mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
agent: Fix regression for access through the extra secket.
* agent/command.c (cmd_keyinfo): Allow KEYINFO command for one key. (cmd_scd): Allow SCD command to invoke GETINFO, GETATTR, and KEYINFO --list=encr sub commands. -- GnuPG-bug-id: 5063 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
dfdcf14738
commit
8a84a71f3a
@ -1380,9 +1380,6 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
|
|||||||
struct card_key_info_s *l;
|
struct card_key_info_s *l;
|
||||||
int on_card;
|
int on_card;
|
||||||
|
|
||||||
if (ctrl->restricted)
|
|
||||||
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
|
||||||
|
|
||||||
if (has_option (line, "--ssh-list"))
|
if (has_option (line, "--ssh-list"))
|
||||||
list_mode = 2;
|
list_mode = 2;
|
||||||
else
|
else
|
||||||
@ -1430,6 +1427,9 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
|
|||||||
|
|
||||||
if (list_mode == 2)
|
if (list_mode == 2)
|
||||||
{
|
{
|
||||||
|
if (ctrl->restricted)
|
||||||
|
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
||||||
|
|
||||||
if (cf)
|
if (cf)
|
||||||
{
|
{
|
||||||
while (!ssh_read_control_file (cf, hexgrip,
|
while (!ssh_read_control_file (cf, hexgrip,
|
||||||
@ -1456,6 +1456,9 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
|
|||||||
char *dirname;
|
char *dirname;
|
||||||
struct dirent *dir_entry;
|
struct dirent *dir_entry;
|
||||||
|
|
||||||
|
if (ctrl->restricted)
|
||||||
|
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
||||||
|
|
||||||
dirname = make_filename_try (gnupg_homedir (),
|
dirname = make_filename_try (gnupg_homedir (),
|
||||||
GNUPG_PRIVATE_KEYS_DIR, NULL);
|
GNUPG_PRIVATE_KEYS_DIR, NULL);
|
||||||
if (!dirname)
|
if (!dirname)
|
||||||
@ -2272,8 +2275,37 @@ cmd_scd (assuan_context_t ctx, char *line)
|
|||||||
int rc;
|
int rc;
|
||||||
#ifdef BUILD_WITH_SCDAEMON
|
#ifdef BUILD_WITH_SCDAEMON
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
|
|
||||||
if (ctrl->restricted)
|
if (ctrl->restricted)
|
||||||
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
{
|
||||||
|
const char *argv[5];
|
||||||
|
int argc;
|
||||||
|
char *l;
|
||||||
|
|
||||||
|
l = xtrystrdup (line);
|
||||||
|
if (!l)
|
||||||
|
return gpg_error_from_syserror ();
|
||||||
|
|
||||||
|
argc = split_fields (l, argv, DIM (argv));
|
||||||
|
|
||||||
|
/* These commands are allowed. */
|
||||||
|
if ((argc == 1 && !strcmp (argv[0], "SERIALNO"))
|
||||||
|
|| (argc == 2
|
||||||
|
&& !strcmp (argv[0], "GETINFO")
|
||||||
|
&& !strcmp (argv[1], "version"))
|
||||||
|
|| (argc == 2
|
||||||
|
&& !strcmp (argv[0], "GETATTR")
|
||||||
|
&& !strcmp (argv[1], "KEY-FPR"))
|
||||||
|
|| (argc == 2
|
||||||
|
&& !strcmp (argv[0], "KEYINFO")
|
||||||
|
&& !strcmp (argv[1], "--list=encr")))
|
||||||
|
xfree (l);
|
||||||
|
else
|
||||||
|
{
|
||||||
|
xfree (l);
|
||||||
|
return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* All SCD prefixed commands may change a key. */
|
/* All SCD prefixed commands may change a key. */
|
||||||
eventcounter.maybe_key_change++;
|
eventcounter.maybe_key_change++;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user