = 0;
+
+#if USE_LDAP
+ is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
+ || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
+ || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
+#endif
+
if (is_http || is_ldap)
{
any_server = 1;
for (sl = patterns; !err && sl; sl = sl->next)
{
- if (is_http)
- err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
- else
+#if USE_LDAP
+ if (is_ldap)
err = ks_ldap_get (ctrl, uri->parsed_uri, sl->d, &infp);
+ else
+#endif
+ {
+ err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
+ }
if (err)
{
int any_server = 0;
uri_item_t uri;
+ (void) info;
+ (void) infolen;
+
for (uri = keyservers; !err && uri; uri = uri->next)
{
int is_http = uri->parsed_uri->is_http;
- int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
- || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
- || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
+ int is_ldap = 0;
+
+#if USE_LDAP
+ is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0
+ || strcmp (uri->parsed_uri->scheme, "ldaps") == 0
+ || strcmp (uri->parsed_uri->scheme, "ldapi") == 0);
+#endif
if (is_http || is_ldap)
{
any_server = 1;
- if (is_http)
- err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
- else
+#if USE_LDAP
+ if (is_ldap)
err = ks_ldap_put (ctrl, uri->parsed_uri, data, datalen,
info, infolen);
-
+ else
+#endif
+ {
+ err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen);
+ }
if (err)
{
first_err = err;
request,
httphost,
/* fixme: AUTH */ NULL,
- httpflags,
- /* fixme: proxy*/ NULL,
+ (httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)),
+ ctrl->http_proxy,
session,
NULL,
/*FIXME curl->srvtag*/NULL);
url,
/* httphost */ NULL,
/* fixme: AUTH */ NULL,
- 0,
- /* fixme: proxy*/ NULL,
+ (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
+ ctrl->http_proxy,
session,
NULL,
/*FIXME curl->srvtag*/NULL);
"Supported methods: search, get, put\n";
gpg_error_t err;
- if (strcmp (uri->scheme, "ldap") == 0
+ if(!uri)
+ err = ks_print_help (ctrl, " ldap");
+ else if (strcmp (uri->scheme, "ldap") == 0
|| strcmp (uri->scheme, "ldaps") == 0
|| strcmp (uri->scheme, "ldapi") == 0)
err = ks_print_help (ctrl, data);
/*-- ks-action.c --*/
gpg_error_t ks_print_help (ctrl_t ctrl, const char *text);
gpg_error_t ks_printf_help (ctrl_t ctrl, const char *format,
- ...) JNLIB_GCC_A_PRINTF(2,3);
+ ...) GPGRT_GCC_A_PRINTF(2,3);
/*-- ks-engine-hkp.c --*/
gpg_error_t ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri);
once_more:
err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0),
- opt.http_proxy, NULL, NULL, NULL);
+ ctrl->http_proxy, NULL, NULL, NULL);
if (err)
{
log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err));
#include <unistd.h>
#include <errno.h>
-#define JNLIB_NEED_LOG_LOGV
#include "dirmngr.h"
#include <assuan.h>
#endif
#include "ks-action.h"
#include "ks-engine.h" /* (ks_hkp_print_hosttable) */
-#include "ldap-parse-uri.h"
+#if USE_LDAP
+# include "ldap-parse-uri.h"
+#endif
+#include "dns-cert.h"
+#include "mbox-util.h"
/* To avoid DoS attacks we limit the size of a certificate to
something reasonable. */
return err;
}
-/* A write handler used by es_fopencookie to write assuan data
- lines. */
-static ssize_t
-data_line_cookie_write (void *cookie, const void *buffer_arg, size_t size)
+
+/* This is a wrapper around assuan_send_data which makes debugging the
+ output in verbose mode easier. */
+static gpg_error_t
+data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size)
{
- assuan_context_t ctx = cookie;
const char *buffer = buffer_arg;
+ gpg_error_t err;
if (opt.verbose && buffer && size)
{
{
p = memchr (buffer, '\n', nbytes);
n = p ? (p - buffer) + 1 : nbytes;
- if (assuan_send_data (ctx, buffer, n))
+ err = assuan_send_data (ctx, buffer, n);
+ if (err)
{
gpg_err_set_errno (EIO);
- return -1;
+ return err;
}
buffer += n;
nbytes -= n;
- if (nbytes && assuan_send_data (ctx, NULL, 0)) /* Flush line. */
+ if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */
{
gpg_err_set_errno (EIO);
- return -1;
+ return err;
}
}
while (nbytes);
}
else
{
- if (assuan_send_data (ctx, buffer, size))
+ err = assuan_send_data (ctx, buffer, size);
+ if (err)
{
- gpg_err_set_errno (EIO);
- return -1;
+ gpg_err_set_errno (EIO); /* For use by data_line_cookie_write. */
+ return err;
}
}
- return size;
+ return 0;
+}
+
+
+/* A write handler used by es_fopencookie to write assuan data
+ lines. */
+static ssize_t
+data_line_cookie_write (void *cookie, const void *buffer, size_t size)
+{
+ assuan_context_t ctx = cookie;
+
+ if (data_line_write (ctx, buffer, size))
+ return -1;
+ return (ssize_t)size;
}
+
static int
data_line_cookie_close (void *cookie)
{
option_handler (assuan_context_t ctx, const char *key, const char *value)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
+ gpg_error_t err = 0;
if (!strcmp (key, "force-crl-refresh"))
{
int i = *value? atoi (value) : 0;
ctrl->audit_events = i;
}
+ else if (!strcmp (key, "http-proxy"))
+ {
+ xfree (ctrl->http_proxy);
+ if (!*value || !strcmp (value, "none"))
+ ctrl->http_proxy = NULL;
+ else if (!(ctrl->http_proxy = xtrystrdup (value)))
+ err = gpg_error_from_syserror ();
+ }
else
- return gpg_error (GPG_ERR_UNKNOWN_OPTION);
+ err = gpg_error (GPG_ERR_UNKNOWN_OPTION);
- return 0;
+ return err;
+}
+
+
+\f
+static const char hlp_dns_cert[] =
+ "DNS_CERT <subtype> <name>\n"
+ "DNS_CERT --pka <user_id>\n"
+ "\n"
+ "Return the CERT record for <name>. <subtype> is one of\n"
+ " * Return the first record of any supported subtype\n"
+ " PGP Return the first record of subtype PGP (3)\n"
+ " IPGP Return the first record of subtype IPGP (6)\n"
+ "If the content of a certifciate is available (PGP) it is returned\n"
+ "by data lines. Fingerprints and URLs are returned via status lines.\n"
+ "In --pka mode the fingerprint and if available an URL is returned.";
+static gpg_error_t
+cmd_dns_cert (assuan_context_t ctx, char *line)
+{
+ /* ctrl_t ctrl = assuan_get_pointer (ctx); */
+ gpg_error_t err = 0;
+ int pka_mode;
+ char *mbox = NULL;
+ char *namebuf = NULL;
+ char *encodedhash = NULL;
+ const char *name;
+ int certtype;
+ char *p;
+ void *key = NULL;
+ size_t keylen;
+ unsigned char *fpr = NULL;
+ size_t fprlen;
+ char *url = NULL;
+
+ pka_mode = has_option (line, "--pka");
+ line = skip_options (line);
+ if (pka_mode)
+ ; /* No need to parse here - we do this later. */
+ else
+ {
+ p = strchr (line, ' ');
+ if (!p)
+ {
+ err = PARM_ERROR ("missing arguments");
+ goto leave;
+ }
+ *p++ = 0;
+ if (!strcmp (line, "*"))
+ certtype = DNS_CERTTYPE_ANY;
+ else if (!strcmp (line, "IPGP"))
+ certtype = DNS_CERTTYPE_IPGP;
+ else if (!strcmp (line, "PGP"))
+ certtype = DNS_CERTTYPE_PGP;
+ else
+ {
+ err = PARM_ERROR ("unknown subtype");
+ goto leave;
+ }
+ while (spacep (p))
+ p++;
+ line = p;
+ if (!*line)
+ {
+ err = PARM_ERROR ("name missing");
+ goto leave;
+ }
+ }
+
+ if (pka_mode)
+ {
+ char *domain; /* Points to mbox. */
+ char hashbuf[20];
+
+ mbox = mailbox_from_userid (line);
+ if (!mbox || !(domain = strchr (mbox, '@')))
+ {
+ err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
+ goto leave;
+ }
+ *domain++ = 0;
+
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox));
+ encodedhash = zb32_encode (hashbuf, 8*20);
+ if (!encodedhash)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ namebuf = strconcat (encodedhash, "._pka.", domain, NULL);
+ if (!namebuf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ name = namebuf;
+ certtype = DNS_CERTTYPE_IPGP;
+ }
+ else
+ name = line;
+
+ err = get_dns_cert (name, certtype, &key, &keylen, &fpr, &fprlen, &url);
+ if (err)
+ goto leave;
+
+ if (key)
+ {
+ err = data_line_write (ctx, key, keylen);
+ if (err)
+ goto leave;
+ }
+
+ if (fpr)
+ {
+ char *tmpstr;
+
+ tmpstr = bin2hex (fpr, fprlen, NULL);
+ if (!tmpstr)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ err = assuan_write_status (ctx, "FPR", tmpstr);
+ xfree (tmpstr);
+ }
+ if (err)
+ goto leave;
+ }
+
+ if (url)
+ {
+ err = assuan_write_status (ctx, "URL", url);
+ if (err)
+ goto leave;
+ }
+
+
+ leave:
+ xfree (key);
+ xfree (fpr);
+ xfree (url);
+ xfree (mbox);
+ xfree (namebuf);
+ xfree (encodedhash);
+ return leave_cmd (ctx, err);
}
+
+\f
static const char hlp_ldapserver[] =
"LDAPSERVER <data>\n"
"\n"
item->parsed_uri = NULL;
strcpy (item->uri, line);
+#if USE_LDAP
if (ldap_uri_p (item->uri))
err = ldap_parse_uri (&item->parsed_uri, line);
else
- err = http_parse_uri (&item->parsed_uri, line, 1);
+#endif
+ {
+ err = http_parse_uri (&item->parsed_uri, line, 1);
+ }
if (err)
{
xfree (item);
"\n"
"Get the keys matching PATTERN from the configured OpenPGP keyservers\n"
"(see command KEYSERVER). Each pattern should be a keyid, a fingerprint,\n"
- "or an exact name indicastes by the '=' prefix.";
+ "or an exact name indicated by the '=' prefix.";
static gpg_error_t
cmd_ks_get (assuan_context_t ctx, char *line)
{
assuan_handler_t handler;
const char * const help;
} table[] = {
+ { "DNS_CERT", cmd_dns_cert, hlp_dns_cert },
{ "LDAPSERVER", cmd_ldapserver, hlp_ldapserver },
{ "ISVALID", cmd_isvalid, hlp_isvalid },
{ "CHECKCRL", cmd_checkcrl, hlp_checkcrl },
{
release_ctrl_ocsp_certs (ctrl);
xfree (ctrl->server_local);
+ dirmngr_deinit_default_ctrl (ctrl);
xfree (ctrl);
}
}
unsigned char *fpr;
size_t fpr_len;
char *url;
- estream_t key;
+ void *key;
+ size_t keylen;
char const *name;
if (argc)
printf ("CERT lookup on '%s'\n", name);
- err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &fpr, &fpr_len, &url);
+ err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen,
+ &fpr, &fpr_len, &url);
if (err)
printf ("get_dns_cert failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
else if (key)
{
- int count = 0;
-
- while (es_getc (key) != EOF)
- count++;
- printf ("Key found (%d bytes)\n", count);
+ printf ("Key found (%u bytes)\n", (unsigned int)keylen);
}
else
{
}
- es_fclose (key);
+ xfree (key);
xfree (fpr);
xfree (url);
@item --http-proxy @var{host}[:@var{port}]
@opindex http-proxy
Use @var{host} and @var{port} to access HTTP servers. The use of this
-options overrides the environment variable @env{http_proxy} regardless
+option overrides the environment variable @env{http_proxy} regardless
whether @option{--honor-http-proxy} has been set.
shall not be used for any production quality keys. This option is
only effective when given on the command line.
+@item --debug-pinentry
+@opindex debug-pinentry
+This option enables extra debug information pertaining to the
+Pinentry. As of now it is only useful when used along with
+@code{--debug 1024}.
+
@item --no-detach
@opindex no-detach
Don't detach the process from the console. This is mainly useful for
@option{pinentry-mode} for details.
@end ifset
+@ifset gpgtwoone
+@item --no-allow-external-cache
+@opindex no-allow-external-cache
+Tell Pinentry not to enable features which use an external cache for
+passphrases.
+
+Some desktop environments prefer to unlock all
+credentials with one master password and may have installed a Pinentry
+which employs an additional external cache to implement such a policy.
+By using this option the Pinentry is advised not to make use of such a
+cache and instead always ask the user for the requested passphrase.
+@end ifset
+
@item --ignore-cache-for-signing
@opindex ignore-cache-for-signing
This option will let @command{gpg-agent} bypass the passphrase cache for all
started with a configuration file, the configuration file is read
again. Only certain options are honored: @code{quiet},
@code{verbose}, @code{debug}, @code{debug-all}, @code{debug-level},
+@code{debug-pinentry},
@code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl},
@code{max-cache-ttl}, @code{ignore-cache-for-signing},
+@code{no-allow-external-cache},
@code{no-allow-mark-trusted}, @code{disable-scdaemon}, and
@code{disable-check-own-socket}. @code{scdaemon-program} is also
supported but due to the current implementation, which calls the
@ifset gpgtwoone
@item --quick-gen-key @code{user-id}
@opindex quick-gen-key
-This is simple command to generate a standard key with one user id.
+This is a simple command to generate a standard key with one user id.
In contrast to @option{--gen-key} the key is generated directly
without the need to answer a bunch of prompts. Unless the option
@option{--yes} is given, the key creation will be canceled if the
of verified fingerprints.
@end ifset
+@ifset gpgtwoone
+@item --quick-adduid @var{user-id} @var{new-user-id}
+@opindex quick-adduid
+This command adds a new user id to an existing key. In contrast to
+the interactive sub-command @code{adduid} of @option{--edit-key} the
+@var{new-user-id} is added verbatim with only leading and trailing
+white space removed, it is expected to be UTF-8 encoded, and no checks
+on its form are applied.
+@end ifset
+
@item --passwd @var{user_id}
@opindex passwd
Change the passphrase of the secret key belonging to the certificate
@code{hkp://keys.gnupg.net} uses round robin DNS to give a different
keyserver each time you use it.
-@item --keyserver-options @code{name=value1 }
+@item --keyserver-options @code{name=value}
@opindex keyserver-options
This is a space or comma delimited string that gives options for the
keyserver. Options can be prefixed with a `no-' to give the opposite
keyserver URL, then use that preferred keyserver to refresh the key
from. In addition, if auto-key-retrieve is set, and the signature
being verified has a preferred keyserver URL, then use that preferred
- keyserver to fetch the key from. Defaults to yes.
+ keyserver to fetch the key from. Note that this option introduces a
+ "web bug": The creator of the key can see when the keys is
+ refreshed. Thus this option is not enabled by default.
@item honor-pka-record
If auto-key-retrieve is set, and the signature being verified has a
PKA record, then use the PKA information to fetch the key. Defaults
- to yes.
+ to "yes".
@item include-subkeys
When receiving a key, include subkeys as potential targets. Note that
this option is not used with HKP keyservers, as they do not support
retrieving keys by subkey id.
+@ifclear gpgtwoone
@item use-temp-files
On most Unix-like platforms, GnuPG communicates with the keyserver
helper program via pipes, which is the most efficient method. This
option forces GnuPG to use temporary files to communicate. On some
platforms (such as Win32 and RISC OS), this option is always enabled.
+@end ifclear
+@ifclear gpgtwoone
@item keep-temp-files
If using `use-temp-files', do not delete the temp files after using
them. This option is useful to learn the keyserver communication
protocol by reading the temporary files.
-
- @item verbose
- Tell the keyserver helper program to be more verbose. This option can
- be repeated multiple times to increase the verbosity level.
+@end ifclear
@item timeout
Tell the keyserver helper program how long (in seconds) to try and
@option{--recv-keys} command as a whole. Defaults to 30 seconds.
@item http-proxy=@code{value}
- Set the proxy to use for HTTP and HKP keyservers. This overrides the
- "http_proxy" environment variable, if any.
-
+ Set the proxy to use for HTTP and HKP keyservers.
+@ifset gpgtwoone
+This overrides any proxy defined in @file{dirmngr.conf}.
+@end ifset
+@ifclear gpgtwoone
+This overrides the "http_proxy" environment variable, if any.
+@end ifclear
@ifclear gpgtwoone
@item max-cert-size
Defaults to 16384 bytes.
@end ifclear
+ @item verbose
+@ifset gpgtwoone
+This option has no more function since GnuPG 2.1. Use the
+@code{dirmngr} configuration options instead.
+@end ifset
+@ifclear gpgtwoone
+Tell the keyserver helper program to be more verbose. This option can
+be repeated multiple times to increase the verbosity level.
+@end ifclear
+
@item debug
- Turn on debug output in the keyserver helper program. Note that the
- details of debug output depends on which keyserver helper program is
- being used, and in turn, on any libraries that the keyserver helper
- program uses internally (libcurl, openldap, etc).
+@ifset gpgtwoone
+This option has no more function since GnuPG 2.1. Use the
+@code{dirmngr} configuration options instead.
+@end ifset
+@ifclear gpgtwoone
+Turn on debug output in the keyserver helper program. Note that the
+details of debug output depends on which keyserver helper program is
+being used, and in turn, on any libraries that the keyserver helper
+program uses internally (libcurl, openldap, etc).
+@end ifclear
@item check-cert
@ifset gpgtwoone
- This option has no more function since GnuPG 2.1. Use the
- @code{dirmngr} configuration options instead.
+This option has no more function since GnuPG 2.1. Use the
+@code{dirmngr} configuration options instead.
@end ifset
@ifclear gpgtwoone
- Enable certificate checking if the keyserver presents one (for hkps or
- ldaps). Defaults to on.
+Enable certificate checking if the keyserver presents one (for hkps or
+ldaps). Defaults to on.
@end ifclear
@item ca-cert-file
@ifset gpgtwoone
- This option has no more function since GnuPG 2.1. Use the
- @code{dirmngr} configuration options instead.
+This option has no more function since GnuPG 2.1. Use the
+@code{dirmngr} configuration options instead.
@end ifset
@ifclear gpgtwoone
Provide a certificate store to override the system default. Only
# here, even that it is not used by gpg. A proper solution would
# either to split up libkeybox.a or to use a separate keybox daemon.
LDADD = $(needed_libs) ../common/libgpgrl.a \
- $(ZLIBS) $(DNSLIBS) \
- $(LIBINTL) $(CAPLIBS) $(NETLIBS)
+ $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
$(KSBA_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
$(LIBICONV) $(resource_objs) $(extra_sys_libs)
char **serialno = opaque;
const char *s, *s2;
- if ((s = has_leading_keyword (line, "KEYINFO ")) && !*serialno)
+ if ((s = has_leading_keyword (line, "KEYINFO")) && !*serialno)
{
s = strchr (s, ' ');
if (s && s[1] == 'T' && s[2] == ' ' && s[3])
};
+/* Parameter structure used with the DNS_CERT command. */
+struct dns_cert_parm_s
+{
+ estream_t memfp;
+ unsigned char *fpr;
+ size_t fprlen;
+ char *url;
+};
+
+
/* Data used to associate an session with dirmngr contexts. We can't
use a simple one to one mapping because we sometimes need two
connections to the dirmngr; for example while doing a listing and
/* The active Assuan context. */
assuan_context_t ctx;
+ /* Flag set when the keyserver names have been send. */
+ int set_keyservers_done;
+
/* Flag set to true while an operation is running on CTX. */
int is_active;
};
}
else if (!err)
{
- keyserver_spec_t ksi;
+ char *line;
/* Tell the dirmngr that we want to collect audit event. */
/* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */
/* NULL, NULL, NULL, NULL, NULL, NULL); */
-
- /* Set all configured keyservers. We clear existing keyservers
- so that any keyserver configured in GPG overrides keyservers
- possibly still configured in Dirmngr for the session (Note
- that the keyserver list of a session in Dirmngr survives a
- RESET. */
- for (ksi = opt.keyserver; !err && ksi; ksi = ksi->next)
+ if (opt.keyserver_options.http_proxy)
{
- char *line;
-
- line = xtryasprintf ("KEYSERVER%s %s",
- ksi == opt.keyserver? " --clear":"", ksi->uri);
+ line = xtryasprintf ("OPTION http-proxy=%s",
+ opt.keyserver_options.http_proxy);
if (!line)
err = gpg_error_from_syserror ();
else
{
- err = assuan_transact (ctx, line,
- NULL, NULL, NULL, NULL, NULL, NULL);
+ err = assuan_transact (ctx, line, NULL, NULL, NULL,
+ NULL, NULL, NULL);
xfree (line);
}
}
{
/* Found an inactive local session - return that. */
assert (!dml->is_active);
+
+ /* But first do the per session init if not yet done. */
+ if (!dml->set_keyservers_done)
+ {
+ keyserver_spec_t ksi;
+
+ /* Set all configured keyservers. We clear existing
+ keyservers so that any keyserver configured in GPG
+ overrides keyservers possibly still configured in Dirmngr
+ for the session (Note that the keyserver list of a
+ session in Dirmngr survives a RESET. */
+ for (ksi = opt.keyserver; ksi; ksi = ksi->next)
+ {
+ char *line;
+
+ line = xtryasprintf
+ ("KEYSERVER%s %s",
+ ksi == opt.keyserver? " --clear":"", ksi->uri);
+ if (!line)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ err = assuan_transact (dml->ctx, line, NULL, NULL, NULL,
+ NULL, NULL, NULL);
+ xfree (line);
+ }
+
+ if (err)
+ return err;
+ }
+
+ dml->set_keyservers_done = 1;
+ }
+
dml->is_active = 1;
+
*r_ctx = dml->ctx;
return 0;
}
xfree (dml);
return err;
}
+
/* To be on the nPth thread safe site we need to add it to a
list; this is far easier than to have a lock for this
function. It should not happen anyway but the code is free
}
+/* Clear the set_keyservers_done flag on context CTX. */
+static void
+clear_context_flags (ctrl_t ctrl, assuan_context_t ctx)
+{
+ dirmngr_local_t dml;
+
+ if (!ctx)
+ return;
+
+ for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
+ {
+ if (dml->ctx == ctx)
+ {
+ if (!dml->is_active)
+ log_fatal ("clear_context_flags on inactive dirmngr ctx %p\n", ctx);
+ dml->set_keyservers_done = 0;
+ return;
+ }
+ }
+ log_fatal ("clear_context_flags on unknown dirmngr ctx %p\n", ctx);
+}
+
+
\f
/* Status callback for ks_get and ks_search. */
static gpg_error_t
are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */
gpg_error_t
gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
+ keyserver_spec_t override_keyserver,
estream_t *r_fp, char **r_source)
{
gpg_error_t err;
if (err)
return err;
+ /* If we have an override keyserver we first indicate that the next
+ user of the context needs to again setup the global keyservers and
+ them we send the override keyserver. */
+ if (override_keyserver)
+ {
+ clear_context_flags (ctrl, ctx);
+ line = xtryasprintf ("KEYSERVER --clear %s", override_keyserver->uri);
+ if (!line)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ err = assuan_transact (ctx, line, NULL, NULL, NULL,
+ NULL, NULL, NULL);
+ if (err)
+ goto leave;
+
+ xfree (line);
+ line = NULL;
+ }
+
/* Lump all patterns into one string. */
init_membuf (&mb, 1024);
put_membuf_str (&mb, "KS_GET --");
close_context (ctrl, ctx);
return err;
}
+
+
+\f
+/* Data callback for the DNS_CERT command. */
+static gpg_error_t
+dns_cert_data_cb (void *opaque, const void *data, size_t datalen)
+{
+ struct dns_cert_parm_s *parm = opaque;
+ gpg_error_t err = 0;
+ size_t nwritten;
+
+ if (!data)
+ return 0; /* Ignore END commands. */
+ if (!parm->memfp)
+ return 0; /* Data is not required. */
+
+ if (es_write (parm->memfp, data, datalen, &nwritten))
+ err = gpg_error_from_syserror ();
+
+ return err;
+}
+
+
+/* Status callback for the DNS_CERT command. */
+static gpg_error_t
+dns_cert_status_cb (void *opaque, const char *line)
+{
+ struct dns_cert_parm_s *parm = opaque;
+ gpg_error_t err = 0;
+ const char *s;
+ size_t nbytes;
+
+ if ((s = has_leading_keyword (line, "FPR")))
+ {
+ char *buf;
+
+ if (!(buf = xtrystrdup (s)))
+ err = gpg_error_from_syserror ();
+ else if (parm->fpr)
+ err = gpg_error (GPG_ERR_DUP_KEY);
+ else if (!hex2str (buf, buf, strlen (buf)+1, &nbytes))
+ err = gpg_error_from_syserror ();
+ else if (nbytes < 20)
+ err = gpg_error (GPG_ERR_TOO_SHORT);
+ else
+ {
+ parm->fpr = xtrymalloc (nbytes);
+ if (!parm->fpr)
+ err = gpg_error_from_syserror ();
+ else
+ memcpy (parm->fpr, buf, (parm->fprlen = nbytes));
+ }
+ xfree (buf);
+ }
+ else if ((s = has_leading_keyword (line, "URL")) && *s)
+ {
+ if (parm->url)
+ err = gpg_error (GPG_ERR_DUP_KEY);
+ else if (!(parm->fpr = xtrymalloc (nbytes)))
+ err = gpg_error_from_syserror ();
+ else
+ memcpy (parm->fpr, line, (parm->fprlen = nbytes));
+ }
+
+ return err;
+}
+
+/* Ask the dirmngr for a DNS CERT record. Depending on the found
+ subtypes different return values are set:
+
+ - For a PGP subtype a new estream with that key will be returned at
+ R_KEY and the other return parameters are set to NULL/0.
+
+ - For an IPGP subtype the fingerprint is stored as a malloced block
+ at (R_FPR,R_FPRLEN). If an URL is available it is stored as a
+ malloced string at R_URL; NULL is stored if there is no URL.
+
+ If CERTTYPE is DNS_CERTTYPE_ANY this function returns the first
+ CERT record found with a supported type; it is expected that only
+ one CERT record is used. If CERTTYPE is one of the supported
+ certtypes, only records with this certtype are considered and the
+ first one found is returned. All R_* args are optional. */
+gpg_error_t
+gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
+ estream_t *r_key,
+ unsigned char **r_fpr, size_t *r_fprlen,
+ char **r_url)
+{
+ gpg_error_t err;
+ assuan_context_t ctx;
+ struct dns_cert_parm_s parm;
+ char *line = NULL;
+
+ memset (&parm, 0, sizeof parm);
+ if (r_key)
+ *r_key = NULL;
+ if (r_fpr)
+ *r_fpr = NULL;
+ if (r_fprlen)
+ *r_fprlen = 0;
+ if (r_url)
+ *r_url = NULL;
+
+ err = open_context (ctrl, &ctx);
+ if (err)
+ return err;
+
+ line = es_bsprintf ("DNS_CERT %s %s", certtype, name);
+ if (!line)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
+ {
+ err = gpg_error (GPG_ERR_TOO_LARGE);
+ goto leave;
+ }
+
+ parm.memfp = es_fopenmem (0, "rwb");
+ if (!parm.memfp)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
+ NULL, NULL, dns_cert_status_cb, &parm);
+ if (err)
+ goto leave;
+
+ if (r_key)
+ {
+ es_rewind (parm.memfp);
+ *r_key = parm.memfp;
+ parm.memfp = NULL;
+ }
+
+ if (r_fpr && parm.fpr)
+ {
+ *r_fpr = parm.fpr;
+ parm.fpr = NULL;
+ }
+ if (r_fprlen)
+ *r_fprlen = parm.fprlen;
+
+ if (r_url && parm.url)
+ {
+ *r_url = parm.url;
+ parm.url = NULL;
+ }
+
+ leave:
+ xfree (parm.fpr);
+ xfree (parm.url);
+ es_fclose (parm.memfp);
+ xfree (line);
+ close_context (ctrl, ctx);
+ return err;
+}
+
+
+/* Ask the dirmngr for PKA info. On success the retrieved fingerprint
+ is returned in a malloced buffer at R_FPR and its length is stored
+ at R_FPRLEN. If an URL is available it is stored as a malloced
+ string at R_URL. On error all return values are set to NULL/0. */
+gpg_error_t
+gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
+ unsigned char **r_fpr, size_t *r_fprlen,
+ char **r_url)
+{
+ gpg_error_t err;
+ assuan_context_t ctx;
+ struct dns_cert_parm_s parm;
+ char *line = NULL;
+
+ memset (&parm, 0, sizeof parm);
+ if (r_fpr)
+ *r_fpr = NULL;
+ if (r_fprlen)
+ *r_fprlen = 0;
+ if (r_url)
+ *r_url = NULL;
+
+ err = open_context (ctrl, &ctx);
+ if (err)
+ return err;
+
+ line = es_bsprintf ("DNS_CERT --pka -- %s", userid);
+ if (!line)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
+ {
+ err = gpg_error (GPG_ERR_TOO_LARGE);
+ goto leave;
+ }
+
+ err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
+ NULL, NULL, dns_cert_status_cb, &parm);
+ if (err)
+ goto leave;
+
+ if (r_fpr && parm.fpr)
+ {
+ *r_fpr = parm.fpr;
+ parm.fpr = NULL;
+ }
+ if (r_fprlen)
+ *r_fprlen = parm.fprlen;
+
+ if (r_url && parm.url)
+ {
+ *r_url = parm.url;
+ parm.url = NULL;
+ }
+
+ leave:
+ xfree (parm.fpr);
+ xfree (parm.url);
+ xfree (line);
+ close_context (ctrl, ctx);
+ return err;
+}
gpg_error_t (*cb)(void*, int, char *),
void *cb_value);
gpg_error_t gpg_dirmngr_ks_get (ctrl_t ctrl, char *pattern[],
+ keyserver_spec_t override_keyserver,
estream_t *r_fp, char **r_source);
gpg_error_t gpg_dirmngr_ks_fetch (ctrl_t ctrl,
const char *url, estream_t *r_fp);
gpg_error_t gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen,
kbnode_t keyblock);
+gpg_error_t gpg_dirmngr_dns_cert (ctrl_t ctrl,
+ const char *name, const char *certtype,
+ estream_t *r_key,
+ unsigned char **r_fpr, size_t *r_fprlen,
+ char **r_url);
+gpg_error_t gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
+ unsigned char **r_fpr, size_t *r_fprlen,
+ char **r_url);
#endif /*GNUPG_G10_CALL_DIRMNGR_H*/
{
struct agent_card_info_s info;
PKT_public_key *pk = xcalloc (1, sizeof *pk);
+ kbnode_t keyblock = NULL;
int rc;
unsigned int uval;
const unsigned char *thefpr;
/* If the fingerprint is all 0xff, the key has no asssociated
OpenPGP certificate. */
if ( thefpr && !fpr_is_ff (thefpr)
- && !get_pubkey_byfprint (pk, thefpr, 20))
+ && !get_pubkey_byfprint (pk, &keyblock, thefpr, 20))
{
- kbnode_t keyblock = NULL;
-
print_pubkey_info (fp, pk);
-
-#if GNUPG_MAJOR_VERSION == 1
- if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
+ if (keyblock)
print_card_key_info (fp, keyblock);
- else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) )
- {
- release_kbnode (keyblock);
- keyblock = NULL;
-
- if (!auto_create_card_key_stub (info.serialno,
- info.fpr1valid? info.fpr1:NULL,
- info.fpr2valid? info.fpr2:NULL,
- info.fpr3valid? info.fpr3:NULL))
- {
- if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) )
- print_card_key_info (fp, keyblock);
- }
- }
-
-#else /* GNUPG_MAJOR_VERSION != 1 */
- if (!get_keyblock_byfprint (&keyblock, thefpr, 20))
- print_card_key_info (fp, keyblock);
-#endif /* GNUPG_MAJOR_VERSION != 1 */
-
- release_kbnode (keyblock);
}
else
tty_fprintf (fp, "[none]\n");
}
+ release_kbnode (keyblock);
free_public_key (pk);
agent_release_card_info (&info);
}
#include "options.h"
+/* This is mpi_copy with a fix for opaque MPIs which store a NULL
+ pointer. This will also be fixed in Libggcrypt 1.7.0. */
+static gcry_mpi_t
+my_mpi_copy (gcry_mpi_t a)
+{
+ if (a
+ && gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)
+ && !gcry_mpi_get_opaque (a, NULL))
+ return NULL;
+
+ return gcry_mpi_copy (a);
+}
+
+
void
free_symkey_enc( PKT_symkey_enc *enc )
{
n = pubkey_get_npkey (s->pubkey_algo);
i = 0;
if (!n)
- d->pkey[i++] = mpi_copy (s->pkey[0]);
+ d->pkey[i++] = my_mpi_copy (s->pkey[0]);
else
{
for (; i < n; i++ )
- d->pkey[i] = mpi_copy( s->pkey[i] );
+ d->pkey[i] = my_mpi_copy (s->pkey[i]);
}
for (; i < PUBKEY_MAX_NSKEY; i++)
d->pkey[i] = NULL;
memcpy( d, s, sizeof *d );
n = pubkey_get_nsig( s->pubkey_algo );
if( !n )
- d->data[0] = mpi_copy(s->data[0]);
+ d->data[0] = my_mpi_copy(s->data[0]);
else {
for(i=0; i < n; i++ )
- d->data[i] = mpi_copy( s->data[i] );
+ d->data[i] = my_mpi_copy( s->data[i] );
}
d->pka_info = s->pka_info? cp_pka_info (s->pka_info) : NULL;
d->hashed = cp_subpktarea (s->hashed);
return -1;
n = pubkey_get_npkey( b->pubkey_algo );
- if( !n )
- return -1; /* can't compare due to unknown algorithm */
- for(i=0; i < n; i++ ) {
- if( mpi_cmp( a->pkey[i], b->pkey[i] ) )
- return -1;
+ if( !n ) { /* unknown algorithm, rest is in opaque MPI */
+ if( mpi_cmp( a->pkey[0], b->pkey[0] ) )
+ return -1; /* can't compare due to unknown algorithm */
+ } else {
+ for(i=0; i < n; i++ ) {
+ if( mpi_cmp( a->pkey[i], b->pkey[i] ) )
+ return -1;
+ }
}
return 0;
}
-/* Search for a key with the given fingerprint.
+/* Search for a key with the given fingerprint. The caller need to
+ * prove an allocated public key object at PK. If R_KEYBLOCK is not
+ * NULL the entire keyblock is stored there and the caller needs to
+ * call release_kbnode() on it. Note that this function does an exact
+ * search and thus the public key stored at PK may be a copy of a
+ * subkey.
+ *
* FIXME:
* We should replace this with the _byname function. This can be done
* by creating a userID conforming to the unified fingerprint style.
*/
int
-get_pubkey_byfprint (PKT_public_key * pk,
+get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock,
const byte * fprint, size_t fprint_len)
{
int rc;
+ if (r_keyblock)
+ *r_keyblock = NULL;
+
if (fprint_len == 20 || fprint_len == 16)
{
struct getkey_ctx_s ctx;
memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
rc = lookup (&ctx, &kb, 0);
if (!rc && pk)
- pk_from_block (&ctx, pk, kb);
+ {
+ pk_from_block (&ctx, pk, kb);
+ if (r_keyblock)
+ {
+ *r_keyblock = kb;
+ kb = NULL;
+ }
+ }
release_kbnode (kb);
get_pubkey_end (&ctx);
}
aLSignKey,
aQuickSignKey,
aQuickLSignKey,
+ aQuickAddUid,
aListConfig,
aListGcryptConfig,
aGPGConfList,
N_("generate a new key pair")),
ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
N_("quickly generate a new key pair")),
+ ARGPARSE_c (aQuickAddUid, "quick-adduid",
+ N_("quickly add a new user-id")),
ARGPARSE_c (aFullKeygen, "full-gen-key" ,
N_("full featured key pair generation")),
ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
opt.export_options = EXPORT_ATTRIBUTES;
opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG;
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
- opt.keyserver_options.options = (KEYSERVER_HONOR_KEYSERVER_URL
- | KEYSERVER_HONOR_PKA_RECORD );
+ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
opt.verify_options = (LIST_SHOW_UID_VALIDITY
| VERIFY_SHOW_POLICY_URLS
| VERIFY_SHOW_STD_NOTATIONS
case aLSignKey:
case aStore:
case aQuickKeygen:
+ case aQuickAddUid:
case aExportOwnerTrust:
case aImportOwnerTrust:
case aRebuildKeydbCaches:
case aDeleteSecretKeys:
case aDeleteSecretAndPublicKeys:
case aQuickKeygen:
+ case aQuickAddUid:
case aFullKeygen:
case aKeygen:
case aImport:
}
break;
+ case aQuickAddUid:
+ {
+ const char *uid, *newuid;
+
+ if (argc != 2)
+ wrong_args ("--quick-adduid USER-ID NEW-USER-ID");
+ uid = *argv++; argc--;
+ newuid = *argv++; argc--;
+ keyedit_quick_adduid (ctrl, uid, newuid);
+ }
+ break;
+
case aFastImport:
opt.import_options |= IMPORT_FAST;
case aImport:
*r_serialno = NULL;
return gpg_error (GPG_ERR_NO_SECKEY);
}
+
+gpg_error_t
+gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
+ unsigned char **r_fpr, size_t *r_fprlen,
+ char **r_url)
+{
+ (void)ctrl;
+ (void)userid;
+ if (r_fpr)
+ *r_fpr = NULL;
+ if (r_fprlen)
+ *r_fprlen = 0;
+ if (r_url)
+ *r_url = NULL;
+ return gpg_error (GPG_ERR_NOT_FOUND);
+}
/* keydb.c - key database dispatcher
- * Copyright (C) 2001, 2002, 2003, 2004, 2005,
- * 2008, 2009, 2011, 2013 Free Software Foundation, Inc.
- * Coyrright (C) 2013 Werner Koch
+ * Copyright (C) 2001-2013 Free Software Foundation, Inc.
+ * Coyrright (C) 2001-2015 Werner Koch
*
* This file is part of GnuPG.
*
{
int locked;
int found;
+ int saved_found;
unsigned long skipped_long_blobs;
int no_caching;
int current;
hd = xmalloc_clear (sizeof *hd);
hd->found = -1;
+ hd->saved_found = -1;
assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++)
}
+\f
+/* Push the last found state if any. */
+void
+keydb_push_found_state (KEYDB_HANDLE hd)
+{
+ if (!hd)
+ return;
+
+ if (hd->found < 0 || hd->found >= hd->used)
+ {
+ hd->saved_found = -1;
+ return;
+ }
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ keyring_push_found_state (hd->active[hd->found].u.kr);
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ keybox_push_found_state (hd->active[hd->found].u.kb);
+ break;
+ }
+
+ hd->saved_found = hd->found;
+ hd->found = -1;
+}
+
+
+/* Pop the last found state. */
+void
+keydb_pop_found_state (KEYDB_HANDLE hd)
+{
+ if (!hd)
+ return;
+
+ hd->found = hd->saved_found;
+ hd->saved_found = -1;
+ if (hd->found < 0 || hd->found >= hd->used)
+ return;
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYRING:
+ keyring_pop_found_state (hd->active[hd->found].u.kr);
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ keybox_pop_found_state (hd->active[hd->found].u.kb);
+ break;
+ }
+}
+
+
+\f
static gpg_error_t
parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
const u32 *sigstatus, kbnode_t *r_keyblock)
KEYDB_HANDLE keydb_new (void);
void keydb_release (KEYDB_HANDLE hd);
void keydb_disable_caching (KEYDB_HANDLE hd);
+void keydb_push_found_state (KEYDB_HANDLE hd);
+void keydb_pop_found_state (KEYDB_HANDLE hd);
const char *keydb_get_resource_name (KEYDB_HANDLE hd);
gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb);
gpg_error_t keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
void get_pubkey_end( GETKEY_CTX ctx );
gpg_error_t get_seckey (PKT_public_key *pk, u32 *keyid);
gpg_error_t get_pubkey_byfpr (PKT_public_key *pk, const byte *fpr);
-int get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint,
- size_t fprint_len );
+int get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock,
+ const byte *fprint, size_t fprint_len);
int get_pubkey_byfprint_fast (PKT_public_key *pk,
const byte *fprint, size_t fprint_len);
int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
-/* keyedit.c - keyedit stuff
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- * 2008, 2009, 2010 Free Software Foundation, Inc.
- * Copyright (C) 2013, 2014 Werner Koch
+/* keyedit.c - Edit properties of a key
+ * Copyright (C) 1998-2010 Free Software Foundation, Inc.
+ * Copyright (C) 1998-2015 Werner Koch
*
* This file is part of GnuPG.
*
# include <readline/readline.h>
#endif
-#define JNLIB_NEED_LOG_LOGV
#include "gpg.h"
#include "options.h"
#include "packet.h"
int nowarn);
static void show_key_and_fingerprint (KBNODE keyblock);
static void subkey_expire_warning (kbnode_t keyblock);
-static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name);
+static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name,
+ const char *uidstr);
static void menu_deluid (KBNODE pub_keyblock);
static int menu_delsig (KBNODE pub_keyblock);
static int menu_clean (KBNODE keyblock, int self_only);
if (err)
log_log ((gpg_err_code (err) == GPG_ERR_CANCELED
|| gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
- ? JNLIB_LOG_INFO : JNLIB_LOG_ERROR,
+ ? GPGRT_LOG_INFO : GPGRT_LOG_ERROR,
_("key %s: error changing passphrase: %s\n"),
keystr_with_sub (keyid, subid),
gpg_strerror (err));
* Note: This function does not work if there is more than one user ID.
*/
static int
-fix_keyblock (KBNODE keyblock)
+fix_key_signature_order (KBNODE keyblock)
{
KBNODE node, last, subkey;
int fixed = 0;
}
+/* Fix various problems in the keyblock. Returns true if the keyblock
+ was changed. Note that a pointer to the keyblock must be given and
+ the function may change it (i.e. replacing the first node). */
+static int
+fix_keyblock (kbnode_t *keyblockp)
+{
+ int changed = 0;
+
+ if (fix_key_signature_order (*keyblockp))
+ changed++;
+ if (collapse_uids (keyblockp))
+ changed++;
+ reorder_keyblock (*keyblockp);
+ /* If we modified the keyblock, make sure the flags are right. */
+ if (changed)
+ merge_keys_and_selfsig (*keyblockp);
+
+ return changed;
+}
+
+
static int
parse_sign_type (const char *str, int *localsig, int *nonrevokesig,
int *trustsig)
log_error (_("key \"%s\" not found: %s\n"), username, gpg_strerror (err));
goto leave;
}
- if (fix_keyblock (keyblock))
- modified++;
- if (collapse_uids (&keyblock))
+
+ if (fix_keyblock (&keyblock))
modified++;
- reorder_keyblock (keyblock);
- /* We modified the keyblock, so let's make sure the flags are
- right. */
- if (modified)
- merge_keys_and_selfsig (keyblock);
/* See whether we have a matching secret key. */
if (seckey_check)
photo = 1;
/* fall through */
case cmdADDUID:
- if (menu_adduid (keyblock, photo, arg_string))
+ if (menu_adduid (keyblock, photo, arg_string, NULL))
{
update_trust = 1;
redisplay = 1;
}
+/* Unattended adding of a new keyid. USERNAME specifies the
+ key. NEWUID is the new user id to add to the key. */
+void
+keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
+{
+ gpg_error_t err;
+ KEYDB_HANDLE kdbhd = NULL;
+ KEYDB_SEARCH_DESC desc;
+ kbnode_t keyblock = NULL;
+ kbnode_t node;
+ char *uidstring = NULL;
+
+ uidstring = xstrdup (newuid);
+ trim_spaces (uidstring);
+ if (!*uidstring)
+ {
+ log_error ("%s\n", gpg_strerror (GPG_ERR_INV_USER_ID));
+ goto leave;
+ }
+
+#ifdef HAVE_W32_SYSTEM
+ /* See keyedit_menu for why we need this. */
+ check_trustdb_stale ();
+#endif
+
+ /* Search the key; we don't want the whole getkey stuff here. */
+ kdbhd = keydb_new ();
+ err = classify_user_id (username, &desc, 1);
+ if (!err)
+ err = keydb_search (kdbhd, &desc, 1, NULL);
+ if (!err)
+ {
+ err = keydb_get_keyblock (kdbhd, &keyblock);
+ if (err)
+ {
+ log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+ /* Now with the keyblock retrieved, search again to detect an
+ ambiguous specification. We need to save the found state so
+ that we can do an update later. */
+ keydb_push_found_state (kdbhd);
+ err = keydb_search (kdbhd, &desc, 1, NULL);
+ if (!err)
+ err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
+ else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+ err = 0;
+ keydb_pop_found_state (kdbhd);
+
+ if (!err)
+ {
+ /* We require the secret primary key to add a UID. */
+ node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
+ if (!node)
+ BUG ();
+ err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key);
+ }
+ }
+ if (err)
+ {
+ log_error (_("secret key \"%s\" not found: %s\n"),
+ username, gpg_strerror (err));
+ goto leave;
+ }
+
+ fix_keyblock (&keyblock);
+
+ if (menu_adduid (keyblock, 0, NULL, uidstring))
+ {
+ err = keydb_update_keyblock (kdbhd, keyblock);
+ if (err)
+ {
+ log_error (_("update failed: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+
+ if (update_trust)
+ revalidation_mark ();
+ }
+
+ leave:
+ xfree (uidstring);
+ release_kbnode (keyblock);
+ keydb_release (kdbhd);
+}
+
+
/* Unattended key signing function. If the key specifified by FPR is
availabale and FPR is the primary fingerprint all user ids of the
user ids of the key are signed using the default signing key. If
log_error (_("key \"%s\" not found: %s\n"), fpr, gpg_strerror (err));
goto leave;
}
- if (fix_keyblock (keyblock))
- modified++;
- if (collapse_uids (&keyblock))
- modified++;
- reorder_keyblock (keyblock);
/* Check that the primary fingerprint has been given. */
{
}
}
- /* If we modified the keyblock, make sure the flags are right. */
- if (modified)
- merge_keys_and_selfsig (keyblock);
+ if (fix_keyblock (&keyblock))
+ modified++;
/* Give some info in verbose. */
if (opt.verbose)
/*
- * Ask for a new user id, add the self-signature and update the keyblock.
- * Return true if there is a new user id
+ * Ask for a new user id, add the self-signature, and update the
+ * keyblock. If UIDSTRING is not NULL the user ID is generated
+ * unattended using that string. UIDSTRING is expected to be utf-8
+ * encoded and white space trimmed. Returns true if there is a new
+ * user id.
*/
static int
-menu_adduid (KBNODE pub_keyblock, int photo, const char *photo_name)
+menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name,
+ const char *uidstring)
{
PKT_user_id *uid;
PKT_public_key *pk = NULL;
KBNODE pub_where = NULL;
gpg_error_t err;
+ if (photo && uidstring)
+ return 0; /* Not allowed. */
+
for (node = pub_keyblock; node; pub_where = node, node = node->next)
{
if (node->pkt->pkttype == PKT_PUBLIC_KEY)
uid = generate_photo_id (pk, photo_name);
}
else
- uid = generate_user_id (pub_keyblock);
+ uid = generate_user_id (pub_keyblock, uidstring);
if (!uid)
- return 0;
+ {
+ if (uidstring)
+ log_error ("%s", _("Such a user ID already exists on this key!\n"));
+ return 0;
+ }
err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0,
keygen_add_std_prefs, pk, NULL);
}
+/* Return true if the user id UID already exists in the keyblock. */
+static int
+uid_already_in_keyblock (kbnode_t keyblock, const char *uid)
+{
+ PKT_user_id *uidpkt = uid_from_string (uid);
+ kbnode_t node;
+ int result = 0;
+
+ for (node=keyblock; node && !result; node=node->next)
+ if (!is_deleted_kbnode (node)
+ && node->pkt->pkttype == PKT_USER_ID
+ && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id))
+ result = 1;
+ free_user_id (uidpkt);
+ return result;
+}
+
+
/* Ask for a user ID. With a MODE of 1 an extra help prompt is
printed for use during a new key creation. If KEYBLOCK is not NULL
the function prevents the creation of an already existing user
if (!fail && keyblock)
{
- PKT_user_id *uidpkt = uid_from_string (uid);
- KBNODE node;
-
- for (node=keyblock; node && !fail; node=node->next)
- if (!is_deleted_kbnode (node)
- && node->pkt->pkttype == PKT_USER_ID
- && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id))
- fail = 1;
- if (fail)
- tty_printf (_("Such a user ID already exists on this key!\n"));
- free_user_id (uidpkt);
+ if (uid_already_in_keyblock (keyblock, uid))
+ {
+ tty_printf (_("Such a user ID already exists on this key!\n"));
+ fail = 1;
+ }
}
for(;;) {
/* Generate a new user id packet or return NULL if canceled. If
KEYBLOCK is not NULL the function prevents the creation of an
- already existing user ID. */
+ already existing user ID. If UIDSTR is not NULL the user is not
+ asked but UIDSTR is used to create the user id packet; if the user
+ id already exists NULL is returned. UIDSTR is expected to be utf-8
+ encoded and should have already been checked for a valid length
+ etc. */
PKT_user_id *
-generate_user_id (KBNODE keyblock)
+generate_user_id (KBNODE keyblock, const char *uidstr)
{
+ PKT_user_id *uid;
char *p;
- p = ask_user_id (1, 1, keyblock);
- if (!p)
- return NULL; /* Canceled. */
- return uid_from_string (p);
+ if (uidstr)
+ {
+ if (uid_already_in_keyblock (keyblock, uidstr))
+ return NULL; /* Already exists. */
+ uid = uid_from_string (uidstr);
+ }
+ else
+ {
+ p = ask_user_id (1, 1, keyblock);
+ if (!p)
+ return NULL; /* Canceled. */
+ uid = uid_from_string (p);
+ xfree (p);
+ }
+ return uid;
}
int rc;
memset (&pk, 0, sizeof pk);
- rc = get_pubkey_byfprint (&pk, fprint, fprint_len);
+ rc = get_pubkey_byfprint (&pk, NULL, fprint, fprint_len);
if( rc )
{
log_error("Oops: keyid_from_fingerprint: no pubkey\n");
the tty output interface is used, otherwise output is directted to
the given stream. */
void
-print_pubkey_info (estream_t fp, PKT_public_key * pk)
+print_pubkey_info (estream_t fp, PKT_public_key *pk)
{
u32 keyid[2];
char *p;
if (fp)
tty_printf ("\n");
- tty_fprintf (fp, "pub %s/%s %s %s\n",
+ tty_fprintf (fp, "%s %s/%s %s %s\n",
+ pk->flags.primary? "pub":"sub",
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
keystr (keyid), datestr_from_pk (pk), p);
xfree (p);
char *serialno;
int s2k_char;
char pkstrbuf[PUBKEY_STRING_SIZE];
+ int indent;
for (node = keyblock; node; node = node->next)
{
else
s2k_char = '#'; /* Key not found. */
- tty_fprintf (fp, "%s%c %s/%s ",
+ tty_fprintf (fp, "%s%c %s/%s %n",
node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb",
s2k_char,
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
- keystr_from_pk (pk));
+ keystr_from_pk (pk),
+ &indent);
tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
tty_fprintf (fp, " ");
tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
if (serialno)
{
- tty_fprintf (fp, "\n ");
- tty_fprintf (fp, _("card-no: "));
+ tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: "));
if (strlen (serialno) == 32
&& !strncmp (serialno, "D27600012401", 12))
{
/* keyring.c - keyring file handling
- * Copyright (C) 2001, 2004, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 1998-2010 Free Software Foundation, Inc.
+ * Copyright (C) 1997-2015 Werner Koch
*
* This file is part of GnuPG.
*
size_t pk_no;
size_t uid_no;
unsigned int n_packets; /*used for delete and update*/
- } found;
+ } found, saved_found;
struct {
char *name;
char *pattern;
}
+/* Save the current found state in HD for later retrieval by
+ keybox_pop_found_state. Only one state may be saved. */
+void
+keyring_push_found_state (KEYRING_HANDLE hd)
+{
+ hd->saved_found = hd->found;
+ hd->found.kr = NULL;
+}
+
+
+/* Restore the saved found state in HD. */
+void
+keyring_pop_found_state (KEYRING_HANDLE hd)
+{
+ hd->found = hd->saved_found;
+ hd->saved_found.kr = NULL;
+}
+
+
const char *
keyring_get_resource_name (KEYRING_HANDLE hd)
{
KEYRING_HANDLE keyring_new (void *token);
void keyring_release (KEYRING_HANDLE hd);
+void keyring_push_found_state (KEYRING_HANDLE hd);
+void keyring_pop_found_state (KEYRING_HANDLE hd);
const char *keyring_get_resource_name (KEYRING_HANDLE hd);
int keyring_lock (KEYRING_HANDLE hd, int yes);
int keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb);
int keyserver_fetch (ctrl_t ctrl, strlist_t urilist);
int keyserver_import_cert (ctrl_t ctrl, const char *name,
unsigned char **fpr,size_t *fpr_len);
-int keyserver_import_pka (ctrl_t ctrl,
- const char *name,unsigned char **fpr,size_t *fpr_len);
+gpg_error_t keyserver_import_pka (ctrl_t ctrl, const char *name,
+ unsigned char **fpr,size_t *fpr_len);
int keyserver_import_name (ctrl_t ctrl,
const char *name,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver);
#include "trustdb.h"
#include "keyserver-internal.h"
#include "util.h"
-#include "dns-cert.h"
-#include "pka.h"
#ifdef USE_DNS_SRV
#include "srv.h"
#endif
{
/* some of these options are not real - just for the help
message */
- {"max-cert-size",0,NULL,NULL},
+ {"max-cert-size",0,NULL,NULL}, /* MUST be the first in this array! */
+ {"http-proxy", KEYSERVER_HTTP_PROXY, NULL, /* MUST be the second! */
+ N_("override proxy options set for dirmngr")},
+
{"include-revoked",0,NULL,N_("include revoked keys in search results")},
{"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")},
- {"use-temp-files",0,NULL,
- N_("use temporary files to pass data to keyserver helpers")},
- {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL,
- N_("do not delete temporary files after using them")},
+ {"timeout", KEYSERVER_TIMEOUT, NULL,
+ N_("override timeout options set for dirmngr")},
{"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL,
NULL},
{"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL,
static gpg_error_t keyserver_get (ctrl_t ctrl,
KEYDB_SEARCH_DESC *desc, int ndesc,
- struct keyserver_spec *keyserver,
+ struct keyserver_spec *override_keyserver,
unsigned char **r_fpr, size_t *r_fprlen);
static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs,
struct keyserver_spec *keyserver);
static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE;
+
static void
-warn_kshelper_option(char *option)
+warn_kshelper_option(char *option, int noisy)
{
char *p;
else if (!strcmp (option, "check-cert")
|| !strcmp (option, "broken-http-proxy"))
log_info ("keyserver option '%s' is obsolete\n", option);
+ else if (noisy || opt.verbose)
+ log_info ("keyserver option '%s' is unknown\n", option);
}
+/* Called from main to parse the args for --keyserver-options. */
int
parse_keyserver_options(char *options)
{
char *max_cert=NULL;
keyserver_opts[0].value=&max_cert;
+ keyserver_opts[1].value=&opt.keyserver_options.http_proxy;
while((tok=optsep(&options)))
{
if(tok[0]=='\0')
continue;
- /* For backwards compatibility. 1.2.x used honor-http-proxy and
- there are a good number of documents published that recommend
- it. */
- if(ascii_strcasecmp(tok,"honor-http-proxy")==0)
- tok="http-proxy";
- else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0)
- tok="no-http-proxy";
-
/* We accept quite a few possible options here - some options to
handle specially, the keyserver_options list, and import and
- export options that pertain to keyserver operations. Note
- that you must use strncasecmp here as there might be an
- =argument attached which will foil the use of strcasecmp. */
-
-#ifdef EXEC_TEMPFILE_ONLY
- if(ascii_strncasecmp(tok,"use-temp-files",14)==0 ||
- ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
- log_info(_("WARNING: keyserver option '%s' is not used"
- " on this platform\n"),tok);
-#else
- if(ascii_strncasecmp(tok,"use-temp-files",14)==0)
- opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES;
- else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0)
- opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES;
-#endif
- else if(!parse_options(tok,&opt.keyserver_options.options,
- keyserver_opts,0)
- && !parse_import_options(tok,
- &opt.keyserver_options.import_options,0)
- && !parse_export_options(tok,
- &opt.keyserver_options.export_options,0))
+ export options that pertain to keyserver operations. */
+
+ if (!parse_options (tok,&opt.keyserver_options.options, keyserver_opts,0)
+ && !parse_import_options(tok,&opt.keyserver_options.import_options,0)
+ && !parse_export_options(tok,&opt.keyserver_options.export_options,0))
{
/* All of the standard options have failed, so the option was
destined for a keyserver plugin as used by GnuPG < 2.1 */
- warn_kshelper_option (tok);
+ warn_kshelper_option (tok, 1);
}
}
return ret;
}
+
void
free_keyserver_spec(struct keyserver_spec *keyserver)
{
options++;
while((tok=optsep(&options)))
- warn_kshelper_option (tok);
+ warn_kshelper_option (tok, 0);
}
/* Get the scheme */
{
struct keyserver_spec *keyserver=desc[i].skipfncvalue;
+ if (!opt.quiet)
+ log_info (_("refreshing 1 key from %s\n"), keyserver->uri);
+
/* We use the keyserver structure we parsed out before.
Note that a preferred keyserver without a scheme://
will be interpreted as hkp:// */
if(count>0)
{
- if(opt.keyserver)
+ if(opt.keyserver && !opt.quiet)
{
if(count==1)
log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri);
keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
int *r_ndesc_used,
void *stats_handle,
- struct keyserver_spec *keyserver,
+ struct keyserver_spec *override_keyserver,
unsigned char **r_fpr, size_t *r_fprlen)
{
return err;
}
- if (!quiet && keyserver)
+ if (!quiet && override_keyserver)
{
- if (keyserver->host)
+ if (override_keyserver->host)
log_info (_("requesting key %s from %s server %s\n"),
keystr_from_desc (&desc[idx]),
- keyserver->scheme, keyserver->host);
+ override_keyserver->scheme, override_keyserver->host);
else
log_info (_("requesting key %s from %s\n"),
- keystr_from_desc (&desc[idx]), keyserver->uri);
+ keystr_from_desc (&desc[idx]), override_keyserver->uri);
}
}
this is different from NPAT. */
*r_ndesc_used = idx;
- err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source);
+ err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver,
+ &datastream, &source);
for (idx=0; idx < npat; idx++)
xfree (pattern[idx]);
xfree (pattern);
/* Retrieve a key from a keyserver. The search pattern are in
(DESC,NDESC). Allowed search modes are keyid, fingerprint, and
- exact searches. KEYSERVER gives an optional override keyserver. If
- (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a
- single imported key. */
+ exact searches. OVERRIDE_KEYSERVER gives an optional override
+ keyserver. If (R_FPR,R_FPRLEN) are not NULL, they may return the
+ fingerprint of a single imported key. */
static gpg_error_t
keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
- struct keyserver_spec *keyserver,
+ struct keyserver_spec *override_keyserver,
unsigned char **r_fpr, size_t *r_fprlen)
{
gpg_error_t err;
for (;;)
{
err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle,
- keyserver, r_fpr, r_fprlen);
+ override_keyserver, r_fpr, r_fprlen);
if (!err)
any_good = 1;
if (err || ndesc_used >= ndesc)
if(domain)
*domain='.';
- err = get_dns_cert (look, DNS_CERTTYPE_ANY, &key, fpr, fpr_len, &url);
+ err = gpg_dirmngr_dns_cert (ctrl, look, "*", &key, fpr, fpr_len, &url);
if (err)
;
else if (key)
/* Import key pointed to by a PKA record. Return the requested
fingerprint in fpr. */
-int
-keyserver_import_pka (ctrl_t ctrl,
- const char *name,unsigned char **fpr,size_t *fpr_len)
+gpg_error_t
+keyserver_import_pka (ctrl_t ctrl, const char *name,
+ unsigned char **fpr, size_t *fpr_len)
{
- char *uri;
- int rc = GPG_ERR_NO_PUBKEY;
-
- *fpr = xmalloc (20);
- *fpr_len = 20;
+ gpg_error_t err;
+ char *url;
- uri = get_pka_info (name, *fpr, 20);
- if (uri && *uri)
+ err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url);
+ if (url && *url && fpr && fpr_len)
{
- /* An URI is available. Lookup the key. */
+ /* An URL is available. Lookup the key. */
struct keyserver_spec *spec;
- spec = parse_keyserver_uri (uri, 1);
+ spec = parse_keyserver_uri (url, 1);
if (spec)
{
- rc = keyserver_import_fprint (ctrl, *fpr, 20, spec);
+ err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec);
free_keyserver_spec (spec);
}
}
- xfree (uri);
+ xfree (url);
- if (rc)
+ if (err)
{
xfree(*fpr);
*fpr = NULL;
+ *fpr_len = 0;
}
- return rc;
+ return err;
}
void keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
strlist_t commands, int quiet, int seckey_check );
void keyedit_passwd (ctrl_t ctrl, const char *username);
+void keyedit_quick_adduid (ctrl_t ctrl, const char *username,
+ const char *newuid);
void keyedit_quick_sign (ctrl_t ctrl, const char *fpr,
strlist_t uids, strlist_t locusr, int local);
void show_basic_key_info (KBNODE keyblock);
#include "trustdb.h"
#include "keyserver-internal.h"
#include "photoid.h"
-#include "pka.h"
#include "mbox-util.h"
-
+#include "call-dirmngr.h"
/* Put an upper limit on nested packets. The 32 is an arbitrary
value, a much lower should actually be sufficient. */
be retrieved for the signature we merely return it; if not we go
out and try to get that DNS record. */
static const char *
-pka_uri_from_sig (PKT_signature *sig)
+pka_uri_from_sig (CTX c, PKT_signature *sig)
{
if (!sig->flags.pka_tried)
{
sig->pka_info = get_pka_address (sig);
if (sig->pka_info)
{
- char *uri;
+ char *url;
+ unsigned char *fpr;
+ size_t fprlen;
- uri = get_pka_info (sig->pka_info->email,
- sig->pka_info->fpr, sizeof sig->pka_info->fpr);
- if (uri)
+ if (!gpg_dirmngr_get_pka (c->ctrl, sig->pka_info->email,
+ &fpr, &fprlen, &url))
{
- sig->pka_info->valid = 1;
- if (!*uri)
- xfree (uri);
- else
- sig->pka_info->uri = uri;
+ if (fpr && fprlen == sizeof sig->pka_info->fpr)
+ {
+ memcpy (sig->pka_info->fpr, fpr, fprlen);
+ if (url)
+ {
+ sig->pka_info->valid = 1;
+ if (!*url)
+ xfree (url);
+ else
+ sig->pka_info->uri = url;
+ url = NULL;
+ }
+ }
+ xfree (fpr);
+ xfree (url);
}
}
}
&& (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
&& (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD))
{
- const char *uri = pka_uri_from_sig (sig);
+ const char *uri = pka_uri_from_sig (c, sig);
if (uri)
{
if (!rc)
{
if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
- pka_uri_from_sig (sig); /* Make sure PKA info is available. */
+ pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
rc = check_signatures_trust (sig);
}
unsigned int options;
unsigned int import_options;
unsigned int export_options;
+ char *http_proxy;
} keyserver_options;
int exec_disable;
int exec_path_set;
#define VERIFY_PKA_TRUST_INCREASE (1<<8)
#define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9)
-#define KEYSERVER_USE_TEMP_FILES (1<<0)
-#define KEYSERVER_KEEP_TEMP_FILES (1<<1)
+#define KEYSERVER_HTTP_PROXY (1<<0)
+#define KEYSERVER_TIMEOUT (1<<1)
#define KEYSERVER_ADD_FAKE_V3 (1<<2)
#define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3)
#define KEYSERVER_HONOR_KEYSERVER_URL (1<<4)
void *opaque );
/*-- keygen.c --*/
-PKT_user_id *generate_user_id (KBNODE keyblock);
+PKT_user_id *generate_user_id (kbnode_t keyblock, const char *uidstr);
#endif /*G10_PACKET_H*/
goto skipit; /* Definitely too large. We skip it to avoid an
overflow in the malloc. */
if (list_mode)
- puts ("- gpg control packet");
+ es_fputs ("- gpg control packet", listfp);
packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
+ pktlen - 1);
else
{
pk2 = xmalloc_clear (sizeof *pk2);
- rc = get_pubkey_byfprint (pk2,
+ rc = get_pubkey_byfprint (pk2, NULL,
pk->revkey[i].fpr, MAX_FINGERPRINT_LEN);
}
;
/* Store the calculated valididation status somewhere */
- if (opt.verbose > 1)
+ if (opt.verbose > 1 && DBG_TRUST)
dump_key_array (depth, keys);
for (kar=keys; kar->keyblock; kar++)
#include <limits.h>
#include <assert.h>
-#define JNLIB_NEED_LOG_LOGV
#include <gpg-error.h>
#include "../common/logging.h"
#include "../common/argparse.h"
/* Map the log levels. */
switch (level)
{
- case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break;
- case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break;
- case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break;
- case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break;
- case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
- case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break;
- case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
- default: level = JNLIB_LOG_ERROR; break;
+ case GCRY_LOG_CONT: level = GPGRT_LOG_CONT; break;
+ case GCRY_LOG_INFO: level = GPGRT_LOG_INFO; break;
+ case GCRY_LOG_WARN: level = GPGRT_LOG_WARN; break;
+ case GCRY_LOG_ERROR:level = GPGRT_LOG_ERROR; break;
+ case GCRY_LOG_FATAL:level = GPGRT_LOG_FATAL; break;
+ case GCRY_LOG_BUG: level = GPGRT_LOG_BUG; break;
+ case GCRY_LOG_DEBUG:level = GPGRT_LOG_DEBUG; break;
+ default: level = GPGRT_LOG_ERROR; break;
}
log_logv (level, fmt, arg_ptr);
}
+++ /dev/null
-/* curl-shim.c - Implement a small subset of the curl API in terms of
- * the iobuf HTTP API
- *
- * Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-
-#include "util.h"
-#include "http.h"
-#include "ksutil.h"
-#include "curl-shim.h"
-
-static CURLcode
-handle_error(CURL *curl,CURLcode err,const char *str)
-{
- if(curl->errorbuffer)
- {
- /* Make sure you never exceed CURL_ERROR_SIZE, currently set to
- 256 in curl-shim.h */
- switch(err)
- {
- case CURLE_OK:
- strcpy(curl->errorbuffer,"okay");
- break;
-
- case CURLE_UNSUPPORTED_PROTOCOL:
- strcpy(curl->errorbuffer,"unsupported protocol");
- break;
-
- case CURLE_COULDNT_CONNECT:
- strcpy(curl->errorbuffer,"couldn't connect");
- break;
-
- case CURLE_WRITE_ERROR:
- strcpy(curl->errorbuffer,"write error");
- break;
-
- case CURLE_HTTP_RETURNED_ERROR:
- sprintf(curl->errorbuffer,"url returned error %u",curl->status);
- break;
-
- default:
- strcpy(curl->errorbuffer,"generic error");
- break;
- }
-
- if(str && (strlen(curl->errorbuffer)+2+strlen(str)+1)<=CURL_ERROR_SIZE)
- {
- strcat(curl->errorbuffer,": ");
- strcat(curl->errorbuffer,str);
- }
- }
-
- return err;
-}
-
-CURLcode
-curl_global_init(long flags)
-{
- (void)flags;
- return CURLE_OK;
-}
-
-void
-curl_global_cleanup(void) {}
-
-CURL *
-curl_easy_init(void)
-{
- CURL *handle;
-
-#ifdef HAVE_W32_SYSTEM
- w32_init_sockets ();
-#endif
-
- handle=calloc(1,sizeof(CURL));
- if(handle)
- handle->errors=stderr;
-
- return handle;
-}
-
-void
-curl_easy_cleanup(CURL *curl)
-{
- if (curl)
- {
- http_close (curl->hd, 0);
- free(curl);
- }
-}
-
-CURLcode
-curl_easy_setopt(CURL *curl,CURLoption option,...)
-{
- va_list ap;
-
- va_start(ap,option);
-
- switch(option)
- {
- case CURLOPT_URL:
- curl->url=va_arg(ap,char *);
- break;
- case CURLOPT_USERPWD:
- curl->auth=va_arg(ap,char *);
- break;
- case CURLOPT_WRITEFUNCTION:
- curl->writer=va_arg(ap,write_func);
- break;
- case CURLOPT_FILE:
- curl->file=va_arg(ap,void *);
- break;
- case CURLOPT_ERRORBUFFER:
- curl->errorbuffer=va_arg(ap,char *);
- break;
- case CURLOPT_PROXY:
- curl->proxy=va_arg(ap,char *);
- break;
- case CURLOPT_POST:
- curl->flags.post=va_arg(ap,long)?1:0;
- break;
- case CURLOPT_POSTFIELDS:
- curl->postfields=va_arg(ap,char *);
- break;
- case CURLOPT_SRVTAG_GPG_HACK:
- curl->srvtag=va_arg(ap,char *);
- break;
- case CURLOPT_FAILONERROR:
- curl->flags.failonerror=va_arg(ap,long)?1:0;
- break;
- case CURLOPT_VERBOSE:
- curl->flags.verbose=va_arg(ap,long)?1:0;
- break;
- case CURLOPT_STDERR:
- curl->errors=va_arg(ap,FILE *);
- break;
- case CURLOPT_HTTPHEADER:
- curl->headers=va_arg(ap,struct curl_slist *);
- break;
- default:
- /* We ignore the huge majority of curl options */
- break;
- }
-
- return handle_error(curl,CURLE_OK,NULL);
-}
-
-CURLcode
-curl_easy_perform(CURL *curl)
-{
- int rc;
- CURLcode err=CURLE_OK;
- const char *errstr=NULL;
- char *proxy=NULL;
-
- /* Emulate the libcurl proxy behavior. If the calling program set a
- proxy, use it. If it didn't set a proxy or set it to NULL, check
- for one in the environment. If the calling program explicitly
- set a null-string proxy the http code doesn't use a proxy at
- all. */
-
- if(curl->proxy)
- proxy=curl->proxy;
- else
- proxy=getenv(HTTP_PROXY_ENV);
-
- if(curl->flags.verbose)
- {
- fprintf(curl->errors,"* HTTP proxy is \"%s\"\n",proxy?proxy:"null");
- fprintf(curl->errors,"* HTTP URL is \"%s\"\n",curl->url);
- fprintf(curl->errors,"* HTTP auth is \"%s\"\n",
- curl->auth?curl->auth:"null");
- fprintf(curl->errors,"* HTTP method is %s\n",
- curl->flags.post?"POST":"GET");
- }
-
- if(curl->flags.post)
- {
- rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, NULL, curl->auth,
- 0, proxy, NULL, curl->srvtag,
- curl->headers?curl->headers->list:NULL);
- if (!rc)
- {
- unsigned int post_len = strlen(curl->postfields);
-
- es_fprintf (http_get_write_ptr (curl->hd),
- "Content-Type: application/x-www-form-urlencoded\r\n"
- "Content-Length: %u\r\n", post_len);
- http_start_data (curl->hd);
- es_write (http_get_write_ptr (curl->hd),
- curl->postfields, post_len, NULL);
-
- rc = http_wait_response (curl->hd);
- curl->status = http_get_status_code (curl->hd);
- if (!rc && curl->flags.failonerror && curl->status>=300)
- err = CURLE_HTTP_RETURNED_ERROR;
- http_close (curl->hd, 0);
- curl->hd = NULL;
- }
- }
- else
- {
- rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, NULL, curl->auth,
- 0, proxy, NULL, curl->srvtag,
- curl->headers?curl->headers->list:NULL);
- if (!rc)
- {
- rc = http_wait_response (curl->hd);
- curl->status = http_get_status_code (curl->hd);
- if (!rc)
- {
- if (curl->flags.failonerror && curl->status>=300)
- err = CURLE_HTTP_RETURNED_ERROR;
- else
- {
- size_t maxlen = 1024;
- size_t buflen;
- unsigned int len;
- char *line = NULL;
-
- while ((len = es_read_line (http_get_read_ptr (curl->hd),
- &line, &buflen, &maxlen)))
- {
- size_t ret;
-
- maxlen=1024;
-
- ret=(curl->writer)(line,len,1,curl->file);
- if(ret!=len)
- {
- err=CURLE_WRITE_ERROR;
- break;
- }
- }
-
- es_free (line);
- http_close(curl->hd, 0);
- curl->hd = NULL;
- }
- }
- else
- {
- http_close (curl->hd, 0);
- curl->hd = NULL;
- }
- }
- }
-
- switch(gpg_err_code (rc))
- {
- case 0:
- break;
-
- case GPG_ERR_INV_URI:
- err=CURLE_UNSUPPORTED_PROTOCOL;
- break;
-
- default:
- errstr=gpg_strerror (rc);
- err=CURLE_COULDNT_CONNECT;
- break;
- }
-
- return handle_error(curl,err,errstr);
-}
-
-/* This is not the same exact set that is allowed according to
- RFC-2396, but it is what the real curl uses. */
-#define VALID_URI_CHARS "abcdefghijklmnopqrstuvwxyz" \
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
- "0123456789"
-
-char *
-curl_escape(char *str,int length)
-{
- int len,max,idx,enc_idx=0;
- char *enc;
-
- if(length)
- len=length;
- else
- len=strlen(str);
-
- enc=malloc(len+1);
- if(!enc)
- return enc;
-
- max=len;
-
- for(idx=0;idx<len;idx++)
- {
- if(enc_idx+3>max)
- {
- char *tmp;
-
- max+=100;
-
- tmp=realloc(enc,max+1);
- if(!tmp)
- {
- free(enc);
- return NULL;
- }
-
- enc=tmp;
- }
-
- if(strchr(VALID_URI_CHARS,str[idx]))
- enc[enc_idx++]=str[idx];
- else
- {
- char numbuf[5];
- sprintf(numbuf,"%%%02X",str[idx]);
- strcpy(&enc[enc_idx],numbuf);
- enc_idx+=3;
- }
- }
-
- enc[enc_idx]='\0';
-
- return enc;
-}
-
-curl_version_info_data *
-curl_version_info(int type)
-{
- static curl_version_info_data data;
- static const char *protocols[]={"http",NULL};
-
- (void)type;
-
- data.protocols=protocols;
-
- return &data;
-}
-
-struct curl_slist *
-curl_slist_append(struct curl_slist *list,const char *string)
-{
- if(!list)
- {
- list=calloc(1,sizeof(*list));
- if(!list)
- return NULL;
- }
-
- add_to_strlist(&list->list,string);
-
- return list;
-}
-
-void
-curl_slist_free_all(struct curl_slist *list)
-{
- if(list)
- {
- free_strlist(list->list);
- free(list);
- }
-}
+++ /dev/null
-/* curl-shim.h
- * Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
- *
- * This file is part of GNUPG.
- *
- * GNUPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GNUPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef _CURL_SHIM_H_
-#define _CURL_SHIM_H_
-
-#include "util.h"
-#include "http.h"
-
-typedef enum
- {
- CURLE_OK=0,
- CURLE_UNSUPPORTED_PROTOCOL=1,
- CURLE_COULDNT_CONNECT=7,
- CURLE_FTP_COULDNT_RETR_FILE=19,
- CURLE_HTTP_RETURNED_ERROR=22,
- CURLE_WRITE_ERROR=23
- } CURLcode;
-
-typedef enum
- {
- CURLOPT_URL,
- CURLOPT_USERPWD,
- CURLOPT_WRITEFUNCTION,
- CURLOPT_FILE,
- CURLOPT_ERRORBUFFER,
- CURLOPT_FOLLOWLOCATION,
- CURLOPT_MAXREDIRS,
- CURLOPT_STDERR,
- CURLOPT_VERBOSE,
- CURLOPT_SSL_VERIFYPEER,
- CURLOPT_PROXY,
- CURLOPT_CAINFO,
- CURLOPT_POST,
- CURLOPT_POSTFIELDS,
- CURLOPT_FAILONERROR,
- CURLOPT_HTTPHEADER,
- CURLOPT_SRVTAG_GPG_HACK
- } CURLoption;
-
-typedef size_t (*write_func)(char *buffer,size_t size,
- size_t nitems,void *outstream);
-
-typedef struct
-{
- char *url;
- char *auth;
- char *errorbuffer;
- char *proxy;
- write_func writer;
- void *file;
- char *postfields;
- char *srvtag;
- unsigned int status;
- FILE *errors;
- struct curl_slist *headers;
- struct
- {
- unsigned int post:1;
- unsigned int failonerror:1;
- unsigned int verbose:1;
- } flags;
- http_t hd;
-} CURL;
-
-typedef struct
-{
- const char **protocols;
-} curl_version_info_data;
-
-#define CURL_ERROR_SIZE 256
-#define CURL_GLOBAL_DEFAULT 0
-#define CURLVERSION_NOW 0
-
-CURLcode curl_global_init(long flags);
-void curl_global_cleanup(void);
-CURL *curl_easy_init(void);
-CURLcode curl_easy_setopt(CURL *curl,CURLoption option,...);
-CURLcode curl_easy_perform(CURL *curl);
-void curl_easy_cleanup(CURL *curl);
-char *curl_escape(char *str,int len);
-#define curl_free(x) free(x)
-#define curl_version() GNUPG_NAME" curl-shim"
-curl_version_info_data *curl_version_info(int type);
-
-struct curl_slist
-{
- strlist_t list;
-};
-
-struct curl_slist *curl_slist_append(struct curl_slist *list,
- const char *string);
-void curl_slist_free_all(struct curl_slist *list);
-
-#endif /* !_CURL_SHIM_H_ */
+++ /dev/null
-#!@PERL@ -w
-
-# gpg2keys_mailto - talk to a email keyserver
-# Copyright (C) 2001, 2002 Free Software Foundation, Inc.
-#
-# This file is part of GnuPG.
