1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

agent: Make --allow-loopback-pinentry the default.

* agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
(opts): Add --no-allow-loopback-pinentry.  Hide
description of --allow-loopback-pinentry.
(parse_rereadable_options): Set opt.allow_loopback_pinentry by
default.
(main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
in the gpgconf list.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
--

Given that a user can anyway change that options in the gpg-agent.conf
file and that gpg needs to be invoked with --pinentry-mode=loopback
the former default does not make much sense - in that option is useful
at all.  There was a discussion of this topic on gnupg-devel in April
without a clear result.  So we try this new default and just in case
real problems are found for the majority of installations, we can
revert that.  The new default is also aligned with GnuPG's policy to
make its use easier and only require users with very high security
standards to tweak certain options (those users have anyway modeled
their threat model and configured their software according to this).

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-05-04 09:24:18 +02:00
parent 9e28617e26
commit 3ef0938cfd
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 16 additions and 10 deletions

View File

@ -122,6 +122,7 @@ enum cmd_and_opt_values
oNoAllowMarkTrusted,
oAllowPresetPassphrase,
oAllowLoopbackPinentry,
oNoAllowLoopbackPinentry,
oNoAllowExternalCache,
oAllowEmacsPinentry,
oKeepTTY,
@ -220,8 +221,9 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"),
ARGPARSE_s_n (oAllowPresetPassphrase, "allow-preset-passphrase",
/* */ N_("allow presetting passphrase")),
ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry",
N_("allow caller to override the pinentry")),
ARGPARSE_s_n (oNoAllowLoopbackPinentry, "no-allow-loopback-pinentry",
N_("disallow caller to override the pinentry")),
ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", "@"),
ARGPARSE_s_n (oAllowEmacsPinentry, "allow-emacs-pinentry",
/* */ N_("allow passphrase to be prompted through Emacs")),
@ -626,6 +628,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 1;
opt.allow_external_cache = 1;
opt.allow_loopback_pinentry = 1;
opt.allow_emacs_pinentry = 0;
opt.disable_scdaemon = 0;
disable_check_own_socket = 0;
@ -699,6 +702,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break;
case oNoAllowLoopbackPinentry: opt.allow_loopback_pinentry = 0; break;
case oNoAllowExternalCache: opt.allow_external_cache = 0;
break;
@ -1154,8 +1158,8 @@ main (int argc, char **argv )
#ifdef HAVE_W32_SYSTEM
es_printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE);
#endif
es_printf ("allow-loopback-pinentry:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("no-allow-loopback-pinentry:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("allow-emacs-pinentry:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
es_printf ("pinentry-timeout:%lu:0:\n",

View File

@ -329,11 +329,13 @@ accept Root-CA keys.
This option allows the use of @command{gpg-preset-passphrase} to seed the
internal cache of @command{gpg-agent} with passphrases.
@anchor{option --allow-loopback-pinentry}
@anchor{option --no-allow-loopback-pinentry}
@item --no-allow-loopback-pinentry
@item --allow-loopback-pinentry
@opindex no-allow-loopback-pinentry
@opindex allow-loopback-pinentry
Allow clients to use the loopback pinentry features; see the option
@option{pinentry-mode} for details.
Disallow or allow clients to use the loopback pinentry features; see
the option @option{pinentry-mode} for details. Allow is the default.
@item --no-allow-external-cache
@opindex no-allow-external-cache
@ -1455,7 +1457,7 @@ following values are defined:
Use a loopback pinentry. This fakes a pinentry by using inquiries
back to the caller to ask for a passphrase. This option may only be
set if the agent has been configured for that.
Use the @xref{option --allow-loopback-pinentry}.
To disable this feature use @xref{option --no-allow-loopback-pinentry}.
@end table

View File

@ -548,8 +548,8 @@ static gc_option_t gc_options_gpg_agent[] =
{ "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", "allow caller to override the pinentry",
{ "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
"gnupg", "do not grab keyboard and mouse",