agent: Send pinentry the uid of connecting process where possible.
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Sun, 5 Feb 2017 07:12:25 +0000 (02:12 -0500)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 19 Oct 2017 07:09:44 +0000 (03:09 -0400)
commit28aa6890588cc108639951bb4bef03ac17743046
treef26ccecaf2a6a98ff158968b71a2cf91a7fb930d
parent995c46ea77cff5b99b2fca17b547d6525a4f227e
agent: Send pinentry the uid of connecting process where possible.

* agent/agent.h (server_control_s): Add field 'client_uid'.
* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
option "owner" sent to pinentry.
* agent/command-ssh.c (peer_info_s): New static struct.
(get_client_pid): Rename to...
(get_client_info): Here, and extract uid in addition to pid.
(start_command_handler_ssh): Use get_client_info() instead of
get_client_pid().
* agent/command.c (start_command_handler): Try assuan_get_peercred,
and only fall back to assuan_get_pid when assuan_get_peercred fails.

--

This also requires an update to pinentry to handle the new uid field.
Distributing the uid as well as the pid makes it harder for a
different user on the same machine to take advantage of any race
conditions between when a requesting process might ask for something
that needs pinentry, and when pinentry gets around to inspecting the
state of that process.

We put the uid before the nodename because the uid is guaranteed to be
a integer (represented in decimal), which makes it much simpler to
parse past than the potentially arbitrarily structured nodename.

Use a / instead of whitespace to delimit pid/uid at Werner's request.

If we were willing to depend on the nodename being
whitespace-delimited (as the current, unreleased pinentry code does),
then we could add the uid after the nodename.  But since no released
pinentry depends on this option anyway, i think we should make the
more conservative, easily-parseable choice and put the user ID first.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
agent/agent.h
agent/call-pinentry.c
agent/command-ssh.c
agent/command.c