aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--agent/command.c43
-rw-r--r--agent/keyformat.txt6
2 files changed, 27 insertions, 22 deletions
diff --git a/agent/command.c b/agent/command.c
index e25c6dfda..b820a5528 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -1479,7 +1479,7 @@ static gpg_error_t
do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
int data, int with_ssh_fpr, int in_ssh,
int ttl, int disabled, int confirm, int on_card,
- const char *need_attr)
+ const char *need_attr, int list_mode)
{
gpg_error_t err;
char hexgrip[40+1];
@@ -1507,11 +1507,12 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
goto leave;
}
- if (need_attr)
+ if (need_attr || (ctrl->restricted && list_mode))
{
gcry_sexp_t s_key = NULL;
nvc_t keymeta = NULL;
- int istrue;
+ int istrue, has_rl;
+
if (missing_key)
goto leave; /* No attribute available. */
@@ -1521,7 +1522,14 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
istrue = 0;
else
{
- istrue = nvc_get_boolean (keymeta, need_attr);
+ has_rl = 0;
+ if (ctrl->restricted && list_mode
+ && !(has_rl = nvc_get_boolean (keymeta, "Remote-list:")))
+ istrue = 0;
+ else if (need_attr)
+ istrue = nvc_get_boolean (keymeta, need_attr);
+ else
+ istrue = has_rl;
nvc_release (keymeta);
}
gcry_sexp_release (s_key);
@@ -1532,7 +1540,6 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
}
}
-
/* Reformat the grip so that we use uppercase as good style. */
bin2hex (grip, 20, hexgrip);
@@ -1722,12 +1729,6 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
if (list_mode == 2)
{
- if (ctrl->restricted)
- {
- err = leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
- goto leave;;
- }
-
if (cf)
{
while (!ssh_read_control_file (cf, hexgrip,
@@ -1742,8 +1743,10 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
on_card = 1;
err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, 1,
- ttl, disabled, confirm, on_card, need_attr);
- if (need_attr && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+ ttl, disabled, confirm, on_card, need_attr,
+ list_mode);
+ if ((need_attr || ctrl->restricted)
+ && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
;
else if (err)
goto leave;
@@ -1756,12 +1759,6 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
char *dirname;
gnupg_dirent_t dir_entry;
- if (ctrl->restricted)
- {
- err = leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN));
- goto leave;
- }
-
dirname = make_filename_try (gnupg_homedir (),
GNUPG_PRIVATE_KEYS_DIR, NULL);
if (!dirname)
@@ -1806,8 +1803,10 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
on_card = 1;
err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, is_ssh,
- ttl, disabled, confirm, on_card, need_attr);
- if (need_attr && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
+ ttl, disabled, confirm, on_card, need_attr,
+ list_mode);
+ if ((need_attr || ctrl->restricted)
+ && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
;
else if (err)
goto leave;
@@ -1836,7 +1835,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line)
on_card = 1;
err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr, is_ssh,
- ttl, disabled, confirm, on_card, need_attr);
+ ttl, disabled, confirm, on_card, need_attr, 0);
}
leave:
diff --git a/agent/keyformat.txt b/agent/keyformat.txt
index 97e2f795f..42e6d215e 100644
--- a/agent/keyformat.txt
+++ b/agent/keyformat.txt
@@ -129,6 +129,12 @@ If given and the value is "yes" or "1" the key is allowed for use by
GnuPG's PKCS#11 interface (Scute). Note that Scute needs to be
configured to use this optimization.
+*** Remote-list
+Allow to list the key with the KEYINFO command from a remote machine
+via the extra socket. A boolean value is expected; the default is
+"no". Note that KEYINFO will anyway provide information if the
+keygrip is specified.
+
*** Confirm
If given and the value is "yes", a user will be asked confirmation by
a dialog window when the key is about to be used for