-#
-# GnuPG is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# GnuPG is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
-use Getopt::Std;
-$Getopt::Std::STANDARD_HELP_VERSION=1;
-$sendmail="@SENDMAIL@ -t";
-
-###
-
-sub VERSION_MESSAGE ()
-{
- print STDOUT "gpg2keys_mailto (GnuPG) @VERSION@\n";
-}
-
-sub HELP_MESSAGE ()
-{
- print STDOUT <<EOT
-
---help Print this help
---version Print the version
--o FILE Write output to FILE
-EOT
-}
-
-
-
-getopts('o:');
-
-if(defined($opt_o))
-{
- open(STDOUT,">$opt_o") || die "Can't open output file $opt_o\n";
-}
-
-if(@ARGV)
-{
- open(STDIN,$ARGV[0]) || die "Can't open input file $ARGV[0]\n";
-}
-
-while(<STDIN>)
-{
- last if($_ eq "\n");
-
- if(/^COMMAND (\S+)/)
- {
- $command=$1;
- }
-
- if(/^OPAQUE (\S+)/)
- {
- $address=$1;
- }
-
- if(/^PROGRAM (\S+)/)
- {
- $program=$1;
- }
-
- if(/^OPTION (\S+)/)
- {
- if($1=~/^verbose$/i)
- {
- $verbose++;
- }
- elsif($1=~/^no-verbose$/i)
- {
- $verbose--;
- }
- elsif($1=~/^mail-from=(.+)$/i)
- {
- $from=$1;
- }
- elsif($1=~/^no-mail-from$/i)
- {
- undef $from;
- }
-
- }
-}
-
-if(!defined($from))
-{
- ($login,$name)=(getpwuid($<))[0,6];
- $from="$name <$login>";
-}
-
-$program="(unknown)" if(!defined($program));
-
-if(!defined($address))
-{
- print STDERR "gpgkeys: no address provided\n";
- exit(1);
-}
-
-while(<STDIN>)
-{
- last if($_ eq "\n");
-
- chomp;
-
- push(@keys,$_);
-}
-
-# Send response
-
-print "VERSION 1\n";
-print "OPTION OUTOFBAND\n\n";
-
-# Email keyservers get and search the same way
-
-if($command=~/get/i || $command=~/search/i)
-{
- if($command=~/search/i)
- {
- print "COUNT 0\n";
- }
-
- foreach $key (@keys)
- {
- open(MAIL,"|$sendmail") || die "ERROR: Can't open $sendmail\n";
- print MAIL "From: $from\n";
- print MAIL "To: $address\n";
- if($command=~/get/i)
- {
- # mail keyservers don't like long-form keyids
-
- if(substr($key,0,2) eq "0x")
- {
- $key=substr($key,2);
- }
-
- if(length($key)>8)
- {
- $key=substr($key,-8);
- }
-
- print MAIL "Subject: GET 0x$key\n\n";
- }
- else
- {
- print MAIL "Subject: GET $key\n\n";
- }
- print MAIL "GnuPG $program email keyserver request\n";
- close(MAIL);
-
- # Tell GnuPG not to expect a key
- print "KEY $key OUTOFBAND\n";
-
- if($verbose)
- {
- print STDERR "gpgkeys: key $key requested from $address\n";
- }
- }
-}
-
-if($command=~/send/i)
-{
- while(!eof(STDIN))
- {
- open(MAIL,"|$sendmail") || die "ERROR: Can't open $sendmail\n";
- print MAIL "From: $name <$login>\n";
- print MAIL "To: $address\n";
- print MAIL "Subject: ADD\n\n";
-
- while(<STDIN>)
- {
- if(/^KEY (\S+) BEGIN$/)
- {
- $key=$1;
- last;
- }
- }
-
- while(<STDIN>)
- {
- if(/^KEY \S+ END$/)
- {
- last;
- }
-
- print MAIL;
- }
-
- close(MAIL);
-
- if($verbose)
- {
- print STDERR "gpgkeys: key $key sent to $address\n";
- }
- }
-}
-
-
-# Local Variables:
-# mode:perl
-# End:
+++ /dev/null
-#!@PERL@
-
-# gpg2keys_test - keyserver code tester
-# Copyright (C) 2001 Free Software Foundation, Inc.
-#
-# This file is part of GnuPG.
-#
-# GnuPG is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# GnuPG is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see <http://www.gnu.org/licenses/>.
-use Getopt::Std;
-$Getopt::Std::STANDARD_HELP_VERSION=1;
-
-$|=1;
-
-sub VERSION_MESSAGE ()
-{
- print STDOUT "gpg2keys_test (GnuPG) @VERSION@\n";
-}
-
-sub HELP_MESSAGE ()
-{
- print STDOUT <<EOT
-
---help Print this help
---version Print the version
-EOT
-}
-
-
-getopts('o:');
-
-print STDERR "gpgkeys_test starting\n";
-
-if(defined($opt_o))
-{
- print STDERR "Using output file $opt_o\n";
- open(STDOUT,">$opt_o") || die "Can't open output file $opt_o\n";
-}
-
-if(@ARGV)
-{
- print STDERR "Using input file $ARGV[0]\n";
- open(STDIN,$ARGV[0]) || die "Can't open input file $ARGV[0]\n";
-}
-
-# Get the command block
-
-print STDERR "Command block:\n";
-
-while(<STDIN>)
-{
- last if($_ eq "\n");
- print STDERR "--command-> $_";
-
- if(/^COMMAND (\w+)/)
- {
- $command=$1;
- }
-}
-
-# Get the keylist block
-
-print STDERR "Keylist block:\n";
-
-while(<STDIN>)
-{
- last if($_ eq "\n");
- print STDERR "--keylist-> $_";
-}
-
-# If it's a SEND, then get the key material
-
-if($command eq "SEND")
-{
- print STDERR "Key material to send:\n";
-
- while(<STDIN>)
- {
- print STDERR "$_";
- }
-}
-
-printf STDERR "gpgkeys_test finished\n";
-
-# Local Variables:
-# mode:perl
-# End:
+++ /dev/null
-/* gpgkeys_curl.c - fetch a key via libcurl
- * Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * In addition, as a special exception, the Free Software Foundation
- * gives permission to link the code of the keyserver helper tools:
- * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
- * project's "OpenSSL" library (or with modified versions of it that
- * use the same license as the "OpenSSL" library), and distribute the
- * linked executables. You must obey the GNU General Public License
- * in all respects for all of the code used other than "OpenSSL". If
- * you modify this file, you may extend this exception to your version
- * of the file, but you are not obligated to do so. If you do not
- * wish to do so, delete this exception statement from your version.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#endif
-#ifdef HAVE_LIBCURL
-#include <curl/curl.h>
-#else
-#include "curl-shim.h"
-#endif
-#include "keyserver.h"
-#include "ksutil.h"
-
-extern char *optarg;
-extern int optind;
-
-static FILE *input,*output,*console;
-static CURL *curl;
-static struct ks_options *opt;
-
-static int
-get_key(char *getkey)
-{
- CURLcode res;
- char errorbuffer[CURL_ERROR_SIZE];
- char request[MAX_URL];
- struct curl_writer_ctx ctx;
-
- memset(&ctx,0,sizeof(ctx));
-
- if(strncmp(getkey,"0x",2)==0)
- getkey+=2;
-
- fprintf(output,"KEY 0x%s BEGIN\n",getkey);
-
- sprintf(request,"%s://%s%s%s%s",opt->scheme,opt->host,
- opt->port?":":"",opt->port?opt->port:"",opt->path?opt->path:"/");
-
- curl_easy_setopt(curl,CURLOPT_URL,request);
- curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
- ctx.stream=output;
- curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
- curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
-
- res=curl_easy_perform(curl);
- if(res!=CURLE_OK)
- {
- fprintf(console,"gpgkeys: %s fetch error %d: %s\n",opt->scheme,
- res,errorbuffer);
- fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
- }
- else
- {
- curl_writer_finalize(&ctx);
- if(!ctx.flags.done)
- {
- fprintf(console,"gpgkeys: no key data found for %s\n",request);
- fprintf(output,"\nKEY 0x%s FAILED %d\n",
- getkey,KEYSERVER_KEY_NOT_FOUND);
- }
- else
- fprintf(output,"\nKEY 0x%s END\n",getkey);
- }
-
- return curl_err_to_gpg_err(res);
-}
-
-static void
-show_help (FILE *fp)
-{
- fprintf (fp,"-h, --help\thelp\n");
- fprintf (fp,"-V\t\tmachine readable version\n");
- fprintf (fp,"--version\thuman readable version\n");
- fprintf (fp,"-o\t\toutput to this file\n");
-}
-
-int
-main(int argc,char *argv[])
-{
- int arg,ret=KEYSERVER_INTERNAL_ERROR,i;
- char line[MAX_LINE];
- char *thekey=NULL;
- long follow_redirects=5;
- char *proxy=NULL;
- curl_version_info_data *curldata;
- struct curl_slist *headers=NULL;
-
- console=stderr;
-
- /* Kludge to implement standard GNU options. */
- if (argc > 1 && !strcmp (argv[1], "--version"))
- {
- printf ("gpgkeys_curl (%s) %s\n", GNUPG_NAME, VERSION);
- printf ("Uses: %s\n", curl_version());
- return 0;
- }
- else if (argc > 1 && !strcmp (argv[1], "--help"))
- {
- show_help (stdout);
- return 0;
- }
-
- while((arg=getopt(argc,argv,"hVo:"))!=-1)
- switch(arg)
- {
- default:
- case 'h':
- show_help (console);
- return KEYSERVER_OK;
-
- case 'V':
- fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
- return KEYSERVER_OK;
-
- case 'o':
- output=fopen(optarg,"wb");
- if(output==NULL)
- {
- fprintf(console,"gpgkeys: Cannot open output file '%s': %s\n",
- optarg,strerror(errno));
- return KEYSERVER_INTERNAL_ERROR;
- }
-
- break;
- }
-
- if(argc>optind)
- {
- input=fopen(argv[optind],"r");
- if(input==NULL)
- {
- fprintf(console,"gpgkeys: Cannot open input file '%s': %s\n",
- argv[optind],strerror(errno));
- return KEYSERVER_INTERNAL_ERROR;
- }
- }
-
- if(input==NULL)
- input=stdin;
-
- if(output==NULL)
- output=stdout;
-
- opt=init_ks_options();
- if(!opt)
- return KEYSERVER_NO_MEMORY;
-
- /* Get the command and info block */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- {
- int err;
- char option[MAX_OPTION+1];
-
- if(line[0]=='\n')
- break;
-
- err=parse_ks_options(line,opt);
- if(err>0)
- {
- ret=err;
- goto fail;
- }
- else if(err==0)
- continue;
-
- if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
- {
- int no=0;
- char *start=&option[0];
-
- option[MAX_OPTION]='\0';
-
- if(strncasecmp(option,"no-",3)==0)
- {
- no=1;
- start=&option[3];
- }
-
- if(strncasecmp(start,"http-proxy",10)==0)
- {
- /* Safe to not check the return code of strdup() here.
- If it fails, we simply won't use a proxy. */
- if(no)
- {
- free(proxy);
- proxy=strdup("");
- }
- else if(start[10]=='=')
- {
- if(strlen(&start[11])<MAX_PROXY)
- {
- free(proxy);
- proxy=strdup(&start[11]);
- }
- }
- }
- else if(strncasecmp(start,"follow-redirects",16)==0)
- {
- if(no)
- follow_redirects=0;
- else if(start[16]=='=')
- follow_redirects=atoi(&start[17]);
- else if(start[16]=='\0')
- follow_redirects=-1;
- }
-
- continue;
- }
- }
-
- if(!opt->scheme)
- {
- fprintf(console,"gpgkeys: no scheme supplied!\n");
- ret=KEYSERVER_SCHEME_NOT_FOUND;
- goto fail;
- }
-
- if(!opt->host)
- {
- fprintf(console,"gpgkeys: no keyserver host provided\n");
- goto fail;
- }
-
- if(opt->timeout && register_timeout()==-1)
- {
- fprintf(console,"gpgkeys: unable to register timeout handler\n");
- return KEYSERVER_INTERNAL_ERROR;
- }
-
- curl_global_init(CURL_GLOBAL_DEFAULT);
-
- curl=curl_easy_init();
- if(!curl)
- {
- fprintf(console,"gpgkeys: unable to initialize curl\n");
- ret=KEYSERVER_INTERNAL_ERROR;
- goto fail;
- }
-
- /* Make sure we have the protocol the user is asking for so we can
- print a nicer error message. */
- curldata=curl_version_info(CURLVERSION_NOW);
- for(i=0;curldata->protocols[i];i++)
- if(strcasecmp(curldata->protocols[i],opt->scheme)==0)
- break;
-
- if(curldata->protocols[i]==NULL)
- {
- fprintf(console,"gpgkeys: protocol '%s' not supported\n",opt->scheme);
- ret=KEYSERVER_SCHEME_NOT_FOUND;
- goto fail;
- }
-
- if(follow_redirects)
- {
- curl_easy_setopt(curl,CURLOPT_FOLLOWLOCATION,1L);
- if(follow_redirects>0)
- curl_easy_setopt(curl,CURLOPT_MAXREDIRS,follow_redirects);
- }
-
- if(opt->auth)
- curl_easy_setopt(curl,CURLOPT_USERPWD,opt->auth);
-
- if(opt->debug)
- {
- fprintf(console,"gpgkeys: curl version = %s\n",curl_version());
- curl_easy_setopt(curl,CURLOPT_STDERR,console);
- curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
- }
-
- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
- curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
-
- /* Avoid caches to get the most recent copy of the key. This is bug
- #1061. In pre-curl versions of the code, we didn't do it. Then
- we did do it (as a curl default) until curl changed the default.
- Now we're doing it again, but in such a way that changing
- defaults in the future won't impact us. We set both the Pragma
- and Cache-Control versions of the header, so we're good with both
- HTTP 1.0 and 1.1. */
- headers=curl_slist_append(headers,"Pragma: no-cache");
- if(headers)
- headers=curl_slist_append(headers,"Cache-Control: no-cache");
-
- if(!headers)
- {
- fprintf(console,"gpgkeys: out of memory when building HTTP headers\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
-
- if(proxy)
- curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
-
- /* If it's a GET or a SEARCH, the next thing to come in is the
- keyids. If it's a SEND, then there are no keyids. */
-
- if(opt->action==KS_GET)
- {
- /* Eat the rest of the file */
- for(;;)
- {
- if(fgets(line,MAX_LINE,input)==NULL)
- break;
- else
- {
- if(line[0]=='\n' || line[0]=='\0')
- break;
-
- if(!thekey)
- {
- thekey=strdup(line);
- if(!thekey)
- {
- fprintf(console,"gpgkeys: out of memory while "
- "building key list\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- /* Trim the trailing \n */
- thekey[strlen(line)-1]='\0';
- }
- }
- }
- }
- else
- {
- fprintf(console,
- "gpgkeys: this keyserver type only supports key retrieval\n");
- goto fail;
- }
-
- if(!thekey)
- {
- fprintf(console,"gpgkeys: invalid keyserver instructions\n");
- goto fail;
- }
-
- /* Send the response */
-
- fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
- fprintf(output,"PROGRAM %s\n\n",VERSION);
-
- if(opt->verbose)
- {
- fprintf(console,"Scheme:\t\t%s\n",opt->scheme);
- fprintf(console,"Host:\t\t%s\n",opt->host);
- if(opt->port)
- fprintf(console,"Port:\t\t%s\n",opt->port);
- if(opt->path)
- fprintf(console,"Path:\t\t%s\n",opt->path);
- fprintf(console,"Command:\tGET\n");
- }
-
- set_timeout(opt->timeout);
-
- ret=get_key(thekey);
-
- fail:
-
- free(thekey);
-
- if(input!=stdin)
- fclose(input);
-
- if(output!=stdout)
- fclose(output);
-
- free_ks_options(opt);
-
- curl_slist_free_all(headers);
-
- if(curl)
- curl_easy_cleanup(curl);
-
- free(proxy);
-
- curl_global_cleanup();
-
- return ret;
-}
+++ /dev/null
-/* gpgkeys_finger.c - fetch a key via finger
- * Copyright (C) 2004, 2005 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#endif
-
-#ifdef HAVE_W32_SYSTEM
-#include <windows.h>
-#else
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <time.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-#endif
-
-#define INCLUDED_BY_MAIN_MODULE 1
-#include "util.h"
-#include "keyserver.h"
-#include "ksutil.h"
-#include "iobuf.h"
-
-#ifdef HAVE_W32_SYSTEM
-#define sock_close(a) closesocket(a)
-#else
-#define sock_close(a) close(a)
-#endif
-
-extern char *optarg;
-extern int optind;
-
-static FILE *input,*output,*console;
-static struct ks_options *opt;
-
-
-/* Connect to SERVER at PORT and return a file descriptor or -1 on
- error. */
-static int
-connect_server (const char *server, unsigned short port)
-{
- int sock = -1;
-
-#ifdef HAVE_W32_SYSTEM
- struct hostent *hp;
- struct sockaddr_in addr;
- unsigned long l;
-
- w32_init_sockets ();
-
- memset (&addr, 0, sizeof addr);
- addr.sin_family = AF_INET;
- addr.sin_port = htons (port);
-
- /* Win32 gethostbyname doesn't handle IP addresses internally, so we
- try inet_addr first on that platform only. */
- if ((l = inet_addr (server)) != INADDR_NONE)
- memcpy (&addr.sin_addr, &l, sizeof l);
- else if ((hp = gethostbyname (server)))
- {
- if (hp->h_addrtype != AF_INET)
- {
- fprintf (console, "gpgkeys: unknown address family for '%s'\n",
- server);
- return -1;
- }
- if (hp->h_length != 4)
- {
- fprintf (console, "gpgkeys: illegal address length for '%s'\n",
- server);
- return -1;
- }
- memcpy (&addr.sin_addr, hp->h_addr, hp->h_length);
- }
- else
- {
- fprintf (console, "gpgkeys: host '%s' not found: ec=%d\n",
- server, (int)WSAGetLastError ());
- return -1;
- }
-
- sock = socket (AF_INET, SOCK_STREAM, 0);
- if (sock == INVALID_SOCKET)
- {
- fprintf (console, "gpgkeys: error creating socket: ec=%d\n",
- (int)WSAGetLastError ());
- return -1;
- }
-
- if (connect (sock, (struct sockaddr *)&addr, sizeof addr))
- {
- fprintf (console, "gpgkeys: error connecting '%s': ec=%d\n",
- server, (int)WSAGetLastError ());
- sock_close (sock);
- return -1;
- }
-
-#else
-
- struct sockaddr_in addr;
- struct hostent *host;
-
- addr.sin_family = AF_INET;
- addr.sin_port = htons (port);
- host = gethostbyname ((char*)server);
- if (!host)
- {
- fprintf (console, "gpgkeys: host '%s' not found: %s\n",
- server, strerror (errno));
- return -1;
- }
-
- addr.sin_addr = *(struct in_addr*)host->h_addr;
-
- sock = socket (AF_INET, SOCK_STREAM, 0);
- if (sock == -1)
- {
- fprintf (console, "gpgkeys: error creating socket: %s\n",
- strerror (errno));
- return -1;
- }
-
- if (connect (sock, (struct sockaddr *)&addr, sizeof addr) == -1)
- {
- fprintf (console, "gpgkeys: error connecting '%s': %s\n",
- server, strerror (errno));
- close (sock);
- return -1;
- }
-#endif
-
- return sock;
-}
-
-static int
-write_server (int sock, const char *data, size_t length)
-{
- int nleft;
-
- nleft = length;
- while (nleft > 0)
- {
- int nwritten;
-
-#ifdef HAVE_W32_SYSTEM
- nwritten = send (sock, data, nleft, 0);
- if ( nwritten == SOCKET_ERROR )
- {
- fprintf (console, "gpgkeys: write failed: ec=%d\n",
- (int)WSAGetLastError ());
- return -1;
- }
-#else
- nwritten = write (sock, data, nleft);
- if (nwritten == -1)
- {
- if (errno == EINTR)
- continue;
- if (errno == EAGAIN)
- {
- struct timeval tv;
-
- tv.tv_sec = 0;
- tv.tv_usec = 50000;
- select(0, NULL, NULL, NULL, &tv);
- continue;
- }
- fprintf (console, "gpgkeys: write failed: %s\n", strerror(errno));
- return -1;
- }
-#endif
- nleft -=nwritten;
- data += nwritten;
- }
-
- return 0;
-}
-
-
-/* Send the finger REQUEST to the server. Returns 0 and a file descriptor
- in R_SOCK if the request was sucessful. */
-static int
-send_request (const char *request, int *r_sock)
-{
- char *server;
- char *name;
- int sock;
-
- *r_sock = -1;
- name = strdup (request);
- if (!name)
- {
- fprintf(console,"gpgkeys: out of memory\n");
- return KEYSERVER_NO_MEMORY;
- }
-
- server = strchr (name, '@');
- if (!server)
- {
- fprintf (console, "gpgkeys: no name included in request\n");
- free (name);
- return KEYSERVER_GENERAL_ERROR;
- }
- *server++ = 0;
-
- sock = connect_server (server, 79);
- if (sock == -1)
- {
- free (name);
- return KEYSERVER_UNREACHABLE;
- }
-
- if (write_server (sock, name, strlen (name))
- || write_server (sock, "\r\n", 2))
- {
- free (name);
- sock_close (sock);
- return KEYSERVER_GENERAL_ERROR;
- }
- free (name);
- *r_sock = sock;
- return 0;
-}
-
-
-
-static int
-get_key (char *getkey)
-{
- int rc;
- int sock;
- iobuf_t fp_read;
- unsigned int maxlen, buflen, gotit=0;
- byte *line = NULL;
-
- if (strncmp (getkey,"0x",2)==0)
- getkey+=2;
-
- /* Frankly we don't know what keys the server will return; we
- indicated the requested key anyway. */
- fprintf(output,"KEY 0x%s BEGIN\n",getkey);
-
- rc=send_request(opt->opaque,&sock);
- if(rc)
- {
- fprintf(output,"KEY 0x%s FAILED %d\n",getkey, rc);
- sock_close (sock);
- return KEYSERVER_OK;
- }
-
- /* Hmmm, we use iobuf here only to cope with Windows socket
- peculiarities (we can't used fdopen). */
- fp_read = iobuf_sockopen (sock , "r");
- if (!fp_read)
- {
- fprintf(output,"KEY 0x%s FAILED %d\n",getkey, KEYSERVER_INTERNAL_ERROR);
- sock_close (sock);
- return KEYSERVER_OK;
- }
-
- while ( iobuf_read_line ( fp_read, &line, &buflen, &maxlen))
- {
- maxlen=1024;
-
- if(gotit)
- {
- print_nocr(output, (const char*)line);
- if (!strncmp((char*)line,END,strlen(END)))
- break;
- }
- else if(!strncmp((char*)line,BEGIN,strlen(BEGIN)))
- {
- print_nocr(output, (const char*)line);
- gotit=1;
- }
- }
-
- if(gotit)
- fprintf (output,"KEY 0x%s END\n", getkey);
- else
- {
- fprintf(console,"gpgkeys: no key data found for finger:%s\n",
- opt->opaque);
- fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND);
- }
-
- xfree(line);
- iobuf_close (fp_read);
-
- return KEYSERVER_OK;
-}
-
-
-static void
-show_help (FILE *fp)
-{
- fprintf (fp,"-h, --help\thelp\n");
- fprintf (fp,"-V\t\tmachine readable version\n");
- fprintf (fp,"--version\thuman readable version\n");
- fprintf (fp,"-o\t\toutput to this file\n");
-}
-
-int
-main(int argc,char *argv[])
-{
- int arg,ret=KEYSERVER_INTERNAL_ERROR;
- char line[MAX_LINE];
- char *thekey=NULL;
-
- console=stderr;
-
- /* Kludge to implement standard GNU options. */
- if (argc > 1 && !strcmp (argv[1], "--version"))
- {
- fputs ("gpgkeys_finger ("GNUPG_NAME") " VERSION"\n", stdout);
- return 0;
- }
- else if (argc > 1 && !strcmp (argv[1], "--help"))
- {
- show_help (stdout);
- return 0;
- }
-
- while((arg=getopt(argc,argv,"hVo:"))!=-1)
- switch(arg)
- {
- default:
- case 'h':
- show_help (console);
- return KEYSERVER_OK;
-
- case 'V':
- fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
- return KEYSERVER_OK;
-
- case 'o':
- output=fopen(optarg,"w");
- if(output==NULL)
- {
- fprintf(console,"gpgkeys: Cannot open output file '%s': %s\n",
- optarg,strerror(errno));
- return KEYSERVER_INTERNAL_ERROR;
- }
-
- break;
- }
-
- if(argc>optind)
- {
- input=fopen(argv[optind],"r");
- if(input==NULL)
- {
- fprintf(console,"gpgkeys: Cannot open input file '%s': %s\n",
- argv[optind],strerror(errno));
- return KEYSERVER_INTERNAL_ERROR;
- }
- }
-
- if(input==NULL)
- input=stdin;
-
- if(output==NULL)
- output=stdout;
-
- opt=init_ks_options();
- if(!opt)
- return KEYSERVER_NO_MEMORY;
-
- /* Get the command and info block */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- {
- int err;
-
- if(line[0]=='\n')
- break;
-
- err=parse_ks_options(line,opt);
- if(err>0)
- {
- ret=err;
- goto fail;
- }
- else if(err==0)
- continue;
- }
-
- if(opt->host)
- {
- fprintf(console,"gpgkeys: finger://relay/user syntax is not"
- " supported. Use finger:user instead.\n");
- ret=KEYSERVER_NOT_SUPPORTED;
- goto fail;
- }
-
- if(opt->timeout && register_timeout()==-1)
- {
- fprintf(console,"gpgkeys: unable to register timeout handler\n");
- return KEYSERVER_INTERNAL_ERROR;
- }
-
- /* If it's a GET or a SEARCH, the next thing to come in is the
- keyids. If it's a SEND, then there are no keyids. */
-
- if(opt->action==KS_GET)
- {
- /* Eat the rest of the file */
- for(;;)
- {
- if(fgets(line,MAX_LINE,input)==NULL)
- break;
- else
- {
- if(line[0]=='\n' || line[0]=='\0')
- break;
-
- if(!thekey)
- {
- thekey=strdup(line);
- if(!thekey)
- {
- fprintf(console,"gpgkeys: out of memory while "
- "building key list\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- /* Trim the trailing \n */
- thekey[strlen(line)-1]='\0';
- }
- }
- }
- }
- else
- {
- fprintf(console,
- "gpgkeys: this keyserver type only supports key retrieval\n");
- goto fail;
- }
-
- if(!thekey || !opt->opaque)
- {
- fprintf(console,"gpgkeys: invalid keyserver instructions\n");
- goto fail;
- }
-
- /* Send the response */
-
- fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
- fprintf(output,"PROGRAM %s\n\n",VERSION);
-
- if(opt->verbose>1)
- {
- fprintf(console,"User:\t\t%s\n",opt->opaque);
- fprintf(console,"Command:\tGET\n");
- }
-
- set_timeout(opt->timeout);
-
- ret=get_key(thekey);
-
- fail:
-
- free(thekey);
-
- if(input!=stdin)
- fclose(input);
-
- if(output!=stdout)
- fclose(output);
-
- free_ks_options(opt);
-
- return ret;
-}
+++ /dev/null
-/* gpgkeys_hkp.c - talk to an HKP keyserver
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
- * 2009 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * In addition, as a special exception, the Free Software Foundation
- * gives permission to link the code of the keyserver helper tools:
- * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
- * project's "OpenSSL" library (or with modified versions of it that
- * use the same license as the "OpenSSL" library), and distribute the
- * linked executables. You must obey the GNU General Public License
- * in all respects for all of the code used other than "OpenSSL". If
- * you modify this file, you may extend this exception to your version
- * of the file, but you are not obligated to do so. If you do not
- * wish to do so, delete this exception statement from your version.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#endif
-#ifdef HAVE_LIBCURL
-#include <curl/curl.h>
-#else
-#include "curl-shim.h"
-#endif
-#include "util.h"
-#ifdef USE_DNS_SRV
-#include "srv.h"
-#endif
-#include "keyserver.h"
-#include "ksutil.h"
-
-extern char *optarg;
-extern int optind;
-
-static FILE *input,*output,*console;
-static CURL *curl;
-static struct ks_options *opt;
-static char errorbuffer[CURL_ERROR_SIZE];
-static char *proto,*port;
-
-static size_t
-curl_mrindex_writer(const void *ptr,size_t size,size_t nmemb,void *stream)
-{
- static int checked=0,swallow=0;
-
- if(!checked)
- {
- /* If the document begins with a '<', assume it's a HTML
- response, which we don't support. Discard the whole message
- body. GPG can handle it, but this is an optimization to deal
- with it on this side of the pipe. */
- const char *buf=ptr;
- if(buf[0]=='<')
- swallow=1;
-
- checked=1;
- }
-
- if(swallow || fwrite(ptr,size,nmemb,stream)==nmemb)
- return size*nmemb;
- else
- return 0;
-}
-
-/* Append but avoid creating a double slash // in the path. */
-static char *
-append_path(char *dest,const char *src)
-{
- size_t n=strlen(dest);
-
- if(src[0]=='/' && n>0 && dest[n-1]=='/')
- dest[n-1]='\0';
-
- return strcat(dest,src);
-}
-
-/* Return a pointer into STRING so that appending PATH to STRING will
- not yield a duplicated slash. */
-static const char *
-appendable_path (const char *string, const char *path)
-{
- size_t n;
-
- if (path[0] == '/' && (n=strlen (string)) && string[n-1] == '/')
- return path+1;
- else
- return path;
-}
-
-
-int
-send_key(int *r_eof)
-{
- CURLcode res;
- char request[MAX_URL+15];
- int begin=0,end=0,ret=KEYSERVER_INTERNAL_ERROR;
- char keyid[17],state[6];
- char line[MAX_LINE];
- char *key=NULL,*encoded_key=NULL;
- size_t keylen=0,keymax=0;
-
- /* Read and throw away input until we see the BEGIN */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
- && strcmp(state,"BEGIN")==0)
- {
- begin=1;
- break;
- }
-
- if(!begin)
- {
- /* i.e. eof before the KEY BEGIN was found. This isn't an
- error. */
- *r_eof=1;
- ret=KEYSERVER_OK;
- goto fail;
- }
-
- /* Now slurp up everything until we see the END */
-
- while(fgets(line,MAX_LINE,input))
- if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
- && strcmp(state,"END")==0)
- {
- end=1;
- break;
- }
- else
- {
- if(strlen(line)+keylen>keymax)
- {
- char *tmp;
-
- keymax+=200;
- tmp=realloc(key,keymax+1);
- if(!tmp)
- {
- free(key);
- fprintf(console,"gpgkeys: out of memory\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- key=tmp;
- }
-
- strcpy(&key[keylen],line);
- keylen+=strlen(line);
- }
-
- if(!end)
- {
- fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
- *r_eof=1;
- ret=KEYSERVER_KEY_INCOMPLETE;
- goto fail;
- }
-
- encoded_key=curl_escape(key,keylen);
- if(!encoded_key)
- {
- fprintf(console,"gpgkeys: out of memory\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- free(key);
-
- key = strconcat ("keytext=", encoded_key, NULL);
- if(!key)
- {
- fprintf(console,"gpgkeys: out of memory\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- strcpy(request,proto);
- strcat(request,"://");
- strcat(request,opt->host);
- strcat(request,":");
- strcat(request,port);
- strcat(request,opt->path);
- /* request is MAX_URL+15 bytes long - MAX_URL covers the whole URL,
- including any supplied path. The 15 covers /pks/add. */
- append_path(request,"/pks/add");
-
- if(opt->verbose>2)
- fprintf(console,"gpgkeys: HTTP URL is '%s'\n",request);
-
- curl_easy_setopt(curl,CURLOPT_URL,request);
- curl_easy_setopt(curl,CURLOPT_POST,1L);
- curl_easy_setopt(curl,CURLOPT_POSTFIELDS,key);
- curl_easy_setopt(curl,CURLOPT_FAILONERROR,1L);
-
- res=curl_easy_perform(curl);
- if(res!=0)
- {
- fprintf(console,"gpgkeys: HTTP post error %d: %s\n",res,errorbuffer);
- ret=curl_err_to_gpg_err(res);
- goto fail;
- }
- else
- fprintf(output,"\nKEY %s SENT\n",keyid);
-
- ret=KEYSERVER_OK;
-
- fail:
- xfree (key);
- curl_free(encoded_key);
-
- if(ret!=0 && begin)
- fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
-
- return ret;
-}
-
-static int
-get_key(char *getkey)
-{
- CURLcode res;
- char request[MAX_URL+92];
- char *offset;
- struct curl_writer_ctx ctx;
- size_t keylen;
-
- memset(&ctx,0,sizeof(ctx));
-
- /* Build the search string. HKP only uses the short key IDs. */
-
- if(strncmp(getkey,"0x",2)==0)
- getkey+=2;
-
- fprintf(output,"KEY 0x%s BEGIN\n",getkey);
-
- if(strlen(getkey)==32)
- {
- fprintf(console,
- "gpgkeys: HKP keyservers do not support v3 fingerprints\n");
- fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED);
- return KEYSERVER_NOT_SUPPORTED;
- }
-
- strcpy(request,proto);
- strcat(request,"://");
- strcat(request,opt->host);
- strcat(request,":");
- strcat(request,port);
- strcat(request,opt->path);
- /* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL,
- including any supplied path. The 92 overcovers this /pks/... etc
- string plus the 8, 16, or 40 bytes of key id/fingerprint */
- append_path(request,"/pks/lookup?op=get&options=mr&search=0x");
-
- /* send only fingerprint, long key id, or short keyid. see:
- https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-3.1.1.1 */
- keylen = strlen(getkey);
- if(keylen >= 40)
- offset=&getkey[keylen-40];
- else if(keylen >= 16)
- offset=&getkey[keylen-16];
- else if(keylen >= 8)
- offset=&getkey[keylen-8];
- else
- offset=getkey;
-
- strcat(request,offset);
-
- if(opt->verbose>2)
- fprintf(console,"gpgkeys: HTTP URL is '%s'\n",request);
-
- curl_easy_setopt(curl,CURLOPT_URL,request);
- curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
- ctx.stream=output;
- curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
-
- res=curl_easy_perform(curl);
- if(res!=CURLE_OK)
- {
- fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer);
- fprintf(output,"\nKEY 0x%s FAILED %d\n",getkey,curl_err_to_gpg_err(res));
- }
- else
- {
- curl_writer_finalize(&ctx);
- if(!ctx.flags.done)
- {
- fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
- fprintf(output,"\nKEY 0x%s FAILED %d\n",
- getkey,KEYSERVER_KEY_NOT_FOUND);
- }
- else
- fprintf(output,"\nKEY 0x%s END\n",getkey);
- }
-
- return KEYSERVER_OK;
-}
-
-static int
-get_name(const char *getkey)
-{
- CURLcode res;
- char *request=NULL;
- char *searchkey_encoded;
- int ret=KEYSERVER_INTERNAL_ERROR;
- struct curl_writer_ctx ctx;
-
- memset(&ctx,0,sizeof(ctx));
-
- searchkey_encoded=curl_escape((char *)getkey,0);
- if(!searchkey_encoded)
- {
- fprintf(console,"gpgkeys: out of memory\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- request = strconcat
- (proto,
- "://",
- opt->host,
- ":",
- port,
- opt->path,
- appendable_path (opt->path,"/pks/lookup?op=get&options=mr&search="),
- searchkey_encoded,
- "&exact=on",
- NULL);
- if(!request)
- {
- fprintf(console,"gpgkeys: out of memory\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- fprintf(output,"NAME %s BEGIN\n",getkey);
-
- if(opt->verbose>2)
- fprintf(console,"gpgkeys: HTTP URL is '%s'\n",request);
-
- curl_easy_setopt(curl,CURLOPT_URL,request);
- curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_writer);
- ctx.stream=output;
- curl_easy_setopt(curl,CURLOPT_FILE,&ctx);
-
- res=curl_easy_perform(curl);
- if(res!=CURLE_OK)
- {
- fprintf(console,"gpgkeys: HTTP fetch error %d: %s\n",res,errorbuffer);
- ret=curl_err_to_gpg_err(res);
- }
- else
- {
- curl_writer_finalize(&ctx);
- if(!ctx.flags.done)
- {
- fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
- ret=KEYSERVER_KEY_NOT_FOUND;
- }
- else
- {
- fprintf(output,"\nNAME %s END\n",getkey);
- ret=KEYSERVER_OK;
- }
- }
-
- fail:
- curl_free(searchkey_encoded);
- xfree (request);
-
- if(ret!=KEYSERVER_OK)
- fprintf(output,"\nNAME %s FAILED %d\n",getkey,ret);
-
- return ret;
-}
-
-static int
-search_key(const char *searchkey)
-{
- CURLcode res;
- char *request=NULL;
- char *searchkey_encoded;
- int ret=KEYSERVER_INTERNAL_ERROR;
- enum ks_search_type search_type;
- const char *hexprefix;
-
- search_type=classify_ks_search(&searchkey);
-
- if(opt->debug)
- fprintf(console,"gpgkeys: search type is %d, and key is \"%s\"\n",
- search_type,searchkey);
-
- searchkey_encoded=curl_escape((char *)searchkey,0);
- if(!searchkey_encoded)
- {
- fprintf(console,"gpgkeys: out of memory\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- /* HKP keyservers like the 0x to be present when searching by
- keyid. */
- hexprefix = (search_type==KS_SEARCH_KEYID_SHORT
- || search_type==KS_SEARCH_KEYID_LONG)? "0x":"";
-
- request = strconcat
- (proto,
- "://",
- opt->host,
- ":",
- port,
- opt->path,
- appendable_path (opt->path, "/pks/lookup?op=index&options=mr&search="),
- hexprefix,
- searchkey_encoded,
- NULL);
- if(!request)
- {
- fprintf(console,"gpgkeys: out of memory\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- fprintf(output,"SEARCH %s BEGIN\n",searchkey);
-
- if(opt->verbose>2)
- fprintf(console,"gpgkeys: HTTP URL is '%s'\n",request);
-
- curl_easy_setopt(curl,CURLOPT_URL,request);
- curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,curl_mrindex_writer);
- curl_easy_setopt(curl,CURLOPT_FILE,output);
-
- res=curl_easy_perform(curl);
- if(res!=0)
- {
- fprintf(console,"gpgkeys: HTTP search error %d: %s\n",res,errorbuffer);
- ret=curl_err_to_gpg_err(res);
- }
- else
- {
- fprintf(output,"\nSEARCH %s END\n",searchkey);
- ret=KEYSERVER_OK;
- }
-
- fail:
- curl_free(searchkey_encoded);
- xfree (request);
-
- if(ret!=KEYSERVER_OK)
- fprintf(output,"\nSEARCH %s FAILED %d\n",searchkey,ret);
-
- return ret;
-}
-
-void
-fail_all(struct keylist *keylist,int err)
-{
- if(!keylist)
- return;
-
- if(opt->action==KS_SEARCH)
- {
- fprintf(output,"SEARCH ");
- while(keylist)
- {
- fprintf(output,"%s ",keylist->str);
- keylist=keylist->next;
- }
- fprintf(output,"FAILED %d\n",err);
- }
- else
- while(keylist)
- {
- fprintf(output,"KEY %s FAILED %d\n",keylist->str,err);
- keylist=keylist->next;
- }
-}
-
-#ifdef HAVE_LIBCURL
-/* If there is a SRV record, take the highest ranked possibility.
