mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
tools:gpg-auth: Enhance it to support use case for login.
* tools/Makefile.am: gpg-auth is one in libexec_PROGRAMS. * tools/gpg-auth.c: Support use by root for login user. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
87d4338ed1
commit
e133bcb1cd
@ -59,12 +59,15 @@ endif
|
|||||||
|
|
||||||
bin_PROGRAMS = gpgconf gpg-connect-agent gpg-card gpg-wks-client
|
bin_PROGRAMS = gpgconf gpg-connect-agent gpg-card gpg-wks-client
|
||||||
if !HAVE_W32_SYSTEM
|
if !HAVE_W32_SYSTEM
|
||||||
bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server} gpgsplit gpg-auth
|
bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server} gpgsplit
|
||||||
else
|
else
|
||||||
bin_PROGRAMS += gpgconf-w32
|
bin_PROGRAMS += gpgconf-w32
|
||||||
endif
|
endif
|
||||||
|
|
||||||
libexec_PROGRAMS = gpg-check-pattern gpg-pair-tool
|
libexec_PROGRAMS = gpg-check-pattern gpg-pair-tool
|
||||||
|
if !HAVE_W32_SYSTEM
|
||||||
|
libexec_PROGRAMS += gpg-auth
|
||||||
|
endif
|
||||||
|
|
||||||
noinst_PROGRAMS = clean-sat make-dns-cert
|
noinst_PROGRAMS = clean-sat make-dns-cert
|
||||||
|
|
||||||
|
@ -46,6 +46,7 @@ struct
|
|||||||
int with_colons;
|
int with_colons;
|
||||||
const char *agent_program;
|
const char *agent_program;
|
||||||
int autostart;
|
int autostart;
|
||||||
|
int use_scd_directly;
|
||||||
|
|
||||||
/* Options passed to the gpg-agent: */
|
/* Options passed to the gpg-agent: */
|
||||||
char *lc_ctype;
|
char *lc_ctype;
|
||||||
@ -80,7 +81,7 @@ enum opt_values
|
|||||||
oLCctype,
|
oLCctype,
|
||||||
oLCmessages,
|
oLCmessages,
|
||||||
|
|
||||||
oChUid,
|
oUseSCDDirectly,
|
||||||
|
|
||||||
oDummy
|
oDummy
|
||||||
};
|
};
|
||||||
@ -99,6 +100,7 @@ static gpgrt_opt_t opts[] = {
|
|||||||
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
|
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
|
||||||
ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
|
ARGPARSE_s_s (oLCctype, "lc-ctype", "@"),
|
||||||
ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
|
ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
|
||||||
|
ARGPARSE_s_n (oUseSCDDirectly, "use-scdaemon-directly", "@"),
|
||||||
|
|
||||||
ARGPARSE_end ()
|
ARGPARSE_end ()
|
||||||
};
|
};
|
||||||
@ -175,6 +177,8 @@ parse_arguments (gpgrt_argparse_t *pargs, gpgrt_opt_t *popts)
|
|||||||
case oLCctype: opt.lc_ctype = pargs->r.ret_str; break;
|
case oLCctype: opt.lc_ctype = pargs->r.ret_str; break;
|
||||||
case oLCmessages: opt.lc_messages = pargs->r.ret_str; break;
|
case oLCmessages: opt.lc_messages = pargs->r.ret_str; break;
|
||||||
|
|
||||||
|
case oUseSCDDirectly: opt.use_scd_directly = 1; break;
|
||||||
|
|
||||||
default: pargs->err = ARGPARSE_PRINT_ERROR; break;
|
default: pargs->err = ARGPARSE_PRINT_ERROR; break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -195,7 +199,8 @@ static gpg_error_t scd_passwd_reset (assuan_context_t ctx, const char *keygrip);
|
|||||||
static gpg_error_t ga_scd_connect (assuan_context_t *r_scd_ctx, int use_agent);
|
static gpg_error_t ga_scd_connect (assuan_context_t *r_scd_ctx, int use_agent);
|
||||||
static gpg_error_t ga_scd_get_auth_keys (assuan_context_t ctx,
|
static gpg_error_t ga_scd_get_auth_keys (assuan_context_t ctx,
|
||||||
struct ga_key_list **r_key_list);
|
struct ga_key_list **r_key_list);
|
||||||
static gpg_error_t ga_filter_by_authorized_keys (struct ga_key_list **r_key_list);
|
static gpg_error_t ga_filter_by_authorized_keys (const char *user,
|
||||||
|
struct ga_key_list **r_key_list);
|
||||||
static void ga_release_auth_keys (struct ga_key_list *key_list);
|
static void ga_release_auth_keys (struct ga_key_list *key_list);
|
||||||
static gpg_error_t scd_pkauth (assuan_context_t ctx, const char *keygrip);
|
static gpg_error_t scd_pkauth (assuan_context_t ctx, const char *keygrip);
|
||||||
static gpg_error_t authenticate (assuan_context_t ctx, struct ga_key_list *key_list);
|
static gpg_error_t authenticate (assuan_context_t ctx, struct ga_key_list *key_list);
|
||||||
@ -209,6 +214,7 @@ main (int argc, char **argv)
|
|||||||
gpgrt_argparse_t pargs;
|
gpgrt_argparse_t pargs;
|
||||||
assuan_context_t scd_ctx = NULL;
|
assuan_context_t scd_ctx = NULL;
|
||||||
struct ga_key_list *key_list = NULL;
|
struct ga_key_list *key_list = NULL;
|
||||||
|
const char *user;
|
||||||
|
|
||||||
gnupg_reopen_std ("gpg-auth");
|
gnupg_reopen_std ("gpg-auth");
|
||||||
gpgrt_set_strusage (my_strusage);
|
