[git] GnuPG - branch, master, updated. gnupg-2.1.4-24-g985918a
by Werner Koch
cvs at cvs.gnupg.org
Thu Jun 11 09:48:04 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 985918aab025cf0ac9db411b88a47c4b985e5e95 (commit)
via 008435b95cbca19adc217178dc9d793eca584345 (commit)
from 691dae270b3b741178912599724d69adabdb48b9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 985918aab025cf0ac9db411b88a47c4b985e5e95
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jun 11 09:43:32 2015 +0200
agent: Fix --extra-socket on Windows.
* agent/gpg-agent.c (start_connection_thread): Rename to ...
(do_start_connection_thread): this. Factor nonce checking out to ...
(start_connection_thread_std): this,
(start_connection_thread_extra): this,
(start_connection_thread_browser): and this.
--
Although not tested, the code did not worked on Windows becuase we
were checning the wrong nonce.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 18beca9..e721d8a 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2166,15 +2166,8 @@ putty_message_thread (void *arg)
static void *
-start_connection_thread (ctrl_t ctrl)
+do_start_connection_thread (ctrl_t ctrl)
{
- if (check_nonce (ctrl, &socket_nonce))
- {
- log_error ("handler 0x%lx nonce check FAILED\n",
- (unsigned long) npth_self());
- return NULL;
- }
-
agent_init_default_ctrl (ctrl);
if (opt.verbose)
log_info (_("handler 0x%lx for fd %d started\n"),
@@ -2197,7 +2190,14 @@ start_connection_thread_std (void *arg)
{
ctrl_t ctrl = arg;
- return start_connection_thread (ctrl);
+ if (check_nonce (ctrl, &socket_nonce))
+ {
+ log_error ("handler 0x%lx nonce check FAILED\n",
+ (unsigned long) npth_self());
+ return NULL;
+ }
+
+ return do_start_connection_thread (ctrl);
}
@@ -2207,8 +2207,15 @@ start_connection_thread_extra (void *arg)
{
ctrl_t ctrl = arg;
+ if (check_nonce (ctrl, &socket_nonce_extra))
+ {
+ log_error ("handler 0x%lx nonce check FAILED\n",
+ (unsigned long) npth_self());
+ return NULL;
+ }
+
ctrl->restricted = 1;
- return start_connection_thread (ctrl);
+ return do_start_connection_thread (ctrl);
}
@@ -2218,8 +2225,15 @@ start_connection_thread_browser (void *arg)
{
ctrl_t ctrl = arg;
+ if (check_nonce (ctrl, &socket_nonce_browser))
+ {
+ log_error ("handler 0x%lx nonce check FAILED\n",
+ (unsigned long) npth_self());
+ return NULL;
+ }
+
ctrl->restricted = 2;
- return start_connection_thread (ctrl);
+ return do_start_connection_thread (ctrl);
}
commit 008435b95cbca19adc217178dc9d793eca584345
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jun 11 09:36:27 2015 +0200
agent: Add experimental option --browser-socket.
* agent/agent.h (opt): Add field "browser_socket".
* agent/command.c (cmd_setkeydesc): Use a different message for
restricted==2.
* agent/gpg-agent.c (oBrowserSocket): New.
(opts): Add --browser-socket.
(socket_name_browser, redir_socket_name_browser): New.
(socket_nonce_browser): New.
(cleanup): Cleanup browser socket.
(main): Implement option.
(start_connection_thread_browser): New.
(handle_connections): Add arg listen_fd_browser and use it.
--
This is very similar to --extra-socket but intended to be used by a web
browser session. AS of now it only displays a different "Note: in
the Pinentry than --extra-socket but it may eventually be tweaked for
the use by browser extensions making use of gpg-agent.
It is marked experimental and and thus may be removed in later
versions.
