* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--
GnuPG-bug-id: 3218
Note that we should add this also to dirmngr. And for non-Linux
systems a stat in ticker should be implemented.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--
OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256. This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
* agent/w32main.c: Ditto.
--
For openpty function, we need to include util.h on some OS.
We also have util.h in common/, so this change is needed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
from 100ms to 1ms or use gpgrt_yield when build against a recent
libgpg-error.
--
Debian-bug-id: 851298
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (startup_fd_list): Do not define for W32.
(main) [W32]: Do not call get_all_open_fds.
--
GnuPG-bug-id: 2267
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Initialize secmem to the configured buffer
size.
--
This patch is a step toward addressing
GnuPG-bug-id: 2857
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (handle_connections): Add a comment.
* dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
socket to ...
(handle_connections): here. Add a comment why we keep the
listening socket open during a shutdown.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (handle_connections): Keep on selecting on the
inotify fd even when a shutdown is pending.
* dirmngr/dirmngr.c (handle_connections): Ditto. Also simplifyy the
use of the HAVE_INOTIFY_INIT cpp conditional.
--
Without that patch we won't notice a removed socket when a shutdown is
pending. This is somewhat related to bug report 2849.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Remove duplicated initialization in daemon
mode.
--
The commit f57dc2b1e6f28d164f882373535dbcb0d632ca17 fixes a part of
problem (for missing initialization of supervised mode). It was
actually put in wrong place.
Fixes-commit: 9f92b62a51d2d60f038fdbe01602865c5933fa95
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
system call clamp.
(agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
enough.
--
This patch prepares for a feature comming with Libgcrypt 1.8.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
"need_entropy".
--
During key generation Libgrypt will read from /dev/random which may
block. Libgcrypt is not nPth aware and thus the entire process will
block. Fortunately there is also a select with a short timeout to run
the progress callback. We detect this in gpg-agent and introduce a
short delay to give other threads (i.e. connections) an opportunity to
run.
This alone is not sufficient, an updated Libgpg-error is also required
to make the lock functions nPth aware.
Signed-off-by: Werner Koch <wk@gnupg.org>
There were several different variant spellings of "passphrase". This
should fix them all for all English text.
I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (get_socket_name): move to ...
* common/sysutils.c (gnupg_get_socket_name): ... here.
--
This allows us to use the same functionality in dirmngr as well.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
Remove unneeded diagnostic.
--
get_socket_name already prints error messages and thus there is not
need to print another one.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (map_supervised_socket): if the agent is running
in --supervised mode and is not actually given LISTEN_FDNAMES
directives, require at least fd 3 to be open for listening.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* common/sysutils.c: Include sys/inotify.h.
(my_error_from_syserror, my_error): New.
(gnupg_inotify_watch_socket): New.
(gnupg_inotify_has_name): New.
* agent/gpg-agent.c: Do not include sys/inotify.h.
(my_inotify_is_name): Remove.
(handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
the new functions.
--
When removing not a simple socket file but the entire directory the
old code missed most events and thus did not worked properly.
IN_DELETE_SELF has also been added to the watch list to detect a
removal of the directory. However, in all tests that event was not
triggered. The only way it could be triggered was by not watching
the socket dir but an arbitary directory and rmdir that.
GnuPG-bug-id: 2756
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
Provide correct fd in the second error case.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Initialize modules in supervised mode.
--
It was probably my fault. I had to rebase my patches to take in the
npth patches but for some reason my addition of initialize_modules got
lost.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
close on error is fd, not i.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (get_socket_path): Rename to ...
(get_socket_name): this. This is to comply with the GNU coding guide.
Use xtrymalloc instead of malloc. Do not build for W32.
(map_supervised_sockets): Use strtokenize and set the the socket names
here.
(main): Adjust for above change. Do not close the socket.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
(is_supervised): Move from main() to global.
(inhibit_socket_removal): New.
(cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
(check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
seting the socket names to empty.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): In supervised mode do not provide default
socket names. Unset DISPLAY and INSIDE_EMACS. Use log_error and
agent_exit.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (get_socket_path): New function for POSIX systems
to return the path for a provided unix-domain socket.
(map_supervised_sockets): New function to inspect $LISTEN_FDS and
$LISTEN_FDNAMES and map them to the specific functionality offered by
the agent.
(main): Add --supervised command. When used, listen on already-open
file descriptors instead of opening our own.
* doc/gpg-agent.texi: Document --supervised option.
