gpgsm: Extend --learn-card by an optional s/n argument.

* agent/command.c (cmd_learn): Allow for s/n argument. * agent/learncard.c (agent_handle_learn): Ditto. * agent/call-scd.c (agent_card_learn): Ditto. Pass it on to scd. * scd/command.c (cmd_switchcard): Factor most code out to ... (switchcard_core): new. (cmd_learn): Add option --demand to specify a s/n. * sm/gpgsm.c (main): Allow a s/n argument for --learn-card. -- This help Kleopatra to get a stable certificate listing. GnuPG-bug-id: 7379
2025-03-28 22:49:59 +01:00 · 2025-03-17 17:37:08 +01:00 · 2025-03-17 17:37:08 +01:00 · f463586a96
commit f463586a96
parent 5420c4ebde
9 changed files with 99 additions and 39 deletions
--- a/agent/agent.h
+++ b/agent/agent.h
@ -731,7 +731,7 @@ int agent_tpm2d_pkdecrypt (ctrl_t ctrl, const unsigned char *cipher,
 			   char **r_buf, size_t *r_len);
 /*-- call-scd.c --*/
-int agent_card_learn (ctrl_t ctrl,
+int agent_card_learn (ctrl_t ctrl, const char *demand_sn,
                      void (*kpinfo_cb)(void*, const char *),
                      void *kpinfo_cb_arg,
                      void (*certinfo_cb)(void*, const char *),
@ -780,7 +780,8 @@ gpg_error_t agent_card_keyinfo (ctrl_t ctrl, const char *keygrip,
                                int cap, struct card_key_info_s **result);
 /*-- learncard.c --*/
-int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force);
+int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context,
                        int force, const char *demand_sn);
 /*-- cvt-openpgp.c --*/
--- a/agent/call-scd.c
+++ b/agent/call-scd.c
@ -260,10 +260,14 @@ learn_status_cb (void *opaque, const char *line)
  return err;
 }
 /* Perform the LEARN command and return a list of all private keys
-   stored on the card. */
+ * stored on the card.  If DEMAND_SN is given the info is returned for
 * the card with that S/N instead of the current card.  This may then
 * switch the current card.  */
 int
 agent_card_learn (ctrl_t ctrl,
                  const char *demand_sn,
                  void (*kpinfo_cb)(void*, const char *),
                  void *kpinfo_cb_arg,
                  void (*certinfo_cb)(void*, const char *),
@ -273,6 +277,7 @@ agent_card_learn (ctrl_t ctrl,
 {
  int rc;
  struct learn_parm_s parm;
  char line[ASSUAN_LINELENGTH];
  rc = start_scd (ctrl);
  if (rc)
@ -285,7 +290,13 @@ agent_card_learn (ctrl_t ctrl,
  parm.certinfo_cb_arg = certinfo_cb_arg;
  parm.sinfo_cb = sinfo_cb;
  parm.sinfo_cb_arg = sinfo_cb_arg;
-  rc = assuan_transact (daemon_ctx (ctrl), "LEARN --force",
+
  if (demand_sn && *demand_sn)
    snprintf (line, sizeof line, "LEARN --demand=%s --force", demand_sn);
  else
    snprintf (line, sizeof line, "LEARN --force");
  rc = assuan_transact (daemon_ctx (ctrl), line,
                        NULL, NULL, NULL, NULL,
                        learn_status_cb, &parm);
  if (rc)
--- a/agent/command.c
+++ b/agent/command.c
@ -2376,27 +2376,31 @@ cmd_get_confirmation (assuan_context_t ctx, char *line)
 static const char hlp_learn[] =
-  "LEARN [--send] [--sendinfo] [--force]\n"
+  "LEARN [--send] [--sendinfo] [--force] [SERIALNO]\n"
  "\n"
  "Learn something about the currently inserted smartcard.  With\n"
  "--sendinfo information about the card is returned; with --send\n"
  "the available certificates are returned as D lines; with --force\n"
-  "private key storage will be updated by the result.";
+  "private key storage will be updated by the result. With SERIALNO\n"
  "given the current card is first switched to the specified one.";
 static gpg_error_t
 cmd_learn (assuan_context_t ctx, char *line)
 {
  ctrl_t ctrl = assuan_get_pointer (ctx);
  gpg_error_t err;
  int send, sendinfo, force;
  const char *demand_sn;
  send = has_option (line, "--send");
  sendinfo = send? 1 : has_option (line, "--sendinfo");
  force = has_option (line, "--force");
  line = skip_options (line);
  demand_sn = *line? line : NULL;
  if (ctrl->restricted)
