aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2019-03-01 11:20:24 +0000
committerWerner Koch <[email protected]>2019-03-01 11:20:24 +0000
commit280baee72dcb0ca54ce99b524bc2125cbc38e0e4 (patch)
tree84757b401aa7c775debe8c4b2984d7b8de83c6db
parentsm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs. (diff)
downloadgnupg-280baee72dcb0ca54ce99b524bc2125cbc38e0e4.tar.gz
gnupg-280baee72dcb0ca54ce99b524bc2125cbc38e0e4.zip
card: Remove the "admin" command.
* tools/gpg-card.c (cmd_passwd): Remove arg allow_admin. (enum cmdids): Rename cmdAUTHENTICATE to cmdAUTH and cmdFACTORYRESET to cmdFACTRST. (cmds): Remove column 'admin_only'. (interactive_loop): Remove admin_only stuff. -- That command has always been an annoyance. Symbols have been renamed for source cosmetics. Signed-off-by: Werner Koch <[email protected]>
Diffstat
-rw-r--r--tools/gpg-card.c181
1 files changed, 67 insertions, 114 deletions
diff --git a/tools/gpg-card.c b/tools/gpg-card.c
index f1d0dc8fc..3f972fee4 100644
--- a/tools/gpg-card.c
+++ b/tools/gpg-card.c
@@ -2008,10 +2008,9 @@ cmd_generate (card_info_t info, char *argstr)
-/* Sub-menu to change a PIN. The presented options may depend on the
- * the ALLOW_ADMIN flag. */
+/* Sub-menu to change a PIN. */
static gpg_error_t
-cmd_passwd (card_info_t info, int allow_admin, char *argstr)
+cmd_passwd (card_info_t info, char *argstr)
{
gpg_error_t err;
char *answer = NULL;
@@ -2031,31 +2030,10 @@ cmd_passwd (card_info_t info, int allow_admin, char *argstr)
app_type_string (info->apptype),
info->dispserialno? info->dispserialno : info->serialno);
- if (!allow_admin || info->apptype != APP_TYPE_OPENPGP)
- {
- if (*argstr)
- pinref = argstr;
- else if (info->apptype == APP_TYPE_OPENPGP)
- pinref = "OPENPGP.1";
- else if (info->apptype == APP_TYPE_PIV)
- pinref = "PIV.80";
- else
- {
- err = gpg_error (GPG_ERR_MISSING_VALUE);
- goto leave;
- }
- err = scd_change_pin (pinref, 0);
- if (err)
- goto leave;
-
- if (info->apptype == APP_TYPE_PIV
- && !ascii_strcasecmp (pinref, "PIV.81"))
- log_info ("PUK changed.\n");
- else
- log_info ("PIN changed.\n");
- }
- else if (info->apptype == APP_TYPE_OPENPGP)
+ if (!*argstr && info->apptype == APP_TYPE_OPENPGP)
{
+ /* For an OpenPGP card we present the well known menu if no
+ * argument is given. */
for (;;)
{
tty_printf ("\n");
@@ -2119,9 +2097,27 @@ cmd_passwd (card_info_t info, int allow_admin, char *argstr)
}
else
{
- log_info ("Admin related passwd options not yet supported for '%s'\n",
- app_type_string (info->apptype));
- err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+ if (*argstr)
+ pinref = argstr;
+ else if (info->apptype == APP_TYPE_PIV)
+ pinref = "PIV.80";
+ else
+ {
+ /* Note that we do not have a default value for OpenPGP
+ * because we want to be mostly compatible to "gpg
+ * --card-edit" and show a menu in that case (above). */
+ err = gpg_error (GPG_ERR_MISSING_VALUE);
+ goto leave;
+ }
+ err = scd_change_pin (pinref, 0);
+ if (err)
+ goto leave;
+
