From 6fab7bba879d7794e32112cf3eddd8d87130a5d7 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 24 Mar 2017 09:02:02 +0100 Subject: [PATCH] agent: New option --stub-only for DELETE_KEY * agent/findkey.c (agent_delete_key): Add arg 'only_stubs'. * agent/command.c (cmd_delete_key): Add option --stub-only. -- This option can be used to savely remove stub keys. --- agent/agent.h | 3 ++- agent/command.c | 11 +++++++---- agent/findkey.c | 32 +++++++++++++++++++++----------- 3 files changed, 30 insertions(+), 16 deletions(-) diff --git a/agent/agent.h b/agent/agent.h index e98a24699..3b53ba45d 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -406,7 +406,8 @@ gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, int *r_keytype, unsigned char **r_shadow_info); gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip, int force); + const unsigned char *grip, + int force, int only_stubs); /*-- call-pinentry.c --*/ void initialize_module_call_pinentry (void); diff --git a/agent/command.c b/agent/command.c index 79fb0cef2..1f8f7c2d8 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2433,23 +2433,25 @@ cmd_export_key (assuan_context_t ctx, char *line) static const char hlp_delete_key[] = - "DELETE_KEY [--force] \n" + "DELETE_KEY [--force|--stub-only] \n" "\n" "Delete a secret key from the key store. If --force is used\n" "and a loopback pinentry is allowed, the agent will not ask\n" - "the user for confirmation."; + "the user for confirmation. If --stub-only is used the key will\n" + "only be deleted if it is a reference to a token."; static gpg_error_t cmd_delete_key (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; - int force; + int force, stub_only; unsigned char grip[20]; if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); force = has_option (line, "--force"); + stub_only = has_option (line, "--stub-only"); line = skip_options (line); /* If the use of a loopback pinentry has been disabled, we assume @@ -2461,7 +2463,8 @@ cmd_delete_key (assuan_context_t ctx, char *line) if (err) goto leave; - err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, force ); + err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, + force, stub_only); if (err) goto leave; diff --git a/agent/findkey.c b/agent/findkey.c index a196fdc3d..4429b7a17 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1413,18 +1413,20 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, /* Delete the key with GRIP from the disk after having asked for - confirmation using DESC_TEXT. If FORCE is set the function won't - require a confirmation via Pinentry or warns if the key is also - used by ssh. - - Common error codes are: - GPG_ERR_NO_SECKEY - GPG_ERR_KEY_ON_CARD - GPG_ERR_NOT_CONFIRMED -*/ + * confirmation using DESC_TEXT. If FORCE is set the function won't + * require a confirmation via Pinentry or warns if the key is also + * used by ssh. If ONLY_STUBS is set only stub keys (references to + * smartcards) will be affected. + * + * Common error codes are: + * GPG_ERR_NO_SECKEY + * GPG_ERR_KEY_ON_CARD + * GPG_ERR_NOT_CONFIRMED + * GPG_ERR_FORBIDDEN - Not a stub key and ONLY_STUBS requested. + */ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip, int force) + const unsigned char *grip, int force, int only_stubs) { gpg_error_t err; gcry_sexp_t s_skey = NULL; @@ -1435,6 +1437,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text, ssh_control_file_t cf = NULL; char hexgrip[40+4+1]; char *default_desc = NULL; + int key_type; err = read_key_file (grip, &s_skey); if (gpg_err_code (err) == GPG_ERR_ENOENT) @@ -1446,7 +1449,14 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text, if (err) goto leave; - switch (agent_private_key_type (buf)) + key_type = agent_private_key_type (buf); + if (only_stubs && key_type != PRIVATE_KEY_SHADOWED) + { + err = gpg_error (GPG_ERR_FORBIDDEN); + goto leave; + } + + switch (key_type) { case PRIVATE_KEY_CLEAR: case PRIVATE_KEY_OPENPGP_NONE: