[RFC PATCH 1/2] Get GPG Agent's socket directly from the agent.

Damien Goutte-Gattat dgouttegattat at incenp.org
Mon Jan 16 13:26:59 CET 2017


* src/agent.c (agent_connect): Call gpg-connect-agent to get
the socket for a running agent.
* src/get-path.c (get_gpg_connect_agent_path): New function.
* src/support.h (get_gpg_connect_agent_path): New prototype.
* configure.ac: New option --with-gpg-connect-agent-path.
--

This patch replaces all the logic needed to find the socket for
a running GnuPG Agent by a single call to gpg-connect-agent.
This will ensure we will always be able to find the agent,
without having to duplicate the logic already implement in
GnuPG. Gpg-connect-agent will also take care of starting the
agent if it's not already running.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 configure.ac   |  37 +++++++++++++
 src/agent.c    | 172 ++++++++++++++-------------------------------------------
 src/get-path.c |  17 ++++++
 src/support.h  |   1 +
 4 files changed, 95 insertions(+), 132 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1e4137d..8567a3a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -232,12 +232,14 @@ AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")
 
 GPGSM_DEFAULT=no
 GPG_AGENT_DEFAULT=no
+GPG_CONNECT_AGENT_DEFAULT=no
 have_w32_system=no
 case "${host}" in
     *-mingw32*)
         # special stuff for Windoze NT
 	GPGSM_DEFAULT='c:\\gnupg\\gpgsm.exe'
         GPG_AGENT_DEFAULT='c:\\gnupg\\gpg-agent.exe'
+        GPG_CONNECT_AGENT_DEFAULT='c:\\gnupg\\gpg-connect-agent.exe'
 	have_w32_system=yes
         ;;
     *)
@@ -406,6 +408,41 @@ else
 fi
 AM_CONDITIONAL(HAVE_GPG_AGENT, test "$GPG_AGENT" != "no")
 
+# GPG_CONNECT_AGENT
+NO_OVERRIDE=no
+AC_ARG_WITH(gpg-connect-agent,
+            AC_HELP_STRING([--with-gpg-connect-agent=PATH],
+                           [use gpg-connect-agent binary at PATH]),
+            GPG_CONNECT_AGENT=$withval, NO_OVERRIDE=yes)
+if test "$NO_OVERRIDE" = "yes" || test "$GPG_CONNECT_AGENT" = "yes"; then
+  GPG_CONNECT_AGENT=
+  NO_OVERRIDE=yes
+  if test "$cross_compiling" != "yes"; then
+    AC_PATH_PROG(GPG_CONNECT_AGENT, gpg-connect-agent)
+  fi
+  if test -z "$GPG_CONNECT_AGENT"; then
+    GPG_CONNECT_AGENT="$GPG_CONNECT_AGENT_DEFAULT"
+  fi
+fi
+if test "$GPG_CONNECT_AGENT" = no; then
+  if test "$NO_OVERRIDE" = "yes"; then
+    if test "$cross_compiling" != "yes"; then
+      AC_MSG_WARN([
+***
+*** Could not find gpg-connect-agent, use --with-gpg-connect-agent=PATH to enable it
+***])
+    else
+      AC_MSG_WARN([
+***
+*** Can not determine path to gpg-connect-agent when cross-compiling, use --with-gpg-connect-agent=PATH
+***])
+    fi
+  fi
+else
+  AC_DEFINE_UNQUOTED(GPG_CONNECT_AGENT_PATH, "$GPG_CONNECT_AGENT",
+                     [Path to the GPG_CONNECT_AGENT binary.])
+fi
+
 
 # Checks for header files.
 AC_HEADER_STDC
diff --git a/src/agent.c b/src/agent.c
index 75d4933..6ee106c 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -233,151 +233,59 @@ spawn_process_detached (const char *pgmname, const char *argv[])
 static gpg_error_t
 agent_connect (assuan_context_t *ctx_r)
 {
-  /* If we ever failed to connect via a socket we will force the use
-     of the pipe based server for the lifetime of the process.  */
-  static int force_pipe_server = 0;
-
   gpg_error_t err = 0;
-  char *infostr;
-  char *ptr;
   assuan_context_t ctx = NULL;
+  char buffer[255];
+  FILE *p;
 