    return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
-  err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL, force);
+  err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL, force, demand_sn);
  return leave_cmd (ctx, err);
 }
--- a/agent/learncard.c
+++ b/agent/learncard.c
@ -295,10 +295,14 @@ send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context)
  return 0;
 }
 /* Perform the learn operation.  If ASSUAN_CONTEXT is not NULL and
-   SEND is true all new certificates are send back via Assuan.  */
+ * SEND is true all new certificates are send back via Assuan.  If
 * DEMAND_SN is not NULL it has a string with the serial number of the
 * card requested. */
 int
-agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
+agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force,
                    const char *demand_sn)
 {
  int rc;
  struct kpinfo_cb_parm_s parm;
@ -328,7 +332,7 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force)
  cparm.ctrl = ctrl;
  /* Now gather all the available info. */
-  rc = agent_card_learn (ctrl, kpinfo_cb, &parm, certinfo_cb, &cparm,
+  rc = agent_card_learn (ctrl, demand_sn, kpinfo_cb, &parm, certinfo_cb, &cparm,
                         sinfo_cb, &sparm);
  if (!rc && (parm.error || cparm.error || sparm.error))
    rc = parm.error? parm.error : cparm.error? cparm.error : sparm.error;
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@ -291,11 +291,12 @@ Import the certificates from the PEM or binary encoded files as well as
 from signed-only messages.  This command may also be used to import a
 secret key from a PKCS#12 file.
-@item --learn-card
+@item --learn-card [@var{serialno}]
@opindex learn-card
-Read information about the private keys from the smartcard and import
+Read information about the private keys from the current smartcard and import
-the certificates from there.  This command utilizes the @command{gpg-agent}
+the certificates from there.  This command utilizes @command{gpg-agent}
-and in turn the @command{scdaemon}.
+and in turn @command{scdaemon}.  If @var{serialno} is provided the
 system first makes that card the current one.
@item --change-passphrase @var{user_id}
@opindex change-passphrase
--- a/scd/command.c
+++ b/scd/command.c
@ -384,28 +384,14 @@ cmd_serialno (assuan_context_t ctx, char *line)
-static const char hlp_switchcard[] =
+/* Helper for cmd_swicthcard and cmd_learn.  */
  "SWITCHCARD [<serialno>]\n"
  "\n"
  "Make the card with SERIALNO the current card.\n"
  "The command \"getinfo card_list\" can be used to list\n"
  "the serial numbers of inserted and known cards.  Note\n"
  "that the command \"SERIALNO\" can be used to refresh\n"
  "the list of known cards.  A simple SERIALNO status\n"
  "is printed on success.";
 static gpg_error_t
-cmd_switchcard (assuan_context_t ctx, char *line)
+switchcard_core (ctrl_t ctrl, const char *line)
 {
  ctrl_t ctrl = assuan_get_pointer (ctx);
  gpg_error_t err = 0;
  unsigned char *sn_bin = NULL;
  size_t sn_bin_len = 0;
  if ((err = open_card (ctrl)))
    return err;
  line = skip_options (line);
  if (*line)
    {
      sn_bin = hex_to_buffer (line, &sn_bin_len);
@ -425,6 +411,30 @@ cmd_switchcard (assuan_context_t ctx, char *line)
 }
 static const char hlp_switchcard[] =
  "SWITCHCARD [<serialno>]\n"
  "\n"
  "Make the card with SERIALNO the current card.\n"
  "The command \"getinfo card_list\" can be used to list\n"
  "the serial numbers of inserted and known cards.  Note\n"
  "that the command \"SERIALNO\" can be used to refresh\n"
  "the list of known cards.  A simple SERIALNO status\n"
  "is printed on success.";
 static gpg_error_t
 cmd_switchcard (assuan_context_t ctx, char *line)
 {
  ctrl_t ctrl = assuan_get_pointer (ctx);
  gpg_error_t err;
  if ((err = open_card (ctrl)))
    return err;
  line = skip_options (line);
  return switchcard_core (ctrl, line);
 }
 static const char hlp_switchapp[] =
  "SWITCHAPP [<appname>]\n"
  "\n"