+ if (info->apptype == APP_TYPE_PIV
+ && !ascii_strcasecmp (pinref, "PIV.81"))
+ log_info ("PUK changed.\n");
+ else
+ log_info ("PIN changed.\n");
}
leave:
@@ -2919,11 +2915,11 @@ cmd_yubikey (card_info_t info, char *argstr)
enum cmdids
{
cmdNOP = 0,
- cmdQUIT, cmdADMIN, cmdHELP, cmdLIST, cmdRESET, cmdVERIFY,
+ cmdQUIT, cmdHELP, cmdLIST, cmdRESET, cmdVERIFY,
cmdNAME, cmdURL, cmdFETCH, cmdLOGIN, cmdLANG, cmdSALUT, cmdCAFPR,
cmdFORCESIG, cmdGENERATE, cmdPASSWD, cmdPRIVATEDO, cmdWRITECERT,
- cmdREADCERT, cmdUNBLOCK, cmdFACTORYRESET, cmdKDFSETUP,
- cmdKEYATTR, cmdUIF, cmdAUTHENTICATE, cmdYUBIKEY,
+ cmdREADCERT, cmdUNBLOCK, cmdFACTRST, cmdKDFSETUP,
+ cmdKEYATTR, cmdUIF, cmdAUTH, cmdYUBIKEY,
cmdINVCMD
};
@@ -2931,41 +2927,39 @@ static struct
{
const char *name;
enum cmdids id;
- int admin_only;
const char *desc;
} cmds[] = {
- { "quit" , cmdQUIT , 0, N_("quit this menu")},
- { "q" , cmdQUIT , 0, NULL },
- { "admin" , cmdADMIN , 0, N_("show admin commands")},
- { "help" , cmdHELP , 0, N_("show this help")},
- { "?" , cmdHELP , 0, NULL },
- { "list" , cmdLIST , 0, N_("list all available data")},
- { "l" , cmdLIST , 0, NULL },
- { "name" , cmdNAME , 1, N_("change card holder's name")},
- { "url" , cmdURL , 1, N_("change URL to retrieve key")},
- { "fetch" , cmdFETCH , 0, N_("fetch the key specified in the card URL")},
- { "login" , cmdLOGIN , 1, N_("change the login name")},
- { "lang" , cmdLANG , 1, N_("change the language preferences")},
- { "salutation",cmdSALUT, 1, N_("change card holder's salutation")},
- { "salut" , cmdSALUT, 1, NULL },
- { "cafpr" , cmdCAFPR , 1, N_("change a CA fingerprint")},
- { "forcesig", cmdFORCESIG, 1, N_("toggle the signature force PIN flag")},
- { "generate", cmdGENERATE, 1, N_("generate new keys")},
- { "passwd" , cmdPASSWD, 0, N_("menu to change or unblock the PIN")},
- { "verify" , cmdVERIFY, 0, N_("verify the PIN and list all data")},
- { "unblock" , cmdUNBLOCK,0, N_("unblock the PIN using a Reset Code")},
- { "authenticate",cmdAUTHENTICATE, 0,N_("authenticate to the card")},
- { "auth" , cmdAUTHENTICATE, 0, NULL },
- { "reset" , cmdRESET, 0, N_("send a reset to the card daemon")},
- { "factory-reset", cmdFACTORYRESET, 1, N_("destroy all keys and data")},
- { "kdf-setup", cmdKDFSETUP, 1, N_("setup KDF for PIN authentication")},
- { "key-attr", cmdKEYATTR, 1, N_("change the key attribute")},
- { "uif", cmdUIF, 1, N_("change the User Interaction Flag")},
- { "privatedo", cmdPRIVATEDO, 0, N_("change a private data object")},
- { "readcert", cmdREADCERT, 0, N_("read a certificate from a data object")},
- { "writecert", cmdWRITECERT, 1, N_("store a certificate to a data object")},
- { "yubikey", cmdYUBIKEY, 0, N_("Yubikey management commands")},
- { NULL, cmdINVCMD, 0, NULL }
+ { "quit" , cmdQUIT, N_("quit this menu")},
+ { "q" , cmdQUIT, NULL },
+ { "help" , cmdHELP, N_("show this help")},
+ { "?" , cmdHELP, NULL },
+ { "list" , cmdLIST, N_("list all available data")},
+ { "l" , cmdLIST, NULL },
