From a68c5c5c7fe4ec8665e252e5062292f6c7b94fdd Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 7 Aug 2015 12:55:29 +0200 Subject: [PATCH] agent: Add option --force to the DELETE_KEY command. * agent/findkey.c (agent_delete_key): Add arg "force". * agent/command.c (cmd_delete_key): Add option --force. Signed-off-by: Werner Koch --- agent/agent.h | 2 +- agent/command.c | 8 ++-- agent/findkey.c | 100 +++++++++++++++++++++++++----------------------- 3 files changed, 58 insertions(+), 52 deletions(-) diff --git a/agent/agent.h b/agent/agent.h index 164ddea91..958e3be6c 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -386,7 +386,7 @@ gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, int *r_keytype, unsigned char **r_shadow_info); gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip); + const unsigned char *grip, int force); /*-- call-pinentry.c --*/ void initialize_module_call_pinentry (void); diff --git a/agent/command.c b/agent/command.c index a69abc52e..62a4628cd 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2388,27 +2388,29 @@ cmd_export_key (assuan_context_t ctx, char *line) static const char hlp_delete_key[] = - "DELETE_KEY \n" + "DELETE_KEY [--force] \n" "\n" "Delete a secret key from the key store.\n" - "As safeguard the agent asks the user for confirmation.\n"; + "Unless --force is used the agent asks the user for confirmation.\n"; static gpg_error_t cmd_delete_key (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; + int force; unsigned char grip[20]; if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + force = has_option (line, "--force"); line = skip_options (line); err = parse_keygrip (ctx, line, grip); if (err) goto leave; - err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip); + err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, force ); if (err) goto leave; diff --git a/agent/findkey.c b/agent/findkey.c index 1ca7f0442..e7cd79e6c 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1219,14 +1219,18 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, /* Delete the key with GRIP from the disk after having asked for - confirmation using DESC_TEXT. Common error codes are: + confirmation using DESC_TEXT. If FORCE is set the fucntion won't + require a confirmation via Pinentry or warns if the key is also + used by ssh. + + Common error codes are: GPG_ERR_NO_SECKEY GPG_ERR_KEY_ON_CARD GPG_ERR_NOT_CONFIRMED */ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip) + const unsigned char *grip, int force) { gpg_error_t err; gcry_sexp_t s_skey = NULL; @@ -1253,57 +1257,57 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text, case PRIVATE_KEY_CLEAR: case PRIVATE_KEY_OPENPGP_NONE: case PRIVATE_KEY_PROTECTED: - { - bin2hex (grip, 20, hexgrip); - if (!desc_text) - { - default_desc = xtryasprintf - (L_("Do you really want to delete the key identified by keygrip%%0A" - " %s%%0A %%C%%0A?"), hexgrip); - desc_text = default_desc; - } - - /* Note, that we will take the comment as a C string for - display purposes; i.e. all stuff beyond a Nul character is - ignored. */ + bin2hex (grip, 20, hexgrip); + if (!force) { - gcry_sexp_t comment_sexp; + if (!desc_text) + { + default_desc = xtryasprintf + (L_("Do you really want to delete the key identified by keygrip%%0A" + " %s%%0A %%C%%0A?"), hexgrip); + desc_text = default_desc; + } - comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0); - if (comment_sexp) - comment = gcry_sexp_nth_string (comment_sexp, 1); - gcry_sexp_release (comment_sexp); - } - - if (desc_text) - err = modify_description (desc_text, comment? comment:"", s_skey, - &desc_text_final); - if (err) - goto leave; - - err = agent_get_confirmation (ctrl, desc_text_final, - L_("Delete key"), L_("No"), 0); - if (err) - goto leave; - - cf = ssh_open_control_file (); - if (cf) + /* Note, that we will take the comment as a C string for + display purposes; i.e. all stuff beyond a Nul character is + ignored. */ { - if (!ssh_search_control_file (cf, hexgrip, NULL, NULL, NULL)) - { - err = agent_get_confirmation - (ctrl, - L_("Warning: This key is also listed for use with SSH!\n" - "Deleting the key might remove your ability to " - "access remote machines."), - L_("Delete key"), L_("No"), 0); - if (err) - goto leave; - } + gcry_sexp_t comment_sexp; + + comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0); + if (comment_sexp) + comment = gcry_sexp_nth_string (comment_sexp, 1); + gcry_sexp_release (comment_sexp); } - err = remove_key_file (grip); - } + if (desc_text) + err = modify_description (desc_text, comment? comment:"", s_skey, + &desc_text_final); + if (err) + goto leave; + + err = agent_get_confirmation (ctrl, desc_text_final, + L_("Delete key"), L_("No"), 0); + if (err) + goto leave; + + cf = ssh_open_control_file (); + if (cf) + { + if (!ssh_search_control_file (cf, hexgrip, NULL, NULL, NULL)) + { + err = agent_get_confirmation + (ctrl, + L_("Warning: This key is also listed for use with SSH!\n" + "Deleting the key might remove your ability to " + "access remote machines."), + L_("Delete key"), L_("No"), 0); + if (err) + goto leave; + } + } + } + err = remove_key_file (grip); break; case PRIVATE_KEY_SHADOWED: