diff options
Diffstat (limited to 'agent')
| -rw-r--r-- | agent/agent.h | 1 | ||||
| -rw-r--r-- | agent/command-ssh.c | 36 | ||||
| -rw-r--r-- | agent/command.c | 6 | ||||
| -rw-r--r-- | agent/gpg-agent.c | 33 |
4 files changed, 42 insertions, 34 deletions
diff --git a/agent/agent.h b/agent/agent.h index a1663cd56..c7c65afa7 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -278,6 +278,7 @@ typedef int (*lookup_ttl_t)(const char *hexgrip); /*-- gpg-agent.c --*/ void agent_exit (int rc) JNLIB_GCC_A_NR; /* Also implemented in other tools */ +gpg_error_t agent_copy_startup_env (ctrl_t ctrl); const char *get_agent_socket_name (void); const char *get_agent_ssh_socket_name (void); #ifdef HAVE_W32_SYSTEM diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 2d0051230..51d2c5404 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -3578,38 +3578,6 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) } -/* Because the ssh protocol does not send us information about the - current TTY setting, we use this function to use those from startup - or those explictly set. */ -static gpg_error_t -setup_ssh_env (ctrl_t ctrl) -{ - static const char *names[] = - {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL}; - gpg_error_t err = 0; - int idx; - const char *value; - - for (idx=0; !err && names[idx]; idx++) - if ((value = session_env_getenv (opt.startup_env, names[idx]))) - err = session_env_setenv (ctrl->session_env, names[idx], value); - - if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype) - if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype))) - err = gpg_error_from_syserror (); - - if (!err && !ctrl->lc_messages && opt.startup_lc_messages) - if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages))) - err = gpg_error_from_syserror (); - - if (err) - log_error ("error setting default session environment: %s\n", - gpg_strerror (err)); - - return err; -} - - /* Start serving client on SOCK_CLIENT. */ void start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) @@ -3618,7 +3586,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) gpg_error_t err; int ret; - err = setup_ssh_env (ctrl); + err = agent_copy_startup_env (ctrl); if (err) goto out; @@ -3681,7 +3649,7 @@ serve_mmapped_ssh_request (ctrl_t ctrl, u32 msglen; estream_t request_stream, response_stream; - if (setup_ssh_env (ctrl)) + if (agent_copy_startup_env (ctrl)) goto leave; /* Error setting up the environment. */ if (maxreqlen < 5) diff --git a/agent/command.c b/agent/command.c index eba766bc4..da7e50857 100644 --- a/agent/command.c +++ b/agent/command.c @@ -3113,6 +3113,12 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) int rc; assuan_context_t ctx = NULL; + if (ctrl->restricted) + { + if (agent_copy_startup_env (ctrl)) + return; + } + rc = assuan_new (&ctx); if (rc) { diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index de40e3b4e..b053fc59f 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1386,6 +1386,39 @@ agent_deinit_default_ctrl (ctrl_t ctrl) } +/* Because the ssh protocol does not send us information about the + current TTY setting, we use this function to use those from startup + or those explictly set. This is also used for the restricted mode + where we ignore requests to change the environment. */ +gpg_error_t +agent_copy_startup_env (ctrl_t ctrl) +{ + static const char *names[] = + {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL}; + gpg_error_t err = 0; + int idx; + const char *value; + + for (idx=0; !err && names[idx]; idx++) + if ((value = session_env_getenv (opt.startup_env, names[idx]))) + err = session_env_setenv (ctrl->session_env, names[idx], value); + + if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype) + if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype))) + err = gpg_error_from_syserror (); + + if (!err && !ctrl->lc_messages && opt.startup_lc_messages) + if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages))) + err = gpg_error_from_syserror (); + + if (err) + log_error ("error setting default session environment: %s\n", + gpg_strerror (err)); + + return err; +} + + /* Reread parts of the configuration. Note, that this function is obviously not thread-safe and should only be called from the PTH signal handler. |