1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-24 15:17:02 +01:00

* options.h, main.h, export.c (parse_export_options, do_export_stream),

g10.c (main): add new --export-options option. Current flags are
"include-non-rfc", "include-local-sigs", "include-attributes", and
"include-sensitive-revkeys".

* options.h, hkp.c (hkp_export), keyserver.c (parse_keyserver_options,
keyserver_spawn): try passing unknown keyserver options to export options,
and if successful, use them when doing a keyserver --send-key.

* build-packet.c (build_sig_subpkt): We do not generate
SIGSUBPKT_PRIV_VERIFY_CACHE anymore.
This commit is contained in:
David Shaw 2002-07-22 19:07:21 +00:00
parent b65aced7b2
commit 002f085c23
8 changed files with 111 additions and 33 deletions

View File

@ -1,5 +1,18 @@
2002-07-22 David Shaw <dshaw@jabberwocky.com> 2002-07-22 David Shaw <dshaw@jabberwocky.com>
* options.h, main.h, export.c (parse_export_options,
do_export_stream), g10.c (main): add new --export-options option.
Current flags are "include-non-rfc", "include-local-sigs",
"include-attributes", and "include-sensitive-revkeys".
* options.h, hkp.c (hkp_export), keyserver.c
(parse_keyserver_options, keyserver_spawn): try passing unknown
keyserver options to export options, and if successful, use them
when doing a keyserver --send-key.
* build-packet.c (build_sig_subpkt): We do not generate
SIGSUBPKT_PRIV_VERIFY_CACHE anymore.
* revoke.c (gen_desig_revoke): Lots more comments about including * revoke.c (gen_desig_revoke): Lots more comments about including
sensitive revkeys along with the revocation sig itself. sensitive revkeys along with the revocation sig itself.

View File

@ -763,8 +763,10 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
nlen = 1; /* just a 1 byte length header */ nlen = 1; /* just a 1 byte length header */
switch( type ) { switch( type ) {
case SIGSUBPKT_ISSUER:
case SIGSUBPKT_PRIV_VERIFY_CACHE: /*(obsolete)*/ case SIGSUBPKT_PRIV_VERIFY_CACHE: /*(obsolete)*/
BUG();
break;
case SIGSUBPKT_ISSUER:
hashed = 0; hashed = 0;
break; break;
default: default:

View File

@ -34,21 +34,65 @@
#include "main.h" #include "main.h"
#include "i18n.h" #include "i18n.h"
static int do_export( STRLIST users, int secret, int flags ); static int do_export( STRLIST users, int secret, unsigned int options );
static int do_export_stream( IOBUF out, STRLIST users, static int do_export_stream( IOBUF out, STRLIST users,
int secret, int flags, int *any ); int secret, unsigned int options, int *any );
int
parse_export_options(char *str,unsigned int *options)
{
char *tok;
int hit=0;
struct
{
char *name;
unsigned int bit;
} export_opts[]=
{
{"include-non-rfc",EXPORT_INCLUDE_NON_RFC},
{"include-local-sigs",EXPORT_INCLUDE_LOCAL_SIGS},
{"include-attributes",EXPORT_INCLUDE_ATTRIBUTES},
{"include-sensitive-revkeys",EXPORT_INCLUDE_SENSITIVE_REVKEYS},
{NULL,0}
/* add tags for include revoked and disabled? */
};
while((tok=strsep(&str," ,")))
{
int i,rev=0;
if(ascii_memcasecmp("no-",tok,3)==0)
rev=1;
for(i=0;export_opts[i].name;i++)
{
if(ascii_strcasecmp(export_opts[i].name,tok)==0)
{
if(rev)
*options&=~export_opts[i].bit;
else
*options|=export_opts[i].bit;
hit=1;
break;
}
}
if(!hit && !export_opts[i].name)
return 0;
}
return hit;
}
/**************** /****************
* Export the public keys (to standard out or --output). * Export the public keys (to standard out or --output).
* Depending on opt.armor the output is armored. * Depending on opt.armor the output is armored.
* flags has two bits: EXPORT_FLAG_ONLYRFC, so that only RFC2440 * options are defined in main.h.
* compatible keys are exported, and EXPORT_FLAG_SKIPATTRIBS to not
* export attribute packets (photo IDs).
* If USERS is NULL, the complete ring will be exported. */ * If USERS is NULL, the complete ring will be exported. */
int int
export_pubkeys( STRLIST users, int flags ) export_pubkeys( STRLIST users, unsigned int options )
{ {
return do_export( users, 0, flags ); return do_export( users, 0, options );
} }
/**************** /****************
@ -56,11 +100,11 @@ export_pubkeys( STRLIST users, int flags )
* been exported * been exported
*/ */
int int
export_pubkeys_stream( IOBUF out, STRLIST users, int flags ) export_pubkeys_stream( IOBUF out, STRLIST users, unsigned int options )
{ {
int any, rc; int any, rc;
rc = do_export_stream( out, users, 0, flags, &any ); rc = do_export_stream( out, users, 0, options, &any );
if( !rc && !any ) if( !rc && !any )
rc = -1; rc = -1;
return rc; return rc;
@ -79,7 +123,7 @@ export_secsubkeys( STRLIST users )
} }
static int static int
do_export( STRLIST users, int secret, int flags ) do_export( STRLIST users, int secret, unsigned int options )
{ {
IOBUF out = NULL; IOBUF out = NULL;
int any, rc; int any, rc;
@ -99,7 +143,7 @@ do_export( STRLIST users, int secret, int flags )
} }
if( opt.compress_keys && opt.compress ) if( opt.compress_keys && opt.compress )
iobuf_push_filter( out, compress_filter, &zfx ); iobuf_push_filter( out, compress_filter, &zfx );
rc = do_export_stream( out, users, secret, flags, &any ); rc = do_export_stream( out, users, secret, options, &any );
if( rc || !any ) if( rc || !any )
iobuf_cancel(out); iobuf_cancel(out);
@ -110,7 +154,8 @@ do_export( STRLIST users, int secret, int flags )
static int static int
do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any ) do_export_stream( IOBUF out, STRLIST users, int secret,
unsigned int options, int *any )
{ {
int rc = 0; int rc = 0;
PACKET pkt; PACKET pkt;
@ -167,7 +212,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any )
} }
/* do not export keys which are incompatible with rfc2440 */ /* do not export keys which are incompatible with rfc2440 */
if( (flags&EXPORT_FLAG_ONLYRFC) && if( !(options&EXPORT_INCLUDE_NON_RFC) &&
(node = find_kbnode( keyblock, PKT_PUBLIC_KEY )) ) { (node = find_kbnode( keyblock, PKT_PUBLIC_KEY )) ) {
PKT_public_key *pk = node->pkt->pkt.public_key; PKT_public_key *pk = node->pkt->pkt.public_key;
if( pk->version == 3 && pk->pubkey_algo > 3 ) { if( pk->version == 3 && pk->pubkey_algo > 3 ) {
@ -213,14 +258,16 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any )
if( node->pkt->pkttype == PKT_SIGNATURE ) { if( node->pkt->pkttype == PKT_SIGNATURE ) {
/* do not export packets which are marked as not exportable */ /* do not export packets which are marked as not exportable */
if( !node->pkt->pkt.signature->flags.exportable ) if( !(options&EXPORT_INCLUDE_LOCAL_SIGS) &&
!node->pkt->pkt.signature->flags.exportable )
continue; /* not exportable */ continue; /* not exportable */
/* do not export packets with a "sensitive" revocation /* do not export packets with a "sensitive" revocation
key. This will need revisiting when we start key. This will need revisiting when we start
supporting creating revocation keys and not just supporting creating revocation keys and not just
reading them. */ reading them. */
if( node->pkt->pkt.signature->revkey ) { if( !(options&EXPORT_INCLUDE_SENSITIVE_REVKEYS) &&
node->pkt->pkt.signature->revkey ) {
int i; int i;
for(i=0;i<node->pkt->pkt.signature->numrevkeys;i++) for(i=0;i<node->pkt->pkt.signature->numrevkeys;i++)
@ -234,7 +281,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any )
} }
/* Don't export attribs? */ /* Don't export attribs? */
if( (flags&EXPORT_FLAG_SKIPATTRIBS) && if( !(options&EXPORT_INCLUDE_ATTRIBUTES) &&
node->pkt->pkttype == PKT_USER_ID && node->pkt->pkttype == PKT_USER_ID &&
node->pkt->pkt.user_id->attrib_data ) { node->pkt->pkt.user_id->attrib_data ) {
/* Skip until we get to something that is not an attrib /* Skip until we get to something that is not an attrib

View File

@ -237,6 +237,7 @@ enum cmd_and_opt_values { aNull = 0,
oLockNever, oLockNever,
oKeyServer, oKeyServer,
oKeyServerOptions, oKeyServerOptions,
oExportOptions,
oTempDir, oTempDir,
oExecPath, oExecPath,
oEncryptTo, oEncryptTo,
@ -409,6 +410,7 @@ static ARGPARSE_OPTS opts[] = {
{ oDefaultKey, "default-key" ,2, N_("|NAME|use NAME as default secret key")}, { oDefaultKey, "default-key" ,2, N_("|NAME|use NAME as default secret key")},
{ oKeyServer, "keyserver",2, N_("|HOST|use this keyserver to lookup keys")}, { oKeyServer, "keyserver",2, N_("|HOST|use this keyserver to lookup keys")},
{ oKeyServerOptions, "keyserver-options",2,"@"}, { oKeyServerOptions, "keyserver-options",2,"@"},
{ oExportOptions, "export-options",2,"@"},
{ oCharset, "charset" , 2, N_("|NAME|set terminal charset to NAME") }, { oCharset, "charset" , 2, N_("|NAME|set terminal charset to NAME") },
{ oOptions, "options" , 2, N_("read options from file")}, { oOptions, "options" , 2, N_("read options from file")},
@ -902,6 +904,8 @@ main( int argc, char **argv )
opt.pgp2_workarounds = 1; opt.pgp2_workarounds = 1;
opt.force_v3_sigs = 1; opt.force_v3_sigs = 1;
opt.escape_from = 1; opt.escape_from = 1;
opt.export_options=EXPORT_DEFAULT;
opt.keyserver_options.export_options=EXPORT_DEFAULT;
opt.keyserver_options.include_subkeys=1; opt.keyserver_options.include_subkeys=1;
opt.keyserver_options.include_attributes=1; opt.keyserver_options.include_attributes=1;
#if defined (__MINGW32__) || defined (__CYGWIN32__) #if defined (__MINGW32__) || defined (__CYGWIN32__)
@ -1331,6 +1335,16 @@ main( int argc, char **argv )
case oKeyServerOptions: case oKeyServerOptions:
parse_keyserver_options(pargs.r.ret_str); parse_keyserver_options(pargs.r.ret_str);
break; break;
case oExportOptions:
if(!parse_export_options(pargs.r.ret_str,&opt.export_options))
{
if(configname)
log_error(_("%s:%d: invalid export options\n"),
configname,configlineno);
else
log_error(_("invalid export options\n"));
}
break;
case oTempDir: opt.temp_dir=pargs.r.ret_str; break; case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
case oExecPath: case oExecPath:
#ifndef FIXED_EXEC_PATH #ifndef FIXED_EXEC_PATH
@ -2009,7 +2023,7 @@ main( int argc, char **argv )
else if( cmd == aRecvKeys ) else if( cmd == aRecvKeys )
keyserver_import( sl ); keyserver_import( sl );
else else
export_pubkeys( sl, (cmd == aExport)?EXPORT_FLAG_ONLYRFC:0 ); export_pubkeys( sl, opt.export_options );
free_strlist(sl); free_strlist(sl);
break; break;

View File

@ -114,7 +114,6 @@ hkp_export( STRLIST users )
IOBUF temp = iobuf_temp(); IOBUF temp = iobuf_temp();
struct http_context hd; struct http_context hd;
char *request; char *request;
int attribs=EXPORT_FLAG_ONLYRFC;
unsigned int status; unsigned int status;
unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0;
@ -124,10 +123,8 @@ hkp_export( STRLIST users )
afx.what = 1; afx.what = 1;
iobuf_push_filter( temp, armor_filter, &afx ); iobuf_push_filter( temp, armor_filter, &afx );
if(!opt.keyserver_options.include_attributes) rc = export_pubkeys_stream( temp, users,
attribs|=EXPORT_FLAG_SKIPATTRIBS; opt.keyserver_options.export_options );
rc = export_pubkeys_stream( temp, users, attribs );
if( rc == -1 ) { if( rc == -1 ) {
iobuf_close(temp); iobuf_close(temp);
return 0; return 0;

View File

@ -110,7 +110,8 @@ parse_keyserver_options(char *options)
else if(ascii_strcasecmp(tok,"no-use-temp-files")==0) else if(ascii_strcasecmp(tok,"no-use-temp-files")==0)
opt.keyserver_options.use_temp_files=0; opt.keyserver_options.use_temp_files=0;
#endif #endif
else if(strlen(tok)>0) else if(!parse_export_options(tok,
&opt.keyserver_options.export_options))
add_to_strlist(&opt.keyserver_options.other,tok); add_to_strlist(&opt.keyserver_options.other,tok);
} }
} }
@ -451,10 +452,6 @@ keyserver_spawn(int action,STRLIST list,
{ {
armor_filter_context_t afx; armor_filter_context_t afx;
IOBUF buffer=iobuf_temp(); IOBUF buffer=iobuf_temp();
int attribs=EXPORT_FLAG_ONLYRFC;
if(!opt.keyserver_options.include_attributes)
attribs|=EXPORT_FLAG_SKIPATTRIBS;
temp=NULL; temp=NULL;
add_to_strlist(&temp,key->d); add_to_strlist(&temp,key->d);
@ -463,7 +460,8 @@ keyserver_spawn(int action,STRLIST list,
afx.what=1; afx.what=1;
iobuf_push_filter(buffer,armor_filter,&afx); iobuf_push_filter(buffer,armor_filter,&afx);
if(export_pubkeys_stream(buffer,temp,attribs)==-1) if(export_pubkeys_stream(buffer,temp,
opt.keyserver_options.export_options)==-1)
iobuf_close(buffer); iobuf_close(buffer);
else else
{ {

View File

@ -159,10 +159,15 @@ void import_print_stats (void *hd);
int collapse_uids( KBNODE *keyblock ); int collapse_uids( KBNODE *keyblock );
/*-- export.c --*/ /*-- export.c --*/
#define EXPORT_FLAG_ONLYRFC 1 #define EXPORT_INCLUDE_NON_RFC 1
#define EXPORT_FLAG_SKIPATTRIBS 2 #define EXPORT_INCLUDE_LOCAL_SIGS 2
int export_pubkeys( STRLIST users, int flags ); #define EXPORT_INCLUDE_ATTRIBUTES 4
int export_pubkeys_stream( IOBUF out, STRLIST users, int flags ); #define EXPORT_INCLUDE_SENSITIVE_REVKEYS 8
#define EXPORT_DEFAULT (1|4)
int parse_export_options(char *str,unsigned int *options);
int export_pubkeys( STRLIST users, unsigned int options );
int export_pubkeys_stream( IOBUF out, STRLIST users, unsigned int options );
int export_seckeys( STRLIST users ); int export_seckeys( STRLIST users );
int export_secsubkeys( STRLIST users ); int export_secsubkeys( STRLIST users );

View File

@ -129,9 +129,11 @@ struct {
int keep_temp_files; int keep_temp_files;
int fake_v3_keyids; int fake_v3_keyids;
int auto_key_retrieve; int auto_key_retrieve;
unsigned int export_options;
STRLIST other; STRLIST other;
} keyserver_options; } keyserver_options;
int exec_disable; int exec_disable;
unsigned int export_options;
char *def_preference_list; char *def_preference_list;
prefitem_t *personal_cipher_prefs, prefitem_t *personal_cipher_prefs,
*personal_digest_prefs, *personal_digest_prefs,