- This is a hack, as we don't proceed downwards. */
-static void
-srv_replace(const char *srvtag)
-{
-#ifdef USE_DNS_SRV
- struct srventry *srvlist=NULL;
- int srvcount;
-
- if(!srvtag)
- return;
-
- if(1+strlen(srvtag)+6+strlen(opt->host)+1<=MAXDNAME)
- {
- char srvname[MAXDNAME];
-
- strcpy(srvname,"_");
- strcat(srvname,srvtag);
- strcat(srvname,"._tcp.");
- strcat(srvname,opt->host);
- srvcount=getsrv(srvname,&srvlist);
- }
-
- if(srvlist)
- {
- char *newname,*newport;
-
- newname=strdup(srvlist->target);
- newport=malloc(MAX_PORT);
- if(newname && newport)
- {
- free(opt->host);
- free(opt->port);
- opt->host=newname;
- snprintf(newport,MAX_PORT,"%u",srvlist->port);
- opt->port=newport;
- }
- else
- {
- free(newname);
- free(newport);
- }
- }
-#endif
-}
-#endif
-
-static void
-show_help (FILE *fp)
-{
- fprintf (fp,"-h, --help\thelp\n");
- fprintf (fp,"-V\t\tmachine readable version\n");
- fprintf (fp,"--version\thuman readable version\n");
- fprintf (fp,"-o\t\toutput to this file\n");
-}
-
-int
-main(int argc,char *argv[])
-{
- int arg,ret=KEYSERVER_INTERNAL_ERROR,try_srv=1;
- char line[MAX_LINE];
- int failed=0;
- struct keylist *keylist=NULL,*keyptr=NULL;
- char *proxy=NULL;
- struct curl_slist *headers=NULL;
-
- console=stderr;
-
- /* Kludge to implement standard GNU options. */
- if (argc > 1 && !strcmp (argv[1], "--version"))
- {
- printf ("gpgkeys_hkp (%s) %s\n", GNUPG_NAME, VERSION);
- printf ("Uses: %s\n", curl_version());
- return 0;
- }
- else if (argc > 1 && !strcmp (argv[1], "--help"))
- {
- show_help (stdout);
- return 0;
- }
-
- while((arg=getopt(argc,argv,"hVo:"))!=-1)
- switch(arg)
- {
- default:
- case 'h':
- show_help (console);
- return KEYSERVER_OK;
-
- case 'V':
- fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
- return KEYSERVER_OK;
-
- case 'o':
- output=fopen(optarg,"w");
- if(output==NULL)
- {
- fprintf(console,"gpgkeys: Cannot open output file '%s': %s\n",
- optarg,strerror(errno));
- return KEYSERVER_INTERNAL_ERROR;
- }
-
- break;
- }
-
- if(argc>optind)
- {
- input=fopen(argv[optind],"r");
- if(input==NULL)
- {
- fprintf(console,"gpgkeys: Cannot open input file '%s': %s\n",
- argv[optind],strerror(errno));
- return KEYSERVER_INTERNAL_ERROR;
- }
- }
-
- if(input==NULL)
- input=stdin;
-
- if(output==NULL)
- output=stdout;
-
- opt=init_ks_options();
- if(!opt)
- return KEYSERVER_NO_MEMORY;
-
- /* Get the command and info block */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- {
- int err;
- char option[MAX_OPTION+1];
-
- if(line[0]=='\n')
- break;
-
- err=parse_ks_options(line,opt);
- if(err>0)
- {
- ret=err;
- goto fail;
- }
- else if(err==0)
- continue;
-
- if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "s\n",option)==1)
- {
- int no=0;
- char *start=&option[0];
-
- option[MAX_OPTION]='\0';
-
- if(strncasecmp(option,"no-",3)==0)
- {
- no=1;
- start=&option[3];
- }
-
- if(strncasecmp(start,"http-proxy",10)==0)
- {
- if(no)
- {
- free(proxy);
- proxy=strdup("");
- }
- else if(start[10]=='=')
- {
- if(strlen(&start[11])<MAX_PROXY)
- {
- free(proxy);
- proxy=strdup(&start[11]);
- }
- }
- }
- else if(strcasecmp(start,"try-dns-srv")==0)
- {
- if(no)
- try_srv=0;
- else
- try_srv=1;
- }
-
- continue;
- }
- }
-
- if(!opt->scheme)
- {
- fprintf(console,"gpgkeys: no scheme supplied!\n");
- ret=KEYSERVER_SCHEME_NOT_FOUND;
- goto fail;
- }
-
- if(ascii_strcasecmp(opt->scheme,"hkps")==0)
- {
- proto="https";
- port="443";
- }
- else
- {
- proto="http";
- port="11371";
- }
-
- if(!opt->host)
- {
- fprintf(console,"gpgkeys: no keyserver host provided\n");
- goto fail;
- }
-
- if(opt->timeout && register_timeout()==-1)
- {
- fprintf(console,"gpgkeys: unable to register timeout handler\n");
- return KEYSERVER_INTERNAL_ERROR;
- }
-
- curl_global_init(CURL_GLOBAL_DEFAULT);
- curl=curl_easy_init();
- if(!curl)
- {
- fprintf(console,"gpgkeys: unable to initialize curl\n");
- ret=KEYSERVER_INTERNAL_ERROR;
- goto fail;
- }
-
- /* If the user gives a :port, then disable SRV. The semantics of a
- specified port and SRV do not play well together. */
- if(opt->port)
- port=opt->port;
- else if(try_srv)
- {
- char *srvtag;
-
- if(ks_strcasecmp(opt->scheme,"hkp")==0)
- srvtag="pgpkey-http";
- else if(ks_strcasecmp(opt->scheme,"hkps")==0)
- srvtag="pgpkey-https";
- else
- srvtag=NULL;
-
-#ifdef HAVE_LIBCURL
- /* We're using libcurl, so fake SRV support via our wrapper.
- This isn't as good as true SRV support, as we do not try all
- possible targets at one particular level and work our way
- down the list, but it's better than nothing. */
- srv_replace(srvtag);
-#else
- /* We're using our internal curl shim, so we can use its (true)
- SRV support. Obviously, CURLOPT_SRVTAG_GPG_HACK isn't a real
- libcurl option. It's specific to our shim. */
- curl_easy_setopt(curl,CURLOPT_SRVTAG_GPG_HACK,srvtag);
-#endif
- }
-
- curl_easy_setopt(curl,CURLOPT_ERRORBUFFER,errorbuffer);
-
- if(opt->auth)
- curl_easy_setopt(curl,CURLOPT_USERPWD,opt->auth);
-
- if(opt->debug)
- {
- fprintf(console,"gpgkeys: curl version = %s\n",curl_version());
- curl_easy_setopt(curl,CURLOPT_STDERR,console);
- curl_easy_setopt(curl,CURLOPT_VERBOSE,1L);
- }
-
- curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,(long)opt->flags.check_cert);
- curl_easy_setopt(curl,CURLOPT_CAINFO,opt->ca_cert_file);
-
- /* Avoid caches to get the most recent copy of the key. This is bug
- #1061. In pre-curl versions of the code, we didn't do it. Then
- we did do it (as a curl default) until curl changed the default.
- Now we're doing it again, but in such a way that changing
- defaults in the future won't impact us. We set both the Pragma
- and Cache-Control versions of the header, so we're good with both
- HTTP 1.0 and 1.1. */
- headers=curl_slist_append(headers,"Pragma: no-cache");
- if(headers)
- headers=curl_slist_append(headers,"Cache-Control: no-cache");
-
- if(!headers)
- {
- fprintf(console,"gpgkeys: out of memory when building HTTP headers\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- curl_easy_setopt(curl,CURLOPT_HTTPHEADER,headers);
-
- if(proxy)
- curl_easy_setopt(curl,CURLOPT_PROXY,proxy);
-
- /* If it's a GET or a SEARCH, the next thing to come in is the
- keyids. If it's a SEND, then there are no keyids. */
-
- if(opt->action==KS_SEND)
- while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
- else if(opt->action==KS_GET
- || opt->action==KS_GETNAME || opt->action==KS_SEARCH)
- {
- for(;;)
- {
- struct keylist *work;
-
- if(fgets(line,MAX_LINE,input)==NULL)
- break;
- else
- {
- if(line[0]=='\n' || line[0]=='\0')
- break;
-
- work=malloc(sizeof(struct keylist));
- if(work==NULL)
- {
- fprintf(console,"gpgkeys: out of memory while "
- "building key list\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- strcpy(work->str,line);
-
- /* Trim the trailing \n */
- work->str[strlen(line)-1]='\0';
-
- work->next=NULL;
-
- /* Always attach at the end to keep the list in proper
- order for searching */
- if(keylist==NULL)
- keylist=work;
- else
- keyptr->next=work;
-
- keyptr=work;
- }
- }
- }
- else
- {
- fprintf(console,"gpgkeys: no keyserver command specified\n");
- goto fail;
- }
-
- /* Send the response */
-
- fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
- fprintf(output,"PROGRAM %s\n\n",VERSION);
-
- if(opt->verbose>1)
- {
- fprintf(console,"Host:\t\t%s\n",opt->host);
- if(opt->port)
- fprintf(console,"Port:\t\t%s\n",opt->port);
- if(strcmp(opt->path,"/")!=0)
- fprintf(console,"Path:\t\t%s\n",opt->path);
- fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
- }
-
- if(opt->action==KS_GET)
- {
- keyptr=keylist;
-
- while(keyptr!=NULL)
- {
- set_timeout(opt->timeout);
-
- if(get_key(keyptr->str)!=KEYSERVER_OK)
- failed++;
-
- keyptr=keyptr->next;
- }
- }
- else if(opt->action==KS_GETNAME)
- {
- keyptr=keylist;
-
- while(keyptr!=NULL)
- {
- set_timeout(opt->timeout);
-
- if(get_name(keyptr->str)!=KEYSERVER_OK)
- failed++;
-
- keyptr=keyptr->next;
- }
- }
- else if(opt->action==KS_SEND)
- {
- int myeof=0;
-
- do
- {
- set_timeout(opt->timeout);
-
- if(send_key(&myeof)!=KEYSERVER_OK)
- failed++;
- }
- while(!myeof);
- }
- else if(opt->action==KS_SEARCH)
- {
- char *searchkey=NULL;
- int len=0;
-
- set_timeout(opt->timeout);
-
- /* To search, we stick a space in between each key to search
- for. */
-
- keyptr=keylist;
- while(keyptr!=NULL)
- {
- len+=strlen(keyptr->str)+1;
- keyptr=keyptr->next;
- }
-
- searchkey=malloc(len+1);
- if(searchkey==NULL)
- {
- ret=KEYSERVER_NO_MEMORY;
- fail_all(keylist,KEYSERVER_NO_MEMORY);
- goto fail;
- }
-
- searchkey[0]='\0';
-
- keyptr=keylist;
- while(keyptr!=NULL)
- {
- strcat(searchkey,keyptr->str);
- strcat(searchkey," ");
- keyptr=keyptr->next;
- }
-
- /* Nail that last space */
- if(*searchkey)
- searchkey[strlen(searchkey)-1]='\0';
-
- if(search_key(searchkey)!=KEYSERVER_OK)
- failed++;
-
- free(searchkey);
- }
- else
- abort();
-
- if(!failed)
- ret=KEYSERVER_OK;
-
- fail:
- while(keylist!=NULL)
- {
- struct keylist *current=keylist;
- keylist=keylist->next;
- free(current);
- }
-
- if(input!=stdin)
- fclose(input);
-
- if(output!=stdout)
- fclose(output);
-
- free_ks_options(opt);
-
- curl_slist_free_all(headers);
-
- if(curl)
- curl_easy_cleanup(curl);
-
- free(proxy);
-
- return ret;
-}
+++ /dev/null
-/* gpgkeys_kdns.c - Fetch a key via the GnuPG specific KDNS scheme.
- * Copyright (C) 2008 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#ifdef HAVE_GETOPT_H
-# include <getopt.h>
-#endif
-#include <assert.h>
-#ifdef HAVE_ADNS_H
-# include <adns.h>
-# ifndef HAVE_ADNS_FREE
-# define adns_free free
-# endif
-#endif
-
-#define INCLUDED_BY_MAIN_MODULE 1
-#include "util.h"
-#include "keyserver.h"
-#include "ksutil.h"
-
-/* Our own name. */
-#define PGM "gpgkeys_kdns"
-
-/* getopt(3) requires declarion of some global variables. */
-extern char *optarg;
-extern int optind;
-
-/* Convenience variables usually intialized withn std{in,out,err}. */
-static FILE *input, *output, *console;
-
-/* Standard keyserver module options. */
-static struct ks_options *opt;
-
-/* The flags we pass to adns_init: Do not allow any environment
- variables and for now enable debugging. */
-#define MY_ADNS_INITFLAGS (adns_if_noenv)
-
-
-/* ADNS has no support for CERT yes. */
-#define my_adns_r_cert 37
-
-/* The root of the KDNS tree. */
-static const char *kdns_root;
-
-/* The replacement string for the at sign. */
-static const char *kdns_at_repl;
-
-/* Flag indicating that a TCP connection should be used. */
-static int kdns_usevc;
-
-
-\f
-/* Retrieve one key. ADDRESS should be an RFC-2822 addr-spec. */
-static int
-get_key (adns_state adns_ctx, char *address)
-{
- int ret = KEYSERVER_INTERNAL_ERROR;
- const char *domain;
- char *name = NULL;
- adns_answer *answer = NULL;
- const unsigned char *data;
- int datalen;
- struct b64state b64state;
- char *p;
-
- domain = strrchr (address, '@');
- if (!domain || domain == address || !domain[1])
- {
- fprintf (console, PGM": invalid mail address '%s'\n", address);
- ret = KEYSERVER_GENERAL_ERROR;
- goto leave;
- }
- name = xtrymalloc (strlen (address) + strlen (kdns_at_repl)
- + 1 + strlen (kdns_root) + 1);
- if (!name)
- goto leave;
- memcpy (name, address, domain - address);
- p = stpcpy (name + (domain-address), ".");
- if (*kdns_at_repl)
- p = stpcpy (stpcpy (p, kdns_at_repl), ".");
- p = stpcpy (p, domain+1);
- if (*kdns_root)
- strcpy (stpcpy (p, "."), kdns_root);
-
- fprintf (output,"NAME %s BEGIN\n", address);
- if (opt->verbose > 2)
- fprintf(console, PGM": looking up '%s'\n", name);
-
- if ( adns_synchronous (adns_ctx, name, (adns_r_unknown | my_adns_r_cert),
- adns_qf_quoteok_query|(kdns_usevc?adns_qf_usevc:0),
- &answer) )
- {
- fprintf (console, PGM": DNS query failed: %s\n", strerror (errno));
- ret = KEYSERVER_KEY_NOT_FOUND;
- goto leave;
- }
- if (answer->status != adns_s_ok)
- {
- fprintf (console, PGM": DNS query returned: %s (%s)\n",
- adns_strerror (answer->status),
- adns_errabbrev (answer->status));
- ret = KEYSERVER_KEY_NOT_FOUND;
- goto leave;
- }
- datalen = answer->rrs.byteblock->len;
- data = answer->rrs.byteblock->data;
-
- if ( opt->debug > 1 )
- {
- int i;
-
- fprintf (console, "got %d bytes of data:", datalen);
- for (i=0; i < datalen; i++)
- {
- if (!(i % 32))
- fprintf (console, "\n%08x ", i);
- fprintf (console, "%02x", data[i]);
- }
- putc ('\n', console);
- }
- if ( datalen < 5 )
- {
- fprintf (console, PGM": error: truncated CERT record\n");
- ret = KEYSERVER_KEY_NOT_FOUND;
- goto leave;
- }
-
- switch ( ((data[0]<<8)|data[1]) )
- {
- case 3: /* CERT type is PGP. */
- /* (key tag and algorithm fields are ignored for this CERT type). */
- data += 5;
- datalen -= 5;
- if ( datalen < 11 )
- {
- /* Gpg checks for a minium length of 11, thus we do the same. */
- fprintf (console, PGM": error: OpenPGP data to short\n");
- ret = KEYSERVER_KEY_NOT_FOUND;
- goto leave;
- }
- if (b64enc_start (&b64state, output, "PGP PUBLIC KEY BLOCK")
- || b64enc_write (&b64state, data, datalen)
- || b64enc_finish (&b64state))
- goto leave; /* Oops, base64 encoder failed. */
- break;
-
- default:
- fprintf (console, PGM": CERT type %d ignored\n", (data[0] <<8|data[1]));
- ret = KEYSERVER_KEY_NOT_FOUND;
- goto leave;
- }
-
- ret = 0; /* All fine. */
-
- leave:
- if (ret)
- fprintf (output, "\nNAME %s FAILED %d\n", address, ret);
- else
- fprintf (output, "\nNAME %s END\n", address);
- adns_free (answer);
- xfree (name);
- return ret;
-}
-
-
-/* Print some help. */
-static void
-show_help (FILE *fp)
-{
- fputs (PGM" ("GNUPG_NAME") " VERSION"\n\n", fp);
- fputs (" -h\thelp\n"
- " -V\tversion\n"
- " -o\toutput to this file\n"
- "\n", fp);
- fputs ("This keyserver helper accepts URLs of the form:\n"
- " kdns://[NAMESERVER]/[ROOT][?at=STRING]\n"
- "with\n"
- " NAMESERVER used for queries (default: system standard)\n"
- " ROOT a DNS name appended to the query (default: none)\n"
- " STRING a string to replace the '@' (default: \".\")\n"
- "If a long answer is expected add the parameter \"usevc=1\".\n"
- "\n", fp);
- fputs ("Example: A query for \"hacker@gnupg.org\" with\n"
- " kdns://10.0.0.1/example.net?at=_key&usevc=1\n"
- "setup as --auto-key-lookup does a CERT record query\n"
- "with type PGP on the nameserver 10.0.0.1 for\n"
- " hacker._key_.gnupg.org.example.net\n"
- "\n", fp);
-}
-
-
-int
-main (int argc, char *argv[])
-{
- int arg;
- int ret = KEYSERVER_INTERNAL_ERROR;
- char line[MAX_LINE];
- struct keylist *keylist = NULL;
- struct keylist **keylist_tail = &keylist;
- struct keylist *akey;
- int failed = 0;
- adns_state adns_ctx = NULL;
- adns_initflags my_adns_initflags = MY_ADNS_INITFLAGS;
- int tmprc;
-
- /* The defaults for the KDNS name mangling. */
- kdns_root = "";
- kdns_at_repl = "";
-
- console = stderr;
-
- /* Kludge to implement standard GNU options. */
- if (argc > 1 && !strcmp (argv[1], "--version"))
- {
- fputs (PGM" ("GNUPG_NAME") " VERSION"\n", stdout);
- return 0;
- }
- else if (argc > 1 && !strcmp (argv[1], "--help"))
- {
- show_help (stdout);
- return 0;
- }
-
- while ( (arg = getopt (argc, argv, "hVo:")) != -1 )
- {
- switch(arg)
- {
- case 'V':
- printf ("%d\n%s\n", KEYSERVER_PROTO_VERSION, VERSION);
- return KEYSERVER_OK;
-
- case 'o':
- output = fopen (optarg,"w");
- if (!output)
- {
- fprintf (console, PGM": cannot open output file '%s': %s\n",
- optarg, strerror(errno) );
- return KEYSERVER_INTERNAL_ERROR;
- }
- break;
-
- case 'h':
- default:
- show_help (console);
- return KEYSERVER_OK;
- }
- }
-
- if (argc > optind)
- {
- input = fopen (argv[optind], "r");
- if (!input)
- {
- fprintf (console, PGM": cannot open input file '%s': %s\n",
- argv[optind], strerror(errno) );
- return KEYSERVER_INTERNAL_ERROR;
- }
- }
-
- if (!input)
- input = stdin;
-
- if (!output)
- output = stdout;
-
- opt = init_ks_options();
- if(!opt)
- return KEYSERVER_NO_MEMORY;
-
- /* Get the command and info block */
- while ( fgets(line,MAX_LINE,input) )
- {
- int err;
-
- if(line[0]=='\n')
- break;
-
- err = parse_ks_options (line, opt);
- if (err > 0)
- {
- ret = err;
- goto leave;
- }
- else if (!err)
- continue;
- }
-
- if (opt->timeout && register_timeout() == -1 )
- {
- fprintf (console, PGM": unable to register timeout handler\n");
- return KEYSERVER_INTERNAL_ERROR;
- }
-
- if (opt->verbose)
- {
- fprintf (console, PGM": HOST=%s\n", opt->host? opt->host:"(none)");
- fprintf (console, PGM": PATH=%s\n", opt->path? opt->path:"(none)");
- }
- if (opt->path && *opt->path == '/')
- {
- char *p, *pend;
-
- kdns_root = opt->path+1;
- p = strchr (opt->path+1, '?');
- if (p)
- {
- *p++ = 0;
- do
- {
- pend = strchr (p, '&');
- if (pend)
- *pend++ = 0;
- if (!strncmp (p, "at=", 3))
- kdns_at_repl = p+3;
- else if (!strncmp (p, "usevc=", 6))
- kdns_usevc = !!atoi (p+6);
- }
- while ((p = pend));
- }
- }
- if (strchr (kdns_root, '/'))
- {
- fprintf (console, PGM": invalid character in KDNS root\n");
- return KEYSERVER_GENERAL_ERROR;
- }
- if (!strcmp (kdns_at_repl, "."))
- kdns_at_repl = "";
-
- if (opt->verbose)
- {
- fprintf (console, PGM": kdns_root=%s\n", kdns_root);
- fprintf (console, PGM": kdns_at=%s\n", kdns_at_repl);
- fprintf (console, PGM": kdns_usevc=%d\n", kdns_usevc);
- }
-
- if (opt->debug)
- my_adns_initflags |= adns_if_debug;
- if (opt->host)
- {
- char cfgtext[200];
-
- snprintf (cfgtext, sizeof cfgtext, "nameserver %s\n", opt->host);
- tmprc = adns_init_strcfg (&adns_ctx, my_adns_initflags, console,cfgtext);
- }
- else
- tmprc = adns_init (&adns_ctx, my_adns_initflags, console);
- if (tmprc)
- {
- fprintf (console, PGM": error initializing ADNS: %s\n",
- strerror (errno));
- goto leave;
- }
-
- if (opt->action == KS_GETNAME)
- {
- while ( fgets (line,MAX_LINE,input) )
- {
- if (line[0]=='\n' || !line[0] )
- break;
- line[strlen(line)-1] = 0; /* Trim the trailing LF. */
-
- akey = xtrymalloc (sizeof *akey);
- if (!akey)
- {
- fprintf (console,
- PGM": out of memory while building key list\n");
- ret = KEYSERVER_NO_MEMORY;
- goto leave;
- }
- assert (sizeof (akey->str) > strlen(line));
- strcpy (akey->str, line);
- akey->next = NULL;
- *keylist_tail = akey;
- keylist_tail = &akey->next;
- }
- }
- else
- {
- fprintf (console,
- PGM": this keyserver type only supports "
- "key retrieval by name\n");
- goto leave;
- }
-
- /* Send the response */
- fprintf (output, "VERSION %d\n", KEYSERVER_PROTO_VERSION);
- fprintf (output, "PROGRAM %s\n\n", VERSION);
-
- if (opt->verbose > 1)
- {
- if (opt->opaque)
- fprintf (console, "User:\t\t%s\n", opt->opaque);
- fprintf (console, "Command:\tGET\n");
- }
-
- for (akey = keylist; akey; akey = akey->next)
- {
- set_timeout (opt->timeout);
- if ( get_key (adns_ctx, akey->str) )
- failed++;
- }
- if (!failed)
- ret = KEYSERVER_OK;
-
-
- leave:
- if (adns_ctx)
- adns_finish (adns_ctx);
- while (keylist)
- {
- akey = keylist->next;
- xfree (keylist);
- keylist = akey;
- }
- if (input != stdin)
- fclose (input);
- if (output != stdout)
- fclose (output);
- kdns_root = "";
- kdns_at_repl = ".";
- free_ks_options (opt);
- return ret;
-}
+++ /dev/null
-/* gpgkeys_ldap.c - talk to a LDAP keyserver
- * Copyright (C) 2001, 2002, 2004, 2005, 2006
- * 2007 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * In addition, as a special exception, the Free Software Foundation
- * gives permission to link the code of the keyserver helper tools:
- * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
- * project's "OpenSSL" library (or with modified versions of it that
- * use the same license as the "OpenSSL" library), and distribute the
- * linked executables. You must obey the GNU General Public License
- * in all respects for all of the code used other than "OpenSSL". If
- * you modify this file, you may extend this exception to your version
- * of the file, but you are not obligated to do so. If you do not
- * wish to do so, delete this exception statement from your version.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-#ifdef HAVE_GETOPT_H
-#include <getopt.h>
-#endif
-#include <stdlib.h>
-#include <errno.h>
-#include <assert.h>
-
-#ifdef _WIN32
-#include <winsock2.h>
-#include <winldap.h>
-#else
-#ifdef NEED_LBER_H
-#include <lber.h>
-#endif
-/* For OpenLDAP, to enable the API that we're using. */
-#define LDAP_DEPRECATED 1
-#include <ldap.h>
-#endif
-
-#include "util.h"
-#include "keyserver.h"
-#include "ksutil.h"
-
-#ifdef __riscos__
-#include "util.h"
-#endif
-
-extern char *optarg;
-extern int optind;
-
-static int real_ldap=0;
-static char *basekeyspacedn=NULL;
-static char *pgpkeystr="pgpKey";
-static FILE *input=NULL,*output=NULL,*console=NULL;
-static LDAP *ldap=NULL;
-static struct ks_options *opt;
-
-#ifndef HAVE_TIMEGM
-time_t timegm(struct tm *tm);
-#endif
-
-static int
-ldap_err_to_gpg_err(int err)
-{
- int ret;
-
- switch(err)
- {
- case LDAP_ALREADY_EXISTS:
- ret=KEYSERVER_KEY_EXISTS;
- break;
-
- case LDAP_SERVER_DOWN:
- ret=KEYSERVER_UNREACHABLE;
- break;
-
- default:
- ret=KEYSERVER_GENERAL_ERROR;
- break;
- }
-
- return ret;
-}
-
-static int
-ldap_to_gpg_err(LDAP *ld)
-{
-#if defined(HAVE_LDAP_GET_OPTION) && defined(LDAP_OPT_ERROR_NUMBER)
-
- int err;
-
- if(ldap_get_option(ld,LDAP_OPT_ERROR_NUMBER,&err)==0)
- return ldap_err_to_gpg_err(err);
- else
- return KEYSERVER_GENERAL_ERROR;
-
-#elif defined(HAVE_LDAP_LD_ERRNO)
-
- return ldap_err_to_gpg_err(ld->ld_errno);
-
-#else
-
- /* We should never get here since the LDAP library should always
- have either ldap_get_option or ld_errno, but just in case... */
- return KEYSERVER_GENERAL_ERROR;
-
-#endif
-}
-
-static int
-key_in_keylist(const char *key,struct keylist *list)
-{
- struct keylist *keyptr=list;
-
- while(keyptr!=NULL)
- {
- if(strcasecmp(key,keyptr->str)==0)
- return 1;
-
- keyptr=keyptr->next;
- }
-
- return 0;
-}
-
-static int
-add_key_to_keylist(const char *key,struct keylist **list)
-{
- struct keylist *keyptr=malloc(sizeof(struct keylist));
-
- if(keyptr==NULL)
- {
- fprintf(console,"gpgkeys: out of memory when deduping "
- "key list\n");
- return KEYSERVER_NO_MEMORY;
- }
-
- strncpy(keyptr->str,key,MAX_LINE);
- keyptr->str[MAX_LINE-1]='\0';
- keyptr->next=*list;
- *list=keyptr;
-
- return 0;
-}
-
-static void
-free_keylist(struct keylist *list)
-{
- while(list!=NULL)
- {
- struct keylist *keyptr=list;
-
- list=keyptr->next;
- free(keyptr);
- }
-}
-
-static time_t
-ldap2epochtime(const char *timestr)
-{
- struct tm pgptime;
- time_t answer;
-
- memset(&pgptime,0,sizeof(pgptime));
-
- /* YYYYMMDDHHmmssZ */
-
- sscanf(timestr,"%4d%2d%2d%2d%2d%2d",
- &pgptime.tm_year,
- &pgptime.tm_mon,
- &pgptime.tm_mday,
- &pgptime.tm_hour,
- &pgptime.tm_min,
- &pgptime.tm_sec);
-
- pgptime.tm_year-=1900;
- pgptime.tm_isdst=-1;
- pgptime.tm_mon--;
-
- /* mktime() takes the timezone into account, so we use timegm() */
-
- answer=timegm(&pgptime);
-
- return answer;
-}
-
-/* Caller must free */
-static char *
-epoch2ldaptime(time_t stamp)
-{
- struct tm *ldaptime;
- char buf[16];
-
- ldaptime=gmtime(&stamp);
-
- ldaptime->tm_year+=1900;
- ldaptime->tm_mon++;
-
- /* YYYYMMDDHHmmssZ */
-
- sprintf(buf,"%04d%02d%02d%02d%02d%02dZ",
- ldaptime->tm_year,
- ldaptime->tm_mon,
- ldaptime->tm_mday,
- ldaptime->tm_hour,
- ldaptime->tm_min,
- ldaptime->tm_sec);
-
- return strdup(buf);
-}
-
-/* Append two onto the end of one. Two is not freed, but its pointers
- are now part of one. Make sure you don't free them both! */
-static int
-join_two_modlists(LDAPMod ***one,LDAPMod **two)
-{
- int i,one_count=0,two_count=0;
- LDAPMod **grow;
-
- for(grow=*one;*grow;grow++)
- one_count++;
-
- for(grow=two;*grow;grow++)
- two_count++;
-
- grow=realloc(*one,sizeof(LDAPMod *)*(one_count+two_count+1));
- if(!grow)
- return 0;
-
- for(i=0;i<two_count;i++)
- grow[one_count+i]=two[i];
-
- grow[one_count+i]=NULL;
-
- *one=grow;
-
- return 1;
-}
-
-/* Passing a NULL for value effectively deletes that attribute. This
- doesn't mean "delete" in the sense of removing something from the
- modlist, but "delete" in the LDAP sense of adding a modlist item
- that specifies LDAP_MOD_REPLACE and a null attribute for the given
- attribute. LDAP_MOD_DELETE doesn't work here as we don't know if
- the attribute in question exists or not. */
-
-static int
-make_one_attr(LDAPMod ***modlist,char *attr,const char *value)
-{
- LDAPMod **m;
- int nummods=0;
-
- /* Search modlist for the attribute we're playing with. */
- for(m=*modlist;*m;m++)
- {
- if(strcasecmp((*m)->mod_type,attr)==0)
- {
- char **ptr=(*m)->mod_values;
- int numvalues=0;
-
- /* We have this attribute already, so when the REPLACE
- happens, the server attributes will be replaced
- anyway. */
- if(!value)
- return 1;
-
- if(ptr)
- for(ptr=(*m)->mod_values;*ptr;ptr++)
- {
- /* Duplicate value */
- if(strcmp(*ptr,value)==0)
- return 1;
- numvalues++;
- }
-
- ptr=realloc((*m)->mod_values,sizeof(char *)*(numvalues+2));
- if(!ptr)
- return 0;
-
- (*m)->mod_values=ptr;
- ptr[numvalues]=strdup(value);
- if(!ptr[numvalues])
- return 0;
-
- ptr[numvalues+1]=NULL;
- break;
- }
-
- nummods++;
- }
-
- /* We didn't find the attr, so make one and add it to the end */
- if(!*m)
- {
- LDAPMod **grow;
-
- grow=realloc(*modlist,sizeof(LDAPMod *)*(nummods+2));
- if(!grow)
- return 0;
-
- *modlist=grow;
- grow[nummods]=malloc(sizeof(LDAPMod));
- if(!grow[nummods])
- return 0;
- grow[nummods]->mod_op=LDAP_MOD_REPLACE;
- grow[nummods]->mod_type=attr;
- if(value)
- {
- grow[nummods]->mod_values=malloc(sizeof(char *)*2);
- if(!grow[nummods]->mod_values)
- {
- grow[nummods]=NULL;
- return 0;
- }
-
- /* Is this the right thing? Can a UTF8-encoded user ID have
- embedded nulls? */
- grow[nummods]->mod_values[0]=strdup(value);
- if(!grow[nummods]->mod_values[0])
- {
- free(grow[nummods]->mod_values);
- grow[nummods]=NULL;
- return 0;
- }
-
- grow[nummods]->mod_values[1]=NULL;
- }
- else
- grow[nummods]->mod_values=NULL;
-
- grow[nummods+1]=NULL;
- }
-
- return 1;
-}
-
-static void
-build_attrs(LDAPMod ***modlist,char *line)
-{
- char *record;
- int i;
-
- /* Remove trailing whitespace */
- for(i=strlen(line);i>0;i--)
- if(ascii_isspace(line[i-1]))
- line[i-1]='\0';
- else
- break;
-
- if((record=strsep(&line,":"))==NULL)
- return;
-
- if(ks_strcasecmp("pub",record)==0)
- {
- char *tok;
- int disabled=0,revoked=0;
-
- /* The long keyid */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- if(strlen(tok)==16)
- {
- make_one_attr(modlist,"pgpCertID",tok);
- make_one_attr(modlist,"pgpKeyID",&tok[8]);
- }
- else
- return;
-
- /* The primary pubkey algo */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- switch(atoi(tok))
- {
- case 1:
- make_one_attr(modlist,"pgpKeyType","RSA");
- break;
-
- case 17:
- make_one_attr(modlist,"pgpKeyType","DSS/DH");
- break;
- }
-
- /* Size of primary key */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- if(atoi(tok)>0)
- {
- char padded[6];
- int val=atoi(tok);
-
- /* We zero pad this on the left to make PGP happy. */
-
- if(val<99999 && val>0)
- {
- sprintf(padded,"%05u",atoi(tok));
- make_one_attr(modlist,"pgpKeySize",padded);
- }
- }
-
- /* pk timestamp */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- if(atoi(tok)>0)
- {
- char *stamp=epoch2ldaptime(atoi(tok));
- if(stamp)
- {
- make_one_attr(modlist,"pgpKeyCreateTime",stamp);
- free(stamp);
- }
- }
-
- /* pk expire */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- if(atoi(tok)>0)
- {
- char *stamp=epoch2ldaptime(atoi(tok));
- if(stamp)
- {
- make_one_attr(modlist,"pgpKeyExpireTime",stamp);
- free(stamp);
- }
- }
-
- /* flags */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- while(*tok)
- switch(*tok++)
- {
- case 'r':
- case 'R':
- revoked=1;
- break;
-
- case 'd':
- case 'D':
- disabled=1;
- break;
- }
-
- /*
- Note that we always create the pgpDisabled and pgpRevoked
- attributes, regardless of whether the key is disabled/revoked
- or not. This is because a very common search is like
- "(&(pgpUserID=*isabella*)(pgpDisabled=0))"
- */
-
- make_one_attr(modlist,"pgpDisabled",disabled?"1":"0");
- make_one_attr(modlist,"pgpRevoked",revoked?"1":"0");
- }
- else if(ks_strcasecmp("sub",record)==0)
- {
- char *tok;
-
- /* The long keyid */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- if(strlen(tok)==16)
- make_one_attr(modlist,"pgpSubKeyID",tok);
- else
- return;
-
- /* The subkey algo */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- /* Size of subkey */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- if(atoi(tok)>0)
- {
- char padded[6];
- int val=atoi(tok);
-
- /* We zero pad this on the left to make PGP happy. */
-
- if(val<99999 && val>0)
- {
- sprintf(padded,"%05u",atoi(tok));
- make_one_attr(modlist,"pgpKeySize",padded);
- }
- }
-
- /* Ignore the rest of the items for subkeys since the LDAP
- schema doesn't store them. */
- }
- else if(ks_strcasecmp("uid",record)==0)
- {
- char *userid,*tok;
-
- /* The user ID string */
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- if(strlen(tok)==0)
- return;
-
- userid=tok;
-
- /* By definition, de-%-encoding is always smaller than the
- original string so we can decode in place. */
-
- i=0;
-
- while(*tok)
- if(tok[0]=='%' && tok[1] && tok[2])
- {
- int c;
-
- userid[i] = (c=hextobyte(&tok[1])) == -1 ? '?' : c;
- i++;
- tok+=3;
- }
- else
- userid[i++]=*tok++;
-
- userid[i]='\0';
-
- /* We don't care about the other info provided in the uid: line
- since the LDAP schema doesn't need it. */
-
- make_one_attr(modlist,"pgpUserID",userid);
- }
- else if(ks_strcasecmp("sig",record)==0)
- {
- char *tok;
-
- if((tok=strsep(&line,":"))==NULL)
- return;
-
- if(strlen(tok)==16)
- make_one_attr(modlist,"pgpSignerID",tok);
- }
-}
-
-static void
-free_mod_values(LDAPMod *mod)
-{
- char **ptr;
-
- if(!mod->mod_values)
- return;
-
- for(ptr=mod->mod_values;*ptr;ptr++)
- free(*ptr);
-
- free(mod->mod_values);
-}
-
-static int
-send_key(int *r_eof)
-{
- int err,begin=0,end=0,keysize=1,ret=KEYSERVER_INTERNAL_ERROR;
- char *dn=NULL,line[MAX_LINE],*key=NULL;
- char keyid[17],state[6];
- LDAPMod **modlist,**addlist,**ml;
-
- modlist=malloc(sizeof(LDAPMod *));
- if(!modlist)
- {
- fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- *modlist=NULL;
-
- addlist=malloc(sizeof(LDAPMod *));
- if(!addlist)
- {
- fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- *addlist=NULL;
-
- /* Start by nulling out all attributes. We try and do a modify
- operation first, so this ensures that we don't leave old
- attributes lying around. */
- make_one_attr(&modlist,"pgpDisabled",NULL);
- make_one_attr(&modlist,"pgpKeyID",NULL);
- make_one_attr(&modlist,"pgpKeyType",NULL);
- make_one_attr(&modlist,"pgpUserID",NULL);
- make_one_attr(&modlist,"pgpKeyCreateTime",NULL);
- make_one_attr(&modlist,"pgpSignerID",NULL);
- make_one_attr(&modlist,"pgpRevoked",NULL);
- make_one_attr(&modlist,"pgpSubKeyID",NULL);
- make_one_attr(&modlist,"pgpKeySize",NULL);
- make_one_attr(&modlist,"pgpKeyExpireTime",NULL);
- make_one_attr(&modlist,"pgpCertID",NULL);
-
- /* Assemble the INFO stuff into LDAP attributes */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- if(sscanf(line,"INFO%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
- && strcmp(state,"BEGIN")==0)
- {
- begin=1;
- break;
- }
-
- if(!begin)
- {
- /* i.e. eof before the INFO BEGIN was found. This isn't an
- error. */
- *r_eof=1;
- ret=KEYSERVER_OK;
- goto fail;
- }
-
- if(strlen(keyid)!=16)
- {
- *r_eof=1;
- ret=KEYSERVER_KEY_INCOMPLETE;
- goto fail;
- }
-
- dn=malloc(strlen("pgpCertID=")+16+1+strlen(basekeyspacedn)+1);
- if(dn==NULL)
- {
- fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- sprintf(dn,"pgpCertID=%s,%s",keyid,basekeyspacedn);
-
- key=malloc(1);
- if(!key)
- {
- fprintf(console,"gpgkeys: unable to allocate memory for key\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- key[0]='\0';
-
- /* Now parse each line until we see the END */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- if(sscanf(line,"INFO%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
- && strcmp(state,"END")==0)
- {
- end=1;
- break;
- }
- else
- build_attrs(&addlist,line);
-
- if(!end)
- {
- fprintf(console,"gpgkeys: no INFO %s END found\n",keyid);
- *r_eof=1;
- ret=KEYSERVER_KEY_INCOMPLETE;
- goto fail;
- }
-
- begin=end=0;
-
- /* Read and throw away stdin until we see the BEGIN */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
- && strcmp(state,"BEGIN")==0)
- {
- begin=1;
- break;
- }
-
- if(!begin)
- {
- /* i.e. eof before the KEY BEGIN was found. This isn't an
- error. */
- *r_eof=1;
- ret=KEYSERVER_OK;
- goto fail;
- }
-
- /* Now slurp up everything until we see the END */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
- && strcmp(state,"END")==0)
- {
- end=1;
- break;
- }
- else
- {
- char *tempkey;
- keysize+=strlen(line);
- tempkey=realloc(key,keysize);
- if(tempkey==NULL)
- {
- fprintf(console,"gpgkeys: unable to reallocate for key\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
- else
- key=tempkey;
-
- strcat(key,line);
- }
-
- if(!end)
- {
- fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
- *r_eof=1;
- ret=KEYSERVER_KEY_INCOMPLETE;
- goto fail;
- }
-
- make_one_attr(&addlist,"objectClass","pgpKeyInfo");
- make_one_attr(&addlist,"pgpKey",key);
-
- /* Now append addlist onto modlist */
- if(!join_two_modlists(&modlist,addlist))
- {
- fprintf(console,"gpgkeys: unable to merge LDAP modification lists\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- /* Going on the assumption that modify operations are more frequent
- than adds, we try a modify first. If it's not there, we just
- turn around and send an add command for the same key. Otherwise,
- the modify brings the server copy into compliance with our copy.
