You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2011/07/25 16:33:33 UTC
svn commit: r1150723 -
/subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Author: stsp
Date: Mon Jul 25 14:33:32 2011
New Revision: 1150723
URL: http://svn.apache.org/viewvc?rev=1150723&view=rev
Log:
On the gpg-agent-password-store branch, send the values of the LC_CTYPE
and DISPLAY variables to gpg-agent. These might be useful for the pinentry
program.
* subversion/libsvn_auth_gpg_agent/gpg_agent.c
(password_get_gpg_agent): If LC_CTYPE and/or DISPLAY environment variables
are set, use their values as arguments for the --lc-ctype and --display
options of gpg-agent.
Modified:
subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Modified: subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
URL: http://svn.apache.org/viewvc/subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c?rev=1150723&r1=1150722&r2=1150723&view=diff
==============================================================================
--- subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c (original)
+++ subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c Mon Jul 25 14:33:32 2011
@@ -101,6 +101,8 @@ password_get_gpg_agent(const char **pass
struct sockaddr_un addr;
const char *tty_name;
const char *tty_type;
+ const char *lc_ctype;
+ const char *display;
const char *socket_name = NULL;
svn_checksum_t *digest = NULL;
@@ -195,6 +197,46 @@ password_get_gpg_agent(const char **pass
return FALSE;
}
+ /* Send LC_CTYPE to the gpg-agent daemon. */
+ lc_ctype = getenv("LC_CTYPE");
+ if (lc_ctype == NULL)
+ lc_ctype = getenv("LC_ALL");
+ if (lc_ctype == NULL)
+ lc_ctype = getenv("LANG");
+ if (lc_ctype != NULL)
+ {
+ request = apr_psprintf(pool, "OPTION lc-ctype=%s\n", lc_ctype);
+ send(sd, request, strlen(request), 0);
+ if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE - 1))
+ {
+ close(sd);
+ return FALSE;
+ }
+ if (strncmp(buffer, "OK", 2) != 0)
+ {
+ close(sd);
+ return FALSE;
+ }
+ }
+
+ /* Send DISPLAY to the gpg-agent daemon. */
+ display = getenv("DISPLAY");
+ if (display != NULL)
+ {
+ request = apr_psprintf(pool, "OPTION display=%s\n", display);
+ send(sd, request, strlen(request), 0);
+ if (!receive_from_gpg_agent(sd, buffer, BUFFER_SIZE - 1))
+ {
+ close(sd);
+ return FALSE;
+ }
+ if (strncmp(buffer, "OK", 2) != 0)
+ {
+ close(sd);
+ return FALSE;
+ }
+ }
+
/* Create the CACHE_ID which will be generated based on REALMSTRING similar
to other password caching mechanisms. */
digest = svn_checksum_create(svn_checksum_md5, pool);
Re: svn commit: r1150723 -
/subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Posted by Daniel Shahaf <da...@elego.de>.
Stefan Sperling wrote on Mon, Jul 25, 2011 at 20:55:56 +0200:
> On Mon, Jul 25, 2011 at 09:44:17PM +0300, Daniel Shahaf wrote:
> > stsp@apache.org wrote on Mon, Jul 25, 2011 at 14:33:33 -0000:
> > > + /* Send LC_CTYPE to the gpg-agent daemon. */
> > > + lc_ctype = getenv("LC_CTYPE");
> > > + if (lc_ctype == NULL)
> > > + lc_ctype = getenv("LC_ALL");
> > > + if (lc_ctype == NULL)
> > > + lc_ctype = getenv("LANG");
> > > + if (lc_ctype != NULL)
> > > + {
> > > + request = apr_psprintf(pool, "OPTION lc-ctype=%s\n", lc_ctype);
> >
> > You're passing an environment variable to gpg-agent unescaped. Suppose
> > I could control the value of that variable in your environment. (Yes,
> > this is a contrived situation.) What could I do then?
>
> Issue arbitrary commands to the agent. But the response will be read
> back by svn.
> I am not sure what kind of commands there are (or will be added in
> future) that would be useful to you in that situation.
>
On IRC you linked to
<http://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html>.
I'm also thinking on how this can affect third-party applications that
also use the same gpg-agent instance.
I'll look into that at some point.
