security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

agent: Introduce attribute "Remote-list" to KEYINFO. 

* agent/command.c (do_one_keyinfo): Add arg list_mode.  Check
attribute Remote-list.
(cmd_keyinfo): Change semantics to return nothing in restricted list
mode.
This commit is contained in:
Werner Koch 2022-10-12 10:19:14 +02:00
parent b0b4e24c4f
commit 1383aa4750
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
agent/command.c
View File

@ -1479,7 +1479,7 @@ static gpg_error_t
do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
int data, int with_ssh_fpr, int in_ssh,
int ttl, int disabled, int confirm, int on_card,
const char *need_attr)
const char *need_attr, int list_mode)
{
gpg_error_t err;
char hexgrip[40+1];
@ -1507,11 +1507,12 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
goto leave;
}
if (need_attr)
if (need_attr || (ctrl->restricted && list_mode))
{
gcry_sexp_t s_key = NULL;
nvc_t keymeta = NULL;
int istrue;
int istrue, has_rl;
if (missing_key)
goto leave; /* No attribute available. */
@ -1521,7 +1522,14 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
istrue = 0;
else
{
istrue = nvc_get_boolean (keymeta, need_attr);
has_rl = 0;
if (ctrl->restricted && list_mode
&& !(has_rl = nvc_get_boolean (keymeta, "Remote-list:")))
istrue = 0;
else if (need_attr)
istrue = nvc_get_boolean (keymeta, need_attr);
else
istrue = has_rl;
nvc_release (keymeta);
}
gcry_sexp_release (s_key);
@ -1532,7 +1540,6 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
}
}
/* Reformat the grip so that we use uppercase as good style. */
bin2hex (grip, 20, hexgrip);
@ -1722,12 +1729,6 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
if (list_mode == 2)
{
if (ctrl->restricted)
{
err = leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
goto leave;;
}
if (cf)
{
while (!ssh_read_control_file (cf, hexgrip,
@ -1742,8 +1743,10 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
on_card = 1;
err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, 1,
ttl, disabled, confirm, on_card, need_attr);
if (need_attr && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
ttl, disabled, confirm, on_card, need_attr,
list_mode);
if ((need_attr || ctrl->restricted)
&& gpg_err_code (err) == GPG_ERR_NOT_FOUND)
;
else if (err)
goto leave;
@ -1756,12 +1759,6 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
char *dirname;
gnupg_dirent_t dir_entry;
if (ctrl->restricted)
{
err = leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
goto leave;
}
dirname = make_filename_try (gnupg_homedir (),
GNUPG_PRIVATE_KEYS_DIR, NULL);
if (!dirname)
@ -1806,8 +1803,10 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
on_card = 1;
err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, is_ssh,
ttl, disabled, confirm, on_card, need_attr);
if (need_attr && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
ttl, disabled, confirm, on_card, need_attr,
list_mode);
if ((need_attr || ctrl->restricted)
&& gpg_err_code (err) == GPG_ERR_NOT_FOUND)
;
else if (err)
goto leave;
@ -1836,7 +1835,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
on_card = 1;
err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, is_ssh,
ttl, disabled, confirm, on_card, need_attr);
ttl, disabled, confirm, on_card, need_attr, 0);
}
leave:

6
agent/keyformat.txt
View File

@ -129,6 +129,12 @@ If given and the value is "yes" or "1" the key is allowed for use by
GnuPG's PKCS#11 interface (Scute). Note that Scute needs to be
configured to use this optimization.
*** Remote-list
Allow to list the key with the KEYINFO command from a remote machine
via the extra socket. A boolean value is expected; the default is
"no". Note that KEYINFO will anyway provide information if the
keygrip is specified.
*** Confirm
If given and the value is "yes", a user will be asked confirmation by
a dialog window when the key is about to be used for