diff options
| author | Werner Koch <wk@gnupg.org> | 2018-05-28 09:56:49 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2018-05-28 09:56:49 +0200 |
| commit | 0de991fee05a9733ac29b2fa35643fe4607e56cb (patch) | |
| tree | dbcd4aba50f93ea503d4a3c58b6b8653a0bdcccd | |
| parent | 368f2d9db30df16328b34787419de99fe3e1e2f1 (diff) | |
| download | gpgme-0de991fee05a9733ac29b2fa35643fe4607e56cb.tar.gz | |
json: Do not allow to export or delete secret keys.
* src/gpgme-json.c (op_export, op_delete): Return GPG_ERR_FORBIDDEN if
"secret" is used.
--
This should not be possible from a browser and we need to make this
fully clear. Actually gpg-agent won't allow that anyway but having
this explicitly is better.
If that is ever needed a dedicated command line option may enable
this, for example when used by regular programs and not by the browser.
But that requires other changes as well.
Signed-off-by: Werner Koch <wk@gnupg.org>
| -rw-r--r-- | src/gpgme-json.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/gpgme-json.c b/src/gpgme-json.c index 4341546a..d206f5f9 100644 --- a/src/gpgme-json.c +++ b/src/gpgme-json.c @@ -2169,7 +2169,6 @@ static const char hlp_export[] = "armor: Request output in armored format.\n" "extern: Add EXPORT_MODE_EXTERN.\n" "minimal: Add EXPORT_MODE_MINIMAL.\n" - "secret: Add EXPORT_MODE_SECRET. (not implemented)\n" "raw: Add EXPORT_MODE_RAW.\n" "pkcs12: Add EXPORT_MODE_PKCS12.\n" "\n" @@ -2206,7 +2205,10 @@ op_export (cjson_t request, cjson_t result) if ((err = get_boolean_flag (request, "secret", 0, &abool))) goto leave; if (abool) - mode |= GPGME_EXPORT_MODE_SECRET; + { + err = gpg_error (GPG_ERR_FORBIDDEN); + goto leave; + } if ((err = get_boolean_flag (request, "extern", 0, &abool))) goto leave; @@ -2270,9 +2272,6 @@ static const char hlp_delete[] = "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" "\n" - "Optional boolean flags (default is false):\n" - "secret: Allow deletion of secret keys. (not implemented)\n" - "\n" "Response on success:\n" "success: Boolean true.\n"; static gpg_error_t @@ -2293,6 +2292,11 @@ op_delete (cjson_t request, cjson_t result) if ((err = get_boolean_flag (request, "secret", 0, &secret))) goto leave; + if (secret) + { + err = gpg_error (GPG_ERR_FORBIDDEN); + goto leave; + } j_key = cJSON_GetObjectItem (request, "key"); if (!j_key) @@ -2307,14 +2311,14 @@ op_delete (cjson_t request, cjson_t result) } /* Get the key */ - if ((err = gpgme_get_key (keylist_ctx, j_key->valuestring, &key, secret))) + if ((err = gpgme_get_key (keylist_ctx, j_key->valuestring, &key, 0))) { gpg_error_object (result, err, "Error fetching key for delete: %s", gpg_strerror (err)); goto leave; } - err = gpgme_op_delete (ctx, key, secret); + err = gpgme_op_delete (ctx, key, 0); if (err) { gpg_error_object (result, err, "Error deleting key: %s", |