- Note that unlike the LDAP keyserver (and really, any other
- keyserver) this does NOT merge signatures, but replaces the whole
- key. This should make some people very happy. */
-
- err=ldap_modify_s(ldap,dn,modlist);
- if(err==LDAP_NO_SUCH_OBJECT)
- err=ldap_add_s(ldap,dn,addlist);
-
- if(err!=LDAP_SUCCESS)
- {
- fprintf(console,"gpgkeys: error adding key %s to keyserver: %s\n",
- keyid,ldap_err2string(err));
- ret=ldap_err_to_gpg_err(err);
- goto fail;
- }
-
- ret=KEYSERVER_OK;
-
- fail:
- if (modlist)
- {
- /* Unwind and free the whole modlist structure */
- for(ml=modlist;*ml;ml++)
- {
- free_mod_values(*ml);
- free(*ml);
- }
- free(modlist);
- }
- free(addlist);
- free(dn);
- free(key);
-
- if(ret!=0 && begin)
- fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
-
- return ret;
-}
-
-static int
-send_key_keyserver(int *r_eof)
-{
- int err,begin=0,end=0,keysize=1,ret=KEYSERVER_INTERNAL_ERROR;
- char *dn=NULL,line[MAX_LINE],*key[2]={NULL,NULL};
- char keyid[17],state[6];
- LDAPMod mod, *attrs[2];
-
- memset(&mod,0,sizeof(mod));
- mod.mod_op=LDAP_MOD_ADD;
- mod.mod_type=pgpkeystr;
- mod.mod_values=key;
- attrs[0]=&mod;
- attrs[1]=NULL;
-
- dn=malloc(strlen("pgpCertid=virtual,")+strlen(basekeyspacedn)+1);
- if(dn==NULL)
- {
- fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- strcpy(dn,"pgpCertid=virtual,");
- strcat(dn,basekeyspacedn);
-
- key[0]=malloc(1);
- if(key[0]==NULL)
- {
- fprintf(console,"gpgkeys: unable to allocate memory for key\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- key[0][0]='\0';
-
- /* Read and throw away stdin until we see the BEGIN */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- if(sscanf(line,"KEY%*[ ]%16s%*[ ]%5s\n",keyid,state)==2
- && strcmp(state,"BEGIN")==0)
- {
- begin=1;
- break;
- }
-
- if(!begin)
- {
- /* i.e. eof before the KEY BEGIN was found. This isn't an
- error. */
- *r_eof=1;
- ret=KEYSERVER_OK;
- goto fail;
- }
-
- /* Now slurp up everything until we see the END */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- if(sscanf(line,"KEY%*[ ]%16s%*[ ]%3s\n",keyid,state)==2
- && strcmp(state,"END")==0)
- {
- end=1;
- break;
- }
- else
- {
- keysize+=strlen(line);
- key[0]=realloc(key[0],keysize);
- if(key[0]==NULL)
- {
- fprintf(console,"gpgkeys: unable to reallocate for key\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- strcat(key[0],line);
- }
-
- if(!end)
- {
- fprintf(console,"gpgkeys: no KEY %s END found\n",keyid);
- *r_eof=1;
- ret=KEYSERVER_KEY_INCOMPLETE;
- goto fail;
- }
-
- err=ldap_add_s(ldap,dn,attrs);
- if(err!=LDAP_SUCCESS)
- {
- fprintf(console,"gpgkeys: error adding key %s to keyserver: %s\n",
- keyid,ldap_err2string(err));
- ret=ldap_err_to_gpg_err(err);
- goto fail;
- }
-
- ret=KEYSERVER_OK;
-
- fail:
-
- free(key[0]);
- free(dn);
-
- if(ret!=0 && begin)
- fprintf(output,"KEY %s FAILED %d\n",keyid,ret);
-
- /* Not a fatal error */
- if(ret==KEYSERVER_KEY_EXISTS)
- ret=KEYSERVER_OK;
-
- return ret;
-}
-
-static void
-build_info(const char *certid,LDAPMessage *each)
-{
- char **vals;
-
- fprintf(output,"INFO %s BEGIN\n",certid);
-
- fprintf(output,"pub:%s:",certid);
-
- vals=ldap_get_values(ldap,each,"pgpkeytype");
- if(vals!=NULL)
- {
- if(strcmp(vals[0],"RSA")==0)
- fprintf(output,"1");
- else if(strcmp(vals[0],"DSS/DH")==0)
- fprintf(output,"17");
- ldap_value_free(vals);
- }
-
- fprintf(output,":");
-
- vals=ldap_get_values(ldap,each,"pgpkeysize");
- if(vals!=NULL)
- {
- if(atoi(vals[0])>0)
- fprintf(output,"%d",atoi(vals[0]));
- ldap_value_free(vals);
- }
-
- fprintf(output,":");
-
- vals=ldap_get_values(ldap,each,"pgpkeycreatetime");
- if(vals!=NULL)
- {
- if(strlen(vals[0])==15)
- fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0]));
- ldap_value_free(vals);
- }
-
- fprintf(output,":");
-
- vals=ldap_get_values(ldap,each,"pgpkeyexpiretime");
- if(vals!=NULL)
- {
- if(strlen(vals[0])==15)
- fprintf(output,"%u",(unsigned int)ldap2epochtime(vals[0]));
- ldap_value_free(vals);
- }
-
- fprintf(output,":");
-
- vals=ldap_get_values(ldap,each,"pgprevoked");
- if(vals!=NULL)
- {
- if(atoi(vals[0])==1)
- fprintf(output,"r");
- ldap_value_free(vals);
- }
-
- fprintf(output,"\n");
-
- vals=ldap_get_values(ldap,each,"pgpuserid");
- if(vals!=NULL)
- {
- int i;
-
- for(i=0;vals[i];i++)
- fprintf(output,"uid:%s\n",vals[i]);
- ldap_value_free(vals);
- }
-
- fprintf(output,"INFO %s END\n",certid);
-}
-
-/* Note that key-not-found is not a fatal error */
-static int
-get_key(char *getkey)
-{
- LDAPMessage *res,*each;
- int ret=KEYSERVER_INTERNAL_ERROR,err,count;
- struct keylist *dupelist=NULL;
- char search[62];
- /* This ordering is significant - specifically, "pgpcertid" needs to
- be the second item in the list, since everything after it may be
- discarded if the user isn't in verbose mode. */
- char *attrs[]={"replaceme","pgpcertid","pgpuserid","pgpkeyid","pgprevoked",
- "pgpdisabled","pgpkeycreatetime","modifytimestamp",
- "pgpkeysize","pgpkeytype",NULL};
- attrs[0]=pgpkeystr; /* Some compilers don't like using variables as
- array initializers. */
-
- /* Build the search string */
-
- /* GPG can send us a v4 fingerprint, a v3 or v4 long key id, or a v3
- or v4 short key id */
-
- if(strncmp(getkey,"0x",2)==0)
- getkey+=2;
-
- if(strlen(getkey)==32)
- {
- fprintf(console,
- "gpgkeys: LDAP keyservers do not support v3 fingerprints\n");
- fprintf(output,"KEY 0x%s BEGIN\n",getkey);
- fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_NOT_SUPPORTED);
- return KEYSERVER_NOT_SUPPORTED;
- }
-
- if(strlen(getkey)>16)
- {
- char *offset=&getkey[strlen(getkey)-16];
-
- /* fingerprint. Take the last 16 characters and treat it like a
- long key id */
-
- if(opt->flags.include_subkeys)
- sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
- offset,offset);
- else
- sprintf(search,"(pgpcertid=%.16s)",offset);
- }
- else if(strlen(getkey)>8)
- {
- /* long key id */
-
- if(opt->flags.include_subkeys)
- sprintf(search,"(|(pgpcertid=%.16s)(pgpsubkeyid=%.16s))",
- getkey,getkey);
- else
- sprintf(search,"(pgpcertid=%.16s)",getkey);
- }
- else
- {
- /* short key id */
-
- sprintf(search,"(pgpkeyid=%.8s)",getkey);
- }
-
- if(opt->verbose>2)
- fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
-
- if(!opt->verbose)
- attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
-
- err=ldap_search_s(ldap,basekeyspacedn,
- LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
- if(err!=0)
- {
- int errtag=ldap_err_to_gpg_err(err);
-
- fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
- fprintf(output,"KEY 0x%s BEGIN\n",getkey);
- fprintf(output,"KEY 0x%s FAILED %d\n",getkey,errtag);
- return errtag;
- }
-
- count=ldap_count_entries(ldap,res);
- if(count<1)
- {
- fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
- fprintf(output,"KEY 0x%s BEGIN\n",getkey);
- fprintf(output,"KEY 0x%s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND);
- }
- else
- {
- /* There may be more than one unique result for a given keyID,
- so we should fetch them all (test this by fetching short key
- id 0xDEADBEEF). */
-
- each=ldap_first_entry(ldap,res);
- while(each!=NULL)
- {
- char **vals,**certid;
-
- /* Use the long keyid to remove duplicates. The LDAP server
- returns the same keyid more than once if there are
- multiple user IDs on the key. Note that this does NOT
- mean that a keyid that exists multiple times on the
- keyserver will not be fetched. It means that each KEY,
- no matter how many user IDs share its keyid, will be
- fetched only once. If a keyid that belongs to more than
- one key is fetched, the server quite properly responds
- with all matching keys. -ds */
-
- certid=ldap_get_values(ldap,each,"pgpcertid");
- if(certid!=NULL)
- {
- if(!key_in_keylist(certid[0],dupelist))
- {
- /* it's not a duplicate, so add it */
-
- int rc=add_key_to_keylist(certid[0],&dupelist);
- if(rc)
- {
- ret=rc;
- goto fail;
- }
-
- build_info(certid[0],each);
-
- fprintf(output,"KEY 0x%s BEGIN\n",getkey);
-
- vals=ldap_get_values(ldap,each,pgpkeystr);
- if(vals==NULL)
- {
- int errtag=ldap_to_gpg_err(ldap);
-
- fprintf(console,"gpgkeys: unable to retrieve key %s "
- "from keyserver\n",getkey);
- fprintf(output,"KEY 0x%s FAILED %d\n",getkey,errtag);
- }
- else
- {
- print_nocr(output,vals[0]);
- fprintf(output,"\nKEY 0x%s END\n",getkey);
-
- ldap_value_free(vals);
- }
- }
-
- ldap_value_free(certid);
- }
-
- each=ldap_next_entry(ldap,each);
- }
- }
-
- ret=KEYSERVER_OK;
-
- fail:
- ldap_msgfree(res);
- free_keylist(dupelist);
-
- return ret;
-}
-
-#define LDAP_ESCAPE_CHARS "*()\\"
-
-/* Append string to buffer in a LDAP-quoted way */
-static void
-ldap_quote(char *buffer,const char *string)
-{
- /* Find the end of buffer */
- buffer+=strlen(buffer);
-
- for(;*string;string++)
- {
- if(strchr(LDAP_ESCAPE_CHARS,*string))
- {
- sprintf(buffer,"\\%02X",*string);
- buffer+=3;
- }
- else
- *buffer++=*string;
- }
-
- *buffer='\0';
-}
-
-/* Note that key-not-found is not a fatal error */
-static int
-get_name(char *getkey)
-{
- LDAPMessage *res,*each;
- int ret=KEYSERVER_INTERNAL_ERROR,err,count;
- /* The maximum size of the search, including the optional stuff and
- the trailing \0 */
- char search[2+12+(MAX_LINE*3)+2+15+14+1+1+20];
- /* This ordering is significant - specifically, "pgpcertid" needs to
- be the second item in the list, since everything after it may be
- discarded if the user isn't in verbose mode. */
- char *attrs[]={"replaceme","pgpcertid","pgpuserid","pgpkeyid","pgprevoked",
- "pgpdisabled","pgpkeycreatetime","modifytimestamp",
- "pgpkeysize","pgpkeytype",NULL};
- attrs[0]=pgpkeystr; /* Some compilers don't like using variables as
- array initializers. */
-
- /* Build the search string */
-
- search[0]='\0';
-
- if(!opt->flags.include_disabled || !opt->flags.include_revoked)
- strcat(search,"(&");
-
- strcat(search,"(pgpUserID=*");
- ldap_quote(search,getkey);
- strcat(search,"*)");
-
- if(!opt->flags.include_disabled)
- strcat(search,"(pgpDisabled=0)");
-
- if(!opt->flags.include_revoked)
- strcat(search,"(pgpRevoked=0)");
-
- if(!opt->flags.include_disabled || !opt->flags.include_revoked)
- strcat(search,")");
-
- if(opt->verbose>2)
- fprintf(console,"gpgkeys: LDAP fetch for: %s\n",search);
-
- if(!opt->verbose)
- attrs[2]=NULL; /* keep only pgpkey(v2) and pgpcertid */
-
- err=ldap_search_s(ldap,basekeyspacedn,
- LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
- if(err!=0)
- {
- int errtag=ldap_err_to_gpg_err(err);
-
- fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
- fprintf(output,"NAME %s BEGIN\n",getkey);
- fprintf(output,"NAME %s FAILED %d\n",getkey,errtag);
- return errtag;
- }
-
- count=ldap_count_entries(ldap,res);
- if(count<1)
- {
- fprintf(console,"gpgkeys: key %s not found on keyserver\n",getkey);
- fprintf(output,"NAME %s BEGIN\n",getkey);
- fprintf(output,"NAME %s FAILED %d\n",getkey,KEYSERVER_KEY_NOT_FOUND);
- }
- else
- {
- /* There may be more than one result, but we return them all. */
-
- each=ldap_first_entry(ldap,res);
- while(each!=NULL)
- {
- char **vals,**certid;
-
- certid=ldap_get_values(ldap,each,"pgpcertid");
- if(certid!=NULL)
- {
- build_info(certid[0],each);
-
- fprintf(output,"NAME %s BEGIN\n",getkey);
-
- vals=ldap_get_values(ldap,each,pgpkeystr);
- if(vals==NULL)
- {
- int errtag=ldap_to_gpg_err(ldap);
-
- fprintf(console,"gpgkeys: unable to retrieve key %s "
- "from keyserver\n",getkey);
- fprintf(output,"NAME %s FAILED %d\n",getkey,errtag);
- }
- else
- {
- print_nocr(output,vals[0]);
- fprintf(output,"\nNAME %s END\n",getkey);
-
- ldap_value_free(vals);
- }
-
- ldap_value_free(certid);
- }
-
- each=ldap_next_entry(ldap,each);
- }
- }
-
- ret=KEYSERVER_OK;
-
- ldap_msgfree(res);
-
- return ret;
-}
-
-static void
-printquoted(FILE *stream,char *string,char delim)
-{
- while(*string)
- {
- if(*string==delim || *string=='%')
- fprintf(stream,"%%%02x",*string);
- else
- fputc(*string,stream);
-
- string++;
- }
-}
-
-/* Returns 0 on success and -1 on error. Note that key-not-found is
- not an error! */
-static int
-search_key(const char *searchkey)
-{
- char **vals,*search;
- LDAPMessage *res,*each;
- int err,count=0;
- struct keylist *dupelist=NULL;
- /* The maximum size of the search, including the optional stuff and
- the trailing \0 */
- char *attrs[]={"pgpcertid","pgpuserid","pgprevoked","pgpdisabled",
- "pgpkeycreatetime","pgpkeyexpiretime","modifytimestamp",
- "pgpkeysize","pgpkeytype",NULL};
- enum ks_search_type search_type;
-
- search=malloc(2+1+9+1+3+strlen(searchkey)+3+1+15+14+1+1+20);
- if(!search)
- {
- fprintf(console,"gpgkeys: out of memory when building search list\n");
- fprintf(output,"SEARCH %s FAILED %d\n",searchkey,KEYSERVER_NO_MEMORY);
- return KEYSERVER_NO_MEMORY;
- }
-
- fprintf(output,"SEARCH %s BEGIN\n",searchkey);
-
- search_type=classify_ks_search(&searchkey);
-
- if(opt->debug)
- fprintf(console,"search type is %d, and key is \"%s\"\n",
- search_type,searchkey);
-
- /* Build the search string */
-
- search[0]='\0';
-
- if(!opt->flags.include_disabled || !opt->flags.include_revoked)
- strcat(search,"(&");
-
- strcat(search,"(");
-
- switch(search_type)
- {
- case KS_SEARCH_KEYID_SHORT:
- strcat(search,"pgpKeyID");
- break;
-
- case KS_SEARCH_KEYID_LONG:
- strcat(search,"pgpCertID");
- break;
-
- default:
- strcat(search,"pgpUserID");
- break;
- }
-
- strcat(search,"=");
-
- switch(search_type)
- {
- case KS_SEARCH_SUBSTR:
- strcat(search,"*");
- break;
-
- case KS_SEARCH_MAIL:
- strcat(search,"*<");
- break;
-
- case KS_SEARCH_MAILSUB:
- strcat(search,"*<*");
- break;
-
- case KS_SEARCH_EXACT:
- case KS_SEARCH_KEYID_LONG:
- case KS_SEARCH_KEYID_SHORT:
- break;
- }
-
- strcat(search,searchkey);
-
- switch(search_type)
- {
- case KS_SEARCH_SUBSTR:
- strcat(search,"*");
- break;
-
- case KS_SEARCH_MAIL:
- strcat(search,">*");
- break;
-
- case KS_SEARCH_MAILSUB:
- strcat(search,"*>*");
- break;
-
- case KS_SEARCH_EXACT:
- case KS_SEARCH_KEYID_LONG:
- case KS_SEARCH_KEYID_SHORT:
- break;
- }
-
- strcat(search,")");
-
- if(!opt->flags.include_disabled)
- strcat(search,"(pgpDisabled=0)");
-
- if(!opt->flags.include_revoked)
- strcat(search,"(pgpRevoked=0)");
-
- if(!opt->flags.include_disabled || !opt->flags.include_revoked)
- strcat(search,")");
-
- if(opt->verbose>2)
- fprintf(console,"gpgkeys: LDAP search for: %s\n",search);
-
- err=ldap_search_s(ldap,basekeyspacedn,
- LDAP_SCOPE_SUBTREE,search,attrs,0,&res);
- free(search);
- if(err!=LDAP_SUCCESS && err!=LDAP_SIZELIMIT_EXCEEDED)
- {
- int errtag=ldap_err_to_gpg_err(err);
-
- fprintf(output,"SEARCH %s FAILED %d\n",searchkey,errtag);
- fprintf(console,"gpgkeys: LDAP search error: %s\n",ldap_err2string(err));
- return errtag;
- }
-
- /* The LDAP server doesn't return a real count of unique keys, so we
- can't use ldap_count_entries here. */
- each=ldap_first_entry(ldap,res);
- while(each!=NULL)
- {
- char **certid=ldap_get_values(ldap,each,"pgpcertid");
-
- if(certid!=NULL)
- {
- if(!key_in_keylist(certid[0],dupelist))
- {
- int rc=add_key_to_keylist(certid[0],&dupelist);
- if(rc!=0)
- {
- fprintf(output,"SEARCH %s FAILED %d\n",searchkey,rc);
- free_keylist(dupelist);
- return rc;
- }
-
- count++;
- }
- }
-
- each=ldap_next_entry(ldap,each);
- }
-
- if(err==LDAP_SIZELIMIT_EXCEEDED)
- {
- if(count==1)
- fprintf(console,"gpgkeys: search results exceeded server limit."
- " First %d result shown.\n",count);
- else
- fprintf(console,"gpgkeys: search results exceeded server limit."
- " First %d results shown.\n",count);
- }
-
- free_keylist(dupelist);
- dupelist=NULL;
-
- if(count<1)
- fprintf(output,"info:1:0\n");
- else
- {
- fprintf(output,"info:1:%d\n",count);
-
- each=ldap_first_entry(ldap,res);
- while(each!=NULL)
- {
- char **certid;
-
- certid=ldap_get_values(ldap,each,"pgpcertid");
- if(certid!=NULL)
- {
- LDAPMessage *uids;
-
- /* Have we seen this certid before? */
- if(!key_in_keylist(certid[0],dupelist))
- {
- int rc=add_key_to_keylist(certid[0],&dupelist);
- if(rc)
- {
- fprintf(output,"SEARCH %s FAILED %d\n",searchkey,rc);
- free_keylist(dupelist);
- ldap_value_free(certid);
- ldap_msgfree(res);
- return rc;
- }
-
- fprintf(output,"pub:%s:",certid[0]);
-
- vals=ldap_get_values(ldap,each,"pgpkeytype");
- if(vals!=NULL)
- {
- /* The LDAP server doesn't exactly handle this
- well. */
- if(strcasecmp(vals[0],"RSA")==0)
- fprintf(output,"1");
- else if(strcasecmp(vals[0],"DSS/DH")==0)
- fprintf(output,"17");
- ldap_value_free(vals);
- }
-
- fputc(':',output);
-
- vals=ldap_get_values(ldap,each,"pgpkeysize");
- if(vals!=NULL)
- {
- /* Not sure why, but some keys are listed with a
- key size of 0. Treat that like an
- unknown. */
- if(atoi(vals[0])>0)
- fprintf(output,"%d",atoi(vals[0]));
- ldap_value_free(vals);
- }
-
- fputc(':',output);
-
- /* YYYYMMDDHHmmssZ */
-
- vals=ldap_get_values(ldap,each,"pgpkeycreatetime");
- if(vals!=NULL && strlen(vals[0])==15)
- {
- fprintf(output,"%u",
- (unsigned int)ldap2epochtime(vals[0]));
- ldap_value_free(vals);
- }
-
- fputc(':',output);
-
- vals=ldap_get_values(ldap,each,"pgpkeyexpiretime");
- if(vals!=NULL && strlen(vals[0])==15)
- {
- fprintf(output,"%u",
- (unsigned int)ldap2epochtime(vals[0]));
- ldap_value_free(vals);
- }
-
- fputc(':',output);
-
- vals=ldap_get_values(ldap,each,"pgprevoked");
- if(vals!=NULL)
- {
- if(atoi(vals[0])==1)
- fprintf(output,"r");
- ldap_value_free(vals);
- }
-
- vals=ldap_get_values(ldap,each,"pgpdisabled");
- if(vals!=NULL)
- {
- if(atoi(vals[0])==1)
- fprintf(output,"d");
- ldap_value_free(vals);
- }
-
-#if 0
- /* This is not yet specified in the keyserver
- protocol, but may be someday. */
- fputc(':',output);
-
- vals=ldap_get_values(ldap,each,"modifytimestamp");
- if(vals!=NULL && strlen(vals[0])==15)
- {
- fprintf(output,"%u",
- (unsigned int)ldap2epochtime(vals[0]));
- ldap_value_free(vals);
- }
-#endif
-
- fprintf(output,"\n");
-
- /* Now print all the uids that have this certid */
- uids=ldap_first_entry(ldap,res);
- while(uids!=NULL)
- {
- vals=ldap_get_values(ldap,uids,"pgpcertid");
- if(vals!=NULL)
- {
- if(strcasecmp(certid[0],vals[0])==0)
- {
- char **uidvals;
-
- fprintf(output,"uid:");
-
- uidvals=ldap_get_values(ldap,uids,"pgpuserid");
- if(uidvals!=NULL)
- {
- /* Need to escape any colons */
- printquoted(output,uidvals[0],':');
- ldap_value_free(uidvals);
- }
-
- fprintf(output,"\n");
- }
-
- ldap_value_free(vals);
- }
-
- uids=ldap_next_entry(ldap,uids);
- }
- }
-
- ldap_value_free(certid);
- }
-
- each=ldap_next_entry(ldap,each);
- }
- }
-
- ldap_msgfree(res);
- free_keylist(dupelist);
-
- fprintf(output,"SEARCH %s END\n",searchkey);
-
- return KEYSERVER_OK;
-}
-
-static void
-fail_all(struct keylist *keylist,int err)
-{
- if(!keylist)
- return;
-
- if(opt->action==KS_SEARCH)
- {
- fprintf(output,"SEARCH ");
- while(keylist)
- {
- fprintf(output,"%s ",keylist->str);
- keylist=keylist->next;
- }
- fprintf(output,"FAILED %d\n",err);
- }
- else
- while(keylist)
- {
- fprintf(output,"KEY %s FAILED %d\n",keylist->str,err);
- keylist=keylist->next;
- }
-}
-
-static int
-find_basekeyspacedn(void)
-{
- int err,i;
- char *attr[]={"namingContexts",NULL,NULL,NULL};
- LDAPMessage *res;
- char **context;
-
- /* Look for namingContexts */
- err=ldap_search_s(ldap,"",LDAP_SCOPE_BASE,"(objectClass=*)",attr,0,&res);
- if(err==LDAP_SUCCESS)
- {
- context=ldap_get_values(ldap,res,"namingContexts");
- if(context)
- {
- attr[0]="pgpBaseKeySpaceDN";
- attr[1]="pgpVersion";
- attr[2]="pgpSoftware";
-
- real_ldap=1;
-
- /* We found some, so try each namingContext as the search base
- and look for pgpBaseKeySpaceDN. Because we found this, we
- know we're talking to a regular-ish LDAP server and not a
- LDAP keyserver. */
-
- for(i=0;context[i] && !basekeyspacedn;i++)
- {
- char **vals;
- LDAPMessage *si_res;
- char *object;
-
- object=malloc(17+strlen(context[i])+1);
- if(!object)
- return -1;
-
- strcpy(object,"cn=pgpServerInfo,");
- strcat(object,context[i]);
-
- err=ldap_search_s(ldap,object,LDAP_SCOPE_BASE,
- "(objectClass=*)",attr,0,&si_res);
- free(object);
-
- if(err==LDAP_NO_SUCH_OBJECT)
- continue;
- else if(err!=LDAP_SUCCESS)
- return err;
-
- vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN");
- if(vals)
- {
- basekeyspacedn=strdup(vals[0]);
- ldap_value_free(vals);
- }
-
- if(opt->verbose>1)
- {
- vals=ldap_get_values(ldap,si_res,"pgpSoftware");
- if(vals)
- {
- fprintf(console,"Server: \t%s\n",vals[0]);
- ldap_value_free(vals);
- }
-
- vals=ldap_get_values(ldap,si_res,"pgpVersion");
- if(vals)
- {
- fprintf(console,"Version:\t%s\n",vals[0]);
- ldap_value_free(vals);
- }
- }
-
- ldap_msgfree(si_res);
- }
-
- ldap_value_free(context);
- }
-
- ldap_msgfree(res);
- }
- else
- {
- /* We don't have an answer yet, which means the server might be
- a LDAP keyserver. */
- char **vals;
- LDAPMessage *si_res;
-
- attr[0]="pgpBaseKeySpaceDN";
- attr[1]="version";
- attr[2]="software";
-
- err=ldap_search_s(ldap,"cn=pgpServerInfo",LDAP_SCOPE_BASE,
- "(objectClass=*)",attr,0,&si_res);
- if(err!=LDAP_SUCCESS)
- return err;
-
- /* For the LDAP keyserver, this is always "OU=ACTIVE,O=PGP
- KEYSPACE,C=US", but it might not be in the future. */
-
- vals=ldap_get_values(ldap,si_res,"baseKeySpaceDN");
- if(vals)
- {
- basekeyspacedn=strdup(vals[0]);
- ldap_value_free(vals);
- }
-
- if(opt->verbose>1)
- {
- vals=ldap_get_values(ldap,si_res,"software");
- if(vals)
- {
- fprintf(console,"Server: \t%s\n",vals[0]);
- ldap_value_free(vals);
- }
- }
-
- vals=ldap_get_values(ldap,si_res,"version");
- if(vals)
- {
- if(opt->verbose>1)
- fprintf(console,"Version:\t%s\n",vals[0]);
-
- /* If the version is high enough, use the new pgpKeyV2
- attribute. This design if iffy at best, but it matches how
- PGP does it. I figure the NAI folks assumed that there would
- never be a LDAP keyserver vendor with a different numbering
- scheme. */
- if(atoi(vals[0])>1)
- pgpkeystr="pgpKeyV2";
-
- ldap_value_free(vals);
- }
-
- ldap_msgfree(si_res);
- }
-
- return LDAP_SUCCESS;
-}
-
-static void
-show_help (FILE *fp)
-{
- fprintf (fp,"-h, --help\thelp\n");
- fprintf (fp,"-V\t\tmachine readable version\n");
- fprintf (fp,"--version\thuman readable version\n");
- fprintf (fp,"-o\t\toutput to this file\n");
-}
-
-int
-main(int argc,char *argv[])
-{
- int port=0,arg,err,ret=KEYSERVER_INTERNAL_ERROR;
- char line[MAX_LINE],*binddn=NULL,*bindpw=NULL;
- int failed=0,use_ssl=0,use_tls=0,bound=0;
- struct keylist *keylist=NULL,*keyptr=NULL;
-
- console=stderr;
-
- /* Kludge to implement standard GNU options. */
- if (argc > 1 && !strcmp (argv[1], "--version"))
- {
- fputs ("gpgkeys_ldap ("GNUPG_NAME") " VERSION"\n", stdout);
- return 0;
- }
- else if (argc > 1 && !strcmp (argv[1], "--help"))
- {
- show_help (stdout);
- return 0;
- }
-
- while((arg=getopt(argc,argv,"hVo:"))!=-1)
- switch(arg)
- {
- default:
- case 'h':
- show_help (console);
- return KEYSERVER_OK;
-
- case 'V':
- fprintf(stdout,"%d\n%s\n",KEYSERVER_PROTO_VERSION,VERSION);
- return KEYSERVER_OK;
-
- case 'o':
- output=fopen(optarg,"w");
- if(output==NULL)
- {
- fprintf(console,"gpgkeys: Cannot open output file '%s': %s\n",
- optarg,strerror(errno));
- return KEYSERVER_INTERNAL_ERROR;
- }
-
- break;
- }
-
- if(argc>optind)
- {
- input=fopen(argv[optind],"r");
- if(input==NULL)
- {
- fprintf(console,"gpgkeys: Cannot open input file '%s': %s\n",
- argv[optind],strerror(errno));
- return KEYSERVER_INTERNAL_ERROR;
- }
- }
-
- if(input==NULL)
- input=stdin;
-
- if(output==NULL)
- output=stdout;
-
- opt=init_ks_options();
- if(!opt)
- return KEYSERVER_NO_MEMORY;
-
- /* Get the command and info block */
-
- while(fgets(line,MAX_LINE,input)!=NULL)
- {
- char optionstr[MAX_OPTION+1];
-
- if(line[0]=='\n')
- break;
-
- err=parse_ks_options(line,opt);
- if(err>0)
- {
- ret=err;
- goto fail;
- }
- else if(err==0)
- continue;
-
- if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",optionstr)==1)
- {
- int no=0;
- char *start=&optionstr[0];
-
- optionstr[MAX_OPTION]='\0';
-
- if(strncasecmp(optionstr,"no-",3)==0)
- {
- no=1;
- start=&optionstr[3];
- }
-
- if(strncasecmp(start,"tls",3)==0)
- {
- if(no)
- use_tls=0;
- else if(start[3]=='=')
- {
- if(strcasecmp(&start[4],"no")==0)
- use_tls=0;
- else if(strcasecmp(&start[4],"try")==0)
- use_tls=1;
- else if(strcasecmp(&start[4],"warn")==0)
- use_tls=2;
- else if(strcasecmp(&start[4],"require")==0)
- use_tls=3;
- else
- use_tls=1;
- }
- else if(start[3]=='\0')
- use_tls=1;
- }
- else if(strncasecmp(start,"basedn",6)==0)
- {
- if(no)
- {
- free(basekeyspacedn);
- basekeyspacedn=NULL;
- }
- else if(start[6]=='=')
- {
- free(basekeyspacedn);
- basekeyspacedn=strdup(&start[7]);
- if(!basekeyspacedn)
- {
- fprintf(console,"gpgkeys: out of memory while creating "
- "base DN\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- real_ldap=1;
- }
- }
- else if(strncasecmp(start,"binddn",6)==0)
- {
- if(no)
- {
- free(binddn);
- binddn=NULL;
- }
- else if(start[6]=='=')
- {
- free(binddn);
- binddn=strdup(&start[7]);
- if(!binddn)
- {
- fprintf(console,"gpgkeys: out of memory while creating "
- "bind DN\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- real_ldap=1;
- }
- }
- else if(strncasecmp(start,"bindpw",6)==0)
- {
- if(no)
- {
- free(bindpw);
- bindpw=NULL;
- }
- else if(start[6]=='=')
- {
- free(bindpw);
- bindpw=strdup(&start[7]);
- if(!bindpw)
- {
- fprintf(console,"gpgkeys: out of memory while creating "
- "bind password\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- real_ldap=1;
- }
- }
-
- continue;
- }
- }
-
- if(!opt->scheme)
- {
- fprintf(console,"gpgkeys: no scheme supplied!\n");
- ret=KEYSERVER_SCHEME_NOT_FOUND;
- goto fail;
- }
-
- if(strcasecmp(opt->scheme,"ldaps")==0)
- {
- port=636;
- use_ssl=1;
- }
-
- if(opt->port)
- port=atoi(opt->port);
-
- if(!opt->host)
- {
- fprintf(console,"gpgkeys: no keyserver host provided\n");
- goto fail;
- }
-
- if(opt->timeout && register_timeout()==-1)
- {
- fprintf(console,"gpgkeys: unable to register timeout handler\n");
- return KEYSERVER_INTERNAL_ERROR;
- }
-
-#if defined(LDAP_OPT_X_TLS_CACERTFILE) && defined(HAVE_LDAP_SET_OPTION)
-
- if(opt->ca_cert_file)
- {
- err=ldap_set_option(NULL,LDAP_OPT_X_TLS_CACERTFILE,opt->ca_cert_file);
- if(err!=LDAP_SUCCESS)
- {
- fprintf(console,"gpgkeys: unable to set ca-cert-file: %s\n",
- ldap_err2string(err));
- ret=KEYSERVER_INTERNAL_ERROR;
- goto fail;
- }
- }
-#endif /* LDAP_OPT_X_TLS_CACERTFILE && HAVE_LDAP_SET_OPTION */
-
- /* SSL trumps TLS */
- if(use_ssl)
- use_tls=0;
-
- /* If it's a GET or a SEARCH, the next thing to come in is the
- keyids. If it's a SEND, then there are no keyids. */
-
- if(opt->action==KS_SEND)
- while(fgets(line,MAX_LINE,input)!=NULL && line[0]!='\n');
- else if(opt->action==KS_GET
- || opt->action==KS_GETNAME || opt->action==KS_SEARCH)
- {
- for(;;)
- {
- struct keylist *work;
-
- if(fgets(line,MAX_LINE,input)==NULL)
- break;
- else
- {
- if(line[0]=='\n' || line[0]=='\0')
- break;
-
- work=malloc(sizeof(struct keylist));
- if(work==NULL)
- {
- fprintf(console,"gpgkeys: out of memory while "
- "building key list\n");
- ret=KEYSERVER_NO_MEMORY;
- goto fail;
- }
-
- strcpy(work->str,line);
-
- /* Trim the trailing \n */
- work->str[strlen(line)-1]='\0';
-
- work->next=NULL;
-
- /* Always attach at the end to keep the list in proper
- order for searching */
- if(keylist==NULL)
- keylist=work;
- else
- keyptr->next=work;
-
- keyptr=work;
- }
- }
- }
- else
- {
- fprintf(console,"gpgkeys: no keyserver command specified\n");
- goto fail;
- }
-
- /* Send the response */
-
- fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION);
- fprintf(output,"PROGRAM %s\n\n",VERSION);
-
- if(opt->verbose>1)
- {
- fprintf(console,"Host:\t\t%s\n",opt->host);
- if(port)
- fprintf(console,"Port:\t\t%d\n",port);
- fprintf(console,"Command:\t%s\n",ks_action_to_string(opt->action));
- }
-
- if(opt->debug)
- {
-#if defined(LDAP_OPT_DEBUG_LEVEL) && defined(HAVE_LDAP_SET_OPTION)
- err=ldap_set_option(NULL,LDAP_OPT_DEBUG_LEVEL,&opt->debug);
- if(err!=LDAP_SUCCESS)
- fprintf(console,"gpgkeys: unable to set debug mode: %s\n",
- ldap_err2string(err));
- else
- fprintf(console,"gpgkeys: debug level %d\n",opt->debug);
-#else
- fprintf(console,"gpgkeys: not built with debugging support\n");
-#endif
- }
-
- /* We have a timeout set for the setup stuff since it could time out
- as well. */
- set_timeout(opt->timeout);
-
- /* Note that this tries all A records on a given host (or at least,
- OpenLDAP does). */
- ldap=ldap_init(opt->host,port);
- if(ldap==NULL)
- {
- fprintf(console,"gpgkeys: internal LDAP init error: %s\n",
- strerror(errno));
- fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
- goto fail;
- }
-
- if(use_ssl)
- {
-#if defined(LDAP_OPT_X_TLS) && defined(HAVE_LDAP_SET_OPTION)
- int ssl=LDAP_OPT_X_TLS_HARD;
-
- err=ldap_set_option(ldap,LDAP_OPT_X_TLS,&ssl);
- if(err!=LDAP_SUCCESS)
- {
- fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
- ldap_err2string(err));
- fail_all(keylist,ldap_err_to_gpg_err(err));
- goto fail;
- }
-
- if(!opt->flags.check_cert)
- ssl=LDAP_OPT_X_TLS_NEVER;
-
- err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ssl);
- if(err!=LDAP_SUCCESS)
- {
- fprintf(console,
- "gpgkeys: unable to set certificate validation: %s\n",
- ldap_err2string(err));
- fail_all(keylist,ldap_err_to_gpg_err(err));
- goto fail;
- }
-#else
- fprintf(console,"gpgkeys: unable to make SSL connection: %s\n",
- "not built with LDAPS support");
- fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
- goto fail;
-#endif
- }
-
- if(!basekeyspacedn)
- if((err=find_basekeyspacedn()) || !basekeyspacedn)
- {
- fprintf(console,"gpgkeys: unable to retrieve LDAP base: %s\n",
- err?ldap_err2string(err):"not found");
- fail_all(keylist,ldap_err_to_gpg_err(err));
- goto fail;
- }
-
- /* use_tls: 0=don't use, 1=try silently to use, 2=try loudly to use,
- 3=force use. */
- if(use_tls)
- {
- if(!real_ldap)
- {
- if(use_tls>=2)
- fprintf(console,"gpgkeys: unable to start TLS: %s\n",
- "not supported by the NAI LDAP keyserver");
- if(use_tls==3)
- {
- fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
- goto fail;
- }
- }
- else
- {
-#if defined(HAVE_LDAP_START_TLS_S) && defined(HAVE_LDAP_SET_OPTION)
- int ver=LDAP_VERSION3;
-
- err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
-
-#ifdef LDAP_OPT_X_TLS
- if(err==LDAP_SUCCESS)
- {
- if(opt->flags.check_cert)
- ver=LDAP_OPT_X_TLS_HARD;
- else
- ver=LDAP_OPT_X_TLS_NEVER;
-
- err=ldap_set_option(NULL,LDAP_OPT_X_TLS_REQUIRE_CERT,&ver);
- }
-#endif
-
- if(err==LDAP_SUCCESS)
- err=ldap_start_tls_s(ldap,NULL,NULL);
-
- if(err!=LDAP_SUCCESS)
- {
- if(use_tls>=2 || opt->verbose>2)
- fprintf(console,"gpgkeys: unable to start TLS: %s\n",
- ldap_err2string(err));
- /* Are we forcing it? */
- if(use_tls==3)
- {
- fail_all(keylist,ldap_err_to_gpg_err(err));
- goto fail;
- }
- }
- else if(opt->verbose>1)
- fprintf(console,"gpgkeys: TLS started successfully.\n");
-#else
- if(use_tls>=2)
- fprintf(console,"gpgkeys: unable to start TLS: %s\n",
- "not built with TLS support");
- if(use_tls==3)
- {
- fail_all(keylist,KEYSERVER_INTERNAL_ERROR);
- goto fail;
- }
-#endif
- }
- }
-
- /* By default we don't bind as there is usually no need to. For
- cases where the server needs some authentication, the user can
- use binddn and bindpw for auth. */
-
- if(binddn)
- {
-#ifdef HAVE_LDAP_SET_OPTION
- int ver=LDAP_VERSION3;
-
- err=ldap_set_option(ldap,LDAP_OPT_PROTOCOL_VERSION,&ver);
- if(err!=LDAP_SUCCESS)
- {
- fprintf(console,"gpgkeys: unable to go to LDAP 3: %s\n",
- ldap_err2string(err));
- fail_all(keylist,ldap_err_to_gpg_err(err));
- goto fail;
- }
-#endif
-
- if(opt->verbose>2)
- fprintf(console,"gpgkeys: LDAP bind to %s, pw %s\n",binddn,
- bindpw?">not shown<":">none<");
- err=ldap_simple_bind_s(ldap,binddn,bindpw);
- if(err!=LDAP_SUCCESS)
- {
- fprintf(console,"gpgkeys: internal LDAP bind error: %s\n",
- ldap_err2string(err));
- fail_all(keylist,ldap_err_to_gpg_err(err));
- goto fail;
- }
- else
- bound=1;
- }
-
- if(opt->action==KS_GET)
- {
- keyptr=keylist;
-
- while(keyptr!=NULL)
- {
- set_timeout(opt->timeout);
-
- if(get_key(keyptr->str)!=KEYSERVER_OK)
- failed++;
-
- keyptr=keyptr->next;
- }
- }
- else if(opt->action==KS_GETNAME)
- {
- keyptr=keylist;
-
- while(keyptr!=NULL)
- {
- set_timeout(opt->timeout);
-
- if(get_name(keyptr->str)!=KEYSERVER_OK)
- failed++;
-
- keyptr=keyptr->next;
- }
- }
- else if(opt->action==KS_SEND)
- {
- int eof_seen = 0;
-
- do
- {
- set_timeout(opt->timeout);
-
- if(real_ldap)
- {
- if (send_key(&eof_seen) != KEYSERVER_OK)
- failed++;
- }
- else
- {
- if (send_key_keyserver(&eof_seen) != KEYSERVER_OK)
- failed++;
- }
- }
- while (!eof_seen);
- }
- else if(opt->action==KS_SEARCH)
- {
- char *searchkey=NULL;
- int len=0;
-
- set_timeout(opt->timeout);
-
- /* To search, we stick a * in between each key to search for.
