diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2022-05-19 14:37:01 +0900 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-05-19 14:37:01 +0900 |
| commit | 598b3fdfaa09b9071ceeb81f68052f3d35064292 (patch) | |
| tree | c67d1d40f5f077e79b0bfc5e442d3eaf50877d72 | |
| parent | 09357d7eae3efd8db1df79ef191f12038e905c6c (diff) | |
agent: Pop up dialog window for confirmation, when specified so.
* agent/findkey.c (agent_key_from_file): Support "Confirm:".
--
GnuPG-bug-id: 5099
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
| -rw-r--r-- | agent/findkey.c | 39 | ||||
| -rw-r--r-- | agent/keyformat.txt | 7 |
2 files changed, 46 insertions, 0 deletions
diff --git a/agent/findkey.c b/agent/findkey.c index 87289eced..2612383b5 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1026,6 +1026,45 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, *r_timestamp = isotime2epoch (created); } + if (!grip && keymeta) + { + const char *ask_confirmation = nvc_get_string (keymeta, "Confirm:"); + + if (ask_confirmation + && ((!strcmp (ask_confirmation, "restricted") && ctrl->restricted) + || !strcmp (ask_confirmation, "yes"))) + { + char hexgrip[40+4+1]; + char *prompt; + char *comment_buffer = NULL; + const char *comment = NULL; + + bin2hex (ctrl->keygrip, 20, hexgrip); + + if ((comment = nvc_get_string (keymeta, "Label:"))) + { + if (strchr (comment, '\n') + && (comment_buffer = linefeed_to_percent0A (comment))) + comment = comment_buffer; + } + + prompt = xtryasprintf (L_("Requested the use of key%%0A" + " %s%%0A" + " %s%%0A" + "Do you want to allow this?"), + hexgrip, comment? comment:""); + + gcry_free (comment_buffer); + + err = agent_get_confirmation (ctrl, prompt, + L_("Allow"), L_("Deny"), 0); + xfree (prompt); + + if (err) + return err; + } + } + switch (agent_private_key_type (buf)) { case PRIVATE_KEY_CLEAR: diff --git a/agent/keyformat.txt b/agent/keyformat.txt index 511eb1047..96e69fc00 100644 --- a/agent/keyformat.txt +++ b/agent/keyformat.txt @@ -119,6 +119,13 @@ gpg-agent's ssh-agent implementation. This is thus the same as putting the keygrip into the 'sshcontrol' file. Only one such item should exist. +*** Confirm +If given and the value is "yes", a user will be asked confirmation by +a dialog window when the key is about to be used for +PKSIGN/PKAUTH/PKDECRYPT operation. If the value is "restricted", it +is only asked for the access through extra/browser socket. + + * Private Key Format ** Unprotected Private Key Format |