[Pkg-gnupg-commit] [gnupg2] 15/34: agent: Make --no-grab the default.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Aug 11 16:51:22 UTC 2017 

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch upstream
in repository gnupg2.

commit 3d78ae4d3de08398fabae5821045a3a1da6dadbe
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Aug 4 18:34:03 2017 +0200

    agent: Make --no-grab the default.
    
    * agent/gpg-agent.c (oGrab): New const.
    (opts): New option --grab.  Remove description for --no-grab.
    (parse_rereadable_options): Make --no-grab the default.
    (finalize_rereadable_options): Allow --grab to override --no-grab.
    (main) <gpgconflist>: Add "grab".
    * tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 agent/gpg-agent.c    | 16 +++++++++++++---
 doc/gpg-agent.texi   | 10 +++++++---
 tools/gpgconf-comp.c |  6 +++---
 3 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 603f707..841e4e3 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -83,6 +83,7 @@ enum cmd_and_opt_values
   oNoOptions,
   oHomedir,
   oNoDetach,
+  oGrab,
   oNoGrab,
   oLogFile,
   oServer,
@@ -169,7 +170,10 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
 
   ARGPARSE_s_n (oNoDetach,  "no-detach", N_("do not detach from the console")),
-  ARGPARSE_s_n (oNoGrab,    "no-grab",   N_("do not grab keyboard and mouse")),
+  ARGPARSE_s_n (oGrab,      "grab",      "@"),
+                /* FIXME: Add the below string for 2.3 */
+                /* N_("let PIN-Entry grab keyboard and mouse")), */
+  ARGPARSE_s_n (oNoGrab,    "no-grab",   "@"),
   ARGPARSE_s_s (oLogFile,   "log-file",  N_("use a log file for the server")),
   ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
                 /* */             N_("|PGM|use PGM as the PIN-Entry program")),
@@ -787,7 +791,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.quiet = 0;
       opt.verbose = 0;
       opt.debug = 0;
-      opt.no_grab = 0;
+      opt.no_grab = 1;
       opt.debug_pinentry = 0;
       opt.pinentry_program = NULL;
       opt.pinentry_touch_file = NULL;
@@ -842,7 +846,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
         }
       break;
 
-    case oNoGrab: opt.no_grab = 1; break;
+    case oNoGrab: opt.no_grab |= 1; break;
+    case oGrab: opt.no_grab |= 2; break;
 
     case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
     case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
@@ -917,6 +922,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
 static void
 finalize_rereadable_options (void)
 {
+  /* Hack to allow --grab to override --no-grab.  */
+  if ((opt.no_grab & 2))
+    opt.no_grab = 0;
 }
 
 
@@ -1406,6 +1414,8 @@ main (int argc, char **argv )
                  GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
       es_printf ("enable-extended-key-format:%lu:\n",
                  GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+      es_printf ("grab:%lu:\n",
+                 GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
 
       agent_exit (0);
     }
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d61dc85..d7a562a 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -325,10 +325,14 @@ the environment variable @code{SHELL} which is correct in almost all
 cases.
 
 
- at item --no-grab
+ at item --grab
+ at itemx --no-grab
+ at opindex grab
 @opindex no-grab
-Tell the pinentry not to grab the keyboard and mouse.  This option
-should in general not be used to avoid X-sniffing attacks.
+Tell the pinentry to grab the keyboard and mouse.  This option should
+be used on X-Servers to avoid X-sniffing attacks. Any use of the
+option @option{--grab} overrides an used option @option{--no-grab}.
+The default is @option{--no-grab}.
 
 @anchor{option --log-file}
 @item --log-file @var{file}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index cfc9fa3..527815c 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -550,6 +550,9 @@ static gc_option_t gc_options_gpg_agent[] =
      GC_LEVEL_ADVANCED,
      "gnupg", "allow passphrase to be prompted through Emacs",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+   { "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
+     "gnupg", NULL,
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
    { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
      GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
@@ -559,9 +562,6 @@ static gc_option_t gc_options_gpg_agent[] =
    { "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
      GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
-   { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
-     "gnupg", "do not grab keyboard and mouse",
-     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
 
    { "Passphrase policy",
      GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

More information about the Pkg-gnupg-commit mailing list