1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00

agent: New option --stub-only for DELETE_KEY

* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
* agent/command.c (cmd_delete_key): Add option --stub-only.
--

This option can be used to savely remove stub keys.
This commit is contained in:
Werner Koch 2017-03-24 09:02:02 +01:00
parent 26086b362f
commit 6fab7bba87
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 30 additions and 16 deletions

View File

@ -406,7 +406,8 @@ gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
int *r_keytype, int *r_keytype,
unsigned char **r_shadow_info); unsigned char **r_shadow_info);
gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text,
const unsigned char *grip, int force); const unsigned char *grip,
int force, int only_stubs);
/*-- call-pinentry.c --*/ /*-- call-pinentry.c --*/
void initialize_module_call_pinentry (void); void initialize_module_call_pinentry (void);

View File

@ -2433,23 +2433,25 @@ cmd_export_key (assuan_context_t ctx, char *line)
static const char hlp_delete_key[] = static const char hlp_delete_key[] =
"DELETE_KEY [--force] <hexstring_with_keygrip>\n" "DELETE_KEY [--force|--stub-only] <hexstring_with_keygrip>\n"
"\n" "\n"
"Delete a secret key from the key store. If --force is used\n" "Delete a secret key from the key store. If --force is used\n"
"and a loopback pinentry is allowed, the agent will not ask\n" "and a loopback pinentry is allowed, the agent will not ask\n"
"the user for confirmation."; "the user for confirmation. If --stub-only is used the key will\n"
"only be deleted if it is a reference to a token.";
static gpg_error_t static gpg_error_t
cmd_delete_key (assuan_context_t ctx, char *line) cmd_delete_key (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err; gpg_error_t err;
int force; int force, stub_only;
unsigned char grip[20]; unsigned char grip[20];
if (ctrl->restricted) if (ctrl->restricted)
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
force = has_option (line, "--force"); force = has_option (line, "--force");
stub_only = has_option (line, "--stub-only");
line = skip_options (line); line = skip_options (line);
/* If the use of a loopback pinentry has been disabled, we assume /* If the use of a loopback pinentry has been disabled, we assume
@ -2461,7 +2463,8 @@ cmd_delete_key (assuan_context_t ctx, char *line)
if (err) if (err)
goto leave; goto leave;
err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, force ); err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip,
force, stub_only);
if (err) if (err)
goto leave; goto leave;

View File

@ -1413,18 +1413,20 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip,
/* Delete the key with GRIP from the disk after having asked for /* Delete the key with GRIP from the disk after having asked for
confirmation using DESC_TEXT. If FORCE is set the function won't * confirmation using DESC_TEXT. If FORCE is set the function won't
require a confirmation via Pinentry or warns if the key is also * require a confirmation via Pinentry or warns if the key is also
used by ssh. * used by ssh. If ONLY_STUBS is set only stub keys (references to
* smartcards) will be affected.
Common error codes are: *
GPG_ERR_NO_SECKEY * Common error codes are:
GPG_ERR_KEY_ON_CARD * GPG_ERR_NO_SECKEY
GPG_ERR_NOT_CONFIRMED * GPG_ERR_KEY_ON_CARD
*/ * GPG_ERR_NOT_CONFIRMED
* GPG_ERR_FORBIDDEN - Not a stub key and ONLY_STUBS requested.
*/
gpg_error_t gpg_error_t
agent_delete_key (ctrl_t ctrl, const char *desc_text, agent_delete_key (ctrl_t ctrl, const char *desc_text,
const unsigned char *grip, int force) const unsigned char *grip, int force, int only_stubs)
{ {
gpg_error_t err; gpg_error_t err;
gcry_sexp_t s_skey = NULL; gcry_sexp_t s_skey = NULL;
@ -1435,6 +1437,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
ssh_control_file_t cf = NULL; ssh_control_file_t cf = NULL;
char hexgrip[40+4+1]; char hexgrip[40+4+1];
char *default_desc = NULL; char *default_desc = NULL;
int key_type;
err = read_key_file (grip, &s_skey); err = read_key_file (grip, &s_skey);
if (gpg_err_code (err) == GPG_ERR_ENOENT) if (gpg_err_code (err) == GPG_ERR_ENOENT)
@ -1446,7 +1449,14 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
if (err) if (err)
goto leave; goto leave;
switch (agent_private_key_type (buf)) key_type = agent_private_key_type (buf);
if (only_stubs && key_type != PRIVATE_KEY_SHADOWED)
{
err = gpg_error (GPG_ERR_FORBIDDEN);
goto leave;
}
switch (key_type)
{ {
case PRIVATE_KEY_CLEAR: case PRIVATE_KEY_CLEAR:
case PRIVATE_KEY_OPENPGP_NONE: case PRIVATE_KEY_OPENPGP_NONE: