mirror of git://git.gnupg.org/gnupg.git
agent: New option --disable-check-own-socket.
* agent/gpg-agent.c (oDisableCheckOwnSocket): New. (disable_check_own_socket): New. (parse_rereadable_options): Set new option. (check_own_socket): Implement new option. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
88e24341e5
commit
f2d8a14e1b
|
|
@ -112,6 +112,7 @@ enum cmd_and_opt_values
|
|||
oKeepDISPLAY,
|
||||
oSSHSupport,
|
||||
oDisableScdaemon,
|
||||
oDisableCheckOwnSocket,
|
||||
oWriteEnvFile
|
||||
};
|
||||
|
||||
|
|
@ -148,6 +149,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||
{ oScdaemonProgram, "scdaemon-program", 2 ,
|
||||
N_("|PGM|use PGM as the SCdaemon program") },
|
||||
{ oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") },
|
||||
{ oDisableCheckOwnSocket, "disable-check-own-socket", 0, "@" },
|
||||
{ oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */
|
||||
|
||||
{ oBatch, "batch", 0, "@" },
|
||||
|
|
@ -232,6 +234,9 @@ static int shutdown_pending;
|
|||
/* Counter for the currently running own socket checks. */
|
||||
static int check_own_socket_running;
|
||||
|
||||
/* Flags to indicate that check_own_socket shall not be called. */
|
||||
static int disable_check_own_socket;
|
||||
|
||||
/* It is possible that we are currently running under setuid permissions */
|
||||
static int maybe_setuid = 1;
|
||||
|
||||
|
|
@ -491,6 +496,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
|||
opt.ignore_cache_for_signing = 0;
|
||||
opt.allow_mark_trusted = 0;
|
||||
opt.disable_scdaemon = 0;
|
||||
disable_check_own_socket = 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
@ -521,6 +527,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
|||
case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
|
||||
case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
|
||||
case oDisableScdaemon: opt.disable_scdaemon = 1; break;
|
||||
case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
|
||||
|
||||
case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
|
||||
case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
|
||||
|
|
@ -2174,6 +2181,9 @@ check_own_socket (void)
|
|||
npth_attr_t tattr;
|
||||
int err;
|
||||
|
||||
if (disable_check_own_socket)
|
||||
return;
|
||||
|
||||
if (!opt.use_standard_socket)
|
||||
return; /* This check makes only sense in standard socket mode. */
|
||||
|
||||
|
|
|
|||
|
|
@ -449,6 +449,16 @@ Do not make use of the scdaemon tool. This option has the effect of
|
|||
disabling the ability to do smartcard operations. Note, that enabling
|
||||
this option at runtime does not kill an already forked scdaemon.
|
||||
|
||||
@ifset gpgtwoone
|
||||
@item --disable-check-own-socket
|
||||
@opindex disable-check-own-socket
|
||||
@command{gpg-agent} employs a periodic self-test to detect a stolen
|
||||
socket. This usually means a second instance of @command{gpg-agent}
|
||||
has taken over the socket and @command{gpg-agent} will then terminate
|
||||
itself. This option may be used to disable this self-test for
|
||||
debugging purposes.
|
||||
@end ifset
|
||||
|
||||
@item --use-standard-socket
|
||||
@itemx --no-use-standard-socket
|
||||
@opindex use-standard-socket
|
||||
|
|
@ -695,14 +705,16 @@ Here is a list of supported signals:
|
|||
@item SIGHUP
|
||||
@cpindex SIGHUP
|
||||
This signal flushes all cached passphrases and if the program has been
|
||||
started with a configuration file, the configuration file is read again.
|
||||
Only certain options are honored: @code{quiet}, @code{verbose},
|
||||
@code{debug}, @code{debug-all}, @code{debug-level}, @code{no-grab},
|
||||
@code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl},
|
||||
@code{ignore-cache-for-signing}, @code{allow-mark-trusted} and
|
||||
@code{disable-scdaemon}. @code{scdaemon-program} is also supported but
|
||||
due to the current implementation, which calls the scdaemon only once,
|
||||
it is not of much use unless you manually kill the scdaemon.
|
||||
started with a configuration file, the configuration file is read
|
||||
again. Only certain options are honored: @code{quiet},
|
||||
@code{verbose}, @code{debug}, @code{debug-all}, @code{debug-level},
|
||||
@code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl},
|
||||
@code{max-cache-ttl}, @code{ignore-cache-for-signing},
|
||||
@code{allow-mark-trusted}, @code{disable-scdaemon}, and
|
||||
@code{disable-check-own-socket}. @code{scdaemon-program} is also
|
||||
supported but due to the current implementation, which calls the
|
||||
scdaemon only once, it is not of much use unless you manually kill the
|
||||
scdaemon.
|
||||
|
||||
|
||||
@item SIGTERM
|
||||
|
|
|
|||
Loading…
Reference in New Issue