diff options
author | aszlig <aszlig@redmoonstudios.org> | 2016-11-28 07:23:27 +0100 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2016-11-28 07:23:27 +0100 |
commit | 676e914486e42eaa7743901638817ba6c203c05e (patch) | |
tree | 142852348a8a97acd4d30a024cacabf2955ef4d1 /modules/programs/gnupg/agent-wrapper.c | |
parent | 0552f647960ce5164cbae4556000baf7e8bc9906 (diff) |
modules/gnupg: Support --supervised since 2.1.16
See the release announcement at: https://lists.gnupg.org/pipermail/gnupg-announce/2016q4/000398.html Unfortunately we still need the wrapper, because we need to pick up the PID of the socket endpoint in order to gather various information we can pass to pinentry (which then for example can recognize that the actual SSH client is using X or is using a particular TTY). On the upside however, this is a step into a direction I didn't imagine to happen anytime soon, given the following statement from Werner Koch back then: https://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029104.html However I don't think the way I'm picking up the PID and doing inspection of /proc/PID is going to happen in upstream GnuPG anytime soon. But after cleaning up and doing it as a patch I might now consider upstreaming it. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'modules/programs/gnupg/agent-wrapper.c')
-rw-r--r-- | modules/programs/gnupg/agent-wrapper.c | 54 |
1 files changed, 40 insertions, 14 deletions
diff --git a/modules/programs/gnupg/agent-wrapper.c b/modules/programs/gnupg/agent-wrapper.c index b5e623bc..d9cb7a0e 100644 --- a/modules/programs/gnupg/agent-wrapper.c +++ b/modules/programs/gnupg/agent-wrapper.c @@ -11,21 +11,19 @@ #include <sys/un.h> #include <systemd/sd-daemon.h> +#ifndef SUPERVISOR_SUPPORT static int main_fd = 0; -static int ssh_fd = 0; static int scdaemon_fd = 0; +#endif -/* Get a systemd file descriptor corresponding to the specified socket path. - * - * Return values: - * -1 Socket path not a systemd socket - * -2 Provided socket path is not absolute - * -3 No suitable file descriptors in LISTEN_FDS - * -4 Error while determining LISTEN_FDS - */ -static int get_sd_fd(const char *sockpath) -{ +static int ssh_fd = 0; + +static int gather_sd_fds(void) { +#ifdef SUPERVISOR_SUPPORT + if (ssh_fd == 0) { +#else if (main_fd == 0 && ssh_fd == 0 && scdaemon_fd == 0) { +#endif int num_fds; char **fdmap = NULL; void *libsystemd = NULL; @@ -55,12 +53,14 @@ static int get_sd_fd(const char *sockpath) if (fdmap != NULL) { for (int i = 0; i < num_fds; i++) { - if (strncmp(fdmap[i], "main", 5) == 0) - main_fd = SD_LISTEN_FDS_START + i; - else if (strncmp(fdmap[i], "ssh", 4) == 0) + if (strncmp(fdmap[i], "ssh", 4) == 0) ssh_fd = SD_LISTEN_FDS_START + i; +#ifndef SUPERVISOR_SUPPORT + else if (strncmp(fdmap[i], "main", 5) == 0) + main_fd = SD_LISTEN_FDS_START + i; else if (strncmp(fdmap[i], "scdaemon", 9) == 0) scdaemon_fd = SD_LISTEN_FDS_START + i; +#endif free(fdmap[i]); } free(fdmap); @@ -70,6 +70,26 @@ static int get_sd_fd(const char *sockpath) return -1; } + return 0; +} + +#ifndef SUPERVISOR_SUPPORT + +/* Get a systemd file descriptor corresponding to the specified socket path. + * + * Return values: + * -1 Socket path not a systemd socket + * -2 Provided socket path is not absolute + * -3 No suitable file descriptors in LISTEN_FDS + * -4 Error while determining LISTEN_FDS + */ +static int get_sd_fd(const char *sockpath) +{ + int ret; + + if ((ret = gather_sd_fds()) != 0) + return ret; + char *basename = strrchr(sockpath, '/'); if (basename == NULL) return -2; @@ -215,6 +235,8 @@ pid_t fork(void) return _fork(); } +#endif /* !SUPERVISOR_SUPPORT */ + /* Get the PID of the client connected to the given socket FD. */ static pid_t get_socket_pid(int sockfd) { @@ -247,6 +269,10 @@ int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen) last_pid = 0; +#ifdef SUPERVISOR_SUPPORT + if (ssh_fd == 0) gather_sd_fds(); +#endif + if (retval != -1 && ssh_fd != 0 && sockfd == ssh_fd) { pid_t client_pid = get_socket_pid(retval); if (client_pid == -1) { |