From 1a045b1324efabe7423a8d00245f01718ed72556 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Thu, 26 Nov 2015 15:01:40 +0100 Subject: [PATCH] common: Make the GPG arguments configurable in call-gpg. * common/call-gpg.c (start_gpg): Add parameter 'gpg_arguments'. (_gpg_encrypt, gpg_encrypt_blob, gpg_encrypt_stream): Likewise. (_gpg_decrypt, gpg_decrypt_blob, gpg_decrypt_stream): Likewise. * common/call-gpg.h: Adapt prototypes. * g13/create.c (encrypt_keyblob): Adapt callsite. * g13/g13-common.h (opt): Add field 'gpg_arguments'. * g13/g13.c (main): Construct default arguments. * g13/mount.c (decrypt_keyblob): Adapt callsite. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. Signed-off-by: Justus Winter --- common/call-gpg.c | 55 ++++++++++++++++++++++++++++-------------- common/call-gpg.h | 16 +++++++++--- g13/create.c | 4 ++- g13/g13-common.h | 4 +++ g13/g13.c | 10 ++++++++ g13/mount.c | 3 ++- tools/gpgtar-create.c | 1 + tools/gpgtar-extract.c | 3 ++- tools/gpgtar-list.c | 3 ++- 9 files changed, 73 insertions(+), 26 deletions(-) diff --git a/common/call-gpg.c b/common/call-gpg.c index 8258b8378..4a32c889f 100644 --- a/common/call-gpg.c +++ b/common/call-gpg.c @@ -33,19 +33,20 @@ #include "i18n.h" #include "logging.h" #include "membuf.h" +#include "strlist.h" #include "util.h" /* Fire up a new GPG. Handle the server's initial greeting. Returns 0 on success and stores the assuan context at R_CTX. */ static gpg_error_t -start_gpg (ctrl_t ctrl, const char *gpg_program, +start_gpg (ctrl_t ctrl, const char *gpg_program, strlist_t gpg_arguments, int input_fd, int output_fd, assuan_context_t *r_ctx) { gpg_error_t err; assuan_context_t ctx = NULL; const char *pgmname; - const char *argv[10]; + const char **argv; int no_close_list[5]; int i; char line[ASSUAN_LINELENGTH]; @@ -78,13 +79,17 @@ start_gpg (ctrl_t ctrl, const char *gpg_program, return err; } + argv = xtrycalloc (strlist_length (gpg_arguments) + 3, sizeof *argv); + if (argv == NULL) + { + err = gpg_error_from_syserror (); + return err; + } i = 0; argv[i++] = pgmname; argv[i++] = "--server"; - argv[i++] = "-z"; - argv[i++] = "0"; - argv[i++] = "--trust-model"; - argv[i++] = "always"; + for (; gpg_arguments; gpg_arguments = gpg_arguments->next) + argv[i++] = gpg_arguments->d; argv[i++] = NULL; i = 0; @@ -386,7 +391,9 @@ start_reader (int fd, membuf_t *mb, estream_t stream, */ static gpg_error_t -_gpg_encrypt (ctrl_t ctrl, const char *gpg_program, +_gpg_encrypt (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *plain, size_t plainlen, estream_t plain_stream, strlist_t keys, @@ -420,7 +427,8 @@ _gpg_encrypt (ctrl_t ctrl, const char *gpg_program, } /* Start GPG and send the INPUT and OUTPUT commands. */ - err = start_gpg (ctrl, gpg_program, outbound_fds[0], inbound_fds[1], &ctx); + err = start_gpg (ctrl, gpg_program, gpg_arguments, + outbound_fds[0], inbound_fds[1], &ctx); if (err) goto leave; close (outbound_fds[0]); outbound_fds[0] = -1; @@ -514,7 +522,9 @@ _gpg_encrypt (ctrl_t ctrl, const char *gpg_program, } gpg_error_t -gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, +gpg_encrypt_blob (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *plain, size_t plainlen, strlist_t keys, void **r_ciph, size_t *r_ciphlen) @@ -528,7 +538,7 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, /* Init the memory buffer to receive the encrypted stuff. */ init_membuf (&reader_mb, 4096); - err = _gpg_encrypt (ctrl, gpg_program, + err = _gpg_encrypt (ctrl, gpg_program, gpg_arguments, plain, plainlen, NULL, keys, &reader_mb, NULL); @@ -550,12 +560,14 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, } gpg_error_t -gpg_encrypt_stream (ctrl_t ctrl, const char *gpg_program, +gpg_encrypt_stream (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, estream_t plain_stream, strlist_t keys, estream_t cipher_stream) { - return _gpg_encrypt (ctrl, gpg_program, + return _gpg_encrypt (ctrl, gpg_program, gpg_arguments, NULL, 0, plain_stream, keys, NULL, cipher_stream); @@ -566,7 +578,9 @@ gpg_encrypt_stream (ctrl_t ctrl, const char *gpg_program, */ static gpg_error_t -_gpg_decrypt (ctrl_t ctrl, const char *gpg_program, +_gpg_decrypt (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *ciph, size_t ciphlen, estream_t cipher_stream, membuf_t *reader_mb, @@ -597,7 +611,8 @@ _gpg_decrypt (ctrl_t ctrl, const char *gpg_program, } /* Start GPG and send the INPUT and OUTPUT commands. */ - err = start_gpg (ctrl, gpg_program, outbound_fds[0], inbound_fds[1], &ctx); + err = start_gpg (ctrl, gpg_program, gpg_arguments, + outbound_fds[0], inbound_fds[1], &ctx); if (err) goto leave; close (outbound_fds[0]); outbound_fds[0] = -1; @@ -677,7 +692,9 @@ _gpg_decrypt (ctrl_t ctrl, const char *gpg_program, } gpg_error_t -gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, +gpg_decrypt_blob (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *ciph, size_t