mirror of
git://git.gnupg.org/gnupg.git
synced 2025-04-17 15:44:34 +02:00
agent: Pop up dialog window for confirmation, when specified so.
* agent/findkey.c (agent_key_from_file): Support "Confirm:". -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka
parent
09357d7eae
commit
598b3fdfaa
@ -1026,6 +1026,45 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
|
|||||||
*r_timestamp = isotime2epoch (created);
|
*r_timestamp = isotime2epoch (created);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!grip && keymeta)
|
||||||
|
{
|
||||||
|
const char *ask_confirmation = nvc_get_string (keymeta, "Confirm:");
|
||||||
|
|
||||||
|
if (ask_confirmation
|
||||||
|
&& ((!strcmp (ask_confirmation, "restricted") && ctrl->restricted)
|
||||||
|
|| !strcmp (ask_confirmation, "yes")))
|
||||||
|
{
|
||||||
|
char hexgrip[40+4+1];
|
||||||
|
char *prompt;
|
||||||
|
char *comment_buffer = NULL;
|
||||||
|
const char *comment = NULL;
|
||||||
|
|
||||||
|
bin2hex (ctrl->keygrip, 20, hexgrip);
|
||||||
|
|
||||||
|
if ((comment = nvc_get_string (keymeta, "Label:")))
|
||||||
|
{
|
||||||
|
if (strchr (comment, '\n')
|
||||||
|
&& (comment_buffer = linefeed_to_percent0A (comment)))
|
||||||
|
comment = comment_buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
prompt = xtryasprintf (L_("Requested the use of key%%0A"
|
||||||
|
" %s%%0A"
|
||||||
|
" %s%%0A"
|
||||||
|
"Do you want to allow this?"),
|
||||||
|
hexgrip, comment? comment:"");
|
||||||
|
|
||||||
|
gcry_free (comment_buffer);
|
||||||
|
|
||||||
|
err = agent_get_confirmation (ctrl, prompt,
|
||||||
|
L_("Allow"), L_("Deny"), 0);
|
||||||
|
xfree (prompt);
|
||||||
|
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
switch (agent_private_key_type (buf))
|
switch (agent_private_key_type (buf))
|
||||||
{
|
{
|
||||||
case PRIVATE_KEY_CLEAR:
|
case PRIVATE_KEY_CLEAR:
|
||||||
|
|||||||
@ -119,6 +119,13 @@ gpg-agent's ssh-agent implementation. This is thus the same as
|
|||||||
putting the keygrip into the 'sshcontrol' file. Only one such item
|
putting the keygrip into the 'sshcontrol' file. Only one such item
|
||||||
should exist.
|
should exist.
|
||||||
|
|
||||||
|
*** Confirm
|
||||||
|
If given and the value is "yes", a user will be asked confirmation by
|
||||||
|
a dialog window when the key is about to be used for
|
||||||
|
PKSIGN/PKAUTH/PKDECRYPT operation. If the value is "restricted", it
|
||||||
|
is only asked for the access through extra/browser socket.
|
||||||
|
|
||||||
|
|
||||||
* Private Key Format
|
* Private Key Format
|
||||||
** Unprotected Private Key Format
|
** Unprotected Private Key Format
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user