To better support the different "client classes", it would be useful
to add corresponsing cache classes so that each class has its own
cache.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/agent.h b/agent/agent.h
index ab8dc9f..cabb821 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -147,6 +147,12 @@ struct
that we use a hack for cleanup handling in gpg-agent.c: If the
value is less than 2 the name has not yet been malloced. */
int extra_socket;
+
+ /* This global options indicates the use of an extra socket for web
+ browsers. Note that we use a hack for cleanup handling in
+ gpg-agent.c: If the value is less than 2 the name has not yet
+ been malloced. */
+ int browser_socket;
} opt;
@@ -188,7 +194,9 @@ struct server_control_s
gnupg_fd_t fd;
} thread_startup;
- /* Flag indicating the connection is run in restricted mode. */
+ /* Flag indicating the connection is run in restricted mode.
+ A value of 1 if used for --extra-socket,
+ a value of 2 is used for --browser-socket. */
int restricted;
/* Private data of the server (command.c). */
diff --git a/agent/command.c b/agent/command.c
index 82d93e9..ccd5106 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -730,8 +730,12 @@ cmd_setkeydesc (assuan_context_t ctx, char *line)
xfree (ctrl->server_local->keydesc);
if (ctrl->restricted)
- ctrl->server_local->keydesc = strconcat
- (_("Note: Request from a remote site."), "%0A%0A", desc, NULL);
+ {
+ ctrl->server_local->keydesc = strconcat
+ ((ctrl->restricted == 2
+ ? _("Note: Request from the web browser.")
+ : _("Note: Request from a remote site.") ), "%0A%0A", desc, NULL);
+ }
else
ctrl->server_local->keydesc = xtrystrdup (desc);
if (!ctrl->server_local->keydesc)
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 2acb650..18beca9 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -112,6 +112,7 @@ enum cmd_and_opt_values
oUseStandardSocket,
oNoUseStandardSocket,
oExtraSocket,
+ oBrowserSocket,
oFakedSystemTime,
oIgnoreCacheForSigning,
@@ -174,6 +175,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oExtraSocket, "extra-socket",
/* */ N_("|NAME|accept some commands via NAME")),
+ ARGPARSE_s_s (oBrowserSocket, "browser-socket", "@"),
+
ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
ARGPARSE_s_n (oBatch, "batch", "@"),
@@ -304,6 +307,10 @@ static char *redir_socket_name;
static char *socket_name_extra;
static char *redir_socket_name_extra;
+/* Name of the optional browser socket used for native gpg-agent requests. */
+static char *socket_name_browser;
+static char *redir_socket_name_browser;
+
/* Name of the communication socket used for ssh-agent-emulation. */
static char *socket_name_ssh;
static char *redir_socket_name_ssh;
@@ -312,6 +319,7 @@ static char *redir_socket_name_ssh;
POSIX systems). */
static assuan_sock_nonce_t socket_nonce;
static assuan_sock_nonce_t socket_nonce_extra;
+static assuan_sock_nonce_t socket_nonce_browser;
static assuan_sock_nonce_t socket_nonce_ssh;
@@ -357,6 +365,7 @@ static void agent_deinit_default_ctrl (ctrl_t ctrl);
static void handle_connections (gnupg_fd_t listen_fd,
gnupg_fd_t listen_fd_extra,
+ gnupg_fd_t listen_fd_browser,
gnupg_fd_t listen_fd_ssh);
static void check_own_socket (void);
static int check_for_running_agent (int silent);
@@ -532,6 +541,8 @@ cleanup (void)
remove_socket (socket_name, redir_socket_name);
if (opt.extra_socket > 1)
remove_socket (socket_name_extra, redir_socket_name_extra);
+ if (opt.browser_socket > 1)
+ remove_socket (socket_name_browser, redir_socket_name_browser);
remove_socket (socket_name_ssh, redir_socket_name_ssh);