--
"gpg-agent --supervised" is a way to invoke gpg-agent such that a
system supervisor like systemd can provide socket-activated startup,
log management, and scheduled shutdown.
When running in this mode, gpg-agent:
* Does not open its own listening socket; rather, it expects to be
given a listening socket on incoming file descriptors.
* Does not detach from the invoking process, staying in the
foreground instead. Unless otherwise specified, logs are sent to
stderr.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* agent/gpg-agent.c (thread_init_once, initialize_modules): New.
(main): Make sure no daemonizing-fork call after npth_init, and no npth
calls before npth_init, with care of npth calls by assuan hooks.
* dirmngr/dirmngr.c (thread_init): New.
(main): Make sure npth_init must not be called before daemonizing fork.
* scd/scdaemon.c (main): Likewise.
--
It is simply the best for nPth not to allow the daemonizing fork after
npth_init, because semantics and implementations of forked child process
in a threaded application is a difficult corner case.
GnuPG-bug-id: 1779
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (main): Take the socketdir in account for the
default sockets.
* tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
"agent-browser-socket".
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
'browser-socket', enable ssh socket by default, but do not emit the
'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
* doc/gpg-agent.texi: Update documentation.
--
This change enables the restricted, browser, and ssh socket by
default. Note that in all cases, the user has to do some additional
configuration to her setup to make use of these features. Therefore,
this should not break any existing setups, but makes it simpler to
discover and use these features.
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/command.c (server_local_s): Add fields 'greeting_seen' and
'connect_from_self'.
(io_monitor): Do not log connections from self.
(start_command_handler): Set flag 'connect_from_self'.
* agent/gpg-agent.c (check_own_socket_thread): Disable logging.
(do_start_connection_thread): Do not log conection start and
termination if IPC debugging is enabled.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.
--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* common/util.h (get_pk_algo_from_key): New.
* common/sexputil.c (get_pk_algo_from_key): The implementation.
* agent/gpg-agent.c: Remove include of openpgpdefs.h.
* agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
(ssh_key_types): Update with GCRY_PK_*.
(make_cstring, sexp_extract_identifier): Remove.
(sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
(ssh_key_to_blob): Use cadr to get value list.
(ssh_key_type_lookup): Lookup with integer ALGO.
(ssh_receive_key): Follow the change of ssh_key_type_lookup.
(ssh_send_key_public): Likewise. Use get_pk_algo_from_key to get ALGO.
--
This fixes the regresson introduced by the commit
894789c3299dc47a8c1ccaaa7070382f0fae0262.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/gpg-agent.c (get_agent_active_connection_count): New.
(do_start_connection_thread, start_connection_thread_ssh): Bump
ACTIVE_CONNECTIONS up and down.
* agent/command.c (cmd_getinfo): Add subcommand "connections".
--
The variable ACTIVE_CONNECTIONS is used to shutdown gpg-agent in a
friendly way. Before we switched to nPth a Pth provided count of
threads was used for this. During the migration to nPth
ACTIVE_CONNECTIONS was introduced and checked but never set.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--
This is just in case of a improperly set umask. Note that a connect
requires a write permissions.
* common/homedir.c: Include sys/stat.h and zb32.h.
(w32_portable_app, w32_bin_is_bin): Change type from int to byte.
(non_default_homedir): New.
(is_gnupg_default_homedir): New.
(default_homedir): Set non_default_homedir.
(gnupg_set_homedir): Set non_default_homedir and make
the_gnupg_homedir and absolute directory name.
(gnupg_homedir): Return an absolute directory name.
(_gnupg_socketdir_internal): New.
(gnupg_socketdir): Implement /run/user/ based sockets.
* tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete
make_filename by xstrdup.
* tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output.
--
If a [/var]/run/user/$(id -u)/ directory exists, a gnupg subdir is
created as needed and the permissions of the directories are checked.
If that all matches that directory name is returned instead of the
homedir.
To cope with non standard homedirs (via GNUPGHOME or --homedir) the
SHA-1 hash of the homedir is computed, left truncated to 120 bits,
zBase-32 encoded, prefixed with "d.", and appended to
"[/var]/run/user/$(id -u)/gnupg/". If that directory exists and has
proper permissions it is returned as socket dir - if not the homedir
is used. Due to cleanup issues, this directory will not be
auto-created but needs to be created by the user in advance.
The required permissions are: directory owned by the user, group and
others bits not set.
Signed-off-by: Werner Koch <wk@gnupg.org>