- This means that if the user enters words, they'll get
- "enters*words". If the user "enters words", they'll get
- "enters words" */
-
- keyptr=keylist;
- while(keyptr!=NULL)
- {
- len+=strlen(keyptr->str)+1;
- keyptr=keyptr->next;
- }
-
- searchkey=malloc((len*3)+1);
- if(searchkey==NULL)
- {
- ret=KEYSERVER_NO_MEMORY;
- fail_all(keylist,KEYSERVER_NO_MEMORY);
- goto fail;
- }
-
- searchkey[0]='\0';
-
- keyptr=keylist;
- while(keyptr!=NULL)
- {
- ldap_quote(searchkey,keyptr->str);
- strcat(searchkey,"*");
- keyptr=keyptr->next;
- }
-
- /* Nail that last "*" */
- if(*searchkey)
- searchkey[strlen(searchkey)-1]='\0';
-
- if(search_key(searchkey)!=KEYSERVER_OK)
- failed++;
-
- free(searchkey);
- }
- else
- assert (!"bad action");
-
- if(!failed)
- ret=KEYSERVER_OK;
-
- fail:
-
- while(keylist!=NULL)
- {
- struct keylist *current=keylist;
- keylist=keylist->next;
- free(current);
- }
-
- if(input!=stdin)
- fclose(input);
-
- if(output!=stdout)
- fclose(output);
-
- free_ks_options(opt);
-
- if(ldap!=NULL && bound)
- ldap_unbind_s(ldap);
-
- free(basekeyspacedn);
-
- return ret;
-}
+++ /dev/null
-/* ksutil.c - general keyserver utility functions
- * Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * In addition, as a special exception, the Free Software Foundation
- * gives permission to link the code of the keyserver helper tools:
- * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
- * project's "OpenSSL" library (or with modified versions of it that
- * use the same license as the "OpenSSL" library), and distribute the
- * linked executables. You must obey the GNU General Public License
- * in all respects for all of the code used other than "OpenSSL". If
- * you modify this file, you may extend this exception to your version
- * of the file, but you are not obligated to do so. If you do not
- * wish to do so, delete this exception statement from your version.
- */
-
-#include <config.h>
-#ifdef HAVE_SIGNAL_H
-# include <signal.h>
-#endif
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#ifdef HAVE_W32_SYSTEM
-#include <windows.h>
-#endif
-
-#ifdef HAVE_LIBCURL
-#include <curl/curl.h>
-#else
-#include "curl-shim.h"
-#endif
-#include "util.h"
-#include "keyserver.h"
-#include "ksutil.h"
-
-#ifdef HAVE_DOSISH_SYSTEM
-
-unsigned int set_timeout(unsigned int seconds) {return 0;}
-int register_timeout(void) {return 0;}
-
-#else
-
-static void
-catch_alarm(int foo)
-{
- (void)foo;
- _exit(KEYSERVER_TIMEOUT);
-}
-
-unsigned int
-set_timeout(unsigned int seconds)
-{
- return alarm(seconds);
-}
-
-int
-register_timeout(void)
-{
-#if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION)
- struct sigaction act;
-
- act.sa_handler=catch_alarm;
- sigemptyset(&act.sa_mask);
- act.sa_flags=0;
- return sigaction(SIGALRM,&act,NULL);
-#else
- if(signal(SIGALRM,catch_alarm)==SIG_ERR)
- return -1;
- else
- return 0;
-#endif
-}
-
-#endif /* !HAVE_DOSISH_SYSTEM */
-
-#ifdef HAVE_W32_SYSTEM
-void
-w32_init_sockets (void)
-{
- static int initialized;
- static WSADATA wsdata;
-
- if (!initialized)
- {
- WSAStartup (0x0202, &wsdata);
- initialized = 1;
- }
-}
-#endif /*HAVE_W32_SYSTEM*/
-
-
-struct ks_options *
-init_ks_options(void)
-{
- struct ks_options *opt;
-
- opt=calloc(1,sizeof(struct ks_options));
-
- if(opt)
- {
- opt->action=KS_UNKNOWN;
- opt->flags.include_revoked=1;
- opt->flags.include_subkeys=1;
- opt->flags.check_cert=1;
- opt->timeout=DEFAULT_KEYSERVER_TIMEOUT;
- opt->path=strdup("/");
- if(!opt->path)
- {
- free(opt);
- opt=NULL;
- }
- }
-
- return opt;
-}
-
-void
-free_ks_options(struct ks_options *opt)
-{
- if(opt)
- {
- free(opt->host);
- free(opt->port);
- free(opt->scheme);
- free(opt->auth);
- free(opt->path);
- free(opt->opaque);
- free(opt->ca_cert_file);
- free(opt);
- }
-}
-
-/* Returns 0 if we "ate" the line. Returns >0, a KEYSERVER_ error
- code if that error applies. Returns -1 if we did not match the
- line at all. */
-int
-parse_ks_options(char *line,struct ks_options *opt)
-{
- int version;
- char command[MAX_COMMAND+1];
- char host[MAX_HOST+1];
- char port[MAX_PORT+1];
- char scheme[MAX_SCHEME+1];
- char auth[MAX_AUTH+1];
- char path[URLMAX_PATH+1];
- char opaque[MAX_OPAQUE+1];
- char option[MAX_OPTION+1];
-
- if(line[0]=='#')
- return 0;
-
- if(sscanf(line,"COMMAND %" MKSTRING(MAX_COMMAND) "s\n",command)==1)
- {
- command[MAX_COMMAND]='\0';
-
- if(strcasecmp(command,"get")==0)
- opt->action=KS_GET;
- else if(strcasecmp(command,"getname")==0)
- opt->action=KS_GETNAME;
- else if(strcasecmp(command,"send")==0)
- opt->action=KS_SEND;
- else if(strcasecmp(command,"search")==0)
- opt->action=KS_SEARCH;
-
- return 0;
- }
-
- if(sscanf(line,"HOST %" MKSTRING(MAX_HOST) "s\n",host)==1)
- {
- host[MAX_HOST]='\0';
- free(opt->host);
- opt->host=strdup(host);
- if(!opt->host)
- return KEYSERVER_NO_MEMORY;
- return 0;
- }
-
- if(sscanf(line,"PORT %" MKSTRING(MAX_PORT) "s\n",port)==1)
- {
- port[MAX_PORT]='\0';
- free(opt->port);
- opt->port=strdup(port);
- if(!opt->port)
- return KEYSERVER_NO_MEMORY;
- return 0;
- }
-
- if(sscanf(line,"SCHEME %" MKSTRING(MAX_SCHEME) "s\n",scheme)==1)
- {
- scheme[MAX_SCHEME]='\0';
- free(opt->scheme);
- opt->scheme=strdup(scheme);
- if(!opt->scheme)
- return KEYSERVER_NO_MEMORY;
- return 0;
- }
-
- if(sscanf(line,"AUTH %" MKSTRING(MAX_AUTH) "s\n",auth)==1)
- {
- auth[MAX_AUTH]='\0';
- free(opt->auth);
- opt->auth=strdup(auth);
- if(!opt->auth)
- return KEYSERVER_NO_MEMORY;
- return 0;
- }
-
- if(sscanf(line,"PATH %" MKSTRING(URLMAX_PATH) "s\n",path)==1)
- {
- path[URLMAX_PATH]='\0';
- free(opt->path);
- opt->path=strdup(path);
- if(!opt->path)
- return KEYSERVER_NO_MEMORY;
- return 0;
- }
-
- if(sscanf(line,"OPAQUE %" MKSTRING(MAX_OPAQUE) "s\n",opaque)==1)
- {
- opaque[MAX_OPAQUE]='\0';
- free(opt->opaque);
- opt->opaque=strdup(opaque);
- if(!opt->opaque)
- return KEYSERVER_NO_MEMORY;
- return 0;
- }
-
- if(sscanf(line,"VERSION %d\n",&version)==1)
- {
- if(version!=KEYSERVER_PROTO_VERSION)
- return KEYSERVER_VERSION_ERROR;
-
- return 0;
- }
-
- if(sscanf(line,"OPTION %" MKSTRING(MAX_OPTION) "[^\n]\n",option)==1)
- {
- int no=0;
- char *start=&option[0];
-
- option[MAX_OPTION]='\0';
-
- if(strncasecmp(option,"no-",3)==0)
- {
- no=1;
- start=&option[3];
- }
-
- if(strncasecmp(start,"verbose",7)==0)
- {
- if(no)
- opt->verbose=0;
- else if(start[7]=='=')
- opt->verbose=atoi(&start[8]);
- else
- opt->verbose++;
- }
- else if(strcasecmp(start,"include-disabled")==0)
- {
- if(no)
- opt->flags.include_disabled=0;
- else
- opt->flags.include_disabled=1;
- }
- else if(strcasecmp(start,"include-revoked")==0)
- {
- if(no)
- opt->flags.include_revoked=0;
- else
- opt->flags.include_revoked=1;
- }
- else if(strcasecmp(start,"include-subkeys")==0)
- {
- if(no)
- opt->flags.include_subkeys=0;
- else
- opt->flags.include_subkeys=1;
- }
- else if(strcasecmp(start,"check-cert")==0)
- {
- if(no)
- opt->flags.check_cert=0;
- else
- opt->flags.check_cert=1;
- }
- else if(strncasecmp(start,"debug",5)==0)
- {
- if(no)
- opt->debug=0;
- else if(start[5]=='=')
- opt->debug=atoi(&start[6]);
- else if(start[5]=='\0')
- opt->debug=1;
- }
- else if(strncasecmp(start,"timeout",7)==0)
- {
- if(no)
- opt->timeout=0;
- else if(start[7]=='=')
- opt->timeout=atoi(&start[8]);
- else if(start[7]=='\0')
- opt->timeout=DEFAULT_KEYSERVER_TIMEOUT;
- }
- else if(strncasecmp(start,"ca-cert-file",12)==0)
- {
- if(no)
- {
- free(opt->ca_cert_file);
- opt->ca_cert_file=NULL;
- }
- else if(start[12]=='=')
- {
- free(opt->ca_cert_file);
- opt->ca_cert_file = make_filename_try (start+13, NULL);
- if(!opt->ca_cert_file)
- return KEYSERVER_NO_MEMORY;
- }
- }
- }
-
- return -1;
-}
-
-const char *
-ks_action_to_string(enum ks_action action)
-{
- switch(action)
- {
- case KS_UNKNOWN: return "UNKNOWN";
- case KS_GET: return "GET";
- case KS_GETNAME: return "GETNAME";
- case KS_SEND: return "SEND";
- case KS_SEARCH: return "SEARCH";
- }
-
- return "?";
-}
-
-/* Canonicalize CRLF to just LF by stripping CRs. This actually makes
- sense, since on Unix-like machines LF is correct, and on win32-like
- machines, our output buffer is opened in textmode and will
- re-canonicalize line endings back to CRLF. Since we only need to
- handle armored keys, we don't have to worry about odd cases like
- CRCRCR and the like. */
-
-void
-print_nocr(FILE *stream,const char *str)
-{
- while(*str)
- {
- if(*str!='\r')
- fputc(*str,stream);
- str++;
- }
-}
-
-enum ks_search_type
-classify_ks_search(const char **search)
-{
- switch(**search)
- {
- case '*':
- (*search)++;
- return KS_SEARCH_SUBSTR;
- case '=':
- (*search)++;
- return KS_SEARCH_EXACT;
- case '<':
- (*search)++;
- return KS_SEARCH_MAIL;
- case '@':
- (*search)++;
- return KS_SEARCH_MAILSUB;
- case '0':
- if((*search)[1]=='x')
- {
- if(strlen(*search)==10
- && strspn(*search,"abcdefABCDEF1234567890x")==10)
- {
- (*search)+=2;
- return KS_SEARCH_KEYID_SHORT;
- }
- else if(strlen(*search)==18
- && strspn(*search,"abcdefABCDEF1234567890x")==18)
- {
- (*search)+=2;
- return KS_SEARCH_KEYID_LONG;
- }
- }
- /* fall through */
- default:
- return KS_SEARCH_SUBSTR;
- }
-}
-
-int
-curl_err_to_gpg_err(CURLcode error)
-{
- switch(error)
- {
- case CURLE_OK: return KEYSERVER_OK;
- case CURLE_UNSUPPORTED_PROTOCOL: return KEYSERVER_SCHEME_NOT_FOUND;
- case CURLE_COULDNT_CONNECT: return KEYSERVER_UNREACHABLE;
- case CURLE_FTP_COULDNT_RETR_FILE: return KEYSERVER_KEY_NOT_FOUND;
- default: return KEYSERVER_INTERNAL_ERROR;
- }
-}
-
-#define B64 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
-
-static void
-curl_armor_writer(const unsigned char *buf,size_t size,void *cw_ctx)
-{
- struct curl_writer_ctx *ctx=cw_ctx;
- size_t idx=0;
-
- while(idx<size)
- {
- for(;ctx->armor_remaining<3 && idx<size;ctx->armor_remaining++,idx++)
- ctx->armor_ctx[ctx->armor_remaining]=buf[idx];
-
- if(ctx->armor_remaining==3)
- {
- /* Top 6 bytes of ctx->armor_ctx[0] */
- fputc(B64[(ctx->armor_ctx[0]>>2)&0x3F],ctx->stream);
- /* Bottom 2 bytes of ctx->armor_ctx[0] and top 4 bytes of
- ctx->armor_ctx[1] */
- fputc(B64[(((ctx->armor_ctx[0]<<4)&0x30)
- |((ctx->armor_ctx[1]>>4)&0x0F))&0x3F],ctx->stream);
- /* Bottom 4 bytes of ctx->armor_ctx[1] and top 2 bytes of
- ctx->armor_ctx[2] */
- fputc(B64[(((ctx->armor_ctx[1]<<2)&0x3C)
- |((ctx->armor_ctx[2]>>6)&0x03))&0x3F],ctx->stream);
- /* Bottom 6 bytes of ctx->armor_ctx[2] */
- fputc(B64[(ctx->armor_ctx[2]&0x3F)],ctx->stream);
-
- ctx->linelen+=4;
- if(ctx->linelen>=70)
- {
- fputc('\n',ctx->stream);
- ctx->linelen=0;
- }
-
- ctx->armor_remaining=0;
- }
- }
-
-}
-
-size_t
-curl_writer(const void *ptr,size_t size,size_t nmemb,void *cw_ctx)
-{
- struct curl_writer_ctx *ctx=cw_ctx;
- const char *buf=ptr;
- size_t i;
-
- if(!ctx->flags.initialized)
- {
- if(size*nmemb==0)
- return 0;
-
- /* The object we're fetching is in binary form */
- if(*buf&0x80)
- {
- ctx->flags.armor=1;
- fprintf(ctx->stream,BEGIN"\n\n");
- }
- else
- ctx->marker=BEGIN;
-
- ctx->flags.initialized=1;
- }
-
- if(ctx->flags.armor)
- curl_armor_writer(ptr,size*nmemb,cw_ctx);
- else
- {
- /* scan the incoming data for our marker */
- for(i=0;!ctx->flags.done && i<(size*nmemb);i++)
- {
- if(buf[i]==ctx->marker[ctx->markeridx])
- {
- ctx->markeridx++;
- if(ctx->marker[ctx->markeridx]=='\0')
- {
- if(ctx->flags.begun)
- ctx->flags.done=1;
- else
- {
- /* We've found the BEGIN marker, so now we're
- looking for the END marker. */
- ctx->flags.begun=1;
- ctx->marker=END;
- ctx->markeridx=0;
- fprintf(ctx->stream,BEGIN);
- continue;
- }
- }
- }
- else
- ctx->markeridx=0;
-
- if(ctx->flags.begun)
- {
- /* Canonicalize CRLF to just LF by stripping CRs. This
- actually makes sense, since on Unix-like machines LF
- is correct, and on win32-like machines, our output
- buffer is opened in textmode and will re-canonicalize
- line endings back to CRLF. Since this code is just
- for handling armored keys, we don't have to worry
- about odd cases like CRCRCR and the like. */
-
- if(buf[i]!='\r')
- fputc(buf[i],ctx->stream);
- }
- }
- }
-
- return size*nmemb;
-}
-
-void
-curl_writer_finalize(struct curl_writer_ctx *ctx)
-{
- if(ctx->flags.armor)
- {
- if(ctx->armor_remaining==2)
- {
- /* Top 6 bytes of ctx->armorctx[0] */
- fputc(B64[(ctx->armor_ctx[0]>>2)&0x3F],ctx->stream);
- /* Bottom 2 bytes of ctx->armor_ctx[0] and top 4 bytes of
- ctx->armor_ctx[1] */
- fputc(B64[(((ctx->armor_ctx[0]<<4)&0x30)
- |((ctx->armor_ctx[1]>>4)&0x0F))&0x3F],ctx->stream);
- /* Bottom 4 bytes of ctx->armor_ctx[1] */
- fputc(B64[((ctx->armor_ctx[1]<<2)&0x3C)],ctx->stream);
- /* Pad */
- fputc('=',ctx->stream);
- }
- else if(ctx->armor_remaining==1)
- {
- /* Top 6 bytes of ctx->armor_ctx[0] */
- fputc(B64[(ctx->armor_ctx[0]>>2)&0x3F],ctx->stream);
- /* Bottom 2 bytes of ctx->armor_ctx[0] */
- fputc(B64[((ctx->armor_ctx[0]<<4)&0x30)],ctx->stream);
- /* Pad */
- fputc('=',ctx->stream);
- /* Pad */
- fputc('=',ctx->stream);
- }
-
- fprintf(ctx->stream,"\n"END);
- ctx->flags.done=1;
- }
-}
-
-
-int
-ks_hextobyte (const char *s)
-{
- int c;
-
- if ( *s >= '0' && *s <= '9' )
- c = 16 * (*s - '0');
- else if ( *s >= 'A' && *s <= 'F' )
- c = 16 * (10 + *s - 'A');
- else if ( *s >= 'a' && *s <= 'f' )
- c = 16 * (10 + *s - 'a');
- else
- return -1;
- s++;
- if ( *s >= '0' && *s <= '9' )
- c += *s - '0';
- else if ( *s >= 'A' && *s <= 'F' )
- c += 10 + *s - 'A';
- else if ( *s >= 'a' && *s <= 'f' )
- c += 10 + *s - 'a';
- else
- return -1;
- return c;
-}
-
-
-/* Non localized version of toupper. */
-int
-ks_toupper (int c)
-{
- if (c >= 'a' && c <= 'z')
- c &= ~0x20;
- return c;
-}
-
-
-/* Non localized version of strcasecmp. */
-int
-ks_strcasecmp (const char *a, const char *b)
-{
- if (a == b)
- return 0;
-
- for (; *a && *b; a++, b++)
- {
- if (*a != *b && ks_toupper (*a) != ks_toupper (*b))
- break;
- }
- return *a == *b? 0 : (ks_toupper (*a) - ks_toupper (*b));
-}
+++ /dev/null
-/* ksutil.h
- * Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- * In addition, as a special exception, the Free Software Foundation
- * gives permission to link the code of the keyserver helper tools:
- * gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
- * project's "OpenSSL" library (or with modified versions of it that
- * use the same license as the "OpenSSL" library), and distribute the
- * linked executables. You must obey the GNU General Public License
- * in all respects for all of the code used other than "OpenSSL". If
- * you modify this file, you may extend this exception to your version
- * of the file, but you are not obligated to do so. If you do not
- * wish to do so, delete this exception statement from your version.
- */
-
-#ifndef _KSUTIL_H_
-#define _KSUTIL_H_
-
-#ifdef HAVE_LIBCURL
-#include <curl/curl.h>
-#else
-#include "curl-shim.h"
-#endif
-
-/* MAX_LINE must be at least 1 larger than the largest item we expect
- to receive, including the name tag ("COMMAND", "PORT", etc) and
- space between. In practice, that means it should be
- strlen("OPAQUE")+1+sizeof_opaque+1 */
-#define MAX_LINE (6+1+1024+1)
-
-#define MAX_COMMAND 7
-#define MAX_OPTION 256
-#define MAX_SCHEME 20
-#define MAX_OPAQUE 1024
-#define MAX_AUTH 128
-#define MAX_HOST 80
-#define MAX_PORT 10
-#define URLMAX_PATH 1024
-#define MAX_PROXY 128
-#define MAX_URL (MAX_SCHEME+1+3+MAX_AUTH+1+1+MAX_HOST+1+1 \
- +MAX_PORT+1+1+URLMAX_PATH+1+50)
-
-#define STRINGIFY(x) #x
-#define MKSTRING(x) STRINGIFY(x)
-
-#define BEGIN "-----BEGIN PGP PUBLIC KEY BLOCK-----"
-#define END "-----END PGP PUBLIC KEY BLOCK-----"
-
-#ifdef __riscos__
-#define HTTP_PROXY_ENV "GnuPG$HttpProxy"
-#else
-#define HTTP_PROXY_ENV "http_proxy"
-#endif
-
-struct keylist
-{
- char str[MAX_LINE];
- struct keylist *next;
-};
-
-/* 2 minutes seems reasonable */
-#define DEFAULT_KEYSERVER_TIMEOUT 120
-
-unsigned int set_timeout(unsigned int seconds);
-int register_timeout(void);
-
-#ifdef HAVE_W32_SYSTEM
-void w32_init_sockets (void);
-#endif
-
-
-enum ks_action {KS_UNKNOWN=0,KS_GET,KS_GETNAME,KS_SEND,KS_SEARCH};
-
-enum ks_search_type {KS_SEARCH_SUBSTR,KS_SEARCH_EXACT,
- KS_SEARCH_MAIL,KS_SEARCH_MAILSUB,
- KS_SEARCH_KEYID_LONG,KS_SEARCH_KEYID_SHORT};
-
-struct ks_options
-{
- enum ks_action action;
- char *host;
- char *port;
- char *scheme;
- char *auth;
- char *path;
- char *opaque;
- struct
- {
- unsigned int include_disabled:1;
- unsigned int include_revoked:1;
- unsigned int include_subkeys:1;
- unsigned int check_cert:1;
- } flags;
- unsigned int verbose;
- unsigned int debug;
- unsigned int timeout;
- char *ca_cert_file;
-};
-
-struct ks_options *init_ks_options(void);
-void free_ks_options(struct ks_options *opt);
-int parse_ks_options(char *line,struct ks_options *opt);
-const char *ks_action_to_string(enum ks_action action);
-void print_nocr(FILE *stream,const char *str);
-enum ks_search_type classify_ks_search(const char **search);
-
-int curl_err_to_gpg_err(CURLcode error);
-
-struct curl_writer_ctx
-{
- struct
- {
- unsigned int initialized:1;
- unsigned int begun:1;
- unsigned int done:1;
- unsigned int armor:1;
- } flags;
-
- int armor_remaining;
- unsigned char armor_ctx[3];
- int markeridx,linelen;
- const char *marker;
- FILE *stream;
-};
-
-size_t curl_writer(const void *ptr,size_t size,size_t nmemb,void *cw_ctx);
-void curl_writer_finalize(struct curl_writer_ctx *ctx);
-
-int ks_hextobyte (const char *s);
-int ks_toupper (int c);
-int ks_strcasecmp (const char *a, const char *b);
-
-
-#endif /* !_KSUTIL_H_ */
+++ /dev/null
-/* no-libgcrypt.c - Replacement functions for libgcrypt.
- * Copyright (C) 2003 Free Software Foundation, Inc.
- *
- * This file is free software; as a special exception the author gives
- * unlimited permission to copy and/or distribute it, with or without
- * modifications, as long as this notice is preserved.
- *
- * This file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
- * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-
-#include "../common/util.h"
-#include "i18n.h"
-
-
-/* Replace libgcrypt's malloc functions which are used by
- ../jnlib/libjnlib.a . ../common/util.h defines macros to map them
- to xmalloc etc. */
-static void
-out_of_memory (void)
-{
- fprintf (stderr, "error allocating enough memory: %s\n", strerror (errno));
- exit (2);
-}
-
-
-void *
-gcry_malloc (size_t n)
-{
- return malloc (n);
-}
-
-void *
-gcry_xmalloc (size_t n)
-{
- void *p = malloc (n);
- if (!p)
- out_of_memory ();
- return p;
-}
-
-char *
-gcry_strdup (const char *string)
-{
- char *p = malloc (strlen (string)+1);
- if (p)
- strcpy (p, string);
- return p;
-}
-
-
-void *
-gcry_realloc (void *a, size_t n)
-{
- return realloc (a, n);
-}
-
-void *
-gcry_xrealloc (void *a, size_t n)
-{
- void *p = realloc (a, n);
- if (!p)
- out_of_memory ();
- return p;
-}
-
-
-
-void *
-gcry_calloc (size_t n, size_t m)
-{
- return calloc (n, m);
-}
-
-void *
-gcry_xcalloc (size_t n, size_t m)
-{
- void *p = calloc (n, m);
- if (!p)
- out_of_memory ();
- return p;
-}
-
-
-char *
-gcry_xstrdup (const char *string)
-{
- void *p = malloc (strlen (string)+1);
- if (!p)
- out_of_memory ();
- strcpy( p, string );
- return p;
-}
-
-void
-gcry_free (void *a)
-{
- if (a)
- free (a);
-}
dnl
AC_DEFUN([AM_PATH_GPG_ERROR],
[ AC_REQUIRE([AC_CANONICAL_HOST])
+ gpg_error_config_prefix=""
dnl --with-libgpg-error-prefix=PFX is the preferred name for this option,
dnl since that is consistent with how our three siblings use the directory/
dnl package name in --with-$dir_name-prefix=PFX.
AC_ARG_WITH(libgpg-error-prefix,
- AC_HELP_STRING([--with-libgpg-error-prefix=PFX],
- [prefix where GPG Error is installed (optional)]),
- gpg_error_config_prefix="$withval", gpg_error_config_prefix="")
+ AC_HELP_STRING([--with-libgpg-error-prefix=PFX],
+ [prefix where GPG Error is installed (optional)]),
+ [gpg_error_config_prefix="$withval"])
dnl Accept --with-gpg-error-prefix and make it work the same as
dnl --with-libgpg-error-prefix above, for backwards compatibility,
dnl but do not document this old, inconsistently-named option.
AC_ARG_WITH(gpg-error-prefix,,
- gpg_error_config_prefix="$withval", gpg_error_config_prefix="")
+ [gpg_error_config_prefix="$withval"])
if test x"${GPG_ERROR_CONFIG}" = x ; then
if test x"${gpg_error_config_prefix}" != x ; then
min_gpg_error_version=ifelse([$1], ,0.0,$1)
AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
ok=no
- if test "$GPG_ERROR_CONFIG" != "no" ; then
+ if test "$GPG_ERROR_CONFIG" != "no" \
+ && test -f "$GPG_ERROR_CONFIG" ; then
req_major=`echo $min_gpg_error_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
req_minor=`echo $min_gpg_error_version | \
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+#| msgid "Do you really want to create a sign and encrypt key? "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Segur que voleu crear una clau de signatura i xifratge? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "la contrasenya és invàlida"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "actualitza la base de dades de confiança"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NOM|el joc de caràcters serà NOM"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "error en la creació de la contrasenya: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "genera un nou parell de claus"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "genera un nou parell de claus"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "La clau no ha canviat, per tant no cal actualització.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "error: l'empremta digital és invàlida\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "No podeu afegir un photo ID a una clau d'estil PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
# Aquesta i les següents no haurien de portar (s/N/q) i no (y/N/q)? ivb
# Hmm. Sí... (s/N/x) jm
msgid "Delete this good signature? (y/N/q)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "No inclogueu l'adreça ni en el camp *nom* ni en el camp *comentari*\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
# xX? ivb
# Hmm... sí. jm
#. TRANSLATORS: These are the allowed answers in
msgid "%s: keyring created\n"
msgstr "%s: s'ha creat l'anell\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"AVÍS: les opcions en «%s» encara no estan actives durant aquesta execució\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr "%s: no és un ID vàlid\n"
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "AVÍS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "s'està sol·licitant la clau %08lX de %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVÍS: no s'ha pogut eliminar el fitxer temporal (%s) «%s»: %s\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "s'està sol·licitant la clau %08lX de %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Voleu crear un certificat de revocació per a aquesta clau? "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "AVÍS: les opcions en «%s» encara no estan actives durant aquesta "
+#~ "execució\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent no està disponible en aquesta sessió\n"
#~ msgid "file create error"
#~ msgstr "error en la creació del fitxer"
-#~ msgid "invalid passphrase"
-#~ msgstr "la contrasenya és invàlida"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "l'algoritme de clau pública no és implementat"
#~ msgid "%s: error checking key: %s\n"
#~ msgstr "%s: error en la comprovació de la clau: %s\n"
-#~ msgid "Do you really want to create a sign and encrypt key? "
-#~ msgstr "Segur que voleu crear una clau de signatura i xifratge? "
-
#~ msgid "Do you really need such a large keysize? "
#~ msgstr "Realment necessiteu una clau tan llarga? "
msgid "|pinentry-label|_Cancel"
msgstr "|pinentry-label|_Zrušit"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "|pinentry-label|_OK"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "|pinentry-label|_OK"
+
msgid "|pinentry-label|PIN:"
msgstr "|pinentry-label|PIN:"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|pinentry-label|_Zrušit"
+
+#, fuzzy
+#| msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Opravdu chcete trvale smazat tajný klíč OpenPGP:"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "nesprávné heslo"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "nepoužívat SCdémona"
+#, fuzzy
+#| msgid "|NAME|connect to host NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NÁZEV|připojí se ke strojí NÁZEV"
+
msgid "ignore requests to change the TTY"
msgstr "ignorovat požadavky na změnu TTY"
msgid "do not use the PIN cache when signing"
msgstr "nepoužívat paměť PINů na podepisování"
+#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "nedovolit opakovat stará hesla"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr "nedovolit klientům označovat klíče za „důvěryhodné“"
msgid "quickly generate a new key pair"
msgstr "rychle vytvořit nový pár klíčů"
+#, fuzzy
+#| msgid "quickly generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "rychle vytvořit nový pár klíčů"
+
msgid "full featured key pair generation"
msgstr "komplexní vytvoření páru klíčů"
msgstr "Klíč nebyl změněn, takže není potřeba jej aktualizovat.\n"
#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "tajný klíč „%s“ nenalezen: %s\n"
+
+#, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "„%s“ není otisk\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Neměli by jste přidávat fotografický ID k PGP2 klíči.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Takový identifikátor uživatele již u tohoto klíče existuje!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Smazat tento dobrý podpis? (a/N/u)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Do pole jméno nebo komentář nepište, prosím, e-mailovou adresu.\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "Takový identifikátor uživatele již u tohoto klíče existuje!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: soubor klíčů (keyring) vytvořen\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "zahrnout do výsledku hledání odvolané klíče"
msgid "include subkeys when searching by key ID"
msgstr "zahrnout podklíče, když se hledá podle ID klíče"
-msgid "use temporary files to pass data to keyserver helpers"
-msgstr "používat dočasné soubory na přenos dat k modulům pro servery klíčů"
-
-msgid "do not delete temporary files after using them"
-msgstr "nemazat dočasné soubory po jejich použití"
+msgid "override timeout options set for dirmngr"
+msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgstr "automaticky získávat klíče při ověřování podpisů"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "respektovat PKA záznamy klíče při získávání klíčů"
-#, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "VAROVÁNÍ: volba „%s“ pro server klíčů není na této platformě účinná\n"
-
msgid "disabled"
msgstr "zneplatněn"
msgstr "„%s“ není ID klíče: přeskočeno\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "VAROVÁNÍ: nelze aktualizovat klíč %s prostřednictvím %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "aktualizuji 1 klíč z %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "VAROVÁNÍ: nelze aktualizovat klíč %s prostřednictvím %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "aktualizuji %d klíčů z %s\n"
"vložena dvojtečka. Před použitím tohoto revokačního certifikátu odstraňte\n"
"tuto dvojtečku textovým editorem."
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "tajný klíč „%s“ nenalezen: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Vytvořit pro tento klíč revokační certifikát? (a/N) "
"Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n"
"Prověří heslo zadané na vstupu proti souboru se vzory\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr "používat dočasné soubory na přenos dat k modulům pro servery klíčů"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "nemazat dočasné soubory po jejich použití"
+
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "VAROVÁNÍ: volba „%s“ pro server klíčů není na této platformě účinná\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "název socketu je příliš dlouhý\n"
#~ msgid "file create error"
#~ msgstr "chyba při vytváření souboru"
-#~ msgid "invalid passphrase"
-#~ msgstr "nesprávné heslo"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algoritmus veřejného klíče není implementován"
msgid "|pinentry-label|_Cancel"
msgstr "_Afbryd"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "_O.k."
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "_O.k."
+
msgid "|pinentry-label|PIN:"
msgstr "PIN:"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "_Afbryd"
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Vil du virkelig slette de valgte nøgler? (j/N) "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "Enter new passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "Indtast ny adgangsfrase"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "brug ikke SCdaemon'en"
+#, fuzzy
+#| msgid "|NAME|connect to Assuan socket NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAME|forbind til Assuansokkel NAVN"
+
msgid "ignore requests to change the TTY"
msgstr "ignorer forespørgsler om at ændre TTY'en"
msgstr "brug ikke PIN-mellemlageret når der underskrives"
#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "tillad ikke genbrug af gamle adgangsfraser"
+
+#, fuzzy
#| msgid "allow clients to mark keys as \"trusted\""
msgid "disallow clients to mark keys as \"trusted\""
msgstr "tillad klienter at markere nøgler som »trusted« (troværdige)"
msgid "quickly generate a new key pair"
msgstr "opret et nyt nøglepar"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "opret et nyt nøglepar"
+
msgid "full featured key pair generation"
msgstr ""
msgid "Key not changed so no update needed.\n"
msgstr "Nøgle ikke ændret så ingen opdatering krævet.\n"
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "hemmelig nøgle »%s« blev ikke fundet: %s\n"
+
#, fuzzy, c-format
#| msgid "invalid fingerprint"
msgid "\"%s\" is not a fingerprint\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Du må ikke tilføje et billed-id til en nøgle i PGP2-stil.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Sådant et bruger-id findes allerede på denne nøgle!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Slet denne gode underskrift? (j/N/a)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Placer ikke e-post-adressen i fødselsnavnet eller kommentaren\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "Sådant et bruger-id findes allerede på denne nøgle!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: nøglering oprettet\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "inkluder tilbagekaldte nøgler i søgeresultater"
msgid "include subkeys when searching by key ID"
msgstr "inkluder undernøgler når der søges efter nøgle-id"
-msgid "use temporary files to pass data to keyserver helpers"
-msgstr "brug midlertidige filer til at sende data til nøgleserverhjælpere"
-
-msgid "do not delete temporary files after using them"
-msgstr "slet ikke midlertidige filer efter at de er blevet brugt"
+msgid "override timeout options set for dirmngr"
+msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgstr "hent automatisk nøgler når der verificeres underskrifter"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "overhold PKA-posten angivet på en nøgle når der hentes nøgler"
-#, fuzzy, c-format
-#| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "ADVARSEL: nøgleserverindstilling »%s« bruges ikke på denne platform\n"
-
msgid "disabled"
msgstr "deaktiveret"
msgstr "»%s« er ikke et nøgle-id: udelader\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "ADVARSEL: Kan ikke opdatere nøgle %s via %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "opdaterer 1 nøgle fra %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "ADVARSEL: Kan ikke opdatere nøgle %s via %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "opdaterer %d nøgler fra %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "hemmelig nøgle »%s« blev ikke fundet: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Opret et tilbagekaldscertifikat for denne nøgle? (j/N) "
"Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
"Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr "brug midlertidige filer til at sende data til nøgleserverhjælpere"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "slet ikke midlertidige filer efter at de er blevet brugt"
+
+#, fuzzy
+#~| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "ADVARSEL: nøgleserverindstilling »%s« bruges ikke på denne platform\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "sokkelnavnet er for langt\n"
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"PO-Revision-Date: 2015-01-09 12:51+0100\n"
+"PO-Revision-Date: 2015-05-12 13:19+0200\n"
"Last-Translator: Werner Koch <wk@gnupg.org>\n"
"Language-Team: German <de@li.org>\n"
"Language: de\n"
msgid "|pinentry-label|_Cancel"
msgstr "_Abbrechen"
+msgid "|pinentry-label|_Yes"
+msgstr "_Ja"
+
+msgid "|pinentry-label|_No"
+msgstr "_Nein"
+
msgid "|pinentry-label|PIN:"
msgstr "PIN:"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "Im Passwordmanager _speichern"
+
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr ""
+"Möchten Sie die eingegebene Passphrase wirklich auf dem Bildschirm sichtbar "
+"machen?"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr "Die Passphrase sichtbar machen"
+
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "Passphrase unsichtbar machen"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "Den SCdaemon-basierten Kartenzugriff nicht nutzen"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAME|Einige Kommandos über NAME annehmen"
+
msgid "ignore requests to change the TTY"
msgstr "Ignoriere Anfragen, das TTY zu wechseln"
msgid "do not use the PIN cache when signing"
msgstr "Benutze PINs im Cache nicht beim Signieren"
+msgid "disallow the use of an external password cache"
+msgstr "Verbiete die Verwendung eines externen Passwordmanagers"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr "Verbiete Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren"
msgid "quickly generate a new key pair"
msgstr "Schnell ein neues Schlüsselpaar erzeugen"
+msgid "quickly add a new user-id"
+msgstr "Schnell eine neue User-ID anfügen"
+
msgid "full featured key pair generation"
msgstr "Ein neues Schlüsselpaar erzeugen (alle Optionen)"
msgstr "Schlüssel ist nicht geändert worden, also ist kein Speichern nötig.\n"
#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "Geheimer Schlüssel \"%s\" nicht gefunden: %s\n"
+
+#, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "\"%s\" ist kein Fingerabdruck\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Sie können einem PGP2-artigen Schlüssel keine Foto-ID hinzufügen.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Solch eine User-ID ist bereits für den Schlüssel vorhanden!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Diese korrekte Beglaubigung entfernen? (j/N/q)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Bitte keine Emailadressen als Namen oder Kommentar verwenden\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "Solch eine User-ID ist bereits für den Schlüssel vorhanden!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: Schlüsselbund erstellt\n"
+msgid "override proxy options set for dirmngr"
+msgstr "In Dirmngr gesetzte Proxy Optionen ersetzen"
+
msgid "include revoked keys in search results"
msgstr "Widerrufene Schlüssel in den Suchergebnissen aufführen"
msgid "include subkeys when searching by key ID"
msgstr "Unterschlüssel in der Suche über Schlüssel-IDs aufführen"
-msgid "use temporary files to pass data to keyserver helpers"
-msgstr ""
-"verwende temporäre Dateien, um Daten an die Schlüsselserverhilfsprogramme zu "
-"geben"
-
-msgid "do not delete temporary files after using them"
-msgstr "Temporäre Dateien nach Nutzung nicht löschen"
+msgid "override timeout options set for dirmngr"
+msgstr "In Dirmngr gesetzte Zeitüberschreitungsoptionen ersetzen"
msgid "automatically retrieve keys when verifying signatures"
msgstr "Schlüssel für die Signaturprüfung automatisch holen"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "Die im Schlüssel enthaltenen PKA-Daten beim Schlüsselholen beachten"
-#, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"WARNUNG: Schlüsselserver-Option `%s' wird auf dieser Plattform nicht "
-"verwendet\n"
-
msgid "disabled"
msgstr "abgeschaltet"
msgstr "\"%s\" ist keine Schlüssel-ID: überspringe\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "WARNUNG: Schlüssel %s kann per %s nicht aktualisiert werden: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "ein Schlüssel wird per %s aktualisiert\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "WARNUNG: Schlüssel %s kann per %s nicht aktualisiert werden: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "%d Schlüssel werden per %s aktualisiert\n"
"unten eingefügt. Vor dem Import dieses Widerrufszertifikats\n"
"entfernen Sie bitte dieses Doppelpunkt mittels eines Texteditors."
