Proposal with patch: Make socket directory host dependent

Thu Nov 16 13:36:14 CET 2017

Hello

Usually you absolutely do not want to place any private data (keyrings, 
sockets) on a network drive. But there are exceptions when it comes to 
clustering for fail safety and the complete system (including network 
components) is under your full control.

I have this situation: The user home directory of my webmailer is 
located on a network file system so it can be accessed from all nodes 
in the cluster.

common/homedir.c places the socket for the agent communication into the 
same directory. But multiple nodes cannot share the same socket file; 
this causes curious problems.

So the socket files must be node-specific, either by placing them into 
a non-shared directory or by using node-specific files, so that each 
node can run its own gpg-agent for a user.

For this reason, I have patched common/homedir.c to use a 
nodename-specific subdirectory of the user directory for the sockets, 
see below. I am using this patch since long time in our production 
environment.

I'd like to propose to incorporate this patch into GnuPG. It will 
change the default location of the socket files into a subdirectory of 
the previous location but I cannot see any way how it could hurt, 
except that you may need to restart running agents when installing this 
patch.

Signed-off-by: Rainer Perske <perske at uni-muenster.de>

diff -ur gnupg-2.2.2/common/homedir.c gnupg-2.2.2rp/common/homedir.c

--- gnupg-2.2.2/common/homedir.c        2000-01-01 00:00:00.000000000 +0000
+++ gnupg-2.2.2rp/common/homedir.c      2000-01-01 00:00:00.000000000 +0000
@@ -57,7 +57,9 @@
 #include <sys/stat.h> /* for stat() */
 #endif

-
+#ifndef HAVE_W32_SYSTEM
+#include <sys/utsname.h>
+#endif

 #include "util.h"
 #include "sysutils.h"
@@ -547,6 +549,9 @@
   char prefix[13 + 1 + 20 + 6 + 1];
   const char *s;
   char *name = NULL;
+#ifndef HAVE_W32_SYSTEM
+  struct utsname utsbuf;
+#endif

   *r_info = 0;

@@ -694,6 +699,21 @@
     name = xstrdup (prefix);

  leave:
+#ifndef HAVE_W32_SYSTEM
+  /* try hostname specific subdirectory of gnupg_homedir */
+  if (!name && !uname (&utsbuf) && utsbuf.nodename && !strchr (utsbuf.nodename, '/'))
+    {
+      name = xmalloc (strlen (gnupg_homedir ()) + 7 + strlen(utsbuf.nodename) +1);
+      strcpy (name, gnupg_homedir ());
+      strcat (name, "/S.dir.");
+      strcat (name, utsbuf.nodename);
+      if (-1 == gnupg_mkdir (name, "-rwx") && errno != EEXIST)
+        {
+          xfree (name);
+          name = NULL;
+        }
+    }
+#endif
   /* If nothing works fall back to the homedir.  */
   if (!name)
     {

Thank you very much for thinking about it.

Best regards
-- 
Rainer Perske
System operations dept. and director of the certification authority (WWUCA)
Center for Information Processing (university computer center)

Westfälische Wilhelms-Universität
Zentrum für Informationsverarbeitung
Rainer Perske
Röntgenstraße 7-13
48149 Münster
Germany

phone: +49 251 83-31582
fax: +49 251 83-31555
e-mail: rainer.perske at uni-muenster.de
WWW: https://www.uni-muenster.de/ZIV/Mitarbeiter/RainerPerske.shtml
office: room 006, Röntgenstraße 11
site map: http://wwwuv2.uni-muenster.de/uniplan/?action=spot&gebnr=7474

Certification Authority of the University of Münster (WWUCA):
phone: +49 251 83-31590
fax: +49 251 83-31555
e-mail: ca at uni-muenster.de
WWW: https://www.uni-muenster.de/WWUCA/

Center for Information Processing:
phone: +49 251 83-31600 (Mon-Fri 7:30-17:30)
fax: +49 251 83-31555
e-mail: ziv at uni-muenster.de
WWW: https://www.uni-muenster.de/ZIV/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6807 bytes
Desc: S/MIME cryptographic signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171116/3c471c20/attachment.bin>
