[git] GnuPG - branch, master, updated. gnupg-2.1.1-6-g14601ea
by Werner Koch
cvs at cvs.gnupg.org
Fri Dec 19 13:08:19 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 14601eacb51f6c8a60d3d57aee1be11debd94c68 (commit)
via aad8963f7b9d13b319abd413db8f42ec467db913 (commit)
via abec64f3cb04e49ca48cc476a5830a920e2ebf8f (commit)
from 5cb6df8996623c00eaa2a39e3037101585442f7e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 14601eacb51f6c8a60d3d57aee1be11debd94c68
Author: Werner Koch <wk at gnupg.org>
Date: Fri Dec 19 13:07:09 2014 +0100
agent: Keep the session environment for restricted connections.
* agent/command-ssh.c (setup_ssh_env): Move code to ...
* agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change
calllers.
* agent/command.c (start_command_handler): Call that fucntion for
restricted connections.
--
A remote connection is and should not be able to setup the local
session environment. However, unless --keep-display is used we would
be left without an environment and thus pinentry can't be used. The
fix is the same as used for ssh-agent connection: We use the default
environment as used at the startup of the agent.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/agent.h b/agent/agent.h
index a1663cd..c7c65af 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -278,6 +278,7 @@ typedef int (*lookup_ttl_t)(const char *hexgrip);
/*-- gpg-agent.c --*/
void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */
+gpg_error_t agent_copy_startup_env (ctrl_t ctrl);
const char *get_agent_socket_name (void);
const char *get_agent_ssh_socket_name (void);
#ifdef HAVE_W32_SYSTEM
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 2d00512..51d2c54 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3578,38 +3578,6 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
}
-/* Because the ssh protocol does not send us information about the
- current TTY setting, we use this function to use those from startup
- or those explictly set. */
-static gpg_error_t
-setup_ssh_env (ctrl_t ctrl)
-{
- static const char *names[] =
- {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
- gpg_error_t err = 0;
- int idx;
- const char *value;
-
- for (idx=0; !err && names[idx]; idx++)
- if ((value = session_env_getenv (opt.startup_env, names[idx])))
- err = session_env_setenv (ctrl->session_env, names[idx], value);
-
- if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
- if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
- err = gpg_error_from_syserror ();
-
- if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
- if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
- err = gpg_error_from_syserror ();
-
- if (err)
- log_error ("error setting default session environment: %s\n",
- gpg_strerror (err));
-
- return err;
-}
-
-
/* Start serving client on SOCK_CLIENT. */
void
start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
@@ -3618,7 +3586,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
gpg_error_t err;
int ret;
- err = setup_ssh_env (ctrl);
+ err = agent_copy_startup_env (ctrl);
if (err)
goto out;
@@ -3681,7 +3649,7 @@ serve_mmapped_ssh_request (ctrl_t ctrl,
u32 msglen;
estream_t request_stream, response_stream;
- if (setup_ssh_env (ctrl))
+ if (agent_copy_startup_env (ctrl))
goto leave; /* Error setting up the environment. */
if (maxreqlen < 5)
diff --git a/agent/command.c b/agent/command.c
index eba766b..da7e508 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -3113,6 +3113,12 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd)
int rc;
assuan_context_t ctx = NULL;
+ if (ctrl->restricted)
+ {
+ if (agent_copy_startup_env (ctrl))
+ return;
+ }
+
rc = assuan_new (&ctx);
if (rc)
{
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index de40e3b..b053fc5 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1386,6 +1386,39 @@ agent_deinit_default_ctrl (ctrl_t ctrl)
}
+/* Because the ssh protocol does not send us information about the
+ current TTY setting, we use this function to use those from startup
+ or those explictly set. This is also used for the restricted mode
+ where we ignore requests to change the environment. */
+gpg_error_t
+agent_copy_startup_env (ctrl_t ctrl)
+{
+ static const char *names[] =
+ {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
+ gpg_error_t err = 0;
+ int idx;
+ const char *value;
+
+ for (idx=0; !err && names[idx]; idx++)
+ if ((value = session_env_getenv (opt.startup_env, names[idx])))
+ err = session_env_setenv (ctrl->session_env, names[idx], value);
+
+ if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
+ if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
+ err = gpg_error_from_syserror ();
+
+ if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
+ if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
+ err = gpg_error_from_syserror ();
+
+ if (err)
+ log_error ("error setting default session environment: %s\n",
+ gpg_strerror (err));
+
+ return err;
+}
+
+
/* Reread parts of the configuration. Note, that this function is
obviously not thread-safe and should only be called from the PTH
signal handler.
diff --git a/common/session-env.c b/common/session-env.c
index 478d5e3..8f78c10 100644
--- a/common/session-env.c
+++ b/common/session-env.c
@@ -56,7 +56,7 @@ struct session_environment_s
};
-/* A list of environment vribales we pass from the acual user
+/* A list of environment vribales we pass from the actual user
(e.g. gpgme) down to the pinentry. We do not handle the locale
settings because they do not only depend on envvars. */
static struct
commit aad8963f7b9d13b319abd413db8f42ec467db913
Author: Werner Koch <wk at gnupg.org>
Date: Fri Dec 19 12:03:38 2014 +0100
agent: Fix string prepended to remotely initiated prompts.
* agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make
translatable.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/command.c b/agent/command.c
index c875f55..eba766b 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -731,7 +731,7 @@ cmd_setkeydesc (assuan_context_t ctx, char *line)
if (ctrl->restricted)
ctrl->server_local->keydesc = strconcat
- ("Note: Request from a remote site.\n\n", desc, NULL);
+ (_("Note: Request from a remote site."), "%0A%0A", desc, NULL);
else
ctrl->server_local->keydesc = xtrystrdup (desc);
if (!ctrl->server_local->keydesc)
commit abec64f3cb04e49ca48cc476a5830a920e2ebf8f
Author: Werner Koch <wk at gnupg.org>
Date: Thu Dec 18 09:38:41 2014 +0100
build: Remove option to build without agent.
* configure.ac (build-agent): Set to yes.
diff --git a/configure.ac b/configure.ac
index 09e683d..16843f4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -110,7 +110,8 @@ large_secmem=no
GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
-GNUPG_BUILD_PROGRAM(agent, yes)
+# The agent is a required part and can't be disabled anymore.
+build_agent=yes
GNUPG_BUILD_PROGRAM(scdaemon, yes)
GNUPG_BUILD_PROGRAM(g13, yes)
GNUPG_BUILD_PROGRAM(dirmngr, yes)
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 1 +
agent/command-ssh.c | 36 ++----------------------------------
agent/command.c | 8 +++++++-
agent/gpg-agent.c | 33 +++++++++++++++++++++++++++++++++
common/session-env.c | 2 +-
configure.ac | 3 ++-
6 files changed, 46 insertions(+), 37 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list