ciphlen, void **r_plain, size_t *r_plainlen) { @@ -690,7 +707,7 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, /* Init the memory buffer to receive the encrypted stuff. */ init_membuf_secure (&reader_mb, 1024); - err = _gpg_decrypt (ctrl, gpg_program, + err = _gpg_decrypt (ctrl, gpg_program, gpg_arguments, ciph, ciphlen, NULL, &reader_mb, NULL); @@ -711,11 +728,13 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, } gpg_error_t -gpg_decrypt_stream (ctrl_t ctrl, const char *gpg_program, +gpg_decrypt_stream (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, estream_t cipher_stream, estream_t plain_stream) { - return _gpg_decrypt (ctrl, gpg_program, + return _gpg_decrypt (ctrl, gpg_program, gpg_arguments, NULL, 0, cipher_stream, NULL, plain_stream); } diff --git a/common/call-gpg.h b/common/call-gpg.h index 2c5854d61..74d381985 100644 --- a/common/call-gpg.h +++ b/common/call-gpg.h @@ -26,21 +26,29 @@ typedef struct server_control_s *ctrl_t; -gpg_error_t gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, +gpg_error_t gpg_encrypt_blob (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *plain, size_t plainlen, strlist_t keys, void **r_ciph, size_t *r_ciphlen); -gpg_error_t gpg_encrypt_stream (ctrl_t ctrl, const char *gpg_program, +gpg_error_t gpg_encrypt_stream (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, estream_t plain_stream, strlist_t keys, estream_t cipher_stream); -gpg_error_t gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, +gpg_error_t gpg_decrypt_blob (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *ciph, size_t ciphlen, void **r_plain, size_t *r_plainlen); -gpg_error_t gpg_decrypt_stream (ctrl_t ctrl, const char *gpg_program, +gpg_error_t gpg_decrypt_stream (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, estream_t cipher_stream, estream_t plain_stream); diff --git a/g13/create.c b/g13/create.c index c4e94b830..91b290cd1 100644 --- a/g13/create.c +++ b/g13/create.c @@ -111,7 +111,9 @@ encrypt_keyblob (ctrl_t ctrl, void *keyblob, size_t keybloblen, gpg_error_t err; /* FIXME: For now we only implement OpenPGP. */ - err = gpg_encrypt_blob (ctrl, opt.gpg_program, keyblob, keybloblen, keys, + err = gpg_encrypt_blob (ctrl, opt.gpg_program, opt.gpg_arguments, + keyblob, keybloblen, + keys, r_encblob, r_encbloblen); return err; diff --git a/g13/g13-common.h b/g13/g13-common.h index f27dca4aa..316b94a73 100644 --- a/g13/g13-common.h +++ b/g13/g13-common.h @@ -30,6 +30,7 @@ #include "../common/util.h" #include "../common/status.h" #include "../common/session-env.h" +#include "../common/strlist.h" /* Debug values and macros. */ @@ -65,6 +66,9 @@ struct filename. */ const char *gpg_program; + /* GPG arguments. XXX: Currently it is not possible to set them. */ + strlist_t gpg_arguments; + /* Environment variables passed along to the engine. */ char *display; char *ttyname; diff --git a/g13/g13.c b/g13/g13.c index e6c76130a..7fe207ac1 100644 --- a/g13/g13.c +++ b/g13/g13.c @@ -577,6 +577,16 @@ main ( int argc, char **argv) } } + /* XXX Construct GPG arguments. */ + { + strlist_t last; + last = strlist_append (&opt.gpg_arguments, "-z"); + last = strlist_append (&last, "0"); + last = strlist_append (&last, "--trust-model"); + last = strlist_append (&last, "always"); + (void) last; + } + if (configfp) { fclose (configfp); diff --git a/g13/mount.c b/g13/mount.c index 1f7fbcc4c..e9b9c1be7 100644 --- a/g13/mount.c +++ b/g13/mount.c @@ -202,7 +202,8 @@ decrypt_keyblob (ctrl_t ctrl, const void *enckeyblob, size_t enckeybloblen, gpg_error_t err; /* FIXME: For now we only implement OpenPGP. */ - err = gpg_decrypt_blob (ctrl, opt.gpg_program, enckeyblob, enckeybloblen, + err = gpg_decrypt_blob (ctrl, opt.gpg_program, opt.gpg_arguments, + enckeyblob, enckeybloblen, r_keyblob, r_keybloblen); return err; diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index 92c1fb8f6..774fcd37f 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -894,6 +894,7 @@ gpgtar_create (char **inpattern, int encrypt) err = gpg_encrypt_stream (NULL, opt.gpg_program, + NULL, outstream, opt.recipients, cipher_stream); diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index fa2f3626a..7e7a351ba 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -303,7 +303,8 @@ gpgtar_extract (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, opt.gpg_program, cipher_stream, stream); + err = gpg_decrypt_stream (NULL, opt.gpg_program, NULL, + cipher_stream, stream); if (err) goto leave; diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index cdc7fc46e..1eab7e574 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -306,7 +306,8 @@ gpgtar_list (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, opt.gpg_program, cipher_stream, stream); + err = gpg_decrypt_stream (NULL, opt.gpg_program, NULL, + cipher_stream, stream); if (err) goto leave;