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "Geheimer Schlüssel \"%s\" nicht gefunden: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Ein Widerrufszertifikat für diesen Schlüssel erzeugen? (j/N) "
msgstr "Füge neue Server aus den CRL Distribution Points der Serverliste hinzu"
msgid "|N|set LDAP timeout to N seconds"
-msgstr "|N|Setze das LDAP Timeout auf N Sekunden"
+msgstr "|N|Setze die LDAP Zeitüberschreitung auf N Sekunden"
msgid "|URL|use OCSP responder at URL"
msgstr "|URL|Benutze den OCSP Responder mit dieser URL"
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr ""
+#~ "verwende temporäre Dateien, um Daten an die Schlüsselserverhilfsprogramme "
+#~ "zu geben"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "Temporäre Dateien nach Nutzung nicht löschen"
+
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "WARNUNG: Schlüsselserver-Option `%s' wird auf dieser Plattform nicht "
+#~ "verwendet\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "Der Name des Sockets ist zu lang\n"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Óßãïõñá èÝëåôå íá äéáãñáöïýí ôá åðéëåãìÝíá êëåéäéÜ; "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "ìç Ýãêõñç öñÜóç êëåéäß"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "áíáíÝùóç ôçò âÜóçò äåäïìÝíùí åìðéóôïóýíçò"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|ÏÍÏÌÁ|êáèïñéóìüò ôïõ óåô ÷áñáêôÞñùí ôåñìáôéêïý óå ÏÍÏÌÁ"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "óöÜëìá óôç äçìéïõñãßá ôçò öñÜóçò êëåéäß: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "äçìéïõñãßá åíüò íÝïõ æåýãïõò êëåéäéþí"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "äçìéïõñãßá åíüò íÝïõ æåýãïõò êëåéäéþí"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "Ôï êëåéäß äåí Üëëáîå ïðüôå äåí ÷ñåéÜæåôáé åíçìÝñùóç.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "ôï ìõóôéêü êëåéäß `%s' äå âñÝèçêå: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "óöÜëìá: ìç Ýãêõñï áðïôýðùìá\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Äåí ìðïñåßôå íá ðñïóèÝóåôå ìéá photo ID óå Ýíá êëåéäß ôýðïõ PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "ÄéáãñáöÞ áõôÞò ôçò êáëÞò õðïãñáöÞò; (y/N/q)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Ðáñáêáëþ ìçí ôïðïèåôåßôå ôçí äéåýèõíóç email óôï üíïìá Þ óôï ó÷üëéï\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: êëåéäïèÞêç äçìéïõñãÞèçêå\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ïé åðéëïãåò óôï `%s' äåí åßíáé åíåñãÝò óå áõôÞ ôçí åêôÝëåóç\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr ""
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá äéáãñáöÞò tempfile (%s) `%s': %s\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: áäõíáìßá äéáãñáöÞò tempfile (%s) `%s': %s\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "áßôçóç êëåéäéïý %08lX áðü ôï %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "ôï ìõóôéêü êëåéäß `%s' äå âñÝèçêå: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Äçìéïõñãßá åíüò ðéóôïðïéçôéêïý áíÜêëçóçò ãéá áõôü ôï êëåéäß; "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "ÐÑÏÅÉÄÏÐÏÉÇÓÇ: ïé åðéëïãåò óôï `%s' äåí åßíáé åíåñãÝò óå áõôÞ ôçí "
+#~ "åêôÝëåóç\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "ï gpg-agent äåí åßíáé äéáèÝóéìïò óå áõôÞ ôç óõíåäñßá\n"
#~ msgid "file create error"
#~ msgstr "óöÜëìá äçìéïõñãßáò áñ÷åßïõ"
-#~ msgid "invalid passphrase"
-#~ msgstr "ìç Ýãêõñç öñÜóç êëåéäß"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "ìç õëïðïéçìÝíïò áëãüñéèìïò äçìïóßïõ êëåéäéïý"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+#| msgid "Do you really want to create a sign and encrypt key? "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Æu vi vere volas krei subskriban kaj æifran þlosilon? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "nevalida pasfrazo"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "aktualigi la fido-datenaron"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NOMO|difini NOMOn kiel la signaron de la terminalo"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "eraro dum kreado de pasfrazo: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "krei novan þlosilparon"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "krei novan þlosilparon"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "Þlosilo ne þanøita, do aktualigo ne necesas.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "%s: nevalida dosiero-versio %d\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Ne eblas aldoni foto-identigilon al PGP2-stila þlosilo.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Æu forviþi æi tiun bonan subskribon? (j/N/f)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Bonvolu ne meti la retadreson en la veran nomon aý la komenton\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: þlosilaro kreita\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-
#, fuzzy
msgid "disabled"
msgstr "el"
msgstr "%s: ne valida þlosilidentigilo\n"
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "Averto: malsekura posedeco sur %s \"%s\"\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "petas la þlosilon %08lX de HKP-þlosilservilo %s ...\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "þlosilo '%s' ne trovita: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Æu krei revokatestilon por æi tiu subskribo? (j/N)"
#~ msgid "file create error"
#~ msgstr "eraro æe kreo de dosiero"
-#~ msgid "invalid passphrase"
-#~ msgstr "nevalida pasfrazo"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "nerealigita publikþlosila metodo"
#~ msgid "For info see http://www.gnupg.org"
#~ msgstr "Por informoj vidu http://www.gnupg.org"
-#~ msgid "Do you really want to create a sign and encrypt key? "
-#~ msgstr "Æu vi vere volas krei subskriban kaj æifran þlosilon? "
-
#~ msgid "can't lock keyring `%s': %s\n"
#~ msgstr "ne povas þlosi la þlosilaron '%s': %s\n"
msgid "|pinentry-label|_Cancel"
msgstr "|entrada de pin-etiqueta|_Cancelar"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "|entrada de pin-etiqueta|_OK"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "|entrada de pin-etiqueta|_OK"
+
msgid "|pinentry-label|PIN:"
msgstr "|entrada de pin-etiqueta|PIN:"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|entrada de pin-etiqueta|_Cancelar"
+
+#, fuzzy
+#| msgid "Do you really want to create a sign and encrypt key? "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "¿De verdad quiere crear una clave de firma y cifrado? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "frase contraseña incorrecta"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "no usar SCdaemon"
+#, fuzzy
+#| msgid "|NAME|connect to Assuan socket NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NOMBRE|conectar al socket Assuan NOMBRE"
+
msgid "ignore requests to change the TTY"
msgstr "ignorar peticiones de cambiar el TTY"
msgstr "no usar el caché de PINs al firmar"
#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "no permite reusar antiguas frases contraseña"
+
+#, fuzzy
#| msgid "allow clients to mark keys as \"trusted\""
msgid "disallow clients to mark keys as \"trusted\""
msgstr "permitir que los clientes marquen claves como \"fiables\""
msgid "quickly generate a new key pair"
msgstr "genera un nuevo par de claves"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "genera un nuevo par de claves"
+
msgid "full featured key pair generation"
msgstr ""
msgid "Key not changed so no update needed.\n"
msgstr "Clave sin cambios, no se necesita actualización.\n"
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "clave secreta \"%s\" no encontrada: %s\n"
+
#, fuzzy, c-format
#| msgid "invalid fingerprint"
msgid "\"%s\" is not a fingerprint\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "No puede añadir un ID fotográfico a una clave tipo PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "¡Ese ID de usuario ya existe en esta clave!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "¿Borrar esta firma correcta? (s/N/q)"
"Por favor no ponga la dirección de correo-e en el nombre real o en el "
"comentario\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "¡Ese ID de usuario ya existe en esta clave!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: anillo creado\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "incluir claves revocadas en resultados de la búsqueda"
msgid "include subkeys when searching by key ID"
msgstr "incluir subclaves al buscar por ID de clave"
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "override timeout options set for dirmngr"
msgstr ""
-"usar ficheros temporales para pasar datos a los ayudantes delservidor de "
-"claves"
-
-msgid "do not delete temporary files after using them"
-msgstr "no borrar ficheros temporales tras usarlos"
msgid "automatically retrieve keys when verifying signatures"
msgstr "recuperar automáticamente claves al verificar firmas"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "usar el registro PKA presente en una clave al recuperar claves"
-#, fuzzy, c-format
-#| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"AVISO: las opciones de servidor de claves `%s' no se usan en esta "
-"plataforma\n"
-
msgid "disabled"
msgstr "deshabilitado"
msgstr "\"%s\" no es un identificador de clave válido: omitido\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "AVISO: no se puede renovar la clave %s a traves de %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "renovando 1 clave de %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVISO: no se puede renovar la clave %s a traves de %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "renovando %d claves desde %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "clave secreta \"%s\" no encontrada: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "¿Crear un certificado de revocación para esta clave? (s/N) "
"Compara frase contraseña dada en entrada estándar con un fichero de "
"patrones\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr ""
+#~ "usar ficheros temporales para pasar datos a los ayudantes delservidor de "
+#~ "claves"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "no borrar ficheros temporales tras usarlos"
+
+#, fuzzy
+#~| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "AVISO: las opciones de servidor de claves `%s' no se usan en esta "
+#~ "plataforma\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "nombre de socket demasiado largo\n"
#~ msgid "file create error"
#~ msgstr "error al crear fichero"
-#~ msgid "invalid passphrase"
-#~ msgstr "frase contraseña incorrecta"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algoritmo de clave pública no implementado"
#~ msgid "%s: error checking key: %s\n"
#~ msgstr "%s: error comprobando la clave: %s\n"
-#~ msgid "Do you really want to create a sign and encrypt key? "
-#~ msgstr "¿De verdad quiere crear una clave de firma y cifrado? "
-
#~ msgid "Do you really need such a large keysize? "
#~ msgstr "¿De verdad necesita una clave tan grande? "
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Kas te tõesti soovite valitud võtmeid kustutada? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "vigane parool"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "uuenda usalduse andmebaasi"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NIMI|terminali kooditabel on NIMI"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "viga parooli loomisel: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "genereeri uus võtmepaar"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "genereeri uus võtmepaar"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "Võtit ei muudetud, seega pole uuendamist vaja.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "salajast võtit `%s' ei leitud: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "viga: vigane sõrmejälg\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Foto IDd ei saa PGP2 võtmele lisada.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Kustutan selle korrektse allkirja? (j/E/v)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Ärge palun kirjutage e-posti aadressi pärisnimesse ega kommentaari\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: võtmehoidla on loodud\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "HOIATUS: seaded failis `%s' pole seekord veel aktiivsed\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr ""
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "küsin võtit %08lX võtmeserverist %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "HOIATUS: ei saa kustutada ajutist faili (%s) `%s': %s\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "küsin võtit %08lX võtmeserverist %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "salajast võtit `%s' ei leitud: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Loon sellele võtmele tühistamise sertifikaadi? "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr "HOIATUS: seaded failis `%s' pole seekord veel aktiivsed\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent ei ole sesses sessioonis kasutatav\n"
#~ msgid "file create error"
#~ msgstr "viga faili loomisel"
-#~ msgid "invalid passphrase"
-#~ msgstr "vigane parool"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "realiseerimata avaliku võtme algoritm"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Haluatko varmasti poistaa valitut avaimet? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "väärä salasana"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "päivitä luottamustietokanta"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NIMI|aseta päätteen merkistöksi NIMI"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "virhe luotaessa salasanaa: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "luo uusi avainpari"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "luo uusi avainpari"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "Päivitystä ei tarvita, koska avain ei ole muuttunut.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "salaista avainta \"%s\" ei löydy: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "virhe: sormenjälki on väärä\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Et voi lisätä valokuvaa PGP2-muodon avaimeen.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Poistetaanko tämä kelvollinen allekirjoitus? (k/E/l)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Älä syötä sähköpostiosoitetta nimen tai huomautuksen paikalle\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: avainrengas luotu\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"VAROITUS: asetukset tiedostossa \"%s\" eivät ole käytössä vielä tässä "
-"ajossa\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr ""
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "pyydetään avainta %08lX kohteesta %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "VAROITUS: tilapäistiedostoa (%s) \"%s\" ei voi poistaa: %s\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "pyydetään avainta %08lX kohteesta %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "salaista avainta \"%s\" ei löydy: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Luo tälle avaimelle mitätöintivarmenne? "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "VAROITUS: asetukset tiedostossa \"%s\" eivät ole käytössä vielä tässä "
+#~ "ajossa\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent ei ole käytettävissä tässä istunnossa\n"
#~ msgid "file create error"
#~ msgstr "virhe tiedostoa luotaessa"
-#~ msgid "invalid passphrase"
-#~ msgstr "väärä salasana"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "julkisen avaimen algoritmi ei ole käytössä"
msgid "|pinentry-label|_Cancel"
msgstr "|pinentry-label|_Annuler"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "|pinentry-label|_OK"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "|pinentry-label|_OK"
+
msgid "|pinentry-label|PIN:"
msgstr "|pinentry-label|Code personnel :"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|pinentry-label|_Annuler"
+
+#, fuzzy
+#| msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr ""
+"Voulez-vous vraiment supprimer de façon permanente la clef secrète OpenPGP :"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "phrase de passe incorrecte"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "ne pas utiliser le SCdaemon"
+#, fuzzy
+#| msgid "|NAME|connect to host NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NOM|se connecter à l'hôte NOM"
+
msgid "ignore requests to change the TTY"
msgstr "ignorer les demandes de modification du TTY"
msgid "do not use the PIN cache when signing"
msgstr "ne pas utiliser le cache de code pour signer"
+#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "ne pas autoriser la réutilisation d'anciennes phrases secrètes"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr "ne pas marquer les clefs comme de confiance"
msgid "quickly generate a new key pair"
msgstr "générer rapidement une nouvelle paire de clefs"
+#, fuzzy
+#| msgid "quickly generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "générer rapidement une nouvelle paire de clefs"
+
msgid "full featured key pair generation"
msgstr "générer une paire de clefs complètes"
msgstr "La clef n'a pas été modifiée donc la mise à jour est inutile.\n"
#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "clef secrète « %s » introuvable : %s\n"
+
+#, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "« %s » n’est pas une empreinte\n"
msgstr ""
"Vous ne devriez pas ajouter de photo d'identité à une clef de type PGP 2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Cette identité existe déjà pour cette clef.\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Supprimer cette bonne signature ? (o/N/q)"
"Ne mettez pas d'adresse électronique dans le nom réel ou dans le "
"commentaire\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "Cette identité existe déjà pour cette clef.\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s : porte-clefs créé\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "inclure les clefs révoquées dans les résultats de recherche"
msgid "include subkeys when searching by key ID"
msgstr "inclure les sous-clefs en cherchant par identifiant de clef"
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "override timeout options set for dirmngr"
msgstr ""
-"utiliser des fichiers temporaires pour passer les données aux assistants de\n"
-"serveurs de clefs"
-
-msgid "do not delete temporary files after using them"
-msgstr "ne pas supprimer les fichiers temporaires après les avoir utilisés"
msgid "automatically retrieve keys when verifying signatures"
msgstr "récupérer les clefs automatiquement en vérifiant les signatures"
"respecter l'enregistrement PKA positionné sur une clef en récupérant les "
"clefs"
-#, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"Attention : l'option de serveur de clefs « %s » n'est pas\n"
-" utilisée sur cette plateforme\n"
-
msgid "disabled"
msgstr "désactivée"
msgstr "« %s » n'est pas un identifiant de clef : ignoré\n"
#, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "rafraîchissement d'une clef à partir de %s\n"
+
+#, c-format
msgid "WARNING: unable to refresh key %s via %s: %s\n"
msgstr ""
"Attention : impossible de rafraîchir la clef %s\n"
" avec %s : %s\n"
#, c-format
-msgid "refreshing 1 key from %s\n"
-msgstr "rafraîchissement d'une clef à partir de %s\n"
-
-#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "rafraîchissement de %d clefs à partir de %s\n"
"Supprimez ce deux-points avec un éditeur de texte avant\n"
"d’utiliser ce certificat de révocation."
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "clef secrète « %s » introuvable : %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Faut-il créer un certificat de révocation pour cette clef ? (o/N) "
"Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
"ficmotif\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr ""
+#~ "utiliser des fichiers temporaires pour passer les données aux assistants "
+#~ "de\n"
+#~ "serveurs de clefs"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "ne pas supprimer les fichiers temporaires après les avoir utilisés"
+
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "Attention : l'option de serveur de clefs « %s » n'est pas\n"
+#~ " utilisée sur cette plateforme\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "nom de socket trop long\n"
#~ msgid "file create error"
#~ msgstr "erreur de création de fichier"
-#~ msgid "invalid passphrase"
-#~ msgstr "phrase de passe incorrecte"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algorithme de clef publique non implémenté"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+#| msgid "Do you really want to create a sign and encrypt key? "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "¿Seguro que quere crear unha chave para asinar e cifrar? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "contrasinal incorrecto"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "actualiza-la base de datos de confianza"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAME|axusta-lo xogo de caracteres do terminal a NOME"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "erro ao crea-lo contrasinal: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "xerar un novo par de chaves"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "xerar un novo par de chaves"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "A chave non cambiou, polo que non fai falla actualizar.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "non se atopou a chave secreta `%s': %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "erro: pegada dactilar non válida\n"
"Non pode engadir unha identificación fotográfica a unha chave de estilo "
"PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "¿Borrar esta sinatura correcta? (s/N/q)"
msgstr ""
"Por favor, non poña o enderezo de correo no nome real ou no comentario\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: chaveiro creado\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "AVISO: as opcións de `%s' aínda non están activas nesta execución\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr "%s: non é un ID de chave válido\n"
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "solicitando a chave %08lX de %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVISO: non se puido borra-lo ficheiro temporal (%s) `%s': %s\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "solicitando a chave %08lX de %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "non se atopou a chave secreta `%s': %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "¿Crear un certificado de revocación para esta sinatura? "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr "AVISO: as opcións de `%s' aínda non están activas nesta execución\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent non está dispoñible nesta sesión\n"
#~ msgid "file create error"
#~ msgstr "erro de creación de ficheiro"
-#~ msgid "invalid passphrase"
-#~ msgstr "contrasinal incorrecto"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algoritmo de chave pública non implementado"
#~ msgid "%s: error checking key: %s\n"
#~ msgstr "%s: erro ao verifica-la chave: %s\n"
-#~ msgid "Do you really want to create a sign and encrypt key? "
-#~ msgstr "¿Seguro que quere crear unha chave para asinar e cifrar? "
-
#~ msgid "Do you really need such a large keysize? "
#~ msgstr "¿Está seguro de precisar un tamaño de chave tan grande? "
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Valóban törli a kiválasztott kulcsokat? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "érvénytelen jelszó"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "bizalmi adatbázis frissítése"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NÉV|terminál karakterkódolásának megadása"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "Hiba a jelszó létrehozásakor: %s.\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "új kulcspár létrehozása"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "új kulcspár létrehozása"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "A kulcs nem változott, nincs szükség frissítésre.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "\"%s\" titkos kulcs nem található: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "Hiba: Érvénytelen ujjlenyomat.\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Lehet, hogy nem adhat fotóazonosítót egy PGP2 stílusú kulcshoz!\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Törli ezt a jó aláírást? (i/N/k)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Kérem, ne rakja az e-mail címet a teljes névbe vagy a megjegyzésbe!\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: Kulcskarikát létrehoztam.\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"FIGYELEM: \"%s\" opciói csak a következõ futáskor lesznek érvényesek!\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr ""
#, fuzzy, c-format
+msgid "refreshing 1 key from %s\n"
+msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
+
+#, fuzzy, c-format
msgid "WARNING: unable to refresh key %s via %s: %s\n"
msgstr ""
"FIGYELEM: Nem tudom törölni az (\"%s\") átmeneti állományt: \"%s\": %s.\n"
#, fuzzy, c-format
-msgid "refreshing 1 key from %s\n"
-msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
-
-#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "Lekérem a %08lX kulcsot a %s kulcsszerverrõl.\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "\"%s\" titkos kulcs nem található: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Csináljunk egy visszavonó igazolást ehhez a kulcshoz? "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "FIGYELEM: \"%s\" opciói csak a következõ futáskor lesznek érvényesek!\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "GPG ügynök nem elérhetõ ebben a munkafolyamatban.\n"
#~ msgid "file create error"
#~ msgstr "állománylétrehozási hiba"
-#~ msgid "invalid passphrase"
-#~ msgstr "érvénytelen jelszó"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "nem megvalósított nyilvános kulcsú algoritmus"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Anda ingin menghapus kunci terpilih ini? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "passphrase tidak valid"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "perbarui database trust"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAMA|set charset terminal ke NAMA"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "kesalahan penciptaan passphrase: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "buat sepasang kunci baru"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "buat sepasang kunci baru"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "Kunci tidak berubah sehingga tidak perlu pembaharuan.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "kesalahan: fingerprint tidak valid\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Anda tidak boleh menambahkan sebuah photo ID ke kunci bergaya PGP2 \n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Hapus signature baik ini? (y/T/q)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Jangan menaruh alamat email ke dalam nama sebenarnya atau komentar\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: keyring tercipta\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "PERINGATAN: opsi dalam `%s' belum aktif selama pelaksanaan ini\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr ""
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "meminta kunci %08lX dari %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "PERINGATAN: tidak dapat menghapus file temp (%s) `%s': %s\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "meminta kunci %08lX dari %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Buat sertifikat pembatalan untuk kunci ini?"
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr "PERINGATAN: opsi dalam `%s' belum aktif selama pelaksanaan ini\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent tidak tersedia untuk sesi ini\n"
#~ msgid "file create error"
#~ msgstr "kesalahan buat file"
-#~ msgid "invalid passphrase"
-#~ msgstr "passphrase tidak valid"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algoritma pubkey belum diimplementasikan"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Vuoi davvero cancellare le chiavi selezionate? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "passphrase non valida"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "aggiorna il database della fiducia"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NOME|imposta NOME come set di caratteri del terminale"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "errore nella creazione della passhprase: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "genera una nuova coppia di chiavi"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "genera una nuova coppia di chiavi"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "La chiave non è cambiata quindi non sono necessari aggiornamenti.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "chiave segreta `%s' non trovata: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "errore: impronta digitale non valida\n"
msgstr ""
"Non è possibile aggiungere un ID fotografico a una chiave in stile PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Cancellare questa firma corretta? (s/N/q)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Per favore non mettere l'indirizzo di email nel nome o nel commento\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: portachiavi creato\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"ATTENZIONE: le opzioni in `%s' non sono ancora attive durante questa\n"
-"esecuzione del programma\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr ""
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "ATTENZIONE: impossibile cancellare il file temporaneo (%s) `%s': %s\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "richiedo la chiave %08lX a %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "ATTENZIONE: impossibile cancellare il file temporaneo (%s) `%s': %s\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "richiedo la chiave %08lX a %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "chiave segreta `%s' non trovata: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Creare un certificato di revoca per questa chiave? "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "ATTENZIONE: le opzioni in `%s' non sono ancora attive durante questa\n"
+#~ "esecuzione del programma\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent non è disponibile in questa sessione\n"
#~ msgid "file create error"
#~ msgstr "errore durante la creazione del file"
-#~ msgid "invalid passphrase"
-#~ msgstr "passphrase non valida"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algoritmo della chiave pubblica non implementato"
msgid "|pinentry-label|_Cancel"
msgstr "|pinentry-label|_キャンセル"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "|pinentry-label|_OK"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "|pinentry-label|_OK"
+
msgid "|pinentry-label|PIN:"
msgstr "|pinentry-label|PIN:"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|pinentry-label|_キャンセル"
+
+#, fuzzy
+#| msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "選択したOpenPGP秘密鍵を本当に永久に削除しますか? (y/N) "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "Enter new passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "新しいパスフレーズを入力してください"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "SCdaemonを使わない"
+#, fuzzy
+#| msgid "|NAME|connect to host NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAME|ホストNAMEに接続する"
+
msgid "ignore requests to change the TTY"
msgstr "TTYの変更要求を無視する"
msgid "do not use the PIN cache when signing"
msgstr "署名に対してPINの保持を使わない"
+#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "古いパスフレーズを再使用することを認めない"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr "クライアントが鍵に\"trusted\"マークをつけることを認めない"
msgid "quickly generate a new key pair"
msgstr "すばやく新しい鍵ペアを生成"
+#, fuzzy
+#| msgid "quickly generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "すばやく新しい鍵ペアを生成"
+
msgid "full featured key pair generation"
msgstr "全機能の鍵ペアを生成"
msgstr "鍵は無変更なので更新は不要です。\n"
#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "秘密鍵\"%s\"が見つかりません: %s\n"
+
+#, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "\"%s\"はフィンガープリントではありません\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "PGP2形式の鍵にはフォトIDを追加できません。\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "そういったユーザIDはすでにこの鍵に存在しています!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "この正しい署名を削除しますか? (y/N/q)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "電子メールのアドレスを本名やコメントに入れないように\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "そういったユーザIDはすでにこの鍵に存在しています!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: 鍵リングができました\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "失効した鍵を検索結果に含める"
msgid "include subkeys when searching by key ID"
msgstr "key IDによる検索に副鍵も含める"
-msgid "use temporary files to pass data to keyserver helpers"
-msgstr "キーサーバ・ヘルパーにデータを与える際、一時ファイルを使う"
-
-msgid "do not delete temporary files after using them"
-msgstr "一時ファイルを使用後、それを削除しない"
+msgid "override timeout options set for dirmngr"
+msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgstr "署名の検証時に自動的に鍵を取得する"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "鍵に設定されたPKAレコードを鍵の取得時に与える"
-#, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"*警告*: 鍵サーバのオプション'%s'は、このプラットホームでは使われません\n"
-
msgid "disabled"
msgstr "使用禁止"
msgstr "\"%s\"鍵IDではありません: スキップします\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "*警告*: 鍵%sを%s経由で回復できません: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "1本の鍵を%sから回復\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "*警告*: 鍵%sを%s経由で回復できません: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "%d本の鍵を%sから回復\n"
"入されます。\n"
"この失効証明書を使う前にはテクスト・エディタでこのコロンを削除してください。"
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "秘密鍵\"%s\"が見つかりません: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "この鍵に対する失効証明書を作成しますか? (y/N) "
"形式: gpg-check-pattern [オプション] パターンファイル\n"
"パターンファイルに対して標準入力のパスフレーズを確認する\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr "キーサーバ・ヘルパーにデータを与える際、一時ファイルを使う"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "一時ファイルを使用後、それを削除しない"
+
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "*警告*: 鍵サーバのオプション'%s'は、このプラットホームでは使われません\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "ソケット名が長すぎます\n"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Vil du virkelig slette den valgte nøkkelen? (j/N) "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "ugyldig passfrase"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
#, fuzzy
msgid "do not use the SCdaemon"
msgstr "ikke oppdatér tillitsdatabasen etter import"
+#, fuzzy
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAVN|kryptere for NAVN"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "feil ved opprettelse av passfrase: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "generere et nytt nøkkelpar"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "generere et nytt nøkkelpar"
+
msgid "full featured key pair generation"
msgstr ""
msgid "Key not changed so no update needed.\n"
msgstr "Nøkkelen ble ikke endret, så ingen oppdatering er nødvendig.\n"
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "hemmelig nøkkel «%s» ble ikke funnet: %s\n"
+
#, fuzzy, c-format
#| msgid "invalid fingerprint"
msgid "\"%s\" is not a fingerprint\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr ""
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Slette denne gode signaturen? (j/N/a)"
msgstr ""
"Vennligst ikke putt epostadressen inn i fullt navn eller i kommentaren\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr ""
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-#| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"ADVARSEL: nøkkelserver-valget «%s» er ikke i bruk på denne plattformen\n"
-
msgid "disabled"
msgstr "utkoblet"
msgstr ""
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "ADVARSEL: klarte ikke å oppfriske nøkkel %s via %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "oppfrisker 1 nøkkel fra %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "ADVARSEL: klarte ikke å oppfriske nøkkel %s via %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "oppfrisker %d nøkler fra %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "hemmelig nøkkel «%s» ble ikke funnet: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Lage et opphevingssertifikat for denne nøkkelen? (j/N) "
msgstr ""
#, fuzzy
+#~| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "ADVARSEL: nøkkelserver-valget «%s» er ikke i bruk på denne plattformen\n"
+
+#, fuzzy
#~ msgid "use a standard location for the socket"
#~ msgstr "sette en notasjon for de valgte brukeridene"
#~ msgid "file create error"
#~ msgstr "feil ved opprettelse av fil"
-#~ msgid "invalid passphrase"
-#~ msgstr "ugyldig passfrase"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "uimplementert pubkey-algoritme"
msgid "|pinentry-label|_Cancel"
msgstr "|pinentry-label|_Anuluj"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "|pinentry-label|_OK"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "|pinentry-label|_OK"
+
msgid "|pinentry-label|PIN:"
msgstr "|pinentry-label|PIN:"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|pinentry-label|_Anuluj"
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Czy na pewno chcesz usun±æ wybrane klucze? (t/N) "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "Enter new passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "Wprowad¼ nowe has³o"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "nie u¿ywanie SCdaemona"
+#, fuzzy
+#| msgid "|NAME|connect to Assuan socket NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAZWA|po³±czenie z gniazdem Assuan o tej nazwie"
+
msgid "ignore requests to change the TTY"
msgstr "ignorowanie ¿±dañ zmiany TTY"
msgstr "nie u¿ywanie pamiêci PIN-ów przy podpisywaniu"
#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "nie zezwalanie na ponowne u¿ycie starych hase³"
+
+#, fuzzy
#| msgid "allow clients to mark keys as \"trusted\""
msgid "disallow clients to mark keys as \"trusted\""
msgstr "zezwolenie klientom na oznaczanie kluczy jako \"zaufanych\""
msgid "quickly generate a new key pair"
msgstr "generacja nowej pary kluczy"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "generacja nowej pary kluczy"
+
msgid "full featured key pair generation"
msgstr ""
msgid "Key not changed so no update needed.\n"
msgstr "Klucz nie zosta³ zmieniony wiêc zapis zmian nie jest konieczny.\n"
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "klucz prywatny ,,%s'' nie zosta³ odnaleziony: %s\n"
+
#, fuzzy, c-format
#| msgid "invalid fingerprint"
msgid "\"%s\" is not a fingerprint\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Do klucza dla PGP 2.x nie mo¿na dodaæ zdjêcia.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Taki identyfikator u¿ytkownika ju¿ istnieje na tym kluczu!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Usun±æ ten poprawny podpis? (t/N/w) "
"Nie nale¿y umieszczaæ adresu poczty elektronicznej w polu nazwiska czy\n"
"komentarza.\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "Taki identyfikator u¿ytkownika ju¿ istnieje na tym kluczu!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: zbiór kluczy utworzony\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "w³±czenie uniewa¿nionych kluczy do wyników wyszukiwania"
msgid "include subkeys when searching by key ID"
msgstr "w³±czenie podkluczy przy poszukiwaniu po ID klucza"
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "override timeout options set for dirmngr"
msgstr ""
-"u¿ycie plików tymczasowych do przekazywania danych do modu³ów obs³ugi "
-"serwera kluczy"
-
-msgid "do not delete temporary files after using them"
-msgstr "nie usuwanie plików tymczasowych po u¿yciu ich"
msgid "automatically retrieve keys when verifying signatures"
msgstr "automatyczne pobieranie kluczy przy sprawdzaniu podpisów"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "honorowanie rekordu PKA ustawionego w kluczu przy pobieraniu kluczy"
-#, fuzzy, c-format
-#| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"OSTRZE¯ENIE: opcja serwera kluczy ,,%s'' nie jest u¿ywana na tej "
-"platformie.\n"
-
msgid "disabled"
msgstr "wy³±czony"
msgstr ",,%s'' nie jest identyfikatorem klucza - pominiêto\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "OSTRZE¯ENIE: nie mo¿na od¶wie¿yæ klucza %s przez %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "od¶wie¿anie 1 klucza z %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "OSTRZE¯ENIE: nie mo¿na od¶wie¿yæ klucza %s przez %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "od¶wie¿anie %d kluczy z %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "klucz prywatny ,,%s'' nie zosta³ odnaleziony: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Stworzyæ certyfikat uniewa¿nienia tego klucza? (t/N) "
"Sk³adnia: gpg-check-pattern [opcje] plik-wzorców\n"
"Sprawdzanie has³a ze standardowego wej¶cia wzglêdem pliku wzorców\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr ""
+#~ "u¿ycie plików tymczasowych do przekazywania danych do modu³ów obs³ugi "
+#~ "serwera kluczy"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "nie usuwanie plików tymczasowych po u¿yciu ich"
+
+#, fuzzy
+#~| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "OSTRZE¯ENIE: opcja serwera kluczy ,,%s'' nie jest u¿ywana na tej "
+#~ "platformie.\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "nazwa gniazda zbyt d³uga\n"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Você quer realmente remover as chaves selecionadas? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "frase-secreta inválida"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "actualizar a base de dados de confiança"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr ""
+"|NOME|definir mapa de caracteres do terminal como\n"
+"NOME"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "erro na criação da frase secreta: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "gerar um novo par de chaves"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "gerar um novo par de chaves"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "Chave não alterada, nenhuma actualização é necessária.\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "%s: versão de ficheiro inválida %d\n"
msgstr ""
"Não pode adicionar um identificador fotográfico a uma chave tipo PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Apagar esta assinatura válida? (s/N/q)"
"Por favor não coloque o endereço de email no nome verdadeiro ou no "
"comentário\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: porta-chaves criado\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "AVISO: opções em `%s' ainda não estão activas nesta execução\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr ""
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "a pedir a chave %08lX de %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVISO: dono pouco seguro em %s \"%s\"\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "a pedir a chave %08lX de %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "chave `%s' não encontrada: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Gerar um certificado de revogação para esta assinatura? (s/N)"
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr "AVISO: opções em `%s' ainda não estão activas nesta execução\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "o gpg-agent não está disponível nesta sessão\n"
#~ msgid "file create error"
#~ msgstr "erro na criação do ficheiro"
-#~ msgid "invalid passphrase"
-#~ msgstr "frase-secreta inválida"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algoritmo de chave pública não implementado"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Doriþi într-adevãr sã ºtergeþi cheile selectate? (d/N) "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "frazã-parolã invalidã"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
#, fuzzy
msgid "do not use the SCdaemon"
msgstr "actualizeazã baza de date de încredere"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NUME|seteazã charset-ul pentru terminal ca NUME"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "eroare la crearea frazei-parolã: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "genereazã o nouã perechi de chei"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "genereazã o nouã perechi de chei"
+
msgid "full featured key pair generation"
msgstr ""
msgid "Key not changed so no update needed.\n"
msgstr "Cheia nu a fost schimbatã aºa cã nici o actualizare a fost necesarã.\n"
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "cheia secretã \"%s\" nu a fost gãsitã: %s\n"
+
#, fuzzy, c-format
#| msgid "invalid fingerprint"
msgid "\"%s\" is not a fingerprint\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Nu puteþi adãuga o pozã ID la o cheie stil PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "ªtergeþi aceastã semnãturã bunã? (d/N/t)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Vã rugãm nu puneþi adresa de email în numele real sau comentariu\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: inelul de chei creat\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-#| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"AVERTISMENT: opþiunile serverului de chei `%s' nu sunt folosite pe aceastã "
-"platformã\n"
-
msgid "disabled"
msgstr "deactivat(ã)"
msgstr "\"%s\" nu este un ID de cheie: sãrit\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "AVERTISMENT: nu pot reactualiza cheia %s via %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "reactualizez 1 cheie de la %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "AVERTISMENT: nu pot reactualiza cheia %s via %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "reactualizez %d chei de la %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "cheia secretã \"%s\" nu a fost gãsitã: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Creaþi un certificat de revocare pentru aceastã cheie? (d/N) "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "AVERTISMENT: opþiunile serverului de chei `%s' nu sunt folosite pe "
+#~ "aceastã platformã\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent nu este disponibil în aceastã sesiune\n"
#~ msgid "file create error"
#~ msgstr "eroare creare fiºier"
-#~ msgid "invalid passphrase"
-#~ msgstr "frazã-parolã invalidã"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algoritm pubkey neimplementat"
msgid "|pinentry-label|_Cancel"
msgstr "|pinentry-label|Отмена (_C)"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "|pinentry-label|_OK"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "|pinentry-label|_OK"
+
msgid "|pinentry-label|PIN:"
msgstr "|pinentry-label|PIN:"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|pinentry-label|Отмена (_C)"
+
+#, fuzzy
+#| msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Вы действительно хотите навсегда удалить закрытый ключ OpenPGP:"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "Enter new passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "Введите новую фразу-пароль"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "не использовать демон криптографических карт"
+#, fuzzy
+#| msgid "|NAME|connect to host NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAME|подключиться к хосту NAME"
+
msgid "ignore requests to change the TTY"
msgstr "игнорировать запросы смены терминала"
msgid "do not use the PIN cache when signing"
msgstr "не использовать запомненный PIN при подписывании"
+#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "не разрешать повторное использование старых фраз-паролей"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr "не позволять клиентам помечать ключи как \"доверенные\""
msgid "quickly generate a new key pair"
msgstr "быстро создать новую пару ключей"
+#, fuzzy
+#| msgid "quickly generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "быстро создать новую пару ключей"
+
msgid "full featured key pair generation"
msgstr "создание полноценной пары ключей"
msgstr "Ключ не изменялся - обновление не нужно.\n"
#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "закрытый ключ \"%s\" не найден: %s\n"
+
+#, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "\"%s\" - не отпечаток\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Нельзя добавить фотоидентификатор в ключ типа PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "Такой ID пользователя на этом ключе уже есть!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Удалить данную действительную подпись? (y/N/q)"
msgstr ""
"Не вставляйте адрес электронной почты в имя пользователя или комментарий\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "Такой ID пользователя на этом ключе уже есть!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: таблица ключей создана\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "включить в результаты поиска отозванные ключи"
msgid "include subkeys when searching by key ID"
msgstr "искать по ID ключа, включая подключи"
-msgid "use temporary files to pass data to keyserver helpers"
-msgstr "передавать данные в сервер с помощью временных файлов"
-
-msgid "do not delete temporary files after using them"
-msgstr "не удалять временные файлы после использования"
+msgid "override timeout options set for dirmngr"
+msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgstr "автоматически получать ключи при проверке подписей"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "учитывать набор записей PKA при получении ключей"
-#, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"ВНИМАНИЕ: параметр сервера ключей `%s' на данной платформе не используется\n"
-
msgid "disabled"
msgstr "отключен"
msgstr "\"%s\" не идентификатор ключа: пропущен\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "Внимание: невозможно обновить ключ %s с %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "обновление 1 ключа из %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "Внимание: невозможно обновить ключ %s с %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "обновление %d ключей из %s\n"
"вставлено двоеточие. Удалите это двоеточие в текстовом редакторе\n"
"перед использованием этого сертификата отзыва."