}
@@ -925,6 +936,11 @@ main (int argc, char **argv )
socket_name_extra = pargs.r.ret_str;
break;
+ case oBrowserSocket:
+ opt.browser_socket = 1; /* (1 = points into argv) */
+ socket_name_browser = pargs.r.ret_str;
+ break;
+
case oDebugQuickRandom:
/* Only used by the first stage command line parser. */
break;
@@ -1141,6 +1157,7 @@ main (int argc, char **argv )
{ /* Regular server mode */
gnupg_fd_t fd;
gnupg_fd_t fd_extra = GNUPG_INVALID_FD;
+ gnupg_fd_t fd_browser = GNUPG_INVALID_FD;
gnupg_fd_t fd_ssh = GNUPG_INVALID_FD;
pid_t pid;
@@ -1169,6 +1186,15 @@ main (int argc, char **argv )
&socket_nonce_extra);
}
+ if (opt.browser_socket)
+ {
+ socket_name_browser = create_socket_name (socket_name_browser, 0);
+ opt.browser_socket = 2; /* Indicate that it has been malloced. */
+ fd_browser = create_server_socket (socket_name_browser, 0,
+ &redir_socket_name_browser,
+ &socket_nonce_browser);
+ }
+
if (opt.ssh_support)
{
socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1);
@@ -1240,6 +1266,8 @@ main (int argc, char **argv )
the child should do this from now on */
if (opt.extra_socket)
*socket_name_extra = 0;
+ if (opt.browser_socket)
+ *socket_name_browser = 0;
if (opt.ssh_support)
*socket_name_ssh = 0;
@@ -1350,7 +1378,7 @@ main (int argc, char **argv )
#endif /*!HAVE_W32_SYSTEM*/
log_info ("%s %s started\n", strusage(11), strusage(13) );
- handle_connections (fd, fd_extra, fd_ssh);
+ handle_connections (fd, fd_extra, fd_browser, fd_ssh);
assuan_sock_close (fd);
}
@@ -2184,6 +2212,17 @@ start_connection_thread_extra (void *arg)
}
+/* This is the browser socket connection thread's main function. */
+static void *
+start_connection_thread_browser (void *arg)
+{
+ ctrl_t ctrl = arg;
+
+ ctrl->restricted = 2;
+ return start_connection_thread (ctrl);
+}
+
+
/* This is the ssh connection thread's main function. */
static void *
start_connection_thread_ssh (void *arg)
@@ -2214,6 +2253,7 @@ start_connection_thread_ssh (void *arg)
static void
handle_connections (gnupg_fd_t listen_fd,
gnupg_fd_t listen_fd_extra,
+ gnupg_fd_t listen_fd_browser,
gnupg_fd_t listen_fd_ssh)
{
npth_attr_t tattr;
@@ -2236,9 +2276,10 @@ handle_connections (gnupg_fd_t listen_fd,
void *(*func) (void *arg);
gnupg_fd_t l_fd;
} listentbl[] = {
- { "std", start_connection_thread_std },
- { "extra",start_connection_thread_extra },
- { "ssh", start_connection_thread_ssh }
+ { "std", start_connection_thread_std },
+ { "extra", start_connection_thread_extra },
+ { "browser", start_connection_thread_browser },
+ { "ssh", start_connection_thread_ssh }
};
@@ -2296,6 +2337,12 @@ handle_connections (gnupg_fd_t listen_fd,
if (FD2INT (listen_fd_extra) > nfd)
nfd = FD2INT (listen_fd_extra);
}
+ if (listen_fd_browser != GNUPG_INVALID_FD)
+ {
+ FD_SET ( FD2INT(listen_fd_browser), &fdset);
+ if (FD2INT (listen_fd_browser) > nfd)
+ nfd = FD2INT (listen_fd_browser);
+ }
if (listen_fd_ssh != GNUPG_INVALID_FD)
{
FD_SET ( FD2INT(listen_fd_ssh), &fdset);
@@ -2305,7 +2352,8 @@ handle_connections (gnupg_fd_t listen_fd,
listentbl[0].l_fd = listen_fd;
listentbl[1].l_fd = listen_fd_extra;
- listentbl[2].l_fd = listen_fd_ssh;
+ listentbl[2].l_fd = listen_fd_browser;
+ listentbl[3].l_fd = listen_fd_ssh;
npth_clock_gettime (&abstime);
abstime.tv_sec += TIMERTICK_INTERVAL;
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 10 +++++-
agent/command.c | 8 +++--
agent/gpg-agent.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++---------
3 files changed, 92 insertions(+), 18 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list