agent: Keep the session environment for restricted connections.

* agent/command-ssh.c (setup_ssh_env): Move code to ... * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change calllers. * agent/command.c (start_command_handler): Call that fucntion for restricted connections. -- A remote connection is and should not be able to setup the local session environment. However, unless --keep-display is used we would be left without an environment and thus pinentry can't be used. The fix is the same as used for ssh-agent connection: We use the default environment as used at the startup of the agent. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-19 13:07:09 +01:00 · 2014-12-19 13:07:09 +01:00 · 14601eacb5
parent aad8963f7b
commit 14601eacb5
5 changed files with 43 additions and 35 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -278,6 +278,7 @@ typedef int (*lookup_ttl_t)(const char *hexgrip);

 /*-- gpg-agent.c --*/
 void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */
+gpg_error_t agent_copy_startup_env (ctrl_t ctrl);
 const char *get_agent_socket_name (void);
 const char *get_agent_ssh_socket_name (void);
 #ifdef HAVE_W32_SYSTEM
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@ -3578,38 +3578,6 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
 }


-/* Because the ssh protocol does not send us information about the
-   current TTY setting, we use this function to use those from startup
-   or those explictly set.  */
-static gpg_error_t
-setup_ssh_env (ctrl_t ctrl)
-{
-  static const char *names[] =
-    {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
-  gpg_error_t err = 0;
-  int idx;
-  const char *value;
-
-  for (idx=0; !err && names[idx]; idx++)
-      if ((value = session_env_getenv (opt.startup_env, names[idx])))
-      err = session_env_setenv (ctrl->session_env, names[idx], value);
-
-  if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
-    if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
-      err = gpg_error_from_syserror ();
-
-  if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
-    if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
-      err = gpg_error_from_syserror ();
-
-  if (err)
-    log_error ("error setting default session environment: %s\n",
-               gpg_strerror (err));
-
-  return err;
-}
-
-
 /* Start serving client on SOCK_CLIENT.  */
 void
 start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
@ -3618,7 +3586,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
  gpg_error_t err;
  int ret;

-  err = setup_ssh_env (ctrl);
+  err = agent_copy_startup_env (ctrl);
  if (err)
    goto out;

@ -3681,7 +3649,7 @@ serve_mmapped_ssh_request (ctrl_t ctrl,
  u32 msglen;
  estream_t request_stream, response_stream;

-  if (setup_ssh_env (ctrl))
+  if (agent_copy_startup_env (ctrl))
    goto leave; /* Error setting up the environment.  */

  if (maxreqlen < 5)
--- a/agent/command.c
+++ b/agent/command.c
@ -3113,6 +3113,12 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
  int rc;
  assuan_context_t ctx = NULL;

+  if (ctrl->restricted)
+    {
+      if (agent_copy_startup_env (ctrl))
+        return;
+    }
+
  rc = assuan_new (&ctx);
  if (rc)
    {
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -1386,6 +1386,39 @@ agent_deinit_default_ctrl (ctrl_t ctrl)
 }


+/* Because the ssh protocol does not send us information about the
+   current TTY setting, we use this function to use those from startup
+   or those explictly set.  This is also used for the restricted mode
+   where we ignore requests to change the environment.  */
+gpg_error_t
+agent_copy_startup_env (ctrl_t ctrl)
+{
+  static const char *names[] =
+    {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
+  gpg_error_t err = 0;
+  int idx;
+  const char *value;
+
+  for (idx=0; !err && names[idx]; idx++)
+      if ((value = session_env_getenv (opt.startup_env, names[idx])))
+      err = session_env_setenv (ctrl->session_env, names[idx], value);
+
+  if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
+    if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
+      err = gpg_error_from_syserror ();
+
+  if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
+    if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
+      err = gpg_error_from_syserror ();
+
+  if (err)
+    log_error ("error setting default session environment: %s\n",
+               gpg_strerror (err));
+
+  return err;
+}
+
+
 /* Reread parts of the configuration.  Note, that this function is
   obviously not thread-safe and should only be called from the PTH
   signal handler.
--- a/common/session-env.c
+++ b/common/session-env.c
@ -56,7 +56,7 @@ struct session_environment_s
 };


-/* A list of environment vribales we pass from the acual user
+/* A list of environment vribales we pass from the actual user
  (e.g. gpgme) down to the pinentry.  We do not handle the locale
  settings because they do not only depend on envvars.  */
 static struct