security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

agent: Add envvar "gnupg_SSH_AUTH_SOCK_by"

Browse Source 
* agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to
an invoked process.
--

This environment variable is useful for debugging if
--use-standard-socket is used (which is the default since 2.1).
Commonly you should have this in your init script (e.g. ~/.bashrc):

    unset GPG_AGENT_INFO
    unset SSH_AGENT_PID
    SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
    export SSH_AUTH_SOCK

The problem is that gpg-agent won't be able to override the
SSH_AUTH_SOCK envvar if gpg-agent has been invoked as

  gpg-agent --enable-ssh-support --daemon /bin/bash

To fix this you should instead use this code in the init script:

  unset GPG_AGENT_INFO
  unset SSH_AGENT_PID
  if [ ${gnupg_SSH_AUTH_SOCK_by:-0} -ne $$ ]; then
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"
  fi

This will work in all cases and thus allows to start gpg-agent for
testing purposes with a different homedir and use this gpg-agent as an
ssh-agent.  Example:

  GNUPGHOME=$(pwd) gpg-agent --enable-ssh-support --daemon /bin/bash

gnupg_SSH_AUTH_SOCK_by is set to the PID of the exec-ed process and
thus will work safely if called recursively.
This commit is contained in:
Werner Koch 2012-12-10 14:45:26 +01:00
parent ceab60b59d
commit 36ba784599
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
agent/gpg-agent.c
View File

@ -1067,7 +1067,7 @@ main (int argc, char **argv )
} }
else if (pid) else if (pid)
{ /* We are the parent */ { /* We are the parent */
char *infostr, *infostr_ssh_sock; char *infostr, *infostr_ssh_sock, *infostr_ssh_valid;
/* Close the socket FD. */ /* Close the socket FD. */
close (fd); close (fd);
@ -1104,6 +1104,13 @@ main (int argc, char **argv )
kill (pid, SIGTERM); kill (pid, SIGTERM);
exit (1); exit (1);
} }
if (asprintf (&infostr_ssh_valid, "gnupg_SSH_AUTH_SOCK_by=%lu",
(unsigned long)getpid()) < 0)
{
log_error ("out of core\n");
kill (pid, SIGTERM);
exit (1);
}
} }
*socket_name = 0; /* Don't let cleanup() remove the socket - *socket_name = 0; /* Don't let cleanup() remove the socket -
@ -1142,7 +1149,8 @@ main (int argc, char **argv )
kill (pid, SIGTERM ); kill (pid, SIGTERM );
exit (1); exit (1);
} }
if (opt.ssh_support && putenv (infostr_ssh_sock)) if (opt.ssh_support && (putenv (infostr_ssh_sock)
|| putenv (infostr_ssh_valid)))
{ {
log_error ("failed to set environment: %s\n", log_error ("failed to set environment: %s\n",
strerror (errno) ); strerror (errno) );
@ -1189,6 +1197,7 @@ main (int argc, char **argv )
if (opt.ssh_support) if (opt.ssh_support)
{ {
xfree (infostr_ssh_sock); xfree (infostr_ssh_sock);
xfree (infostr_ssh_valid);
} }
exit (0); exit (0);
} }