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "закрытый ключ \"%s\" не найден: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Создать сертификат отзыва данного ключа? (y/N) "
msgstr ""
"Синтаксис: gpg-check-pattern [параметры] файл_образцов\n"
"Проверить фразу-пароль, поступающую из stdin, по файлу образцов\n"
+
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr "передавать данные в сервер с помощью временных файлов"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "не удалять временные файлы после использования"
+
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "ВНИМАНИЕ: параметр сервера ключей `%s' на данной платформе не "
+#~ "используется\n"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Skutoène chcete zmaza» vybrané kµúèe? "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "nesprávne heslo"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "aktualizova» databázu dôvery"
+#, fuzzy
+#| msgid "|NAME|set terminal charset to NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|MENO|nastav znakovú sadu terminálu na MENO"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "chyba pri vytváraní hesla: %s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "vytvori» nový pár kµúèov"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "vytvori» nový pár kµúèov"
+
msgid "full featured key pair generation"
msgstr ""
msgstr "kµúè nebol zmenený, tak¾e nie je potrebné ho aktualizova».\n"
#, fuzzy, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "tajný kµúè `%s' nebol nájdený: %s\n"
+
+#, fuzzy, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "chyba: neplatný odtlaèok\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Nemali by ste pridáva» fotografické ID k PGP2 kµúèu.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Zmaza» tento dobrý podpis? (a/N/u)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Do poµa meno alebo komentár nepí¹te, prosím, e-mailovú adresu.\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: súbor kµúèov (keyring) vytvorený\n"
-msgid "include revoked keys in search results"
+msgid "override proxy options set for dirmngr"
msgstr ""
-msgid "include subkeys when searching by key ID"
+msgid "include revoked keys in search results"
msgstr ""
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "include subkeys when searching by key ID"
msgstr ""
-msgid "do not delete temporary files after using them"
+msgid "override timeout options set for dirmngr"
msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr ""
-#, fuzzy, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "VAROVANIE: nastavenie v `%s' e¹te nie je aktívne\n"
-
#, fuzzy
msgid "disabled"
msgstr "disable"
msgstr ""
#, fuzzy, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "VAROVANIE: nemô¾em vymaza» doèasný súbor (%s) `%s': %s\n"
-
-#, fuzzy, c-format
msgid "refreshing 1 key from %s\n"
msgstr "po¾adujem kµúè %08lX z %s\n"
#, fuzzy, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "VAROVANIE: nemô¾em vymaza» doèasný súbor (%s) `%s': %s\n"
+
+#, fuzzy, c-format
msgid "refreshing %d keys from %s\n"
msgstr "po¾adujem kµúè %08lX z %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, fuzzy, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "tajný kµúè `%s' nebol nájdený: %s\n"
-
#, fuzzy
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Vytvori» pre tento podpis revokaèný certifikát? "
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#, fuzzy
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr "VAROVANIE: nastavenie v `%s' e¹te nie je aktívne\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent nie je v tomto sedení dostupný\n"
#~ msgid "file create error"
#~ msgstr "chyba pri vytváraní súboru"
-#~ msgid "invalid passphrase"
-#~ msgstr "nesprávne heslo"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "algoritmus verejného kµúèa nie je implementovaný"
msgid "|pinentry-label|_Cancel"
msgstr "_Avbryt"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "_OK"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "_OK"
+
msgid "|pinentry-label|PIN:"
msgstr "PIN-kod:"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "_Avbryt"
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Vill du verkligen ta bort de valda nycklarna? (j/N) "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "Enter new passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "Ange ny lösenfras"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "använd inte SCdaemon"
+#, fuzzy
+#| msgid "|NAME|connect to Assuan socket NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAMN|anslut till Assuan-uttaget NAMN"
+
msgid "ignore requests to change the TTY"
msgstr "ignorera begäran om att ändra TTY"
msgid "do not use the PIN cache when signing"
msgstr "använd inte mellanlagring av PIN-kod vid signering"
+#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "tillåt inte återanvändning av gamla lösenfraser"
+
# Antar att värdet inte ska översättas.
#, fuzzy
#| msgid "allow clients to mark keys as \"trusted\""
msgid "quickly generate a new key pair"
msgstr "generera ett nytt nyckelpar"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "generera ett nytt nyckelpar"
+
msgid "full featured key pair generation"
msgstr ""
msgid "Key not changed so no update needed.\n"
msgstr "Nyckeln är oförändrad så det behövs ingen uppdatering.\n"
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
+
#, fuzzy, c-format
#| msgid "invalid fingerprint"
msgid "\"%s\" is not a fingerprint\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Du kan inte lägga till ett foto-id till en nyckel av PGP 2-typ.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "En sådan användaridentitet finns redan på denna nyckel!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Vill du radera denna korrekta signatur? (j/N/a)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "Ange inte e-postadressen som namn eller kommentar\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "En sådan användaridentitet finns redan på denna nyckel!\n"
-
# Ej solklart vad förkortningarna står för
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
msgid "%s: keyring created\n"
msgstr "%s: nyckelring skapad\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "inkludera spärrade nycklar i sökresultatet"
msgid "include subkeys when searching by key ID"
msgstr "inkludera undernycklar vid sökning efter nyckel-id"
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "override timeout options set for dirmngr"
msgstr ""
-"använd temporärfiler för att skicka data till nyckelserverns hjälpprogram"
-
-msgid "do not delete temporary files after using them"
-msgstr "ta inte bort temporärfiler efter de använts"
msgid "automatically retrieve keys when verifying signatures"
msgstr "hämta automatiskt nycklar vid validering av signaturer"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "respektera PKA-posten inställd på en nyckel när nycklar hämtas"
-#, fuzzy, c-format
-#| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"VARNING: nyckelserverflaggan \"%s\" används inte på den här plattformen\n"
-
msgid "disabled"
msgstr "inaktiverad"
msgstr "\"%s\" inte ett nyckel-id: hoppar över\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "VARNING: kunde inte uppdatera nyckeln %s via %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "uppdaterar 1 nyckel från %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "VARNING: kunde inte uppdatera nyckeln %s via %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "uppdaterar %d nycklar från %s\n"
"before making use of this revocation certificate."
msgstr ""
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Skapa ett spärrcertifikat för denna nyckel? (j/N) "
"Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
"Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr ""
+#~ "använd temporärfiler för att skicka data till nyckelserverns hjälpprogram"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "ta inte bort temporärfiler efter de använts"
+
+#, fuzzy
+#~| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "VARNING: nyckelserverflaggan \"%s\" används inte på den här plattformen\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "namnet på uttaget är för långt\n"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Seçili anahtarları gerçekten silmek istiyor musunuz? (e/H ya da y/N) "
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "Enter new passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "Yeni anahtar parolasını giriniz"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "Akıllı kart süreci kullanılmaz"
+#, fuzzy
+#| msgid "|NAME|connect to Assuan socket NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|İSİM|Assuan soketi İSİMe bağlanır"
+
msgid "ignore requests to change the TTY"
msgstr "TTY değiştirme istekleri yoksayılır"
msgstr "imzalarken PIN arabelleği kullanılmaz"
#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "eski anahtar parolalarının yeniden kullanılmasına izin vermez"
+
+#, fuzzy
#| msgid "allow clients to mark keys as \"trusted\""
msgid "disallow clients to mark keys as \"trusted\""
msgstr "istemcilerin anahtarları \"güvenilir\" olarak imlemesine izin verilir"
msgid "quickly generate a new key pair"
msgstr "yeni bir anahtar çifti üretir"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "yeni bir anahtar çifti üretir"
+
msgid "full featured key pair generation"
msgstr ""
msgid "Key not changed so no update needed.\n"
msgstr "Güncelleme gereği olmadığından anahtar değişmedi.\n"
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "gizli anahtar \"%s\" yok: %s\n"
+
#, fuzzy, c-format
#| msgid "invalid fingerprint"
msgid "\"%s\" is not a fingerprint\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "PGP2 tarzı bir anahtara bir foto kimliği ekleyemeyebilirsiniz.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Bu doğru imza silinsin mi? (e/H/k veya y/N/k)"
msgstr ""
"Lütfen E-posta adresinizi Adı ve Soyadı veya Açıklama alanı içine koymayın\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: anahtar zinciri oluşturuldu\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "yürürlükten kaldırılan anahtarlar arama sonuçlarına dahil edilir"
msgstr ""
"anahtar kimliğine göre arama yapılırken yardımcı anahtarlar dahil edilir"
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "override timeout options set for dirmngr"
msgstr ""
-"anahtar sunucusu yardımcılarına veri aktaracak geçici dosyalar kullanılır"
-
-msgid "do not delete temporary files after using them"
-msgstr "geçici dosyaları kullandıktan sonra silmez"
msgid "automatically retrieve keys when verifying signatures"
msgstr "imzaları doğrularken anahtarları özdevinimli olarak alır"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "anahtarları alırken PKA kaydını bir anahtara atar"
-#, fuzzy, c-format
-#| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "UYARI: anahtar sunucusu seçeneği `%s' bu platformda kullanımda değil\n"
-
msgid "disabled"
msgstr "iptal edildi"
msgstr "\"%s\" bir anahtar kimliği değil: atlanıyor\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "UYARI: %s anahtarı %s üzerinden tazelenemiyor: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "1 anahtar %s adresinden tazeleniyor\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "UYARI: %s anahtarı %s üzerinden tazelenemiyor: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "%d anahtar %s adresinden tazeleniyor\n"
"before making use of this revocation certificate."
msgstr ""
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "gizli anahtar \"%s\" yok: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr ""
"Bu anahtar için bir yürürlükten kaldırma sertifikası oluşturulsun mu? (e/H "
"Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
"karşılaştırır\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr ""
+#~ "anahtar sunucusu yardımcılarına veri aktaracak geçici dosyalar kullanılır"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "geçici dosyaları kullandıktan sonra silmez"
+
+#, fuzzy
+#~| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "UYARI: anahtar sunucusu seçeneği `%s' bu platformda kullanımda değil\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "soketin ismi çok uzun\n"
msgid "|pinentry-label|_Cancel"
msgstr "_Скасувати"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "_Гаразд"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "_Гаразд"
+
msgid "|pinentry-label|PIN:"
msgstr "Пінкод:"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "_Скасувати"
+
+#, fuzzy
+#| msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "Справді хочете остаточно вилучити закритий ключ OpenPGP:"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "Enter new passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "Вкажіть новий пароль"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "не використовувати SCdaemon"
+#, fuzzy
+#| msgid "|NAME|connect to host NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|NAME|встановити з’єднання з вузлом за вказаною назвою"
+
msgid "ignore requests to change the TTY"
msgstr "ігнорувати запити щодо зміни TTY"
msgid "do not use the PIN cache when signing"
msgstr "не використовувати кеш пін-кодів для підписування"
+#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "не дозволяти повторне використання старих паролів"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr "заборонити клієнтам позначати ключі як надійні"
msgid "quickly generate a new key pair"
msgstr "швидке створення пари ключів"
+#, fuzzy
+#| msgid "quickly generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "швидке створення пари ключів"
+
msgid "full featured key pair generation"
msgstr "повноцінне створення пари ключів"
msgstr "Ключ не змінено, отже оновлення непотрібне.\n"
#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "закритий ключ «%s» не знайдено: %s\n"
+
+#, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "«%s» не є відбитком\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "Не можна додавати фотоідентифікатор до ключа у форматі PGP2.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "У цьому ключі вже існує такий ідентифікатор користувача!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "Вилучити цей дійсний підпис? (y/N/q або т/Н/в)"
"Будь ласка, не використовуйте адресу електронної пошти у полях справжнього "
"імені або коментаря\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "У цьому ключі вже існує такий ідентифікатор користувача!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: створено сховище ключів\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "включити до результатів пошуку відкликані ключі"
msgid "include subkeys when searching by key ID"
msgstr "включити підключі до пошуку за ідентифікатором ключа"
-msgid "use temporary files to pass data to keyserver helpers"
+msgid "override timeout options set for dirmngr"
msgstr ""
-"використовувати тимчасові файли для передавання даних до допоміжних програм "
-"сервера ключів"
-
-msgid "do not delete temporary files after using them"
-msgstr "не вилучати тимчасові файли після їхнього використання"
msgid "automatically retrieve keys when verifying signatures"
msgstr "автоматично отримувати ключі під час перевірки підписів"
msgstr ""
"брати до уваги запис PKA, встановлений у ключі під час отримання ключів"
-#, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr ""
-"УВАГА: параметр сервера ключів «%s» не використовується на цій платформі\n"
-
msgid "disabled"
msgstr "вимкнено"
msgstr "«%s» не є ідентифікатором ключа: пропускаємо\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "УВАГА: не вдалося оновити ключ %s за допомогою %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "оновлюємо 1 ключ з %s\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "УВАГА: не вдалося оновити ключ %s за допомогою %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "оновлюємо %d ключів з %s\n"
"дефісами нижче додано двокрапку. Вилучіть цю двокрапку у текстовому\n"
"редакторі, перш ніж скористатися цим сертифікатом відкликання."
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "закритий ключ «%s» не знайдено: %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "Створити сертифікат відкликання для цього ключа? (y/N або т/Н) "
"Синтаксис: gpg-check-pattern [параметри] файл_шаблонів\n"
"Перевірити пароль, вказаний у stdin, за допомогою файла_шаблонів\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr ""
+#~ "використовувати тимчасові файли для передавання даних до допоміжних "
+#~ "програм сервера ключів"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "не вилучати тимчасові файли після їхнього використання"
+
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr ""
+#~ "УВАГА: параметр сервера ключів «%s» не використовується на цій платформі\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "назва сокета є надто довгою\n"
msgid "|pinentry-label|_Cancel"
msgstr ""
+msgid "|pinentry-label|_Yes"
+msgstr ""
+
+msgid "|pinentry-label|_No"
+msgstr ""
+
msgid "|pinentry-label|PIN:"
msgstr ""
+msgid "|pinentry-label|_Save in password manager"
+msgstr ""
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "您真的想要删除选定的密钥吗?(y/N)"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "invalid passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "无效的密码"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
#, fuzzy
msgid "do not use the SCdaemon"
msgstr "导入后不更新信任度数据库"
+#, fuzzy
+msgid "|NAME|accept some commands via NAME"
+msgstr "|某甲|为收件者“某甲”加密"
+
msgid "ignore requests to change the TTY"
msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
+#, fuzzy
+msgid "disallow the use of an external password cache"
+msgstr "生成密码的时候发生错误:%s\n"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
msgid "quickly generate a new key pair"
msgstr "生成一副新的密钥对"
+#, fuzzy
+#| msgid "generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "生成一副新的密钥对"
+
msgid "full featured key pair generation"
msgstr ""
msgid "Key not changed so no update needed.\n"
msgstr "密钥没有变动所以不需要更新。\n"
+#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "找不到私钥“%s”:%s\n"
+
#, fuzzy, c-format
#| msgid "invalid fingerprint"
msgid "\"%s\" is not a fingerprint\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "您不可以把照片标识增加到 PGP2 样式的密钥里。\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr ""
+
msgid "Delete this good signature? (y/N/q)"
msgstr "删除这个完好的签名吗?(y/N/q)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "请不要把电子邮件地址放进您的真实姓名或注释里\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr ""
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s:钥匙环已建立\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "在搜索结果中包含已吊销的密钥"
msgid "include subkeys when searching by key ID"
msgstr "按钥匙号搜索时包含子钥"
-msgid "use temporary files to pass data to keyserver helpers"
-msgstr "向公钥服务器辅助程序传递数据时使用临时文件"
-
-msgid "do not delete temporary files after using them"
-msgstr "不删除使用过的临时文件"
+msgid "override timeout options set for dirmngr"
+msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgstr "验证签名时自动下载密钥"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "获取密钥时使用密钥上的 PKA 记录"
-#, fuzzy, c-format
-#| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "警告:公钥服务器选项‘%s’在此平台上没有被使用\n"
-
msgid "disabled"
msgstr "已禁用"
msgstr "“%s”不是一个用户标识:跳过\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "警告:无法更新密钥 %s,通过 %s:%s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "1 个密钥正从 %s 得到更新\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "警告:无法更新密钥 %s,通过 %s:%s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "%d 个密钥正从 %s 得到更新\n"
"before making use of this revocation certificate."
msgstr ""
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "找不到私钥“%s”:%s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "要为这把密钥建立一份吊销证书吗?(y/N)"
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr "向公钥服务器辅助程序传递数据时使用临时文件"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "不删除使用过的临时文件"
+
+#, fuzzy
+#~| msgid "WARNING: keyserver option `%s' is not used on this platform\n"
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr "警告:公钥服务器选项‘%s’在此平台上没有被使用\n"
+
#~ msgid "gpg-agent is not available in this session\n"
#~ msgstr "gpg-agent 在此次舍话中无法使用\n"
#~ msgid "file create error"
#~ msgstr "文件建立错误"
-#~ msgid "invalid passphrase"
-#~ msgstr "无效的密码"
-
#~ msgid "unimplemented pubkey algorithm"
#~ msgstr "未实现的公钥算法"
msgid "|pinentry-label|_Cancel"
msgstr "|pinentry-label|取消 (_C)"
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_Yes"
+msgstr "|pinentry-label|_OK"
+
+#, fuzzy
+#| msgid "|pinentry-label|_OK"
+msgid "|pinentry-label|_No"
+msgstr "|pinentry-label|_OK"
+
msgid "|pinentry-label|PIN:"
msgstr "|pinentry-label|個人識別碼 (PIN):"
+#, fuzzy
+#| msgid "|pinentry-label|_Cancel"
+msgid "|pinentry-label|_Save in password manager"
+msgstr "|pinentry-label|取消 (_C)"
+
+#, fuzzy
+#| msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgid "Do you really want to make your passphrase visible on the screen?"
+msgstr "你是否真的想要永久刪除 OpenPGP 私鑰:"
+
+msgid "|pinentry-tt|Make passphrase visible"
+msgstr ""
+
+#, fuzzy
+#| msgid "Enter new passphrase"
+msgid "|pinentry-tt|Hide passphrase"
+msgstr "請輸入新密語"
+
#. TRANSLATORS: This string is displayed by Pinentry as the label
#. for the quality bar.
msgid "Quality:"
msgid "do not use the SCdaemon"
msgstr "不要使用 SCdaemon"
+#, fuzzy
+#| msgid "|NAME|connect to host NAME"
+msgid "|NAME|accept some commands via NAME"
+msgstr "|名稱|連線至位於指定名稱的主機"
+
msgid "ignore requests to change the TTY"
msgstr "忽略變更 TTY 的要求"
msgid "do not use the PIN cache when signing"
msgstr "簽署時不要使用個人識別碼 (PIN) 快取"
+#, fuzzy
+#| msgid "do not allow the reuse of old passphrases"
+msgid "disallow the use of an external password cache"
+msgstr "不允許重複使用舊密語"
+
msgid "disallow clients to mark keys as \"trusted\""
msgstr "不允許用戶端將金鑰標記為 \"已信任\""
msgid "quickly generate a new key pair"
msgstr "快速產生新的金鑰對"
+#, fuzzy
+#| msgid "quickly generate a new key pair"
+msgid "quickly add a new user-id"
+msgstr "快速產生新的金鑰對"
+
msgid "full featured key pair generation"
msgstr "全能金鑰對生成"
msgstr "金鑰沒有變更所以不需要更新.\n"
#, c-format
+msgid "secret key \"%s\" not found: %s\n"
+msgstr "找不到私鑰 \"%s\": %s\n"
+
+#, c-format
msgid "\"%s\" is not a fingerprint\n"
msgstr "\"%s\" 不是指紋\n"
msgid "You may not add a photo ID to a PGP2-style key.\n"
msgstr "你不可以把照片 ID 增加到 PGP2 型態的金鑰裡.\n"
+msgid "Such a user ID already exists on this key!\n"
+msgstr "這把金鑰上已經有這樣子的使用者 ID 了!\n"
+
msgid "Delete this good signature? (y/N/q)"
msgstr "刪除這份完好的簽章嗎? (y/N/q)"
msgid "Please don't put the email address into the real name or the comment\n"
msgstr "請不要把電子郵件地址放進你的真實姓名或註釋裡\n"
-msgid "Such a user ID already exists on this key!\n"
-msgstr "這把金鑰上已經有這樣子的使用者 ID 了!\n"
-
#. TRANSLATORS: These are the allowed answers in
#. lower and uppercase. Below you will find the matching
#. string which should be translated accordingly and the
msgid "%s: keyring created\n"
msgstr "%s: 鑰匙圈已建立\n"
+msgid "override proxy options set for dirmngr"
+msgstr ""
+
msgid "include revoked keys in search results"
msgstr "在搜尋結果中也包含已撤銷的金鑰"
msgid "include subkeys when searching by key ID"
msgstr "以金鑰 ID 搜尋時也搜尋子鑰"
-msgid "use temporary files to pass data to keyserver helpers"
-msgstr "用暫存檔來將資料遞送給金鑰伺服器協助程式"
-
-msgid "do not delete temporary files after using them"
-msgstr "使用暫存檔後不要加以刪除"
+msgid "override timeout options set for dirmngr"
+msgstr ""
msgid "automatically retrieve keys when verifying signatures"
msgstr "驗證簽章時自動取回金鑰"
msgid "honor the PKA record set on a key when retrieving keys"
msgstr "取回金鑰時尊重金鑰所設定的 PKA 記錄"
-#, c-format
-msgid "WARNING: keyserver option '%s' is not used on this platform\n"
-msgstr "警告: 金鑰伺服器選項 '%s' 並未用於此平台\n"
-
msgid "disabled"
msgstr "已停用"
msgstr "\"%s\" 並非金鑰 ID: 跳過中\n"
#, c-format
-msgid "WARNING: unable to refresh key %s via %s: %s\n"
-msgstr "警告: 無法更新金鑰 %s 於 %s: %s\n"
-
-#, c-format
msgid "refreshing 1 key from %s\n"
msgstr "更新 1 份金鑰中 (從 %s )\n"
#, c-format
+msgid "WARNING: unable to refresh key %s via %s: %s\n"
+msgstr "警告: 無法更新金鑰 %s 於 %s: %s\n"
+
+#, c-format
msgid "refreshing %d keys from %s\n"
msgstr "更新 %d 份金鑰中 (從 %s )\n"
"真的要使用這份撤銷憑證前, 請先用文字編輯器把那個冒號移除,\n"
"撤銷憑證才能使用."
-#, c-format
-msgid "secret key \"%s\" not found: %s\n"
-msgstr "找不到私鑰 \"%s\": %s\n"
-
msgid "Create a revocation certificate for this key? (y/N) "
msgstr "要為這把金鑰建立一份撤銷憑證嗎? (y/N) "
"語法: gpg-check-pattern [選項] 樣式檔案\n"
"用樣式檔案來檢查由標準輸入給定的密語\n"
+#~ msgid "use temporary files to pass data to keyserver helpers"
+#~ msgstr "用暫存檔來將資料遞送給金鑰伺服器協助程式"
+
+#~ msgid "do not delete temporary files after using them"
+#~ msgstr "使用暫存檔後不要加以刪除"
+
+#~ msgid "WARNING: keyserver option '%s' is not used on this platform\n"
+#~ msgstr "警告: 金鑰伺服器選項 '%s' 並未用於此平台\n"
+
#~ msgid "name of socket too long\n"
#~ msgstr "socket 名稱太長\n"
long err;
int slot;
char *list = NULL;
+ char *rdrname = NULL;
pcsc_dword_t nreader;
char *p;
{
if (!*p && !p[1])
break;
- if (*p)
- log_info ("detected reader '%s'\n", p);
+ log_info ("detected reader '%s'\n", p);
if (nreader < (strlen (p)+1))
{
log_error ("invalid response from pcsc_list_readers\n");
break;
}
+ if (!rdrname && portstr && !strncmp (p, portstr, strlen (portstr)))
+ rdrname = p;
nreader -= strlen (p)+1;
p += strlen (p) + 1;
}
- reader_table[slot].rdrname = xtrymalloc (strlen (portstr? portstr : list)+1);
+ if (!rdrname)
+ rdrname = list;
+
+ reader_table[slot].rdrname = xtrystrdup (rdrname);
if (!reader_table[slot].rdrname)
{
log_error ("error allocating memory for reader name\n");
unlock_slot (slot);
return -1;
}
- strcpy (reader_table[slot].rdrname, portstr? portstr : list);
xfree (list);
list = NULL;
apdu[apdulen++] = ins;
apdu[apdulen++] = p0;
apdu[apdulen++] = p1;
- apdu[apdulen++] = 0; /* Z byte: Extended length marker. */
- if (lc >= 0)
+ if (lc > 0)
{
+ apdu[apdulen++] = 0; /* Z byte: Extended length marker. */
apdu[apdulen++] = ((lc >> 8) & 0xff);
apdu[apdulen++] = (lc & 0xff);
memcpy (apdu+apdulen, data, lc);
}
if (le != -1)
{
+ if (lc <= 0)
+ apdu[apdulen++] = 0; /* Z byte: Extended length marker. */
apdu[apdulen++] = ((le >> 8) & 0xff);
apdu[apdulen++] = (le & 0xff);
}
size_t serialnolen; /* Length in octets of serialnumber. */
const char *apptype;
unsigned int card_version;
- int did_chv1;
- int force_chv1; /* True if the card does not cache CHV1. */
- int did_chv2;
- int did_chv3;
+ unsigned int did_chv1:1;
+ unsigned int force_chv1:1; /* True if the card does not cache CHV1. */
+ unsigned int did_chv2:1;
+ unsigned int did_chv3:1;
struct app_local_s *app_local; /* Local to the application. */
struct {
void (*deinit) (app_t app);
#define DRVNAME "ccid-driver: "
+/* Max length of buffer with out CCID message header of 10-byte
+ Sending: 547 for RSA-4096 key import
+ APDU size = 540 (24+4+256+256)
+ commnd + lc + le = 4 + 3 + 0
+ Sending: write data object of cardholder certificate
+ APDU size = 2048
+ commnd + lc + le = 4 + 3 + 0
+ Receiving: 2048 for cardholder certificate
+*/
+#define CCID_MAX_BUF (2048+7+10)
/* Depending on how this source is used we either define our error
- output to go to stderr or to the jnlib based logging functions. We
- use the latter when GNUPG_MAJOR_VERSION is defines or when both,
- GNUPG_SCD_MAIN_HEADER and HAVE_JNLIB_LOGGING are defined.
-*/
-#if defined(GNUPG_MAJOR_VERSION) \
- || (defined(GNUPG_SCD_MAIN_HEADER) && defined(HAVE_JNLIB_LOGGING))
+ output to go to stderr or to the GnuPG based logging functions. We
+ use the latter when GNUPG_MAJOR_VERSION or GNUPG_SCD_MAIN_HEADER
+ are defined. */
+#if defined(GNUPG_MAJOR_VERSION) || defined(GNUPG_SCD_MAIN_HEADER)
#if defined(GNUPG_SCD_MAIN_HEADER)
# include GNUPG_SCD_MAIN_HEADER
unsigned char t1_nr;
unsigned char nonnull_nad;
int max_ifsd;
- int ifsd;
+ int max_ccid_msglen;
int ifsc;
unsigned char apdu_level:2; /* Reader supports short APDU level
exchange. With a value of 2 short
handle->nonnull_nad = 0;
handle->auto_ifsd = 0;
handle->max_ifsd = 32;
- handle->ifsd = 0;
+ handle->max_ccid_msglen = CCID_MAX_BUF;
handle->has_pinpad = 0;
handle->apdu_level = 0;
switch (handle->id_product)
handle->nonnull_nad = 0;
handle->auto_ifsd = 0;
handle->max_ifsd = 32;
- handle->ifsd = 0;
handle->has_pinpad = 0;
handle->apdu_level = 0;
handle->auto_voltage = 0;
us = convert_le_u32(buf+44);
DEBUGOUT_1 (" dwMaxCCIDMsgLen %5u\n", us);
+ handle->max_ccid_msglen = us;
DEBUGOUT ( " bClassGetResponse ");
if (buf[48] == 0xff)
/* Helper for ccid_transceive used for APDU level exchanges. */
static int
ccid_transceive_apdu_level (ccid_driver_t handle,
- const unsigned char *apdu_buf, size_t apdu_buflen,
+ const unsigned char *apdu_buf, size_t apdu_len,
unsigned char *resp, size_t maxresplen,
size_t *nresp)
{
int rc;
- unsigned char send_buffer[10+261+300], recv_buffer[10+261+300];
- const unsigned char *apdu;
- size_t apdulen;
- unsigned char *msg;
+ unsigned char msg[CCID_MAX_BUF];
+ const unsigned char *apdu_p;
+ size_t apdu_part_len;
size_t msglen;
unsigned char seqno;
int bwi = 4;
+ unsigned char chain = 0;
- msg = send_buffer;
+ if (apdu_len == 0 || apdu_len > sizeof (msg) - 10)
+ return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */
- apdu = apdu_buf;
- apdulen = apdu_buflen;
- assert (apdulen);
+ apdu_p = apdu_buf;
+ while (1)
+ {
+ apdu_part_len = apdu_len;
+ if (apdu_part_len > handle->max_ccid_msglen - 10)
+ {
+ apdu_part_len = handle->max_ccid_msglen - 10;
+ chain |= 0x01;
+ }
- /* The maximum length for a short APDU T=1 block is 261. For an
- extended APDU T=1 block the maximum length 65544; however
- extended APDU exchange level is not fully supported yet. */
- if (apdulen > sizeof (send_buffer) - 10)
- return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */
+ msg[0] = PC_to_RDR_XfrBlock;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = bwi;
+ msg[8] = chain;
+ msg[9] = 0;
+ memcpy (msg+10, apdu_p, apdu_part_len);
+ set_msg_len (msg, apdu_part_len);
+ msglen = 10 + apdu_part_len;
- msg[0] = PC_to_RDR_XfrBlock;
- msg[5] = 0; /* slot */
- msg[6] = seqno = handle->seqno++;
- msg[7] = bwi; /* bBWI */
- msg[8] = 0; /* RFU */
- msg[9] = 0; /* RFU */
- memcpy (msg+10, apdu, apdulen);
- set_msg_len (msg, apdulen);
- msglen = 10 + apdulen;
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
- rc = bulk_out (handle, msg, msglen, 0);
- if (rc)
- return rc;
+ apdu_p += apdu_part_len;
+ apdu_len -= apdu_part_len;
- msg = recv_buffer;
- rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
- RDR_to_PC_DataBlock, seqno, 5000, 0);
- if (rc)
- return rc;
+ rc = bulk_in (handle, msg, sizeof msg, &msglen,
+ RDR_to_PC_DataBlock, seqno, 5000, 0);
+ if (rc)
+ return rc;
+
+ if (!(chain & 0x01))
+ break;
+
+ chain = 0x02;
+ }
- if (msg[9] == 1)
+ apdu_len = 0;
+ while (1)
{
- size_t total_msglen = msglen;
+ apdu_part_len = msglen - 10;
+ if (resp && apdu_len + apdu_part_len <= maxresplen)
+ memcpy (resp + apdu_len, msg+10, apdu_part_len);
+ apdu_len += apdu_part_len;
- while (1)
- {
- unsigned char status;
+ if (!(msg[9] & 0x01))
+ break;
- msg = recv_buffer + total_msglen;
+ msg[0] = PC_to_RDR_XfrBlock;
+ msg[5] = 0; /* slot */
+ msg[6] = seqno = handle->seqno++;
+ msg[7] = bwi;
+ msg[8] = 0x10; /* Request next data block */
+ msg[9] = 0;
+ set_msg_len (msg, 0);
+ msglen = 10;
- msg[0] = PC_to_RDR_XfrBlock;
- msg[5] = 0; /* slot */
- msg[6] = seqno = handle->seqno++;
- msg[7] = bwi; /* bBWI */
- msg[8] = 0x10; /* Request next data block */
- msg[9] = 0;
- set_msg_len (msg, 0);
- msglen = 10;
-
- rc = bulk_out (handle, msg, msglen, 0);
- if (rc)
- return rc;
-
- rc = bulk_in (handle, msg, sizeof recv_buffer - total_msglen, &msglen,
- RDR_to_PC_DataBlock, seqno, 5000, 0);
- if (rc)
- return rc;
- status = msg[9];
- memmove (msg, msg+10, msglen - 10);
- total_msglen += msglen - 10;
- if (total_msglen >= sizeof recv_buffer)
- return CCID_DRIVER_ERR_OUT_OF_CORE;
-
- if (status == 0x02)
- break;
- }
+ rc = bulk_out (handle, msg, msglen, 0);
+ if (rc)
+ return rc;
- apdu = recv_buffer + 10;
- apdulen = total_msglen - 10;
- }
- else
- {
- apdu = msg + 10;
- apdulen = msglen - 10;
+ rc = bulk_in (handle, msg, sizeof msg, &msglen,
+ RDR_to_PC_DataBlock, seqno, 5000, 0);
+ if (rc)
+ return rc;
}
if (resp)
{
- if (apdulen > maxresplen)
+ if (apdu_len > maxresplen)
{
DEBUGOUT_2 ("provided buffer too short for received data "
"(%u/%u)\n",
- (unsigned int)apdulen, (unsigned int)maxresplen);
+ (unsigned int)apdu_len, (unsigned int)maxresplen);
return CCID_DRIVER_ERR_INV_VALUE;
}
- memcpy (resp, apdu, apdulen);
- *nresp = apdulen;
+ *nresp = apdu_len;
}
return 0;
#include <sys/stat.h>
#include <unistd.h>
-#define JNLIB_NEED_LOG_LOGV
#include "scdaemon.h"
#include <gcrypt.h>
#include <signal.h>
#include <npth.h>
-#define JNLIB_NEED_LOG_LOGV
-#define JNLIB_NEED_AFLOCAL
+#define GNUPG_COMMON_NEED_AFLOCAL
#include "scdaemon.h"
#include <ksba.h>
#include <gcrypt.h>
#include <stdarg.h>
#include <assert.h>
-#define JNLIB_NEED_LOG_LOGV /* We need log_logv. */
-
#include "gpgsm.h"
#include <gcrypt.h>
#include <ksba.h>
}
else
{
- log_logv (is_error? JNLIB_LOG_ERROR: JNLIB_LOG_INFO, format, arg_ptr);
+ log_logv (is_error? GPGRT_LOG_ERROR: GPGRT_LOG_INFO, format, arg_ptr);
log_printf ("\n");
}
va_end (arg_ptr);
#include <regex.h>
#include <ctype.h>
-
-#define JNLIB_NEED_LOG_LOGV
#include "util.h"
#include "i18n.h"
#include "sysutils.h"
percent ARGS
percent+ ARGS
Escape the args using the percent style. Tabs, formfeeds,
- linefeeds and carriage returns are also escaped.
- "percent+" also maps spaces to plus characters.
+ linefeeds, carriage return, and the plus sign are also
+ escaped. "percent+" also maps spaces to plus characters.
errcode ARG
Assuming ARG is an integer, return the gpg-error code.
else if ( (s - name) == 7 && !strncmp (name, "percent", 7))
{
s++;
- result = percent_escape (s, "\t\r\n\f\v");
+ result = percent_escape (s, "+\t\r\n\f\v");
}
else if ( (s - name) == 8 && !strncmp (name, "percent+", 8))
{
s++;
- result = percent_escape (s, "\t\r\n\f\v");
+ result = percent_escape (s, "+\t\r\n\f\v");
for (p=result; *p; p++)
if (*p == ' ')
*p = '+';
#endif
/* For log_logv(), asctimestamp(), gnupg_get_time (). */
-#define JNLIB_NEED_LOG_LOGV
#include "util.h"
#include "i18n.h"
#include "exechelp.h"
va_list arg_ptr;
va_start (arg_ptr, fmt);
- log_logv (JNLIB_LOG_ERROR, fmt, arg_ptr);
+ log_logv (GPGRT_LOG_ERROR, fmt, arg_ptr);
va_end (arg_ptr);
if (errnum)
{ "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
*/
-/* This utility prints an RFC8222, possible MIME structured, message
+/* This utility prints an RFC822, possible MIME structured, message
in an annotated format with the first column having an indicator
for the content of the line. Several options are available to
scrutinize the message. S/MIME and OpenPGP support is included. */
int is_pkcs7; /* Old style S/MIME message. */
- int moss_state; /* State of PGP/MIME or S/MIME parsing. */
+ int smfm_state; /* State of PGP/MIME or S/MIME parsing. */
int is_smime; /* This is S/MIME and not PGP/MIME. */
char *signing_protocol;
printf ("h signed.protocol: %s\n", s);
if (!strcmp (s, "application/pgp-signature"))
{
- if (info->moss_state)
+ if (info->smfm_state)
err ("note: ignoring nested PGP/MIME or S/MIME signature");
else
{
- info->moss_state = 1;
+ info->smfm_state = 1;
info->is_smime = 0;
free (info->signing_protocol);
info->signing_protocol = xstrdup (s);
else if (!strcmp (s, "application/pkcs7-signature")
|| !strcmp (s, "application/x-pkcs7-signature"))
{
- if (info->moss_state)
+ if (info->smfm_state)
err ("note: ignoring nested PGP/MIME or S/MIME signature");
else
{
- info->moss_state = 1;
+ info->smfm_state = 1;
info->is_smime = 1;
free (info->signing_protocol);
info->signing_protocol = xstrdup (s);
/* We need to check here whether to start collecting signed data
because attachments might come without header lines and thus
we won't see the BEGIN_HEADER event. */
- if (info->moss_state == 1)
+ if (info->smfm_state == 1)
{
printf ("c begin_hash\n");
info->hashing = 1;
info->hashing_level = info->nesting_level;
- info->moss_state++;
+ info->smfm_state++;
if (opt_crypto)
{
{
printf ("h media: %*s%s %s\n",
info->nesting_level*2, "", s1, s2);
- if (info->moss_state == 3)
+ if (info->smfm_state == 3)
{
char *buf = xmalloc (strlen (s1) + strlen (s2) + 2);
strcpy (stpcpy (stpcpy (buf, s1), "/"), s2);
else
{
printf ("c begin_signature\n");
- info->moss_state++;
+ info->smfm_state++;
if (opt_crypto)
{
assert (!info->sig_file);
else
printf ("b last\n");
- if (info->moss_state == 2 && info->nesting_level == info->hashing_level)
+ if (info->smfm_state == 2 && info->nesting_level == info->hashing_level)
{
printf ("c end_hash\n");
- info->moss_state++;
+ info->smfm_state++;
info->hashing = 0;
}
- else if (info->moss_state == 4)
+ else if (info->smfm_state == 4)
{
printf ("c end_signature\n");
info->verify_now = 1;
info.hash_file = NULL;
fclose (info.sig_file);
info.sig_file = NULL;
- info.moss_state = 0;
+ info.smfm_state = 0;
info.is_smime = 0;
info.is_pkcs7 = 0;
}
setmode( fileno(stdin), O_BINARY );
setmode( fileno(stdout), O_BINARY );
#endif
- log_set_prefix ("gpgsplit", JNLIB_LOG_WITH_PREFIX);
+ log_set_prefix ("gpgsplit", GPGRT_LOG_WITH_PREFIX);
set_strusage (my_strusage);
pargs.argc = &argc;
#endif
#include <gpg-error.h>
-#define JNLIB_NEED_LOG_LOGV
#include "i18n.h"
#include "../common/util.h"
#include "../common/init.h"
#define BUGREPORT_LINE ""
#endif
#if !defined(SUN_LEN) || !defined(PF_LOCAL) || !defined(AF_LOCAL)
-#define JNLIB_NEED_AFLOCAL
+#define GNUPG_COMMON_NEED_AFLOCAL
#include "../common/mischelp.h"
#endif