From 14601eacb51f6c8a60d3d57aee1be11debd94c68 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 19 Dec 2014 13:07:09 +0100 Subject: [PATCH] agent: Keep the session environment for restricted connections. * agent/command-ssh.c (setup_ssh_env): Move code to ... * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change calllers. * agent/command.c (start_command_handler): Call that fucntion for restricted connections. -- A remote connection is and should not be able to setup the local session environment. However, unless --keep-display is used we would be left without an environment and thus pinentry can't be used. The fix is the same as used for ssh-agent connection: We use the default environment as used at the startup of the agent. Signed-off-by: Werner Koch --- agent/agent.h | 1 + agent/command-ssh.c | 36 ++---------------------------------- agent/command.c | 6 ++++++ agent/gpg-agent.c | 33 +++++++++++++++++++++++++++++++++ common/session-env.c | 2 +- 5 files changed, 43 insertions(+), 35 deletions(-) diff --git a/agent/agent.h b/agent/agent.h index a1663cd56..c7c65afa7 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -278,6 +278,7 @@ typedef int (*lookup_ttl_t)(const char *hexgrip); /*-- gpg-agent.c --*/ void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */ +gpg_error_t agent_copy_startup_env (ctrl_t ctrl); const char *get_agent_socket_name (void); const char *get_agent_ssh_socket_name (void); #ifdef HAVE_W32_SYSTEM diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 2d0051230..51d2c5404 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -3578,38 +3578,6 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) } -/* Because the ssh protocol does not send us information about the - current TTY setting, we use this function to use those from startup - or those explictly set. */ -static gpg_error_t -setup_ssh_env (ctrl_t ctrl) -{ - static const char *names[] = - {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL}; - gpg_error_t err = 0; - int idx; - const char *value; - - for (idx=0; !err && names[idx]; idx++) - if ((value = session_env_getenv (opt.startup_env, names[idx]))) - err = session_env_setenv (ctrl->session_env, names[idx], value); - - if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype) - if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype))) - err = gpg_error_from_syserror (); - - if (!err && !ctrl->lc_messages && opt.startup_lc_messages) - if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages))) - err = gpg_error_from_syserror (); - - if (err) - log_error ("error setting default session environment: %s\n", - gpg_strerror (err)); - - return err; -} - - /* Start serving client on SOCK_CLIENT. */ void start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) @@ -3618,7 +3586,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) gpg_error_t err; int ret; - err = setup_ssh_env (ctrl); + err = agent_copy_startup_env (ctrl); if (err) goto out; @@ -3681,7 +3649,7 @@ serve_mmapped_ssh_request (ctrl_t ctrl, u32 msglen; estream_t request_stream, response_stream; - if (setup_ssh_env (ctrl)) + if (agent_copy_startup_env (ctrl)) goto leave; /* Error setting up the environment. */ if (maxreqlen < 5) diff --git a/agent/command.c b/agent/command.c index eba766bc4..da7e50857 100644 --- a/agent/command.c +++ b/agent/command.c @@ -3113,6 +3113,12 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) int rc; assuan_context_t ctx = NULL; + if (ctrl->restricted) + { + if (agent_copy_startup_env (ctrl)) + return; + } + rc = assuan_new (&ctx); if (rc) { diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index de40e3b4e..b053fc59f 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1386,6 +1386,39 @@ agent_deinit_default_ctrl (ctrl_t ctrl) } +/* Because the ssh protocol does not send us information about the + current TTY setting, we use this function to use those from startup + or those explictly set. This is also used for the restricted mode + where we ignore requests to change the environment. */ +gpg_error_t +agent_copy_startup_env (ctrl_t ctrl) +{ + static const char *names[] = + {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL}; + gpg_error_t err = 0; + int idx; + const char *value; + + for (idx=0; !err && names[idx]; idx++) + if ((value = session_env_getenv (opt.startup_env, names[idx]))) + err = session_env_setenv (ctrl->session_env, names[idx], value); + + if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype) + if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype))) + err = gpg_error_from_syserror (); + + if (!err && !ctrl->lc_messages && opt.startup_lc_messages) + if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages))) + err = gpg_error_from_syserror (); + + if (err) + log_error ("error setting default session environment: %s\n", + gpg_strerror (err)); + + return err; +} + + /* Reread parts of the configuration. Note, that this function is obviously not thread-safe and should only be called from the PTH signal handler. diff --git a/common/session-env.c b/common/session-env.c index 478d5e3be..8f78c10cb 100644 --- a/common/session-env.c +++ b/common/session-env.c @@ -56,7 +56,7 @@ struct session_environment_s }; -/* A list of environment vribales we pass from the acual user +/* A list of environment vribales we pass from the actual user (e.g. gpgme) down to the pinentry. We do not handle the locale settings because they do not only depend on envvars. */ static struct