gpgsm: New option --chuid.

* sm/gpgsm.c (oChUid, opts): New option --chuid. (main): Implement option. -- This option will at least be useful for Scute. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-06 16:02:59 +02:00 · 2020-08-06 16:02:59 +02:00 · 646a30fd39
parent d10f45184c
commit 646a30fd39
2 changed files with 23 additions and 1 deletions
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@ -675,6 +675,17 @@ interoperability problems.

@table @gnupgtabopt

+@item --chuid @var{uid}
+@opindex chuid
+Change the current user to @var{uid} which may either be a number or a
+name.  This can be used from the root account to run gpgsm for
+another user.  If @var{uid} is not the current UID a standard PATH is
+set and the envvar GNUPGHOME is unset.  To override the latter the
+option @option{--homedir} can be used.  This option has only an effect
+when used on the command line.  This option has currently no effect at
+all on Windows.
+
+
@item --extra-digest-algo @var{name}
@opindex extra-digest-algo
 Sometimes signatures are broken in that they announce a different digest
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -200,6 +200,7 @@ enum cmd_and_opt_values {
  oIgnoreCertExtension,
  oAuthenticode,
  oAttribute,
+  oChUid,
  oNoAutostart
 };

@ -426,6 +427,7 @@ static gpgrt_opt_t opts[] = {
  ARGPARSE_s_s (oLCctype,    "lc-ctype", "@"),
  ARGPARSE_s_s (oLCmessages, "lc-messages", "@"),
  ARGPARSE_s_s (oXauthority, "xauthority", "@"),
+  ARGPARSE_s_s (oChUid, "chuid", "@"),


  ARGPARSE_header (NULL, ""),  /* Stop the header group.  */
@ -990,6 +992,7 @@ main ( int argc, char **argv)
  estream_t htmlauditfp = NULL;
  struct assuan_malloc_hooks malloc_hooks;
  int pwfd = -1;
+  const char *changeuser = NULL;
  /*mtrace();*/

  early_system_init ();
@ -1062,6 +1065,10 @@ main ( int argc, char **argv)
          gnupg_set_homedir (pargs.r.ret_str);
          break;

+        case oChUid:
+          changeuser = pargs.r.ret_str;
+          break;
+
        case aCallProtectTool:
          /* Make sure that --version and --help are passed to the
           * protect-tool. */
@ -1078,7 +1085,7 @@ main ( int argc, char **argv)

  /*
     Now we are now working under our real uid
-  */
+   */

  ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );

@ -1096,6 +1103,9 @@ main ( int argc, char **argv)
  ctrl.status_fd = -1; /* No status output. */
  ctrl.autodetect_encoding = 1;

+  if (changeuser && gnupg_chuid (changeuser, 0))
+    log_inc_errorcount (); /* Force later termination.  */
+
  /* Set the default policy file */
  opt.policy_file = make_filename (gnupg_homedir (), "policies.txt", NULL);

@ -1383,6 +1393,7 @@ main ( int argc, char **argv)
          break;

        case oHomedir: gnupg_set_homedir (pargs.r.ret_str); break;
+        case oChUid: break;  /* Command line only (see above).  */
        case oAgentProgram: opt.agent_program = pargs.r.ret_str;  break;

        case oDisplay: