From fa5d1513a29708ce51496b4e248bcd91a81c17fe Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 28 Jan 2004 16:19:46 +0000 Subject: [PATCH] (agent_marktrusted): Check whether the trustlist is writable. --- agent/ChangeLog | 5 +++++ agent/divert-scd.c | 2 +- agent/learncard.c | 1 + agent/trustlist.c | 16 ++++++++++++++++ 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/agent/ChangeLog b/agent/ChangeLog index 57f9214f6..73b9c4596 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2004-01-28 Werner Koch + + * trustlist.c (agent_marktrusted): Check whether the trustlist is + writable. + 2004-01-27 Werner Koch * sexp-parse.h: Moved to ../common. diff --git a/agent/divert-scd.c b/agent/divert-scd.c index 69f184474..283150ad3 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -134,7 +134,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid) } -/* Put the DIGEST into an DER encoded comtainer and return it in R_VAL. */ +/* Put the DIGEST into an DER encoded container and return it in R_VAL. */ static int encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo, unsigned char **r_val, size_t *r_len) diff --git a/agent/learncard.c b/agent/learncard.c index 28a74f972..a76f2652a 100644 --- a/agent/learncard.c +++ b/agent/learncard.c @@ -303,6 +303,7 @@ agent_handle_learn (void *assuan_context) 101, /* trusted */ 102, /* useful */ 100, /* regular */ + /* We don't include 110 here because gpgsm can't handle it. */ -1 /* end of list */ }; diff --git a/agent/trustlist.c b/agent/trustlist.c index 8575aedb0..5c3271ac0 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -236,6 +236,22 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag) static char key[41]; int keyflag; char *desc; + char *fname; + + /* Check whether we are at all allowed to modify the trustlist. + This is useful so that the trustlist may be a symlink to a global + trustlist with only admin priviliges to modify it. Of course + this is not a secure way of denying access, but it avoids the + usual clicking on an Okay buttun thing most users are used to. */ + fname = make_filename (opt.homedir, "trustlist.txt", NULL); + rc = access (fname, W_OK); + if (rc && errno != ENOENT) + { + xfree (fname); + return gpg_error (GPG_ERR_EPERM); + } + xfree (fname); + if (trustfp) rewind (trustfp);