gpgrt_set_strusage (my_strusage);
|
||||||
@ -237,13 +243,22 @@ main (int argc, char **argv)
|
|||||||
if (argc != 0)
|
if (argc != 0)
|
||||||
gpgrt_usage (1); /* Never returns. */
|
gpgrt_usage (1); /* Never returns. */
|
||||||
|
|
||||||
err = ga_scd_connect (&scd_ctx, 1);
|
if (opt.use_scd_directly)
|
||||||
|
{
|
||||||
|
user = getenv ("PAM_USER");
|
||||||
|
if (user == NULL)
|
||||||
|
exit (2);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
user = NULL;
|
||||||
|
|
||||||
|
err = ga_scd_connect (&scd_ctx, opt.use_scd_directly);
|
||||||
|
|
||||||
if (!err)
|
if (!err)
|
||||||
err = ga_scd_get_auth_keys (scd_ctx, &key_list);
|
err = ga_scd_get_auth_keys (scd_ctx, &key_list);
|
||||||
|
|
||||||
if (!err)
|
if (!err)
|
||||||
err = ga_filter_by_authorized_keys (&key_list);
|
err = ga_filter_by_authorized_keys (user, &key_list);
|
||||||
|
|
||||||
if (!err)
|
if (!err)
|
||||||
err = authenticate (scd_ctx, key_list);
|
err = authenticate (scd_ctx, key_list);
|
||||||
@ -418,7 +433,7 @@ scd_passwd_reset (assuan_context_t ctx, const char *keygrip)
|
|||||||
/* Connect to scdaemon by pipe or socket. Execute initial "SEREIALNO"
|
/* Connect to scdaemon by pipe or socket. Execute initial "SEREIALNO"
|
||||||
command to enable all connected token under scdaemon control. */
|
command to enable all connected token under scdaemon control. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ga_scd_connect (assuan_context_t *r_scd_ctx, int use_agent)
|
ga_scd_connect (assuan_context_t *r_scd_ctx, int use_scd_directly)
|
||||||
{
|
{
|
||||||
assuan_context_t assuan_ctx;
|
assuan_context_t assuan_ctx;
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
@ -427,7 +442,7 @@ ga_scd_connect (assuan_context_t *r_scd_ctx, int use_agent)
|
|||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
if (use_agent)
|
if (!use_scd_directly)
|
||||||
/* Use scdaemon under gpg-agent. */
|
/* Use scdaemon under gpg-agent. */
|
||||||
{
|
{
|
||||||
char *scd_socket_name = NULL;
|
char *scd_socket_name = NULL;
|
||||||
@ -479,7 +494,7 @@ ga_scd_connect (assuan_context_t *r_scd_ctx, int use_agent)
|
|||||||
NULL, NULL, 0);
|
NULL, NULL, 0);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("could not spawn scdaemon: %s", gpg_strerror (err));
|
log_error ("could not spawn scdaemon: %s\n", gpg_strerror (err));
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -769,7 +784,7 @@ release_ssh_key_list (struct ssh_key_list *key_list)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ssh_authorized_keys (struct ssh_key_list **r_ssh_key_list)
|
ssh_authorized_keys (const char *user, struct ssh_key_list **r_ssh_key_list)
|
||||||
{
|
{
|
||||||
gpg_error_t err = 0;
|
gpg_error_t err = 0;
|
||||||
char *fname = NULL;
|
char *fname = NULL;
|
||||||
@ -783,7 +798,16 @@ ssh_authorized_keys (struct ssh_key_list **r_ssh_key_list)
|
|||||||
struct ssh_key_list *ssh_key_prev = NULL;
|
struct ssh_key_list *ssh_key_prev = NULL;
|
||||||
struct ssh_key_list *ssh_key = NULL;
|
struct ssh_key_list *ssh_key = NULL;
|
||||||
|
|
||||||
|
if (user)
|
||||||
|
{
|
||||||
|
char tilde_user[256];
|
||||||
|
|
||||||
|
snprintf (tilde_user, sizeof tilde_user, "~%s", user);
|
||||||
|
fname = make_absfilename_try (tilde_user, ".ssh", "authorized_keys", NULL);
|
||||||
|
}
|
||||||
|
else
|
||||||
fname = make_absfilename_try ("~", ".ssh", "authorized_keys", NULL);
|
fname = make_absfilename_try ("~", ".ssh", "authorized_keys", NULL);
|
||||||
|
|
||||||
if (fname == NULL)
|
if (fname == NULL)
|
||||||
return gpg_error (GPG_ERR_INV_NAME);
|
return gpg_error (GPG_ERR_INV_NAME);
|
||||||
|
|
||||||
@ -843,7 +867,7 @@ ssh_authorized_keys (struct ssh_key_list **r_ssh_key_list)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
ga_filter_by_authorized_keys (struct ga_key_list **r_key_list)
|
ga_filter_by_authorized_keys (const char *user, struct ga_key_list **r_key_list)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
struct ga_key_list *cur = *r_key_list;
|
struct ga_key_list *cur = *r_key_list;
|
||||||
@ -851,7 +875,7 @@ ga_filter_by_authorized_keys (struct ga_key_list **r_key_list)
|
|||||||
struct ga_key_list *prev = NULL;
|
struct ga_key_list *prev = NULL;
|
||||||
struct ssh_key_list *ssh_key_list = NULL;
|
struct ssh_key_list *ssh_key_list = NULL;
|
||||||
|
|
||||||
err = ssh_authorized_keys (&ssh_key_list);
|
err = ssh_authorized_keys (user, &ssh_key_list);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user