security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

common: Add a default socket name feature.

Browse Source 
* common/logging.c (log_set_socket_dir_cb): New.
(socket_dir_cb): New.
(set_file_fd): Allow "socket://".
(fun_writer): Implement default socket name.
* common/init.c (_init_common_subsystems): Register default socket.
--

This change allows the use of

log-file socket://

in any configuration file.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-08-29 11:45:47 +02:00
parent bdbd03608b
commit 2aa0701013
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
9 changed files with 63 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/init.c
View File

@ -222,6 +222,9 @@ _init_common_subsystems (gpg_err_source_t errsource, int *argcp, char ***argvp)
/* --version et al shall use estream as well. */ /* --version et al shall use estream as well. */
argparse_register_outfnc (writestring_via_estream); argparse_register_outfnc (writestring_via_estream);
/* Logging shall use the standard socket directory as fallback. */
log_set_socket_dir_cb (gnupg_socketdir);
} }

53
common/logging.c
View File

@ -104,6 +104,7 @@ static int with_pid;
static int no_registry; static int no_registry;
#endif #endif
static int (*get_pid_suffix_cb)(unsigned long *r_value); static int (*get_pid_suffix_cb)(unsigned long *r_value);
static const char * (*socket_dir_cb)(void);
static int running_detached; static int running_detached;
static int force_prefixes; static int force_prefixes;
@ -218,6 +219,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
struct sockaddr_in srvr_addr_in; struct sockaddr_in srvr_addr_in;
#ifndef HAVE_W32_SYSTEM #ifndef HAVE_W32_SYSTEM
struct sockaddr_un srvr_addr_un; struct sockaddr_un srvr_addr_un;
const char *name_for_err = "";
#endif #endif
size_t addrlen; size_t addrlen;
struct sockaddr *srvr_addr = NULL; struct sockaddr *srvr_addr = NULL;
@ -237,23 +239,41 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
pf = PF_INET; pf = PF_INET;
} }
#ifndef HAVE_W32_SYSTEM #ifndef HAVE_W32_SYSTEM
else if (!strncmp (name, "socket://", 9) && name[9]) else if (!strncmp (name, "socket://", 9))
name += 9; name += 9;
#endif #endif
if (af == AF_LOCAL) if (af == AF_LOCAL)
{ {
#ifdef HAVE_W32_SYSTEM
addrlen = 0; addrlen = 0;
#else #ifndef HAVE_W32_SYSTEM
memset (&srvr_addr, 0, sizeof srvr_addr); memset (&srvr_addr, 0, sizeof srvr_addr);
srvr_addr_un.sun_family = af; srvr_addr_un.sun_family = af;
strncpy (srvr_addr_un.sun_path, if (!*name && (name = socket_dir_cb ()) && *name)
name, sizeof (srvr_addr_un.sun_path)-1); {
srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0; if (strlen (name) + 7 < sizeof (srvr_addr_un.sun_path)-1)
srvr_addr = (struct sockaddr *)&srvr_addr_un; {
addrlen = SUN_LEN (&srvr_addr_un); strncpy (srvr_addr_un.sun_path,
#endif name, sizeof (srvr_addr_un.sun_path)-1);
strcat (srvr_addr_un.sun_path, "/S.log");
srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
srvr_addr = (struct sockaddr *)&srvr_addr_un;
addrlen = SUN_LEN (&srvr_addr_un);
name_for_err = srvr_addr_un.sun_path;
}
}
else
{
if (*name && strlen (name) < sizeof (srvr_addr_un.sun_path)-1)
{
strncpy (srvr_addr_un.sun_path,
name, sizeof (srvr_addr_un.sun_path)-1);
srvr_addr_un.sun_path[sizeof (srvr_addr_un.sun_path)-1] = 0;
srvr_addr = (struct sockaddr *)&srvr_addr_un;
addrlen = SUN_LEN (&srvr_addr_un);
}
}
#endif /*!HAVE_W32SYSTEM*/
} }
else else
{ {
@ -352,8 +372,8 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size)
{ {
if (!cookie->quiet && !running_detached if (!cookie->quiet && !running_detached
&& isatty (es_fileno (es_stderr))) && isatty (es_fileno (es_stderr)))
es_fprintf (es_stderr, "can't connect to '%s': %s\n", es_fprintf (es_stderr, "can't connect to '%s%s': %s\n",
cookie->name, strerror(errno)); cookie->name, name_for_err, strerror(errno));
sock_close (cookie->fd); sock_close (cookie->fd);
cookie->fd = -1; cookie->fd = -1;
} }
@ -462,7 +482,7 @@ set_file_fd (const char *name, int fd)
if (name && !strncmp (name, "tcp://", 6) && name[6]) if (name && !strncmp (name, "tcp://", 6) && name[6])
want_socket = 1; want_socket = 1;
#ifndef HAVE_W32_SYSTEM #ifndef HAVE_W32_SYSTEM
else if (name && !strncmp (name, "socket://", 9) && name[9]) else if (name && !strncmp (name, "socket://", 9))
want_socket = 2; want_socket = 2;
#endif /*HAVE_W32_SYSTEM*/ #endif /*HAVE_W32_SYSTEM*/
#ifdef HAVE_W32CE_SYSTEM #ifdef HAVE_W32CE_SYSTEM
@ -554,6 +574,15 @@ log_set_fd (int fd)
} }
/* Set a function to retrieve the directory name of a socket if
* only "socket://" has been given to log_set_file. */
void
log_set_socket_dir_cb (const char *(*fnc)(void))
{
socket_dir_cb = fnc;
}
void void
log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value)) log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value))
{ {

