agent: Update the key file only if not changed.

* common/name-value.c (struct name_value_container): Add flag "modified". (nvc_modified): New. (nvc_new): Set flag. (_nvc_add): Set flag. (nvc_delete): Set flag. (nvc_set): Set flag unless value did not change. (nve_set): Add arg PK. Change the caller. * agent/findkey.c (agent_write_private_key): Update only if modified. -- This helps software which uses a file system watcher to track changes to private keys. In particular smartcard triggered changes are a problem for such software because this may at worst trigger another smartcard read. GnuPG-bug-id: 6829
2025-07-02 22:46:30 +02:00 · 2023-11-21 08:34:04 +01:00 · 2023-11-21 08:34:04 +01:00 · cf2d3f7ba0
commit cf2d3f7ba0
parent e43bd2a7a7
3 changed files with 56 additions and 9 deletions
--- a/common/name-value.c
+++ b/common/name-value.c
@ -48,6 +48,7 @@ struct name_value_container
  struct name_value_entry *first;
  struct name_value_entry *last;
  unsigned int private_key_mode:1;
+  unsigned int modified:1;
 };


@ -87,11 +88,15 @@ my_error (gpg_err_code_t ec)

 /* Allocation and deallocation.  */

-/* Allocate a private key container structure.  */
+/* Allocate a name value container structure.  */
 nvc_t
 nvc_new (void)
 {
-  return xtrycalloc (1, sizeof (struct name_value_container));
+  nvc_t nvc;
+  nvc = xtrycalloc (1, sizeof (struct name_value_container));
+  if (nvc)
+    nvc->modified = 1;
+  return nvc;
 }


@ -142,6 +147,24 @@ nvc_release (nvc_t pk)
  xfree (pk);
 }

+
+/* Return the modified-flag of the container and clear it if CLEAR is
+ * set.  That flag is set for a new container and set with each
+ * update.  */
+int
+nvc_modified (nvc_t pk, int clear)
+{
+  int modified;
+
+  if (!pk)
+    return 0;
+  modified = pk->modified;
+  if (clear)
+    pk->modified = 0;
+  return modified;
+}
+
+


 /* Dealing with names and values.  */
@ -427,6 +450,8 @@ _nvc_add (nvc_t pk, char *name, char *value, strlist_t raw_value,
  else
    pk->first = pk->last = e;

+  pk->modified = 1;
+
 leave:
  if (err)
    {
@ -470,6 +495,7 @@ gpg_error_t
 nvc_set (nvc_t pk, const char *name, const char *value)
 {
  nve_t e;
+  char *v;

  if (! valid_name (name))
    return GPG_ERR_INV_NAME;
@ -477,7 +503,12 @@ nvc_set (nvc_t pk, const char *name, const char *value)
  e = nvc_lookup (pk, name);
  if (e)
    {
-      char *v;
+      if (e->value && value && !strcmp (e->value, value))
+        {
+          /* Setting same value - ignore this call and don't set the
+           * modified flag.  */
+          return 0;
+        }

      v = xtrystrdup (value);
      if (v == NULL)
@ -489,7 +520,7 @@ nvc_set (nvc_t pk, const char *name, const char *value)
 	wipememory (e->value, strlen (e->value));
      xfree (e->value);
      e->value = v;
-
+      pk->modified = 1;
      return 0;
    }
  else
@ -497,9 +528,10 @@ nvc_set (nvc_t pk, const char *name, const char *value)
 }


-/* Update entry E to VALUE.  */
+/* Update entry E to VALUE.  PK is optional; if given its modified
+ * flag will be updated.  */
 gpg_error_t
-nve_set (nve_t e, const char *value)
+nve_set (nvc_t pk, nve_t e, const char *value)
 {
  char *v;

@ -516,6 +548,8 @@ nve_set (nve_t e, const char *value)
    wipememory (e->value, strlen (e->value));
  xfree (e->value);
  e->value = v;
+  if (pk)
+    pk->modified = 1;

  return 0;
 }
@ -536,6 +570,7 @@ nvc_delete (nvc_t pk, nve_t entry)
    pk->last = entry->prev;

  nve_release (entry, pk->private_key_mode);
+  pk->modified = 1;
 }