security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

common: Add a default socket name feature. 

* common/logging.c (log_set_socket_dir_cb): New.
(socket_dir_cb): New.
(set_file_fd): Allow "socket://".
(fun_writer): Implement default socket name.
* common/init.c (_init_common_subsystems): Register default socket.
--

This change allows the use of

log-file socket://

in any configuration file.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-08-29 11:45:47 +02:00
parent bdbd03608b
commit 2aa0701013
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
9 changed files with 63 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/init.c
View File

@ -222,6 +222,9 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp)
/* --version et al shall use estream as well. */
argparse_register_outfnc (writestring_via_estream);
/* Logging shall use the standard socket directory as fallback. */
log_set_socket_dir_cb (gnupg_socketdir);
}

53
common/logging.c
View File

@ -104,6 +104,7 @@ static int with_pid;
static int no_registry;
#endif
static int (*get_pid_suffix_cb)(unsigned long *r_value);
static const char * (*socket_dir_cb)(void);
static int running_detached;
static int force_prefixes;
@ -218,6 +219,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
struct sockaddr_in srvr_addr_in;
#ifndef HAVE_W32_SYSTEM
struct sockaddr_un srvr_addr_un;
const char *name_for_err = "";
#endif
size_t addrlen;
struct sockaddr *srvr_addr = NULL;
@ -237,23 +239,41 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
pf = PF_INET;
}
#ifndef HAVE_W32_SYSTEM
else if (!strncmp (name, "socket://", 9) && name[9])
else if (!strncmp (name, "socket://", 9))
name += 9;
#endif
if (af == AF_LOCAL)
{
#ifdef HAVE_W32_SYSTEM
addrlen = 0;
#else
#ifndef HAVE_W32_SYSTEM
memset (&srvr_addr, 0, sizeof srvr_addr);
srvr_addr_un.sun_family = af;
strncpy (srvr_addr_un.sun_path,
name, sizeof (srvr_addr_un.sun_path)-1);
srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
srvr_addr = (struct sockaddr *)&srvr_addr_un;
addrlen = SUN_LEN (&srvr_addr_un);
#endif
if (!*name && (name = socket_dir_cb ()) && *name)
{
if (strlen (name) + 7 < sizeof (srvr_addr_un.sun_path)-1)
{
strncpy (srvr_addr_un.sun_path,
name, sizeof (srvr_addr_un.sun_path)-1);
strcat (srvr_addr_un.sun_path, "/S.log");
srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
srvr_addr = (struct sockaddr *)&srvr_addr_un;
addrlen = SUN_LEN (&srvr_addr_un);
name_for_err = srvr_addr_un.sun_path;
}
}
else
{
if (*name && strlen (name) < sizeof (srvr_addr_un.sun_path)-1)
{
strncpy (srvr_addr_un.sun_path,
name, sizeof (srvr_addr_un.sun_path)-1);
srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
srvr_addr = (struct sockaddr *)&srvr_addr_un;
addrlen = SUN_LEN (&srvr_addr_un);
}
}
#endif /*!HAVE_W32SYSTEM*/
}
else
{
@ -352,8 +372,8 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
{
if (!cookie->quiet && !running_detached
&& isatty (es_fileno (es_stderr)))
es_fprintf (es_stderr, "can't connect to '%s': %s\n",
cookie->name, strerror(errno));
es_fprintf (es_stderr, "can't connect to '%s%s': %s\n",
cookie->name, name_for_err, strerror(errno));
sock_close (cookie->fd);
cookie->fd = -1;
}
@ -462,7 +482,7 @@ set_file_fd (const char *name, int fd)
if (name && !strncmp (name, "tcp://", 6) && name[6])
want_socket = 1;
#ifndef HAVE_W32_SYSTEM
else if (name && !strncmp (name, "socket://", 9) && name[9])
else if (name && !strncmp (name, "socket://", 9))
want_socket = 2;
#endif /*HAVE_W32_SYSTEM*/
#ifdef HAVE_W32CE_SYSTEM
@ -554,6 +574,15 @@ log_set_fd (int fd)
}
/* Set a function to retrieve the directory name of a socket if
* only "socket://" has been given to log_set_file. */
void
log_set_socket_dir_cb (const char *(*fnc)(void))
{
socket_dir_cb = fnc;
}
void
log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value))
{