1
common/logging.h
View File

@ -42,6 +42,7 @@ int log_get_errorcount (int clear);
void log_inc_errorcount (void); void log_inc_errorcount (void);
void log_set_file( const char *name ); void log_set_file( const char *name );
void log_set_fd (int fd); void log_set_fd (int fd);
void log_set_socket_dir_cb (const char *(*fnc)(void));
void log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value)); void log_set_pid_suffix_cb (int (*cb)(unsigned long *r_value));
void log_set_prefix (const char *text, unsigned int flags); void log_set_prefix (const char *text, unsigned int flags);
const char *log_get_prefix (unsigned int *flags); const char *log_get_prefix (unsigned int *flags);

3
doc/dirmngr.texi
View File

@ -163,7 +163,8 @@ verbose commands to @sc{dirmngr}, such as @option{-vv}.
@item --log-file @var{file} @item --log-file @var{file}
@opindex log-file @opindex log-file
Append all logging output to @var{file}. This is very helpful in Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does. seeing what the agent actually does. Use @file{socket://} to log to
socket.
@item --debug-level @var{level} @item --debug-level @var{level}
@opindex debug-level @opindex debug-level

11
doc/gpg-agent.texi
View File

@ -312,11 +312,12 @@ should in general not be used to avoid X-sniffing attacks.
@item --log-file @var{file} @item --log-file @var{file}
@opindex log-file @opindex log-file
@efindex HKCU\Software\GNU\GnuPG:DefaultLogFile @efindex HKCU\Software\GNU\GnuPG:DefaultLogFile
Append all logging output to @var{file}. This is very helpful in seeing Append all logging output to @var{file}. This is very helpful in
what the agent actually does. If neither a log file nor a log file seeing what the agent actually does. Use @file{socket://} to log to
descriptor has been set on a Windows platform, the Registry entry socket. If neither a log file nor a log file descriptor has been set
@code{HKCU\Software\GNU\GnuPG:DefaultLogFile}, if set, is used to specify on a Windows platform, the Registry entry
the logging output. @code{HKCU\Software\GNU\GnuPG:DefaultLogFile}, if set, is used to
specify the logging output.
@anchor{option --no-allow-mark-trusted} @anchor{option --no-allow-mark-trusted}

5
doc/gpg.texi
View File

@ -2697,9 +2697,8 @@ Write log output to file descriptor @code{n} and not to STDERR.
@item --log-file @code{file} @item --log-file @code{file}
@itemx --logger-file @code{file} @itemx --logger-file @code{file}
@opindex log-file @opindex log-file
Same as @option{--logger-fd}, except the logger data is written to file Same as @option{--logger-fd}, except the logger data is written to
@code{file}. Note that @option{--log-file} is only implemented for file @code{file}. Use @file{socket://} to log to socket.
GnuPG-2.
@item --attribute-fd @code{n} @item --attribute-fd @code{n}
@opindex attribute-fd @opindex attribute-fd

1
doc/gpgsm.texi
View File

@ -384,6 +384,7 @@ Do not print a warning when the so called "secure memory" cannot be used.
@item --log-file @var{file} @item --log-file @var{file}
@opindex log-file @opindex log-file
When running in server mode, append all logging output to @var{file}. When running in server mode, append all logging output to @var{file}.
Use @file{socket://} to log to socket.
@end table @end table

3
doc/scdaemon.texi
View File

@ -239,7 +239,8 @@ debugging.
@item --log-file @var{file} @item --log-file @var{file}
@opindex log-file @opindex log-file
Append all logging output to @var{file}. This is very helpful in Append all logging output to @var{file}. This is very helpful in
seeing what the agent actually does. seeing what the agent actually does. Use @file{socket://} to log to
socket.
@item --pcsc-driver @var{library} @item --pcsc-driver @var{library}

8
doc/tools.texi
View File

@ -103,12 +103,14 @@ This waits for connections on the local socket
@file{/home/foo/.gnupg/S.log} and shows all log entries. To make this @file{/home/foo/.gnupg/S.log} and shows all log entries. To make this
work the option @option{log-file} needs to be used with all modules work the option @option{log-file} needs to be used with all modules
which logs are to be shown. The value for that option must be given which logs are to be shown. The value for that option must be given
with a special prefix (e.g. in the conf file): with a special prefix (e.g. in the conf files):
@example @example
log-file socket:///home/foo/.gnupg/S.log log-file socket:///home/foo/.gnupg/S.log
@end example @end example
If only @code{socket://} is used a default socket file named
@file{S.log} in the standard socket directory is used.
For debugging purposes it is also possible to do remote logging. Take For debugging purposes it is also possible to do remote logging. Take
care if you use this feature because the information is send in the care if you use this feature because the information is send in the
clear over the network. Use this syntax in the conf files: clear over the network. Use this syntax in the conf files:
@ -1737,8 +1739,8 @@ Try to be as quiet as possible.
@item --log-file @var{file} @item --log-file @var{file}
@opindex log-file @opindex log-file
Append all logging output to @var{file}. Default is to write logging Append all logging output to @var{file}. Use @file{socket://} to log
information to STDERR. to socket. Default is to write logging information to STDERR.
@end table @end table