security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: Remove all system daemon features.

Browse source 
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this.  Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature.  Remove system dameon
feature.  Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--

We are now starting dirmngr as needed as a user daemon.  The
deprecated system daemon mode does not anymore make sense.  In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-08-18 11:23:40 +02:00
parent de6e3217cd
commit d83ba4897b
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
13 changed files with 29 additions and 365 deletions
Download patch file Download diff file Expand all files Collapse all files

50
common/homedir.c
View file

@ -812,55 +812,9 @@ gnupg_cachedir (void)
}
/* Return the system socket name used by DirMngr. */
/* Return the user socket name used by DirMngr. */
const char *
dirmngr_sys_socket_name (void)
{
#ifdef HAVE_W32_SYSTEM
static char *name;
if (!name)
{
char *p;
# ifdef HAVE_W32CE_SYSTEM
const char *s1, *s2;
s1 = default_homedir ();
# else
char s1buf[MAX_PATH];
const char *s1, *s2;
s1 = default_homedir ();
if (!w32_portable_app)
{
/* We need something akin CSIDL_COMMON_PROGRAMS, but local
(non-roaming). This is because the file needs to be on
the local machine and makes only sense on that machine.
CSIDL_WINDOWS seems to be the only location which
guarantees that. */
if (w32_shgetfolderpath (NULL, CSIDL_WINDOWS, NULL, 0, s1buf) < 0)
strcpy (s1buf, "C:\\WINDOWS");
s1 = s1buf;
}
# endif
s2 = DIRSEP_S DIRMNGR_SOCK_NAME;
name = xmalloc (strlen (s1) + strlen (s2) + 1);
strcpy (stpcpy (name, s1), s2);
for (p=name; *p; p++)
if (*p == '/')
*p = '\\';
}
return name;
#else /*!HAVE_W32_SYSTEM*/
return GNUPG_LOCALSTATEDIR "/run/" PACKAGE_NAME "/"DIRMNGR_SOCK_NAME;
#endif /*!HAVE_W32_SYSTEM*/
}
/* Return the user socket name used by DirMngr. If a user specific
dirmngr installation is not supported, NULL is returned. */
const char *
dirmngr_user_socket_name (void)
dirmngr_socket_name (void)
{
static char *name;