mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
agent: New option --stub-only for DELETE_KEY
* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'. * agent/command.c (cmd_delete_key): Add option --stub-only. -- This option can be used to savely remove stub keys.
This commit is contained in:
parent
26086b362f
commit
6fab7bba87
@ -406,7 +406,8 @@ gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
|
|||||||
int *r_keytype,
|
int *r_keytype,
|
||||||
unsigned char **r_shadow_info);
|
unsigned char **r_shadow_info);
|
||||||
gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text,
|
gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text,
|
||||||
const unsigned char *grip, int force);
|
const unsigned char *grip,
|
||||||
|
int force, int only_stubs);
|
||||||
|
|
||||||
/*-- call-pinentry.c --*/
|
/*-- call-pinentry.c --*/
|
||||||
void initialize_module_call_pinentry (void);
|
void initialize_module_call_pinentry (void);
|
||||||
|
@ -2433,23 +2433,25 @@ cmd_export_key (assuan_context_t ctx, char *line)
|
|||||||
|
|
||||||
|
|
||||||
static const char hlp_delete_key[] =
|
static const char hlp_delete_key[] =
|
||||||
"DELETE_KEY [--force] <hexstring_with_keygrip>\n"
|
"DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip>\n"
|
||||||
"\n"
|
"\n"
|
||||||
"Delete a secret key from the key store. If --force is used\n"
|
"Delete a secret key from the key store. If --force is used\n"
|
||||||
"and a loopback pinentry is allowed, the agent will not ask\n"
|
"and a loopback pinentry is allowed, the agent will not ask\n"
|
||||||
"the user for confirmation.";
|
"the user for confirmation. If --stub-only is used the key will\n"
|
||||||
|
"only be deleted if it is a reference to a token.";
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
cmd_delete_key (assuan_context_t ctx, char *line)
|
cmd_delete_key (assuan_context_t ctx, char *line)
|
||||||
{
|
{
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
int force;
|
int force, stub_only;
|
||||||
unsigned char grip[20];
|
unsigned char grip[20];
|
||||||
|
|
||||||
if (ctrl->restricted)
|
if (ctrl->restricted)
|
||||||
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
||||||
|
|
||||||
force = has_option (line, "--force");
|
force = has_option (line, "--force");
|
||||||
|
stub_only = has_option (line, "--stub-only");
|
||||||
line = skip_options (line);
|
line = skip_options (line);
|
||||||
|
|
||||||
/* If the use of a loopback pinentry has been disabled, we assume
|
/* If the use of a loopback pinentry has been disabled, we assume
|
||||||
@ -2461,7 +2463,8 @@ cmd_delete_key (assuan_context_t ctx, char *line)
|
|||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, force );
|
err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip,
|
||||||
|
force, stub_only);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
@ -1413,18 +1413,20 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
|
|||||||
|
|
||||||
|
|
||||||
/* Delete the key with GRIP from the disk after having asked for
|
/* Delete the key with GRIP from the disk after having asked for
|
||||||
confirmation using DESC_TEXT. If FORCE is set the function won't
|
* confirmation using DESC_TEXT. If FORCE is set the function won't
|
||||||
require a confirmation via Pinentry or warns if the key is also
|
* require a confirmation via Pinentry or warns if the key is also
|
||||||
used by ssh.
|
* used by ssh. If ONLY_STUBS is set only stub keys (references to
|
||||||
|
* smartcards) will be affected.
|
||||||
Common error codes are:
|
*
|
||||||
GPG_ERR_NO_SECKEY
|
* Common error codes are:
|
||||||
GPG_ERR_KEY_ON_CARD
|
* GPG_ERR_NO_SECKEY
|
||||||
GPG_ERR_NOT_CONFIRMED
|
* GPG_ERR_KEY_ON_CARD
|
||||||
*/
|
* GPG_ERR_NOT_CONFIRMED
|
||||||
|
* GPG_ERR_FORBIDDEN - Not a stub key and ONLY_STUBS requested.
|
||||||
|
*/
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
agent_delete_key (ctrl_t ctrl, const char *desc_text,
|
agent_delete_key (ctrl_t ctrl, const char *desc_text,
|
||||||
const unsigned char *grip, int force)
|
const unsigned char *grip, int force, int only_stubs)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
gcry_sexp_t s_skey = NULL;
|
gcry_sexp_t s_skey = NULL;
|
||||||
@ -1435,6 +1437,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
|
|||||||
ssh_control_file_t cf = NULL;
|
ssh_control_file_t cf = NULL;
|
||||||
char hexgrip[40+4+1];
|
char hexgrip[40+4+1];
|
||||||
char *default_desc = NULL;
|
char *default_desc = NULL;
|
||||||
|
int key_type;
|
||||||
|
|
||||||
err = read_key_file (grip, &s_skey);
|
err = read_key_file (grip, &s_skey);
|
||||||
if (gpg_err_code (err) == GPG_ERR_ENOENT)
|
if (gpg_err_code (err) == GPG_ERR_ENOENT)
|
||||||
@ -1446,7 +1449,14 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
|
|||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
switch (agent_private_key_type (buf))
|
key_type = agent_private_key_type (buf);
|
||||||
|
if (only_stubs && key_type != PRIVATE_KEY_SHADOWED)
|
||||||
|
{
|
||||||
|
err = gpg_error (GPG_ERR_FORBIDDEN);
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (key_type)
|
||||||
{
|
{
|
||||||
case PRIVATE_KEY_CLEAR:
|
case PRIVATE_KEY_CLEAR:
|
||||||
case PRIVATE_KEY_OPENPGP_NONE:
|
case PRIVATE_KEY_OPENPGP_NONE:
|
||||||
|
Loading…
x
Reference in New Issue
Block a user