agent: Pop up dialog window for confirmation, when specified so.

* agent/findkey.c (agent_key_from_file): Support "Confirm:".

--

GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-05-19 14:37:01 +09:00
parent 09357d7eae
commit 598b3fdfaa
2 changed files with 46 additions and 0 deletions

View File

@ -1026,6 +1026,45 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
*r_timestamp = isotime2epoch (created);
}
if (!grip && keymeta)
{
const char *ask_confirmation = nvc_get_string (keymeta, "Confirm:");
if (ask_confirmation
&& ((!strcmp (ask_confirmation, "restricted") && ctrl->restricted)
|| !strcmp (ask_confirmation, "yes")))
{
char hexgrip[40+4+1];
char *prompt;
char *comment_buffer = NULL;
const char *comment = NULL;
bin2hex (ctrl->keygrip, 20, hexgrip);
if ((comment = nvc_get_string (keymeta, "Label:")))
{
if (strchr (comment, '\n')
&& (comment_buffer = linefeed_to_percent0A (comment)))
comment = comment_buffer;
}
prompt = xtryasprintf (L_("Requested the use of key%%0A"
" %s%%0A"
" %s%%0A"
"Do you want to allow this?"),
hexgrip, comment? comment:"");
gcry_free (comment_buffer);
err = agent_get_confirmation (ctrl, prompt,
L_("Allow"), L_("Deny"), 0);
xfree (prompt);
if (err)
return err;
}
}
switch (agent_private_key_type (buf))
{
case PRIVATE_KEY_CLEAR:

View File

@ -119,6 +119,13 @@ gpg-agent's ssh-agent implementation. This is thus the same as
putting the keygrip into the 'sshcontrol' file. Only one such item
should exist.
*** Confirm
If given and the value is "yes", a user will be asked confirmation by
a dialog window when the key is about to be used for
PKSIGN/PKAUTH/PKDECRYPT operation. If the value is "restricted", it
is only asked for the access through extra/browser socket.
* Private Key Format
** Unprotected Private Key Format