diff --git a/doc/gpg.texi b/doc/gpg.texi index ad044ffc0..d840b8573 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3131,6 +3131,15 @@ are: Pinentry the user is not prompted again if he enters a bad password. @end table +@item --request-origin @var{origin} +@opindex request-origin +Tell gpg to assume that the operation ultimately originated at +@var{origin}. Depending on the origin certain restrictions are applied +and the Pinentry may include an extra note on the origin. Supported +values for @var{origin} are: @code{local} which is the default, +@code{remote} to indicate a remote origin or @code{browser} for an +operation requested by a web browser. + @item --command-fd @var{n} @opindex command-fd This is a replacement for the deprecated shared-memory IPC mode. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 7c6c3153f..ebe58bc61 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -765,6 +765,15 @@ are: Pinentry the user is not prompted again if he enters a bad password. @end table +@item --request-origin @var{origin} +@opindex request-origin +Tell gpgsm to assume that the operation ultimately originated at +@var{origin}. Depending on the origin certain restrictions are applied +and the Pinentry may include an extra note on the origin. Supported +values for @var{origin} are: @code{local} which is the default, +@code{remote} to indicate a remote origin or @code{browser} for an +operation requested by a web browser. + @item --no-common-certs-import @opindex no-common-certs-import Suppress the import of common certificates on keybox creation. diff --git a/g10/call-agent.c b/g10/call-agent.c index fdacf6a90..6ee82a5a4 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -289,6 +289,23 @@ start_agent (ctrl_t ctrl, int flag_for_card) } } + /* Pass on the request origin. */ + if (opt.request_origin) + { + char *tmp = xasprintf ("OPTION pretend-request-origin=%s", + str_request_origin (opt.request_origin)); + rc = assuan_transact (agent_ctx, tmp, + NULL, NULL, NULL, NULL, NULL, NULL); + xfree (tmp); + if (rc) + { + log_error ("setting request origin '%s' failed: %s\n", + str_request_origin (opt.request_origin), + gpg_strerror (rc)); + write_status_error ("set_request_origin", rc); + } + } + /* In DE_VS mode under Windows we require that the JENT RNG * is active. */ #ifdef HAVE_W32_SYSTEM diff --git a/g10/gpg.c b/g10/gpg.c index 62d6131ba..bfff7a567 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -422,6 +422,7 @@ enum cmd_and_opt_values oDisableSignerUID, oSender, oKeyOrigin, + oRequestOrigin, oNoop }; @@ -708,6 +709,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"), ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"), ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"), + ARGPARSE_s_s (oRequestOrigin, "request-origin", "@"), ARGPARSE_s_i (oCommandFD, "command-fd", "@"), ARGPARSE_s_s (oCommandFile, "command-file", "@"), ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"), @@ -3096,6 +3098,12 @@ main (int argc, char **argv) log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str); break; + case oRequestOrigin: + opt.request_origin = parse_request_origin (pargs.r.ret_str); + if (opt.request_origin == -1) + log_error (_("invalid request origin '%s'\n"), pargs.r.ret_str); + break; + case oCommandFD: opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0); if (! gnupg_fd_valid (opt.command_fd)) diff --git a/g10/options.h b/g10/options.h index 130bec84c..e1bf97fb1 100644 --- a/g10/options.h +++ b/g10/options.h @@ -271,6 +271,7 @@ struct int passphrase_repeat; int pinentry_mode; + int request_origin; int unwrap_encryption; int only_sign_text_ids; diff --git a/sm/call-agent.c b/sm/call-agent.c index 772c9c312..20d879fa4 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -179,6 +179,20 @@ start_agent (ctrl_t ctrl) gpg_strerror (rc)); } + /* Pass on the request origin. */ + if (opt.request_origin) + { + char *tmp = xasprintf ("OPTION pretend-request-origin=%s", + str_request_origin (opt.request_origin)); + rc = assuan_transact (agent_ctx, tmp, + NULL, NULL, NULL, NULL, NULL, NULL); + xfree (tmp); + if (rc) + log_error ("setting request origin '%s' failed: %s\n", + str_request_origin (opt.request_origin), + gpg_strerror (rc)); + } + /* In DE_VS mode under Windows we require that the JENT RNG * is active. */ #ifdef HAVE_W32_SYSTEM diff --git a/sm/gpgsm.c b/sm/gpgsm.c index ab08a52f0..b81e3b6e8 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -125,6 +125,7 @@ enum cmd_and_opt_values { oPassphraseFD, oPinentryMode, + oRequestOrigin, oAssumeArmor, oAssumeBase64, @@ -254,6 +255,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"), ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"), + ARGPARSE_s_s (oRequestOrigin, "request-origin", "@"), ARGPARSE_s_n (oAssumeArmor, "assume-armor", N_("assume input is in PEM format")), @@ -1160,6 +1162,12 @@ main ( int argc, char **argv) log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str); break; + case oRequestOrigin: + opt.request_origin = parse_request_origin (pargs.r.ret_str); + if (opt.request_origin == -1) + log_error (_("invalid request origin '%s'\n"), pargs.r.ret_str); + break; + /* Input encoding selection. */ case oAssumeArmor: ctrl.autodetect_encoding = 0; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index cd4fc995f..325948aff 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -86,6 +86,7 @@ struct int with_keygrip; /* Option --with-keygrip active. */ int pinentry_mode; + int request_origin; int armor; /* force base64 armoring (see also ctrl.with_base64) */ int no_armor; /* don't try to figure out whether data is base64 armored*/