[Pkg-gnupg-commit] [gnupg2] 15/34: agent: Make --no-grab the default.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Aug 11 16:51:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch upstream
in repository gnupg2.
commit 3d78ae4d3de08398fabae5821045a3a1da6dadbe
Author: Werner Koch <wk at gnupg.org>
Date: Fri Aug 4 18:34:03 2017 +0200
agent: Make --no-grab the default.
* agent/gpg-agent.c (oGrab): New const.
(opts): New option --grab. Remove description for --no-grab.
(parse_rereadable_options): Make --no-grab the default.
(finalize_rereadable_options): Allow --grab to override --no-grab.
(main) <gpgconflist>: Add "grab".
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".
Signed-off-by: Werner Koch <wk at gnupg.org>
---
agent/gpg-agent.c | 16 +++++++++++++---
doc/gpg-agent.texi | 10 +++++++---
tools/gpgconf-comp.c | 6 +++---
3 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 603f707..841e4e3 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -83,6 +83,7 @@ enum cmd_and_opt_values
oNoOptions,
oHomedir,
oNoDetach,
+ oGrab,
oNoGrab,
oLogFile,
oServer,
@@ -169,7 +170,10 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"),
ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")),
- ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")),
+ ARGPARSE_s_n (oGrab, "grab", "@"),
+ /* FIXME: Add the below string for 2.3 */
+ /* N_("let PIN-Entry grab keyboard and mouse")), */
+ ARGPARSE_s_n (oNoGrab, "no-grab", "@"),
ARGPARSE_s_s (oLogFile, "log-file", N_("use a log file for the server")),
ARGPARSE_s_s (oPinentryProgram, "pinentry-program",
/* */ N_("|PGM|use PGM as the PIN-Entry program")),
@@ -787,7 +791,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.quiet = 0;
opt.verbose = 0;
opt.debug = 0;
- opt.no_grab = 0;
+ opt.no_grab = 1;
opt.debug_pinentry = 0;
opt.pinentry_program = NULL;
opt.pinentry_touch_file = NULL;
@@ -842,7 +846,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
}
break;
- case oNoGrab: opt.no_grab = 1; break;
+ case oNoGrab: opt.no_grab |= 1; break;
+ case oGrab: opt.no_grab |= 2; break;
case oPinentryProgram: opt.pinentry_program = pargs->r.ret_str; break;
case oPinentryTouchFile: opt.pinentry_touch_file = pargs->r.ret_str; break;
@@ -917,6 +922,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
static void
finalize_rereadable_options (void)
{
+ /* Hack to allow --grab to override --no-grab. */
+ if ((opt.no_grab & 2))
+ opt.no_grab = 0;
}
@@ -1406,6 +1414,8 @@ main (int argc, char **argv )
GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME);
es_printf ("enable-extended-key-format:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+ es_printf ("grab:%lu:\n",
+ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
agent_exit (0);
}
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index d61dc85..d7a562a 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -325,10 +325,14 @@ the environment variable @code{SHELL} which is correct in almost all
cases.
- at item --no-grab
+ at item --grab
+ at itemx --no-grab
+ at opindex grab
@opindex no-grab
-Tell the pinentry not to grab the keyboard and mouse. This option
-should in general not be used to avoid X-sniffing attacks.
+Tell the pinentry to grab the keyboard and mouse. This option should
+be used on X-Servers to avoid X-sniffing attacks. Any use of the
+option @option{--grab} overrides an used option @option{--no-grab}.
+The default is @option{--no-grab}.
@anchor{option --log-file}
@item --log-file @var{file}
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index cfc9fa3..527815c 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -550,6 +550,9 @@ static gc_option_t gc_options_gpg_agent[] =
GC_LEVEL_ADVANCED,
"gnupg", "allow passphrase to be prompted through Emacs",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
+ "gnupg", NULL,
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-allow-external-cache", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
@@ -559,9 +562,6 @@ static gc_option_t gc_options_gpg_agent[] =
{ "no-allow-loopback-pinentry", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_EXPERT, "gnupg", "disallow caller to override the pinentry",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
- { "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
- "gnupg", "do not grab keyboard and mouse",
- GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "Passphrase policy",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list