security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-24 16:43:28 +02:00
Code Activity

agent: Make --no-grab the default.

Browse Source 
* agent/gpg-agent.c (oGrab): New const.
(opts): New option --grab.  Remove description for --no-grab.
(parse_rereadable_options): Make --no-grab the default.
(finalize_rereadable_options): Allow --grab to override --no-grab.
(main) <gpgconflist>: Add "grab".
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-08-04 18:34:03 +02:00
parent b54d75fb1d
commit 3d78ae4d3d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
agent/gpg-agent.c
View File

@ -83,6 +83,7 @@ enum cmd_and_opt_values
oNoOptions, oNoOptions,
oHomedir, oHomedir,
oNoDetach, oNoDetach,
oGrab,
oNoGrab, oNoGrab,
oLogFile, oLogFile,
oServer, oServer,
@ -169,7 +170,10 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"), ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")), ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")), ARGPARSE_s_n (oGrab, "grab", "@"),
/* FIXME: Add the below string for 2.3 */
/* N_("let PIN-Entry grab keyboard and mouse")), */
ARGPARSE_s_n (oNoGrab, "no-grab", "@"),
ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")), ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")),
ARGPARSE_s_s (oPinentryProgram, "pinentry-program", ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
/* */ N_("|PGM|use PGM as the PIN-Entry program")), /* */ N_("|PGM|use PGM as the PIN-Entry program")),
@ -787,7 +791,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.quiet = 0; opt.quiet = 0;
opt.verbose = 0; opt.verbose = 0;
opt.debug = 0; opt.debug = 0;
opt.no_grab = 0; opt.no_grab = 1;
opt.debug_pinentry = 0; opt.debug_pinentry = 0;
opt.pinentry_program = NULL; opt.pinentry_program = NULL;
opt.pinentry_touch_file = NULL; opt.pinentry_touch_file = NULL;
@ -842,7 +846,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
} }
break; break;
case oNoGrab: opt.no_grab = 1; break; case oNoGrab: opt.no_grab |= 1; break;
case oGrab: opt.no_grab |= 2; break;
case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break; case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break; case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
@ -917,6 +922,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
static void static void
finalize_rereadable_options (void) finalize_rereadable_options (void)
{ {
/* Hack to allow --grab to override --no-grab. */
if ((opt.no_grab & 2))
opt.no_grab = 0;
} }
@ -1406,6 +1414,8 @@ main (int argc, char **argv )
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME); GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
es_printf ("enable-extended-key-format:%lu:\n", es_printf ("enable-extended-key-format:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("grab:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
agent_exit (0); agent_exit (0);
} }

10
doc/gpg-agent.texi
View File

@ -325,10 +325,14 @@ the environment variable @code{SHELL} which is correct in almost all
cases. cases.
@item --no-grab @item --grab
@itemx --no-grab
@opindex grab
@opindex no-grab @opindex no-grab
Tell the pinentry not to grab the keyboard and mouse. This option Tell the pinentry to grab the keyboard and mouse. This option should
should in general not be used to avoid X-sniffing attacks. be used on X-Servers to avoid X-sniffing attacks. Any use of the
option @option{--grab} overrides an used option @option{--no-grab}.
The default is @option{--no-grab}.
@anchor{option --log-file} @anchor{option --log-file}
@item --log-file @var{file} @item --log-file @var{file}

6
tools/gpgconf-comp.c
View File

@ -550,6 +550,9 @@ static gc_option_t gc_options_gpg_agent[] =
GC_LEVEL_ADVANCED, GC_LEVEL_ADVANCED,
"gnupg", "allow passphrase to be prompted through Emacs", "gnupg", "allow passphrase to be prompted through Emacs",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
"gnupg", NULL,
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-allow-external-cache", GC_OPT_FLAG_RUNTIME, { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache", GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
@ -559,9 +562,6 @@ static gc_option_t gc_options_gpg_agent[] =
{ "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME, { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry", GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
"gnupg", "do not grab keyboard and mouse",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "Passphrase policy", { "Passphrase policy",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,