security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-05-29 21:58:04 +02:00
Code Activity

gpg,sm: New option --request-origin.

Browse Source 
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-03-23 09:06:20 +01:00
parent 05c55ee260
commit 2cd35df5db
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
8 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/gpg.texi
View File

@ -3131,6 +3131,15 @@ are:
Pinentry the user is not prompted again if he enters a bad password. Pinentry the user is not prompted again if he enters a bad password.
@end table @end table
@item --request-origin @var{origin}
@opindex request-origin
Tell gpg to assume that the operation ultimately originated at
@var{origin}. Depending on the origin certain restrictions are applied
and the Pinentry may include an extra note on the origin. Supported
values for @var{origin} are: @code{local} which is the default,
@code{remote} to indicate a remote origin or @code{browser} for an
operation requested by a web browser.
@item --command-fd @var{n} @item --command-fd @var{n}
@opindex command-fd @opindex command-fd
This is a replacement for the deprecated shared-memory IPC mode. This is a replacement for the deprecated shared-memory IPC mode.

9
doc/gpgsm.texi
View File

@ -765,6 +765,15 @@ are:
Pinentry the user is not prompted again if he enters a bad password. Pinentry the user is not prompted again if he enters a bad password.
@end table @end table
@item --request-origin @var{origin}
@opindex request-origin
Tell gpgsm to assume that the operation ultimately originated at
@var{origin}. Depending on the origin certain restrictions are applied
and the Pinentry may include an extra note on the origin. Supported
values for @var{origin} are: @code{local} which is the default,
@code{remote} to indicate a remote origin or @code{browser} for an
operation requested by a web browser.
@item --no-common-certs-import @item --no-common-certs-import
@opindex no-common-certs-import @opindex no-common-certs-import
Suppress the import of common certificates on keybox creation. Suppress the import of common certificates on keybox creation.

17
g10/call-agent.c
View File

@ -289,6 +289,23 @@ start_agent (ctrl_t ctrl, int flag_for_card)
} }
} }
/* Pass on the request origin. */
if (opt.request_origin)
{
char *tmp = xasprintf ("OPTION pretend-request-origin=%s",
str_request_origin (opt.request_origin));
rc = assuan_transact (agent_ctx, tmp,
NULL, NULL, NULL, NULL, NULL, NULL);
xfree (tmp);
if (rc)
{
log_error ("setting request origin '%s' failed: %s\n",
str_request_origin (opt.request_origin),
gpg_strerror (rc));
write_status_error ("set_request_origin", rc);
}
}
/* In DE_VS mode under Windows we require that the JENT RNG /* In DE_VS mode under Windows we require that the JENT RNG
* is active. */ * is active. */
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM

8
g10/gpg.c
View File

@ -422,6 +422,7 @@ enum cmd_and_opt_values
oDisableSignerUID, oDisableSignerUID,
oSender, oSender,
oKeyOrigin, oKeyOrigin,
oRequestOrigin,
oNoop oNoop
}; };
@ -708,6 +709,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"), ARGPARSE_s_s (oPassphraseFile, "passphrase-file", "@"),
ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"), ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"), ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"),
ARGPARSE_s_s (oRequestOrigin, "request-origin", "@"),
ARGPARSE_s_i (oCommandFD, "command-fd", "@"), ARGPARSE_s_i (oCommandFD, "command-fd", "@"),
ARGPARSE_s_s (oCommandFile, "command-file", "@"), ARGPARSE_s_s (oCommandFile, "command-file", "@"),
ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"), ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
@ -3096,6 +3098,12 @@ main (int argc, char **argv)
log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str); log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
break; break;
case oRequestOrigin:
opt.request_origin = parse_request_origin (pargs.r.ret_str);
if (opt.request_origin == -1)
log_error (_("invalid request origin '%s'\n"), pargs.r.ret_str);
break;
case oCommandFD: case oCommandFD:
opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0); opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
if (! gnupg_fd_valid (opt.command_fd)) if (! gnupg_fd_valid (opt.command_fd))

1
g10/options.h
View File

@ -271,6 +271,7 @@ struct
int passphrase_repeat; int passphrase_repeat;
int pinentry_mode; int pinentry_mode;
int request_origin;
int unwrap_encryption; int unwrap_encryption;
int only_sign_text_ids; int only_sign_text_ids;

14
sm/call-agent.c
View File

@ -179,6 +179,20 @@ start_agent (ctrl_t ctrl)
gpg_strerror (rc)); gpg_strerror (rc));
} }
/* Pass on the request origin. */
if (opt.request_origin)
{
char *tmp = xasprintf ("OPTION pretend-request-origin=%s",
str_request_origin (opt.request_origin));
rc = assuan_transact (agent_ctx, tmp,
NULL, NULL, NULL, NULL, NULL, NULL);
xfree (tmp);
if (rc)
log_error ("setting request origin '%s' failed: %s\n",
str_request_origin (opt.request_origin),
gpg_strerror (rc));
}
/* In DE_VS mode under Windows we require that the JENT RNG /* In DE_VS mode under Windows we require that the JENT RNG
* is active. */ * is active. */
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM

8
sm/gpgsm.c
View File

@ -125,6 +125,7 @@ enum cmd_and_opt_values {
oPassphraseFD, oPassphraseFD,
oPinentryMode, oPinentryMode,
oRequestOrigin,
oAssumeArmor, oAssumeArmor,
oAssumeBase64, oAssumeBase64,
@ -254,6 +255,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"), ARGPARSE_s_i (oPassphraseFD, "passphrase-fd", "@"),
ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"), ARGPARSE_s_s (oPinentryMode, "pinentry-mode", "@"),
ARGPARSE_s_s (oRequestOrigin, "request-origin", "@"),
ARGPARSE_s_n (oAssumeArmor, "assume-armor", ARGPARSE_s_n (oAssumeArmor, "assume-armor",
N_("assume input is in PEM format")), N_("assume input is in PEM format")),
@ -1160,6 +1162,12 @@ main ( int argc, char **argv)
log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str); log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
break; break;
case oRequestOrigin:
opt.request_origin = parse_request_origin (pargs.r.ret_str);
if (opt.request_origin == -1)
log_error (_("invalid request origin '%s'\n"), pargs.r.ret_str);
break;
/* Input encoding selection. */ /* Input encoding selection. */
case oAssumeArmor: case oAssumeArmor:
ctrl.autodetect_encoding = 0; ctrl.autodetect_encoding = 0;

1
sm/gpgsm.h
View File

@ -86,6 +86,7 @@ struct
int with_keygrip; /* Option --with-keygrip active. */ int with_keygrip; /* Option --with-keygrip active. */
int pinentry_mode; int pinentry_mode;
int request_origin;
int armor; /* force base64 armoring (see also ctrl.with_base64) */ int armor; /* force base64 armoring (see also ctrl.with_base64) */
int no_armor; /* don't try to figure out whether data is base64 armored*/ int no_armor; /* don't try to figure out whether data is base64 armored*/