+ { "name" , cmdNAME, N_("change card holder's name")},
+ { "url" , cmdURL, N_("change URL to retrieve key")},
+ { "fetch" , cmdFETCH, N_("fetch the key specified in the card URL")},
+ { "login" , cmdLOGIN, N_("change the login name")},
+ { "lang" , cmdLANG, N_("change the language preferences")},
+ { "salutation",cmdSALUT, N_("change card holder's salutation")},
+ { "salut" , cmdSALUT, NULL },
+ { "cafpr" , cmdCAFPR , N_("change a CA fingerprint")},
+ { "forcesig", cmdFORCESIG, N_("toggle the signature force PIN flag")},
+ { "generate", cmdGENERATE, N_("generate new keys")},
+ { "passwd" , cmdPASSWD, N_("menu to change or unblock the PIN")},
+ { "verify" , cmdVERIFY, N_("verify the PIN and list all data")},
+ { "unblock" , cmdUNBLOCK, N_("unblock the PIN using a Reset Code")},
+ { "authenticate",cmdAUTH, N_("authenticate to the card")},
+ { "auth" , cmdAUTH, NULL },
+ { "reset" , cmdRESET, N_("send a reset to the card daemon")},
+ { "factory-reset",cmdFACTRST, N_("destroy all keys and data")},
+ { "kdf-setup", cmdKDFSETUP, N_("setup KDF for PIN authentication")},
+ { "key-attr", cmdKEYATTR, N_("change the key attribute")},
+ { "uif", cmdUIF, N_("change the User Interaction Flag")},
+ { "privatedo", cmdPRIVATEDO, N_("change a private data object")},
+ { "readcert", cmdREADCERT, N_("read a certificate from a data object")},
+ { "writecert", cmdWRITECERT, N_("store a certificate to a data object")},
+ { "yubikey", cmdYUBIKEY, N_("Yubikey management commands")},
+ { NULL, cmdINVCMD, NULL }
};
@@ -3078,12 +3072,8 @@ dispatch_command (card_info_t info, const char *orig_command)
}
break;
- case cmdADMIN:
- /* This is a NOP in non-interactive mode. */
- break;
-
case cmdVERIFY: err = cmd_verify (info, argstr); break;
- case cmdAUTHENTICATE: err = cmd_authenticate (info, argstr); break;
+ case cmdAUTH: err = cmd_authenticate (info, argstr); break;
case cmdNAME: err = cmd_name (info, argstr); break;
case cmdURL: err = cmd_url (info, argstr); break;
case cmdFETCH: err = cmd_fetch (info); break;
@@ -3096,9 +3086,9 @@ dispatch_command (card_info_t info, const char *orig_command)
case cmdREADCERT: err = cmd_readcert (info, argstr); break;
case cmdFORCESIG: err = cmd_forcesig (info); break;
case cmdGENERATE: err = cmd_generate (info, argstr); break;
- case cmdPASSWD: err = cmd_passwd (info, 1, argstr); break;
+ case cmdPASSWD: err = cmd_passwd (info, argstr); break;
case cmdUNBLOCK: err = cmd_unblock (info); break;
- case cmdFACTORYRESET: err = cmd_factoryreset (info); break;
+ case cmdFACTRST: err = cmd_factoryreset (info); break;
case cmdKDFSETUP: err = cmd_kdfsetup (info, argstr); break;
case cmdKEYATTR: err = cmd_keyattr (info, argstr); break;
case cmdUIF: err = cmd_uif (info, argstr); break;
@@ -3139,10 +3129,8 @@ interactive_loop (void)
gpg_error_t err;
char *answer = NULL; /* The input line. */
enum cmdids cmd = cmdNOP; /* The command. */
- int cmd_admin_only; /* The command is an admin only command. */
char *argstr; /* The argument as a string. */
int redisplay = 1; /* Whether to redisplay the main info. */
- int allow_admin = 0; /* Whether admin commands are allowed. */
char *help_arg = NULL; /* Argument of the HELP command. */
struct card_info_s info_buffer = { 0 };
card_info_t info = &info_buffer;
@@ -3205,7 +3193,6 @@ interactive_loop (void)
}
argstr = NULL;
- cmd_admin_only = 0;
if (!*answer)
cmd = cmdLIST; /* We default to the list command */
else if (*answer == CONTROL_D)
@@ -3224,7 +3211,6 @@ interactive_loop (void)
break;
cmd = cmds[i].id;
- cmd_admin_only = cmds[i].admin_only;
}
/* Make sure we have valid strings for the args. They are
@@ -3242,7 +3228,6 @@ interactive_loop (void)
else if (redisplay)
{
cmd = cmdLIST;
- cmd_admin_only = 0;
}
else if (!info->serialno)
{
@@ -3252,12 +3237,6 @@ interactive_loop (void)
tty_printf ("Serial number missing\n");
continue;
}
- else if (!allow_admin && cmd_admin_only)
- {
- tty_printf ("\n");
- tty_printf (_("Admin-only command\n"));
- continue;
- }
}
err = 0;
@@ -3292,9 +3271,7 @@ interactive_loop (void)
tty_printf
("List of commands (\"help <command>\" for details):\n");
for (i=0; cmds[i].name; i++ )
- if(cmds[i].desc
- && (!cmds[i].admin_only
- || (cmds[i].admin_only && allow_admin)))
+ if(cmds[i].desc)
tty_printf("%-14s %s\n", cmds[i].name, _(cmds[i].desc) );
}
break;
@@ -3321,36 +3298,12 @@ interactive_loop (void)
}
break;
- case cmdADMIN:
- if ( !strcmp (argstr, "on") )
- allow_admin = 1;
- else if ( !strcmp (argstr, "off") )
- allow_admin = 0;
- else if ( !strcmp (argstr, "verify") )
- {
- /* Force verification of the Admin Command. However,
- this is only done if the retry counter is at initial
- state. */
- /* FIXME: Must depend on the type of the card. */
- /* char *tmp = xmalloc (strlen (serialnobuf) + 6 + 1); */
- /* strcpy (stpcpy (tmp, serialnobuf), "[CHV3]"); */
- /* allow_admin = !agent_scd_checkpin (tmp); */
- /* xfree (tmp); */
- }
- else /* Toggle. */
- allow_admin=!allow_admin;
- if(allow_admin)
- tty_printf(_("Admin commands are allowed\n"));
- else
- tty_printf(_("Admin commands are not allowed\n"));
- break;
-
case cmdVERIFY:
err = cmd_verify (info, argstr);
if (!err)
redisplay = 1;
break;
- case cmdAUTHENTICATE: err = cmd_authenticate (info, argstr); break;
+ case cmdAUTH: err = cmd_authenticate (info, argstr); break;
case cmdNAME: err = cmd_name (info, argstr); break;
case cmdURL: err = cmd_url (info, argstr); break;
case cmdFETCH: err = cmd_fetch (info); break;
@@ -3363,9 +3316,9 @@ interactive_loop (void)
case cmdREADCERT: err = cmd_readcert (info, argstr); break;
case cmdFORCESIG: err = cmd_forcesig (info); break;
case cmdGENERATE: err = cmd_generate (info, argstr); break;
- case cmdPASSWD: err = cmd_passwd (info, allow_admin, argstr); break;
+ case cmdPASSWD: err = cmd_passwd (info, argstr); break;
case cmdUNBLOCK: err = cmd_unblock (info); break;
- case cmdFACTORYRESET:
+ case cmdFACTRST:
err = cmd_factoryreset (info);
if (!err)
redisplay = 1;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 05:31:35 +0000