security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

agent: New option --disable-check-own-socket.

Browse Source 
* agent/gpg-agent.c (oDisableCheckOwnSocket): New.
(disable_check_own_socket): New.
(parse_rereadable_options): Set new option.
(check_own_socket): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2013-05-21 12:10:00 +01:00
parent 88e24341e5
commit f2d8a14e1b
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
agent/gpg-agent.c
View File

@ -112,6 +112,7 @@ enum cmd_and_opt_values
oKeepDISPLAY, oKeepDISPLAY,
oSSHSupport, oSSHSupport,
oDisableScdaemon, oDisableScdaemon,
oDisableCheckOwnSocket,
oWriteEnvFile oWriteEnvFile
}; };
@ -148,6 +149,7 @@ static ARGPARSE_OPTS opts[] = {
{ oScdaemonProgram, "scdaemon-program", 2 , { oScdaemonProgram, "scdaemon-program", 2 ,
N_("|PGM|use PGM as the SCdaemon program") }, N_("|PGM|use PGM as the SCdaemon program") },
{ oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") }, { oDisableScdaemon, "disable-scdaemon", 0, N_("do not use the SCdaemon") },
{ oDisableCheckOwnSocket, "disable-check-own-socket", 0, "@" },
{ oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */ { oFakedSystemTime, "faked-system-time", 2, "@" }, /* (epoch time) */
{ oBatch, "batch", 0, "@" }, { oBatch, "batch", 0, "@" },
@ -232,6 +234,9 @@ static int shutdown_pending;
/* Counter for the currently running own socket checks. */ /* Counter for the currently running own socket checks. */
static int check_own_socket_running; static int check_own_socket_running;
/* Flags to indicate that check_own_socket shall not be called. */
static int disable_check_own_socket;
/* It is possible that we are currently running under setuid permissions */ /* It is possible that we are currently running under setuid permissions */
static int maybe_setuid = 1; static int maybe_setuid = 1;
@ -491,6 +496,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.ignore_cache_for_signing = 0; opt.ignore_cache_for_signing = 0;
opt.allow_mark_trusted = 0; opt.allow_mark_trusted = 0;
opt.disable_scdaemon = 0; opt.disable_scdaemon = 0;
disable_check_own_socket = 0;
return 1; return 1;
} }
@ -521,6 +527,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break; case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break; case oScdaemonProgram: opt.scdaemon_program = pargs->r.ret_str; break;
case oDisableScdaemon: opt.disable_scdaemon = 1; break; case oDisableScdaemon: opt.disable_scdaemon = 1; break;
case oDisableCheckOwnSocket: disable_check_own_socket = 1; break;
case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break; case oDefCacheTTL: opt.def_cache_ttl = pargs->r.ret_ulong; break;
case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break; case oDefCacheTTLSSH: opt.def_cache_ttl_ssh = pargs->r.ret_ulong; break;
@ -2174,6 +2181,9 @@ check_own_socket (void)
npth_attr_t tattr; npth_attr_t tattr;
int err; int err;
if (disable_check_own_socket)
return;
if (!opt.use_standard_socket) if (!opt.use_standard_socket)
return; /* This check makes only sense in standard socket mode. */ return; /* This check makes only sense in standard socket mode. */

28
doc/gpg-agent.texi
View File

@ -449,6 +449,16 @@ Do not make use of the scdaemon tool. This option has the effect of
disabling the ability to do smartcard operations. Note, that enabling disabling the ability to do smartcard operations. Note, that enabling
this option at runtime does not kill an already forked scdaemon. this option at runtime does not kill an already forked scdaemon.
@ifset gpgtwoone
@item --disable-check-own-socket
@opindex disable-check-own-socket
@command{gpg-agent} employs a periodic self-test to detect a stolen
socket. This usually means a second instance of @command{gpg-agent}
has taken over the socket and @command{gpg-agent} will then terminate
itself. This option may be used to disable this self-test for
debugging purposes.
@end ifset
@item --use-standard-socket @item --use-standard-socket
@itemx --no-use-standard-socket @itemx --no-use-standard-socket
@opindex use-standard-socket @opindex use-standard-socket
@ -695,14 +705,16 @@ Here is a list of supported signals:
@item SIGHUP @item SIGHUP
@cpindex SIGHUP @cpindex SIGHUP
This signal flushes all cached passphrases and if the program has been This signal flushes all cached passphrases and if the program has been
started with a configuration file, the configuration file is read again. started with a configuration file, the configuration file is read
Only certain options are honored: @code{quiet}, @code{verbose}, again. Only certain options are honored: @code{quiet},
@code{debug}, @code{debug-all}, @code{debug-level}, @code{no-grab}, @code{verbose}, @code{debug}, @code{debug-all}, @code{debug-level},
@code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl}, @code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl},
@code{ignore-cache-for-signing}, @code{allow-mark-trusted} and @code{max-cache-ttl}, @code{ignore-cache-for-signing},
@code{disable-scdaemon}. @code{scdaemon-program} is also supported but @code{allow-mark-trusted}, @code{disable-scdaemon}, and
due to the current implementation, which calls the scdaemon only once, @code{disable-check-own-socket}. @code{scdaemon-program} is also
it is not of much use unless you manually kill the scdaemon. supported but due to the current implementation, which calls the
scdaemon only once, it is not of much use unless you manually kill the
scdaemon.
@item SIGTERM @item SIGTERM