-  err = assuan_new (&ctx);
-  if (err)
-    return err;
-
- restart:
-
-  infostr = force_pipe_server ? NULL : getenv ("GPG_AGENT_INFO");
-  if (!infostr || !*infostr)
-    {
-      char *sockname;
-
-      /* First check whether we can connect at the standard
-         socket.  */
-      sockname = make_filename (default_homedir (), "S.gpg-agent", NULL);
-      if (! sockname)
-	return gpg_error_from_errno (errno);
-
-      err = assuan_socket_connect (ctx, sockname, 0, 0);
-      if (err)
-        {
-	  const char *agent_program;
-
-          /* With no success start a new server.  */
-	  DEBUG (DBG_INFO, "no running GPG agent at %s, starting one\n",
-		 sockname);
-
-          agent_program = get_gpg_agent_path ();
-
+  /* Use gpg-connect-agent to obtain the socket name
+   * directly from the agent itself. */
+  snprintf (buffer, sizeof buffer, "%s 'GETINFO socket_name' /bye",
+            get_gpg_connect_agent_path ());
 #ifdef HAVE_W32_SYSTEM
-          {
-            /* Under Windows we start the server in daemon mode.  This
-               is because the default is to use the standard socket
-               and thus there is no need for the GPG_AGENT_INFO
-               envvar.  This is possible as we don't have a real unix
-               domain socket but use a plain file and thus there is no
-               need to care about non-local file systems. */
-            const char *argv[3];
-
-            argv[0] = "--daemon";
-            argv[1] = "--use-standard-socket";
-            argv[2] = NULL;
-
-            err = spawn_process_detached (agent_program, argv);
-            if (err)
-              DEBUG (DBG_CRIT, "failed to start agent `%s': %s\n",
-		     agent_program, gpg_strerror (err));
-            else
-              {
-                /* Give the agent some time to prepare itself. */
-                Sleep (3 * 1000);
-                /* Now try again to connect the agent.  */
-                err = assuan_socket_connect (ctx_r, sockname, 0, 0);
-              }
-          }
-#else /*!HAVE_W32_SYSTEM*/
-          {
-            const char *pgmname;
-            const char *argv[3];
-            int no_close_list[3];
-            int i;
-
-            if ( !(pgmname = strrchr (agent_program, '/')))
-              pgmname = agent_program;
-            else
-              pgmname++;
-
-            argv[0] = pgmname;
-            argv[1] = "--server";
-            argv[2] = NULL;
-
-            i=0;
-            no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
-            no_close_list[i] = -1;
-
-            /* Connect to the agent and perform initial handshaking. */
-            err = assuan_pipe_connect (ctx, agent_program, argv,
-				       no_close_list, NULL, NULL, 0);
-          }
-#endif /*!HAVE_W32_SYSTEM*/
-        }
-      free (sockname);
-    }
-  else
+  p = _popen (buffer, "r");
+#else
+  p = popen (buffer, "r");
+#endif
+  if (p)
     {
-      int pid;
-      int protocol_version;
+      int ret;
 
-      infostr = strdup (infostr);
-      if (!infostr)
-	return gpg_error_from_errno (errno);
-
-      if (!(ptr = strchr (infostr, PATHSEP_C)) || ptr == infostr)
-	{
-	  DEBUG (DBG_CRIT, "malformed GPG_AGENT_INFO environment variable");
-	  free (infostr);
-	  force_pipe_server = 1;
-	  goto restart;
-	}
-
-      *(ptr++) = 0;
-      pid = atoi (ptr);
-      while (*ptr && *ptr != PATHSEP_C)
-	ptr++;
-      protocol_version = *ptr ? atoi (ptr + 1) : 0;
-      if (protocol_version != 1)
-	{
-	  DEBUG (DBG_CRIT, "GPG agent protocol version '%d' not supported",
-		 protocol_version);
-	  free (infostr);
-	  force_pipe_server = 1;
-	  goto restart;
-	}
+      ret = fscanf (p, "D %254s\nOK\n", buffer);
+      if (ret == EOF)       /* I/O error? */
+        err = gpg_error_from_errno (errno);
+      else if (ret != 1)    /* Unexpected reply */
+        err = gpg_error (GPG_ERR_NO_AGENT);
 
-      err = assuan_socket_connect (ctx, infostr, pid, 0);
-      free (infostr);
-      if (err)
-	{
-	  DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err));
-	  force_pipe_server = 1;
-	  goto restart;
-	}
+      pclose (p);
     }
+  else
+    err = gpg_error_from_errno (errno);
 
-  if (err)
+  /* Then connect to the socket we got. */
+  if (!err)
     {
-      assuan_release (ctx);
-      DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err));
-      return gpg_error (GPG_ERR_NO_AGENT);
+      err = assuan_new (&ctx);
+      if (!err)
+        {
+          err = assuan_socket_connect (ctx, buffer, 0, 0);
+          if (!err)
+            {
+              *ctx_r = ctx;
+              if (_scute_debug_flags & DBG_ASSUAN)
+                assuan_set_log_stream (*ctx_r, _scute_debug_stream);
+            }
+          else
+            assuan_release (ctx);
+        }
     }
 
-  if (_scute_debug_flags & DBG_ASSUAN)
-    assuan_set_log_stream (*ctx_r, _scute_debug_stream);
-
-  *ctx_r = ctx;
+  /* We do not try any harder. If gpg-connect-agent somehow failed
+   * to give us a suitable socket, we probably cannot do better. */
+  if (err)
+    DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err));
 
-  return 0;
+  return err;
 }
 
 
diff --git a/src/get-path.c b/src/get-path.c
index 0abd863..cb0a136 100644
--- a/src/get-path.c
+++ b/src/get-path.c
@@ -335,6 +335,23 @@ get_gpg_agent_path (void)
 }
 
 
+const char *
+get_gpg_connect_agent_path (void)
+{
+  static const char *pgmname;
+
+#ifdef HAVE_W32_SYSTEM
+  if (!pgmname)
+    pgmname = find_program_in_inst_dir ("gpg-connect-agent.exe");
+  if (!pgmname)
+    pgmname = find_program_at_standard_place ("GNU\\GnuPG\\gpg-connect-agent.exe");
+#endif
+  if (!pgmname)
+    pgmname = GPG_CONNECT_AGENT_PATH;
+  return pgmname;
+}
+
+
 
 /* Home directory.  */
 
diff --git a/src/support.h b/src/support.h
index 3356224..739d124 100644
--- a/src/support.h
+++ b/src/support.h
@@ -85,6 +85,7 @@ stpcpy (char *a, const char *b)
 
 const char *get_gpgsm_path (void);
 const char *get_gpg_agent_path (void);
+const char *get_gpg_connect_agent_path (void);
 
 /* Set up the default home directory.  The usual --homedir option
    should be parsed later. */
-- 
2.9.0




More information about the Gnupg-devel mailing list