diff options
| author | Werner Koch <[email protected]> | 2019-03-28 09:56:28 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-03-28 09:57:27 +0000 |
| commit | 2f761251c5730a9ad113fa58466addc9c2372da8 (patch) | |
| tree | 1f024540d015ea92f086598a5d31b3f0a97db557 | |
| parent | scd: Support reading the Yubikey 4 firmware version. (diff) | |
| download | gnupg-2f761251c5730a9ad113fa58466addc9c2372da8.tar.gz gnupg-2f761251c5730a9ad113fa58466addc9c2372da8.zip | |
card: Allow "yubikey disable" only for Yubikey-5 and later.
* tools/card-yubikey.c (yubikey_commands): Add new arg INFO and test
for Yubikey-5.
* tools/gpg-card.c (cmd_yubikey): Pass info to yubikey_commands.
--
The configuration can be read from a Yubikey-4 but not be written.
The mode command is also not useful because it allows only the
selection of transports. It does not allow to disable single
applications based on one transport (like OPGP and PIV). Thsi patch
shows an appropriate error message.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | tools/card-yubikey.c | 10 | ||||
| -rw-r--r-- | tools/gpg-card.c | 2 | ||||
| -rw-r--r-- | tools/gpg-card.h | 3 |
3 files changed, 12 insertions, 3 deletions
diff --git a/tools/card-yubikey.c b/tools/card-yubikey.c index f9d130988..fff669cc0 100644 --- a/tools/card-yubikey.c +++ b/tools/card-yubikey.c @@ -310,7 +310,7 @@ yk_enable_disable (struct ykapps_s *yk, struct iface_s *iface, * stream to output information. This function must only be called on * Yubikeys. */ gpg_error_t -yubikey_commands (estream_t fp, int argc, char *argv[]) +yubikey_commands (card_info_t info, estream_t fp, int argc, char *argv[]) { gpg_error_t err; enum {ykLIST, ykENABLE, ykDISABLE } cmd; @@ -336,6 +336,14 @@ yubikey_commands (estream_t fp, int argc, char *argv[]) goto leave; } + if (info->cardversion < 0x050000 && cmd != ykLIST) + { + log_info ("Sub-command '%s' is only support by Yubikey-5 and later\n", + argv[0]); + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + goto leave; + } + /* Parse interface if needed. */ if (cmd == ykLIST) iface.usb = iface.nfc = 1; diff --git a/tools/gpg-card.c b/tools/gpg-card.c index e2d728dab..a3113c9c5 100644 --- a/tools/gpg-card.c +++ b/tools/gpg-card.c @@ -2988,7 +2988,7 @@ cmd_yubikey (card_info_t info, char *argstr) /* Note that we always do a learn to get a chance to the card back * into a usable state. */ - err = yubikey_commands (fp, nwords, words); + err = yubikey_commands (info, fp, nwords, words); err2 = scd_learn (info); if (err2) log_error ("Error re-reading card: %s\n", gpg_strerror (err)); diff --git a/tools/gpg-card.h b/tools/gpg-card.h index 099ea5448..35db14d25 100644 --- a/tools/gpg-card.h +++ b/tools/gpg-card.h @@ -224,7 +224,8 @@ gpg_error_t scd_checkpin (const char *serialno); unsigned long agent_get_s2k_count (void); /*-- card-yubikey.c --*/ -gpg_error_t yubikey_commands (estream_t fp, int argc, char *argv[]); +gpg_error_t yubikey_commands (card_info_t info, + estream_t fp, int argc, char *argv[]); #endif /*GNUPG_GPG_CARD_H*/ |