1
common/logging.h
View File

@ -42,6 +42,7 @@ int log_get_errorcount (int clear);
void log_inc_errorcount (void);
void log_set_file( const char *name );
void log_set_fd (int fd);
void log_set_socket_dir_cb (const char *(*fnc)(void));
void log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value));
void log_set_prefix (const char *text, unsigned int flags);
const char *log_get_prefix (unsigned int *flags);

3
doc/dirmngr.texi
View File

@ -163,7 +163,8 @@ verbose commands to @sc{dirmngr}, such as @option{-vv}.
@item --log-file @var{file}
@opindex log-file
Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does.
seeing what the agent actually does. Use @file{socket://} to log to
socket.
@item --debug-level @var{level}
@opindex debug-level

11
doc/gpg-agent.texi
View File

@ -312,11 +312,12 @@ should in general not be used to avoid X-sniffing attacks.
@item --log-file @var{file}
@opindex log-file
@efindex HKCU\Software\GNU\GnuPG:DefaultLogFile
Append all logging output to @var{file}. This is very helpful in seeing
what the agent actually does. If neither a log file nor a log file
descriptor has been set on a Windows platform, the Registry entry
@code{HKCU\Software\GNU\GnuPG:DefaultLogFile}, if set, is used to specify
the logging output.
Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does. Use @file{socket://} to log to
socket. If neither a log file nor a log file descriptor has been set
on a Windows platform, the Registry entry
@code{HKCU\Software\GNU\GnuPG:DefaultLogFile}, if set, is used to
specify the logging output.
@anchor{option --no-allow-mark-trusted}

5
doc/gpg.texi
View File

@ -2697,9 +2697,8 @@ Write log output to file descriptor @code{n} and not to STDERR.
@item --log-file @code{file}
@itemx --logger-file @code{file}
@opindex log-file
Same as @option{--logger-fd}, except the logger data is written to file
@code{file}. Note that @option{--log-file} is only implemented for
GnuPG-2.
Same as @option{--logger-fd}, except the logger data is written to
file @code{file}. Use @file{socket://} to log to socket.
@item --attribute-fd @code{n}
@opindex attribute-fd

1
doc/gpgsm.texi
View File

@ -384,6 +384,7 @@ Do not print a warning when the so called "secure memory" cannot be used.
@item --log-file @var{file}
@opindex log-file
When running in server mode, append all logging output to @var{file}.
Use @file{socket://} to log to socket.
@end table

3
doc/scdaemon.texi
View File

@ -239,7 +239,8 @@ debugging.
@item --log-file @var{file}
@opindex log-file
Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does.
seeing what the agent actually does. Use @file{socket://} to log to
socket.
@item --pcsc-driver @var{library}

8
doc/tools.texi
View File

@ -103,12 +103,14 @@ This waits for connections on the local socket
@file{/home/foo/.gnupg/S.log} and shows all log entries. To make this
work the option @option{log-file} needs to be used with all modules
which logs are to be shown. The value for that option must be given
with a special prefix (e.g. in the conf file):
with a special prefix (e.g. in the conf files):
@example
log-file socket:///home/foo/.gnupg/S.log
@end example
If only @code{socket://} is used a default socket file named
@file{S.log} in the standard socket directory is used.
For debugging purposes it is also possible to do remote logging. Take
care if you use this feature because the information is send in the
clear over the network. Use this syntax in the conf files:
@ -1737,8 +1739,8 @@ Try to be as quiet as possible.
@item --log-file @var{file}
@opindex log-file
Append all logging output to @var{file}. Default is to write logging
information to STDERR.
Append all logging output to @var{file}. Use @file{socket://} to log
to socket. Default is to write logging information to STDERR.
@end table