@ -458,7 +468,8 @@ cmd_switchapp (assuan_context_t ctx, char *line)
 static const char hlp_learn[] =
-  "LEARN [--force] [--keypairinfo] [--reread] [--multi]\n"
+  "LEARN [--force] [--keypairinfo] [--reread] [--multi] KEYGRIP\n"
  "LEARN [--demand=<serialno>] [--force] [--keypairinfo] [--reread] [--multi]\n"
  "\n"
  "Learn all useful information of the currently inserted card.  When\n"
  "used without the force options, the command might do an INQUIRE\n"
@ -529,6 +540,8 @@ static const char hlp_learn[] =
  "\n"
  "The URL to be used for locating the entire public key.\n"
  "  \n"
  "If KEYGRIP is given the card holding a key with that keygrip is used.\n"
  "If --demand is used the card with the specified S/N is used.\n"
  "Note, that this function may even be used on a locked card.";
 static gpg_error_t
 cmd_learn (assuan_context_t ctx, char *line)
@ -539,17 +552,37 @@ cmd_learn (assuan_context_t ctx, char *line)
  int opt_multi = has_option (line, "--multi");
  int opt_reread = has_option (line, "--reread");
  int opt_force = has_option (line, "--force");
  const char *opt_demand;
  unsigned int flags;
  card_t card;
  const char *keygrip = NULL;
-  if ((rc = open_card (ctrl)))
+  opt_demand = has_option_name (line, "--demand");
-    return rc;
+  if (opt_demand)
    {
      if (*opt_demand != '=')
        return set_error (GPG_ERR_ASS_PARAMETER, "missing value for option");
      line = (char *)++opt_demand;
      while (*line && !spacep (line))
        line++;
      if (*line)
        *line++ = 0;
    }
  line = skip_options (line);
  if (strlen (line) == 40)
    keygrip = line;
  if ((rc = open_card (ctrl)))
    return rc;
  if (opt_demand)
    {
      rc = switchcard_core (ctrl, opt_demand);
      if (rc)
        return rc;
    }
  card = card_get (ctrl, keygrip);
  if (!card)
    return gpg_error (GPG_ERR_CARD_NOT_PRESENT);
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -1275,14 +1275,17 @@ learn_cb (void *opaque, const void *buffer, size_t length)
  return 0;
 }
-/* Call the agent to learn about a smartcard */
+
 /* Call the agent to learn about a smartcard.  If SERIALNO is not NULL
 * switch to the card with that s/n first.  */
 int
-gpgsm_agent_learn (ctrl_t ctrl)
+gpgsm_agent_learn (ctrl_t ctrl, const char *serialno)
 {
  int rc;
  struct learn_parm_s learn_parm;
  membuf_t data;
  size_t len;
  char line[ASSUAN_LINELENGTH];
  rc = start_agent (ctrl);
  if (rc)
@ -1297,7 +1300,10 @@ gpgsm_agent_learn (ctrl_t ctrl)
  learn_parm.ctrl = ctrl;
  learn_parm.ctx = agent_ctx;
  learn_parm.data = &data;
-  rc = assuan_transact (agent_ctx, "LEARN --send",
+  snprintf (line, sizeof line, "LEARN --send%s%s",
            serialno? " -- ":"",
            serialno? serialno:"");
  rc = assuan_transact (agent_ctx, line,
                        learn_cb, &learn_parm,
                        NULL, NULL,
                        learn_status_cb, &learn_parm);
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -2269,11 +2269,11 @@ main ( int argc, char **argv)
    case aLearnCard:
-      if (argc)
+      if (argc > 1)
        wrong_args ("--learn-card");
      else
        {
-          int rc = gpgsm_agent_learn (&ctrl);
+          int rc = gpgsm_agent_learn (&ctrl, argc? *argv : NULL);
          if (rc)
            log_error ("error learning card: %s\n", gpg_strerror (rc));
        }
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -539,7 +539,7 @@ int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert, const char *hexfpr,
                           struct rootca_flags_s *rootca_flags);
 int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip);
 int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert);
-int gpgsm_agent_learn (ctrl_t ctrl);
+int gpgsm_agent_learn (ctrl_t ctrl, const char *serialno);
 int gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc);
 gpg_error_t gpgsm_agent_get_confirmation (ctrl_t ctrl, const char *desc);
 gpg_error_t gpgsm_agent_send_nop (ctrl_t ctrl);