[Pkg-gnupg-commit] [gnupg2] 75/185: agent: Shutdown on removal of the home directory.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 1ead1ca818bddabc3bca22c195be667993eb3e2e
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jun 23 13:20:42 2017 +0200
agent: Shutdown on removal of the home directory.
* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--
GnuPG-bug-id: 3218
Note that we should add this also to dirmngr. And for non-Linux
systems a stat in ticker should be implemented.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
agent/gpg-agent.c | 64 +++++++++++++++++++++++++++++++++++++++++--------------
common/sysutils.c | 37 ++++++++++++++++++++++++++++++++
common/sysutils.h | 1 +
3 files changed, 86 insertions(+), 16 deletions(-)
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 44b9be2..825b7ba 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2750,7 +2750,8 @@ handle_connections (gnupg_fd_t listen_fd,
HANDLE events[2];
unsigned int events_set;
#endif
- int my_inotify_fd = -1;
+ int sock_inotify_fd = -1;
+ int home_inotify_fd = -1;
struct {
const char *name;
void *(*func) (void *arg);
@@ -2789,11 +2790,21 @@ handle_connections (gnupg_fd_t listen_fd,
#endif
if (disable_check_own_socket)
- my_inotify_fd = -1;
- else if ((err = gnupg_inotify_watch_socket (&my_inotify_fd, socket_name)))
+ sock_inotify_fd = -1;
+ else if ((err = gnupg_inotify_watch_socket (&sock_inotify_fd, socket_name)))
{
if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
- log_info ("error enabling fast daemon termination: %s\n",
+ log_info ("error enabling daemon termination by socket removal: %s\n",
+ gpg_strerror (err));
+ }
+
+ if (disable_check_own_socket)
+ home_inotify_fd = -1;
+ else if ((err = gnupg_inotify_watch_delete_self (&home_inotify_fd,
+ gnupg_homedir ())))
+ {
+ if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
+ log_info ("error enabling daemon termination bu homedir removal: %s\n",
gpg_strerror (err));
}
@@ -2838,11 +2849,17 @@ handle_connections (gnupg_fd_t listen_fd,
if (FD2INT (listen_fd_ssh) > nfd)
nfd = FD2INT (listen_fd_ssh);
}
- if (my_inotify_fd != -1)
+ if (sock_inotify_fd != -1)
+ {
+ FD_SET (sock_inotify_fd, &fdset);
+ if (sock_inotify_fd > nfd)
+ nfd = sock_inotify_fd;
+ }
+ if (home_inotify_fd != -1)
{
- FD_SET (my_inotify_fd, &fdset);
- if (my_inotify_fd > nfd)
- nfd = my_inotify_fd;
+ FD_SET (home_inotify_fd, &fdset);
+ if (home_inotify_fd > nfd)
+ nfd = home_inotify_fd;
}
listentbl[0].l_fd = listen_fd;
@@ -2870,10 +2887,16 @@ handle_connections (gnupg_fd_t listen_fd,
* intention of a shutdown. */
FD_ZERO (&fdset);
nfd = -1;
- if (my_inotify_fd != -1)
+ if (sock_inotify_fd != -1)
+ {
+ FD_SET (sock_inotify_fd, &fdset);
+ nfd = sock_inotify_fd;
+ }
+ if (home_inotify_fd != -1)
{
- FD_SET (my_inotify_fd, &fdset);
- nfd = my_inotify_fd;
+ FD_SET (home_inotify_fd, &fdset);
+ if (home_inotify_fd > nfd)
+ nfd = home_inotify_fd;
}
}
@@ -2929,14 +2952,21 @@ handle_connections (gnupg_fd_t listen_fd,
ctrl_t ctrl;
npth_t thread;
- if (my_inotify_fd != -1
- && FD_ISSET (my_inotify_fd, &read_fdset)
- && gnupg_inotify_has_name (my_inotify_fd, GPG_AGENT_SOCK_NAME))
+ if (sock_inotify_fd != -1
+ && FD_ISSET (sock_inotify_fd, &read_fdset)
+ && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME))
{
shutdown_pending = 1;
log_info ("socket file has been removed - shutting down\n");
}
+ if (home_inotify_fd != -1
+ && FD_ISSET (home_inotify_fd, &read_fdset))
+ {
+ shutdown_pending = 1;
+ log_info ("homedir has been removed - shutting down\n");
+ }
+
for (idx=0; idx < DIM(listentbl); idx++)
{
if (listentbl[idx].l_fd == GNUPG_INVALID_FD)
@@ -2982,8 +3012,10 @@ handle_connections (gnupg_fd_t listen_fd,
}
}
- if (my_inotify_fd != -1)
- close (my_inotify_fd);
+ if (sock_inotify_fd != -1)
+ close (sock_inotify_fd);
+ if (home_inotify_fd != -1)
+ close (home_inotify_fd);
cleanup ();
log_info (_("%s %s stopped\n"), strusage(11), strusage(13));
npth_attr_destroy (&tattr);
diff --git a/common/sysutils.c b/common/sysutils.c
index ea0acdb..1aa2e53 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -1125,6 +1125,43 @@ w32_get_user_sid (void)
/* Support for inotify under Linux. */
+/* Store a new inotify file handle for FNAME at R_FD or return an
+ * error code. This file descriptor watch the removal of FNAME. */
+gpg_error_t
+gnupg_inotify_watch_delete_self (int *r_fd, const char *fname)
+{
+#if HAVE_INOTIFY_INIT
+ gpg_error_t err;
+ int fd;
+
+ *r_fd = -1;
+
+ if (!fname)
+ return my_error (GPG_ERR_INV_VALUE);
+
+ fd = inotify_init ();
+ if (fd == -1)
+ return my_error_from_syserror ();
+
+ if (inotify_add_watch (fd, fname, IN_DELETE_SELF) == -1)
+ {
+ err = my_error_from_syserror ();
+ close (fd);
+ return err;
+ }
+
+ *r_fd = fd;
+ return 0;
+#else /*!HAVE_INOTIFY_INIT*/
+
+ (void)fname;
+ *r_fd = -1;
+ return my_error (GPG_ERR_NOT_SUPPORTED);
+
+#endif /*!HAVE_INOTIFY_INIT*/
+}
+
+
/* Store a new inotify file handle for SOCKET_NAME at R_FD or return
* an error code. */
gpg_error_t
diff --git a/common/sysutils.h b/common/sysutils.h
index ecd9f84..e93ea2b 100644
--- a/common/sysutils.h
+++ b/common/sysutils.h
@@ -74,6 +74,7 @@ char *gnupg_getcwd (void);
char *gnupg_get_socket_name (int fd);
int gnupg_fd_valid (int fd);
+gpg_error_t gnupg_inotify_watch_delete_self (int *r_fd, const char *fname);
gpg_error_t gnupg_inotify_watch_socket (int *r_fd, const char *socket_name);
int gnupg_inotify_has_name (int fd, const char *name);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list