agent: Pop up dialog window for confirmation, when specified so.

* agent/findkey.c (agent_key_from_file): Support "Confirm:". -- GnuPG-bug-id: 5099 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-12-22 10:19:57 +01:00 · 2022-05-19 14:37:01 +09:00 · 2022-05-19 14:37:01 +09:00 · 598b3fdfaa
commit 598b3fdfaa
parent 09357d7eae
2 changed files with 46 additions and 0 deletions
--- a/agent/findkey.c
+++ b/agent/findkey.c
@ -1026,6 +1026,45 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
        *r_timestamp = isotime2epoch (created);
    }

+  if (!grip && keymeta)
+    {
+      const char *ask_confirmation = nvc_get_string (keymeta, "Confirm:");
+
+      if (ask_confirmation
+          && ((!strcmp (ask_confirmation, "restricted") && ctrl->restricted)
+              || !strcmp (ask_confirmation, "yes")))
+        {
+          char hexgrip[40+4+1];
+          char *prompt;
+          char *comment_buffer = NULL;
+          const char *comment = NULL;
+
+          bin2hex (ctrl->keygrip, 20, hexgrip);
+
+          if ((comment = nvc_get_string (keymeta, "Label:")))
+            {
+              if (strchr (comment, '\n')
+                  && (comment_buffer = linefeed_to_percent0A (comment)))
+                comment = comment_buffer;
+            }
+
+          prompt = xtryasprintf (L_("Requested the use of key%%0A"
+                                    "  %s%%0A"
+                                    "  %s%%0A"
+                                    "Do you want to allow this?"),
+                                 hexgrip, comment? comment:"");
+
+          gcry_free (comment_buffer);
+
+          err = agent_get_confirmation (ctrl, prompt,
+                                        L_("Allow"), L_("Deny"), 0);
+          xfree (prompt);
+
+          if (err)
+            return err;
+        }
+    }
+
  switch (agent_private_key_type (buf))
    {
    case PRIVATE_KEY_CLEAR:
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@ -119,6 +119,13 @@ gpg-agent's ssh-agent implementation.  This is thus the same as
 putting the keygrip into the 'sshcontrol' file.  Only one such item
 should exist.

+*** Confirm
+If given and the value is "yes", a user will be asked confirmation by
+a dialog window when the key is about to be used for
+PKSIGN/PKAUTH/PKDECRYPT operation.  If the value is "restricted", it
+is only asked for the access through extra/browser socket.
+
+
 * Private Key Format
 ** Unprotected Private Key Format