> If you can already control a user's env vars you can likely
> go a simpler route: Just talk to the agent and get the password
> from it. All you need to know is the MD5 hash of the auth realm.
> Try all of the ones in ~/.subversion/auth/svn.simple and you'll
> likely get a password.
>
> As I sad on IRC, I don't think running a gpg-agent with the password
> cached is any safer than putting the password in a plain-text file
> with restricted access permissions. The only difference is that the
> cached password doesn't survive a reboot and times out after a while.
Re: svn commit: r1150723 -
/subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Posted by Stefan Sperling <st...@elego.de>.
On Mon, Jul 25, 2011 at 09:44:17PM +0300, Daniel Shahaf wrote:
> stsp@apache.org wrote on Mon, Jul 25, 2011 at 14:33:33 -0000:
> > + /* Send LC_CTYPE to the gpg-agent daemon. */
> > + lc_ctype = getenv("LC_CTYPE");
> > + if (lc_ctype == NULL)
> > + lc_ctype = getenv("LC_ALL");
> > + if (lc_ctype == NULL)
> > + lc_ctype = getenv("LANG");
> > + if (lc_ctype != NULL)
> > + {
> > + request = apr_psprintf(pool, "OPTION lc-ctype=%s\n", lc_ctype);
>
> You're passing an environment variable to gpg-agent unescaped. Suppose
> I could control the value of that variable in your environment. (Yes,
> this is a contrived situation.) What could I do then?
Issue arbitrary commands to the agent. But the response will be read
back by svn.
I am not sure what kind of commands there are (or will be added in
future) that would be useful to you in that situation.
If you can already control a user's env vars you can likely
go a simpler route: Just talk to the agent and get the password
from it. All you need to know is the MD5 hash of the auth realm.
Try all of the ones in ~/.subversion/auth/svn.simple and you'll
likely get a password.
As I sad on IRC, I don't think running a gpg-agent with the password
cached is any safer than putting the password in a plain-text file
with restricted access permissions. The only difference is that the
cached password doesn't survive a reboot and times out after a while.
Re: svn commit: r1150723 -
/subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
stsp@apache.org wrote on Mon, Jul 25, 2011 at 14:33:33 -0000:
> Author: stsp
> Date: Mon Jul 25 14:33:32 2011
> New Revision: 1150723
>
> URL: http://svn.apache.org/viewvc?rev=1150723&view=rev
> Log:
> On the gpg-agent-password-store branch, send the values of the LC_CTYPE
> and DISPLAY variables to gpg-agent. These might be useful for the pinentry
> program.
>
> * subversion/libsvn_auth_gpg_agent/gpg_agent.c
> (password_get_gpg_agent): If LC_CTYPE and/or DISPLAY environment variables
> are set, use their values as arguments for the --lc-ctype and --display
> options of gpg-agent.
>
> Modified:
> subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
>
> Modified: subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c
> URL: http://svn.apache.org/viewvc/subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c?rev=1150723&r1=1150722&r2=1150723&view=diff
> ==============================================================================
> --- subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c (original)
> +++ subversion/branches/gpg-agent-password-store/subversion/libsvn_auth_gpg_agent/gpg_agent.c Mon Jul 25 14:33:32 2011
> @@ -101,6 +101,8 @@ password_get_gpg_agent(const char **pass
> struct sockaddr_un addr;
> const char *tty_name;
> const char *tty_type;
> + const char *lc_ctype;
> + const char *display;
> const char *socket_name = NULL;
> svn_checksum_t *digest = NULL;
>
> @@ -195,6 +197,46 @@ password_get_gpg_agent(const char **pass
> return FALSE;
> }
>
> + /* Send LC_CTYPE to the gpg-agent daemon. */
> + lc_ctype = getenv("LC_CTYPE");
> + if (lc_ctype == NULL)
> + lc_ctype = getenv("LC_ALL");
> + if (lc_ctype == NULL)
> + lc_ctype = getenv("LANG");
> + if (lc_ctype != NULL)
> + {
> + request = apr_psprintf(pool, "OPTION lc-ctype=%s\n", lc_ctype);
You're passing an environment variable to gpg-agent unescaped. Suppose
I could control the value of that variable in your environment. (Yes,
this is a contrived situation.) What could I do then?