security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Remove support for the GPG_AGENT_INFO envvar.

Browse source 
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options.  Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--

The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
This commit is contained in:
Werner Koch 2014-10-03 11:58:58 +02:00
parent 688a903b4b
commit 9c380384da
15 changed files with 221 additions and 538 deletions
Download patch file Download diff file Expand all files Collapse all files

265
common/asshelp.c
View file

@ -359,14 +359,11 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
gpg_error_t (*status_cb)(ctrl_t, int, ...),
ctrl_t status_cb_arg)
{
/* If we ever failed to connect via a socket we will force the use
of the pipe based server for the lifetime of the process. */
static int force_pipe_server = 0;
gpg_error_t err = 0;
char *infostr, *p;
gpg_error_t err;
assuan_context_t ctx;
int did_success_msg = 0;
char *sockname;
const char *argv[5];
*r_ctx = NULL;
@ -377,200 +374,96 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
return err;
}
restart:
infostr = force_pipe_server? NULL : getenv (GPG_AGENT_INFO_NAME);
if (!infostr || !*infostr)
sockname = make_absfilename (homedir, GPG_AGENT_SOCK_NAME, NULL);
err = assuan_socket_connect (ctx, sockname, 0, 0);
if (err)
{
char *sockname;
const char *argv[5];
pid_t pid;
int excode;
char *abs_homedir;
lock_spawn_t lock;
/* First check whether we can connect at the standard
socket. */
sockname = make_absfilename (homedir, GPG_AGENT_SOCK_NAME, NULL);
err = assuan_socket_connect (ctx, sockname, 0, 0);
/* With no success start a new server. */
if (!agent_program || !*agent_program)
agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
if (err)
if (verbose)
log_info (_("no running gpg-agent - starting '%s'\n"),
agent_program);
if (status_cb)
status_cb (status_cb_arg, STATUS_PROGRESS,
"starting_agent ? 0 0", NULL);
/* We better pass an absolute home directory to the agent just
in case gpg-agent does not convert the passed name to an
absolute one (which it should do). */
abs_homedir = make_absfilename_try (homedir, NULL);
if (!abs_homedir)
{
char *abs_homedir;
gpg_error_t tmperr = gpg_err_make (errsource,
gpg_err_code_from_syserror ());
log_error ("error building filename: %s\n",gpg_strerror (tmperr));
xfree (sockname);
assuan_release (ctx);
return tmperr;
}
/* With no success start a new server. */
if (!agent_program || !*agent_program)
agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
if (fflush (NULL))
{
gpg_error_t tmperr = gpg_err_make (errsource,
gpg_err_code_from_syserror ());
log_error ("error flushing pending output: %s\n",
strerror (errno));
xfree (sockname);
assuan_release (ctx);
xfree (abs_homedir);
return tmperr;
}
if (verbose)
log_info (_("no running gpg-agent - starting '%s'\n"),
agent_program);
/* If the agent has been configured for use with a standard
socket, an environment variable is not required and thus
we we can savely start the agent here. */
if (status_cb)
status_cb (status_cb_arg, STATUS_PROGRESS,
"starting_agent ? 0 0", NULL);
argv[0] = "--homedir";
argv[1] = abs_homedir;
argv[2] = "--use-standard-socket";
argv[3] = "--daemon";
argv[4] = NULL;
/* We better pass an absolute home directory to the agent
just in casee gpg-agent does not convert the passed name
to an absolute one (which it should do). */
abs_homedir = make_absfilename_try (homedir, NULL);
if (!abs_homedir)
{
gpg_error_t tmperr = gpg_err_make (errsource,
gpg_err_code_from_syserror ());
log_error ("error building filename: %s\n",gpg_strerror (tmperr));
xfree (sockname);
assuan_release (ctx);
return tmperr;
}
if (fflush (NULL))
{
gpg_error_t tmperr = gpg_err_make (errsource,
gpg_err_code_from_syserror ());
log_error ("error flushing pending output: %s\n",
strerror (errno));
xfree (sockname);
assuan_release (ctx);
xfree (abs_homedir);
return tmperr;
}
argv[0] = "--homedir";
argv[1] = abs_homedir;
argv[2] = "--use-standard-socket-p";
argv[3] = NULL;
err = gnupg_spawn_process_fd (agent_program, argv, -1, -1, -1, &pid);
if (!(err = lock_spawning (&lock, homedir, "agent", verbose))
&& assuan_socket_connect (ctx, sockname, 0, 0))
{
err = gnupg_spawn_process_detached (agent_program, argv,NULL);
if (err)
log_debug ("starting '%s' for testing failed: %s\n",
log_error ("failed to start agent '%s': %s\n",
agent_program, gpg_strerror (err));
else if ((err = gnupg_wait_process (agent_program, pid, 1, &excode)))
{
if (excode == -1)
log_debug ("running '%s' for testing failed (wait): %s\n",
agent_program, gpg_strerror (err));
}
gnupg_release_process (pid);
if (!err && !excode)
{
/* If the agent has been configured for use with a
standard socket, an environment variable is not
required and thus we we can savely start the agent
here. */
lock_spawn_t lock;
argv[0] = "--homedir";
argv[1] = abs_homedir;
argv[2] = "--use-standard-socket";
argv[3] = "--daemon";
argv[4] = NULL;
if (!(err = lock_spawning (&lock, homedir, "agent", verbose))
&& assuan_socket_connect (ctx, sockname, 0, 0))
{
err = gnupg_spawn_process_detached (agent_program, argv,NULL);
if (err)
log_error ("failed to start agent '%s': %s\n",
agent_program, gpg_strerror (err));
else
{
int i;
for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++)
{
if (verbose)
log_info (_("waiting for the agent "
"to come up ... (%ds)\n"),
SECS_TO_WAIT_FOR_AGENT - i);
gnupg_sleep (1);
err = assuan_socket_connect (ctx, sockname, 0, 0);
if (!err)
{
if (verbose)
{
log_info (_("connection to agent "
"established\n"));
did_success_msg = 1;
}
break;
}
}
}
}
unlock_spawning (&lock, "agent");
}
else
{
/* If using the standard socket is not the default we
start the agent as a pipe server which gives us most
of the required features except for passphrase
caching etc. */
const char *pgmname;
assuan_fd_t no_close_list[3];
int i;
if ( !(pgmname = strrchr (agent_program, '/')))
pgmname = agent_program;
else
pgmname++;
argv[0] = pgmname; /* (Assuan expects a standard argv.) */
argv[1] = "--homedir";
argv[2] = abs_homedir;
argv[3] = "--server";
argv[4] = NULL;
i=0;
if (log_get_fd () != -1)
no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
no_close_list[i] = ASSUAN_INVALID_FD;
/* Connect to the agent and perform initial handshaking. */
err = assuan_pipe_connect (ctx, agent_program, argv,
no_close_list, NULL, NULL, 0);
for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++)
{
if (verbose)
log_info (_("waiting for the agent to come up ... (%ds)\n"),
SECS_TO_WAIT_FOR_AGENT - i);
gnupg_sleep (1);
err = assuan_socket_connect (ctx, sockname, 0, 0);
if (!err)
{
if (verbose)
{
log_info (_("connection to agent established\n"));
did_success_msg = 1;
}
break;
}
}
}
xfree (abs_homedir);
}
xfree (sockname);
unlock_spawning (&lock, "agent");
xfree (abs_homedir);
}
else
{
int prot;
int pid;
infostr = xstrdup (infostr);
if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
{
log_error (_("malformed %s environment variable\n"),
GPG_AGENT_INFO_NAME);
xfree (infostr);
force_pipe_server = 1;
goto restart;
}
*p++ = 0;
pid = atoi (p);
while (*p && *p != PATHSEP_C)
p++;
prot = *p? atoi (p+1) : 0;
if (prot != 1)
{
log_error (_("gpg-agent protocol version %d is not supported\n"),
prot);
xfree (infostr);
force_pipe_server = 1;
goto restart;
}
err = assuan_socket_connect (ctx, infostr, pid, 0);
xfree (infostr);
if (gpg_err_code (err) == GPG_ERR_ASS_CONNECT_FAILED)
{
log_info (_("can't connect to the agent - trying fall back\n"));
force_pipe_server = 1;
goto restart;
}
}
xfree (sockname);
if (err)
{
log_error ("can't connect to the agent: %s\n", gpg_strerror (err));
@ -582,11 +475,11 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
log_debug (_("connection to agent established\n"));
err = assuan_transact (ctx, "RESET",
NULL, NULL, NULL, NULL, NULL, NULL);
NULL, NULL, NULL, NULL, NULL, NULL);
if (!err)
err = send_pinentry_environment (ctx, errsource,
opt_lc_ctype, opt_lc_messages,
session_env);
opt_lc_ctype, opt_lc_messages,
session_env);
if (err)
{
assuan_release (ctx);

5
common/exechelp-w32.c
View file

@ -754,10 +754,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
char *cmdline;
/* FIXME: We don't make use of ENVP yet. It is currently only used
to pass the GPG_AGENT_INFO variable to gpg-agent. As the default
on windows is to use a standard socket, this does not really
matter. */
/* We don't use ENVP. */
(void)envp;
if (access (pgmname, X_OK))

21
common/simple-pwquery.c
View file

@ -69,13 +69,12 @@
#endif
/* Name of the socket to be used if GPG_AGENT_INFO has not been
set. No default socket is used if this is NULL. */
/* Name of the socket to be used. This is a kludge to keep on using
the existsing code despite that we only support a standard socket. */
static char *default_gpg_agent_info;
#ifndef HAVE_STPCPY
@ -324,14 +323,11 @@ agent_open (int *rfd)
char *infostr, *p;
struct sockaddr_un client_addr;
size_t len;
int prot;
char line[200];
int nread;
*rfd = -1;
infostr = getenv (GPG_AGENT_INFO_NAME);
if ( !infostr || !*infostr )
infostr = default_gpg_agent_info;
infostr = default_gpg_agent_info;
if ( !infostr || !*infostr )
{
#ifdef SPWQ_USE_LOGGING
@ -348,23 +344,12 @@ agent_open (int *rfd)
if ( !(p = strchr ( infostr, PATHSEP_C)) || p == infostr
|| (p-infostr)+1 >= sizeof client_addr.sun_path )
{
#ifdef SPWQ_USE_LOGGING
log_error (_("malformed %s environment variable\n"), GPG_AGENT_INFO_NAME);
#endif
return SPWQ_NO_AGENT;
}
*p++ = 0;
while (*p && *p != PATHSEP_C)
p++;
prot = *p? atoi (p+1) : 0;
if ( prot != 1)
{
#ifdef SPWQ_USE_LOGGING
log_error (_("gpg-agent protocol version %d is not supported\n"),prot);
#endif
return SPWQ_PROTOCOL_ERROR;
}
#ifdef HAVE_W32_SYSTEM
fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);