diff options
Diffstat (limited to '')
| -rw-r--r-- | agent/agent.h | 10 | ||||
| -rw-r--r-- | agent/command.c | 8 | ||||
| -rw-r--r-- | agent/gpg-agent.c | 58 |
3 files changed, 68 insertions, 8 deletions
diff --git a/agent/agent.h b/agent/agent.h index ab8dc9f22..cabb82142 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -147,6 +147,12 @@ struct that we use a hack for cleanup handling in gpg-agent.c: If the value is less than 2 the name has not yet been malloced. */ int extra_socket; + + /* This global options indicates the use of an extra socket for web + browsers. Note that we use a hack for cleanup handling in + gpg-agent.c: If the value is less than 2 the name has not yet + been malloced. */ + int browser_socket; } opt; @@ -188,7 +194,9 @@ struct server_control_s gnupg_fd_t fd; } thread_startup; - /* Flag indicating the connection is run in restricted mode. */ + /* Flag indicating the connection is run in restricted mode. + A value of 1 if used for --extra-socket, + a value of 2 is used for --browser-socket. */ int restricted; /* Private data of the server (command.c). */ diff --git a/agent/command.c b/agent/command.c index 82d93e954..ccd51069b 100644 --- a/agent/command.c +++ b/agent/command.c @@ -730,8 +730,12 @@ cmd_setkeydesc (assuan_context_t ctx, char *line) xfree (ctrl->server_local->keydesc); if (ctrl->restricted) - ctrl->server_local->keydesc = strconcat - (_("Note: Request from a remote site."), "%0A%0A", desc, NULL); + { + ctrl->server_local->keydesc = strconcat + ((ctrl->restricted == 2 + ? _("Note: Request from the web browser.") + : _("Note: Request from a remote site.") ), "%0A%0A", desc, NULL); + } else ctrl->server_local->keydesc = xtrystrdup (desc); if (!ctrl->server_local->keydesc) diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 2acb65063..18beca9ca 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -112,6 +112,7 @@ enum cmd_and_opt_values oUseStandardSocket, oNoUseStandardSocket, oExtraSocket, + oBrowserSocket, oFakedSystemTime, oIgnoreCacheForSigning, @@ -174,6 +175,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oExtraSocket, "extra-socket", /* */ N_("|NAME|accept some commands via NAME")), + ARGPARSE_s_s (oBrowserSocket, "browser-socket", "@"), + ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), ARGPARSE_s_n (oBatch, "batch", "@"), @@ -304,6 +307,10 @@ static char *redir_socket_name; static char *socket_name_extra; static char *redir_socket_name_extra; +/* Name of the optional browser socket used for native gpg-agent requests. */ +static char *socket_name_browser; +static char *redir_socket_name_browser; + /* Name of the communication socket used for ssh-agent-emulation. */ static char *socket_name_ssh; static char *redir_socket_name_ssh; @@ -312,6 +319,7 @@ static char *redir_socket_name_ssh; POSIX systems). */ static assuan_sock_nonce_t socket_nonce; static assuan_sock_nonce_t socket_nonce_extra; +static assuan_sock_nonce_t socket_nonce_browser; static assuan_sock_nonce_t socket_nonce_ssh; @@ -357,6 +365,7 @@ static void agent_deinit_default_ctrl (ctrl_t ctrl); static void handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_extra, + gnupg_fd_t listen_fd_browser, gnupg_fd_t listen_fd_ssh); static void check_own_socket (void); static int check_for_running_agent (int silent); @@ -532,6 +541,8 @@ cleanup (void) remove_socket (socket_name, redir_socket_name); if (opt.extra_socket > 1) remove_socket (socket_name_extra, redir_socket_name_extra); + if (opt.browser_socket > 1) + remove_socket (socket_name_browser, redir_socket_name_browser); remove_socket (socket_name_ssh, redir_socket_name_ssh); } @@ -925,6 +936,11 @@ main (int argc, char **argv ) socket_name_extra = pargs.r.ret_str; break; + case oBrowserSocket: + opt.browser_socket = 1; /* (1 = points into argv) */ + socket_name_browser = pargs.r.ret_str; + break; + case oDebugQuickRandom: /* Only used by the first stage command line parser. */ break; @@ -1141,6 +1157,7 @@ main (int argc, char **argv ) { /* Regular server mode */ gnupg_fd_t fd; gnupg_fd_t fd_extra = GNUPG_INVALID_FD; + gnupg_fd_t fd_browser = GNUPG_INVALID_FD; gnupg_fd_t fd_ssh = GNUPG_INVALID_FD; pid_t pid; @@ -1169,6 +1186,15 @@ main (int argc, char **argv ) &socket_nonce_extra); } + if (opt.browser_socket) + { + socket_name_browser = create_socket_name (socket_name_browser, 0); + opt.browser_socket = 2; /* Indicate that it has been malloced. */ + fd_browser = create_server_socket (socket_name_browser, 0, + &redir_socket_name_browser, + &socket_nonce_browser); + } + if (opt.ssh_support) { socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME, 1); @@ -1240,6 +1266,8 @@ main (int argc, char **argv ) the child should do this from now on */ if (opt.extra_socket) *socket_name_extra = 0; + if (opt.browser_socket) + *socket_name_browser = 0; if (opt.ssh_support) *socket_name_ssh = 0; @@ -1350,7 +1378,7 @@ main (int argc, char **argv ) #endif /*!HAVE_W32_SYSTEM*/ log_info ("%s %s started\n", strusage(11), strusage(13) ); - handle_connections (fd, fd_extra, fd_ssh); + handle_connections (fd, fd_extra, fd_browser, fd_ssh); assuan_sock_close (fd); } @@ -2184,6 +2212,17 @@ start_connection_thread_extra (void *arg) } +/* This is the browser socket connection thread's main function. */ +static void * +start_connection_thread_browser (void *arg) +{ + ctrl_t ctrl = arg; + + ctrl->restricted = 2; + return start_connection_thread (ctrl); +} + + /* This is the ssh connection thread's main function. */ static void * start_connection_thread_ssh (void *arg) @@ -2214,6 +2253,7 @@ start_connection_thread_ssh (void *arg) static void handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_extra, + gnupg_fd_t listen_fd_browser, gnupg_fd_t listen_fd_ssh) { npth_attr_t tattr; @@ -2236,9 +2276,10 @@ handle_connections (gnupg_fd_t listen_fd, void *(*func) (void *arg); gnupg_fd_t l_fd; } listentbl[] = { - { "std", start_connection_thread_std }, - { "extra",start_connection_thread_extra }, - { "ssh", start_connection_thread_ssh } + { "std", start_connection_thread_std }, + { "extra", start_connection_thread_extra }, + { "browser", start_connection_thread_browser }, + { "ssh", start_connection_thread_ssh } }; @@ -2296,6 +2337,12 @@ handle_connections (gnupg_fd_t listen_fd, if (FD2INT (listen_fd_extra) > nfd) nfd = FD2INT (listen_fd_extra); } + if (listen_fd_browser != GNUPG_INVALID_FD) + { + FD_SET ( FD2INT(listen_fd_browser), &fdset); + if (FD2INT (listen_fd_browser) > nfd) + nfd = FD2INT (listen_fd_browser); + } if (listen_fd_ssh != GNUPG_INVALID_FD) { FD_SET ( FD2INT(listen_fd_ssh), &fdset); @@ -2305,7 +2352,8 @@ handle_connections (gnupg_fd_t listen_fd, listentbl[0].l_fd = listen_fd; listentbl[1].l_fd = listen_fd_extra; - listentbl[2].l_fd = listen_fd_ssh; + listentbl[2].l_fd = listen_fd_browser; + listentbl[3].l_fd = listen_fd_ssh; npth_clock_gettime (&abstime); abstime.tv_sec += TIMERTICK_INTERVAL; |