diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 603f70739..841e4e323 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -83,6 +83,7 @@ enum cmd_and_opt_values oNoOptions, oHomedir, oNoDetach, + oGrab, oNoGrab, oLogFile, oServer, @@ -169,7 +170,10 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"), ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")), - ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")), + ARGPARSE_s_n (oGrab, "grab", "@"), + /* FIXME: Add the below string for 2.3 */ + /* N_("let PIN-Entry grab keyboard and mouse")), */ + ARGPARSE_s_n (oNoGrab, "no-grab", "@"), ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")), ARGPARSE_s_s (oPinentryProgram, "pinentry-program", /* */ N_("|PGM|use PGM as the PIN-Entry program")), @@ -787,7 +791,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.quiet = 0; opt.verbose = 0; opt.debug = 0; - opt.no_grab = 0; + opt.no_grab = 1; opt.debug_pinentry = 0; opt.pinentry_program = NULL; opt.pinentry_touch_file = NULL; @@ -842,7 +846,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) } break; - case oNoGrab: opt.no_grab = 1; break; + case oNoGrab: opt.no_grab |= 1; break; + case oGrab: opt.no_grab |= 2; break; case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break; case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break; @@ -917,6 +922,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) static void finalize_rereadable_options (void) { + /* Hack to allow --grab to override --no-grab. */ + if ((opt.no_grab & 2)) + opt.no_grab = 0; } @@ -1406,6 +1414,8 @@ main (int argc, char **argv ) GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); es_printf ("enable-extended-key-format:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); + es_printf ("grab:%lu:\n", + GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); agent_exit (0); } diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index d61dc85ae..d7a562af1 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -325,10 +325,14 @@ the environment variable @code{SHELL} which is correct in almost all cases. -@item --no-grab +@item --grab +@itemx --no-grab +@opindex grab @opindex no-grab -Tell the pinentry not to grab the keyboard and mouse. This option -should in general not be used to avoid X-sniffing attacks. +Tell the pinentry to grab the keyboard and mouse. This option should +be used on X-Servers to avoid X-sniffing attacks. Any use of the +option @option{--grab} overrides an used option @option{--no-grab}. +The default is @option{--no-grab}. @anchor{option --log-file} @item --log-file @var{file} diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index cfc9fa3b7..527815ccb 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -550,6 +550,9 @@ static gc_option_t gc_options_gpg_agent[] = GC_LEVEL_ADVANCED, "gnupg", "allow passphrase to be prompted through Emacs", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, + { "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT, + "gnupg", NULL, + GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, @@ -559,9 +562,6 @@ static gc_option_t gc_options_gpg_agent[] = { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, - { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT, - "gnupg", "do not grab keyboard and mouse", - GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "Passphrase policy", GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,