mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
* trustdb.h, trustdb.c (clean_subkeys_from_key): New. Walk through
the subkeys on a key, and mark any that aren't usable for deletion. Note that a signing subkey is never marked for deletion since these keys are still useful after expiration or revocation. * keyedit.c (menu_clean_subkeys_from_key): New function to call clean_subkeys_from_key() on a key. Note that the strings here are not marked for translation yet. The UI is still in flux, and there is no point in annoying the translators twice. (keyedit_menu): Call it here as part of the "clean" command.
This commit is contained in:
parent
e5a100c7c6
commit
0a9827ca07
@ -1,3 +1,16 @@
|
|||||||
|
2005-05-30 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* trustdb.h, trustdb.c (clean_subkeys_from_key): New. Walk
|
||||||
|
through the subkeys on a key, and mark any that aren't usable for
|
||||||
|
deletion. Note that a signing subkey is never marked for deletion
|
||||||
|
since these keys are still useful after expiration or revocation.
|
||||||
|
|
||||||
|
* keyedit.c (menu_clean_subkeys_from_key): New function to call
|
||||||
|
clean_subkeys_from_key() on a key. Note that the strings here are
|
||||||
|
not marked for translation yet. The UI is still in flux, and
|
||||||
|
there is no point in annoying the translators twice.
|
||||||
|
(keyedit_menu): Call it here as part of the "clean" command.
|
||||||
|
|
||||||
2005-05-29 David Shaw <dshaw@jabberwocky.com>
|
2005-05-29 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* trustdb.h, trustdb.c (clean_uids_from_key): New. Walk through
|
* trustdb.h, trustdb.c (clean_uids_from_key): New. Walk through
|
||||||
|
@ -55,6 +55,7 @@ static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
|||||||
static int menu_delsig( KBNODE pub_keyblock );
|
static int menu_delsig( KBNODE pub_keyblock );
|
||||||
static int menu_clean_sigs_from_uids(KBNODE keyblock);
|
static int menu_clean_sigs_from_uids(KBNODE keyblock);
|
||||||
static int menu_clean_uids_from_key(KBNODE keyblock);
|
static int menu_clean_uids_from_key(KBNODE keyblock);
|
||||||
|
static int menu_clean_subkeys_from_key(KBNODE keyblock);
|
||||||
static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
||||||
static int menu_addrevoker( KBNODE pub_keyblock,
|
static int menu_addrevoker( KBNODE pub_keyblock,
|
||||||
KBNODE sec_keyblock, int sensitive );
|
KBNODE sec_keyblock, int sensitive );
|
||||||
@ -2146,18 +2147,21 @@ keyedit_menu( const char *username, STRLIST locusr,
|
|||||||
modified=menu_clean_sigs_from_uids(keyblock);
|
modified=menu_clean_sigs_from_uids(keyblock);
|
||||||
else if(ascii_strcasecmp(arg_string,"uids")==0)
|
else if(ascii_strcasecmp(arg_string,"uids")==0)
|
||||||
redisplay=modified=menu_clean_uids_from_key(keyblock);
|
redisplay=modified=menu_clean_uids_from_key(keyblock);
|
||||||
|
else if(ascii_strcasecmp(arg_string,"subkeys")==0)
|
||||||
|
redisplay=modified=menu_clean_subkeys_from_key(keyblock);
|
||||||
else if(ascii_strcasecmp(arg_string,"all")==0)
|
else if(ascii_strcasecmp(arg_string,"all")==0)
|
||||||
{
|
{
|
||||||
modified=menu_clean_sigs_from_uids(keyblock);
|
modified=menu_clean_sigs_from_uids(keyblock);
|
||||||
modified+=menu_clean_uids_from_key(keyblock);
|
modified+=menu_clean_uids_from_key(keyblock);
|
||||||
|
modified+=menu_clean_subkeys_from_key(keyblock);
|
||||||
redisplay=modified;
|
redisplay=modified;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
tty_printf(_("Unable to clean `%s'\n"),arg_string);
|
tty_printf("Unable to clean `%s'\n",arg_string);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
tty_printf(_("Please specify item to clean: `sigs',"
|
tty_printf("Please specify item to clean: `sigs',"
|
||||||
" `uids', or `all'\n"));
|
" `uids', `subkeys', or `all'\n");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2549,7 +2553,8 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
|
|||||||
/* the keys */
|
/* the keys */
|
||||||
for( node = keyblock; node; node = node->next ) {
|
for( node = keyblock; node; node = node->next ) {
|
||||||
if( node->pkt->pkttype == PKT_PUBLIC_KEY
|
if( node->pkt->pkttype == PKT_PUBLIC_KEY
|
||||||
|| (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ) {
|
|| (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|
||||||
|
&& !is_deleted_kbnode(node)) ) {
|
||||||
PKT_public_key *pk = node->pkt->pkt.public_key;
|
PKT_public_key *pk = node->pkt->pkt.public_key;
|
||||||
const char *otrust="err",*trust="err";
|
const char *otrust="err",*trust="err";
|
||||||
|
|
||||||
@ -3150,7 +3155,7 @@ menu_clean_sigs_from_uids(KBNODE keyblock)
|
|||||||
int modified=0;
|
int modified=0;
|
||||||
int select_all=!count_selected_uids(keyblock);
|
int select_all=!count_selected_uids(keyblock);
|
||||||
|
|
||||||
for(uidnode=keyblock;uidnode;uidnode=uidnode->next)
|
for(uidnode=keyblock->next;uidnode;uidnode=uidnode->next)
|
||||||
{
|
{
|
||||||
if(uidnode->pkt->pkttype==PKT_USER_ID
|
if(uidnode->pkt->pkttype==PKT_USER_ID
|
||||||
&& (uidnode->flag&NODFLG_SELUID || select_all))
|
&& (uidnode->flag&NODFLG_SELUID || select_all))
|
||||||
@ -3163,8 +3168,8 @@ menu_clean_sigs_from_uids(KBNODE keyblock)
|
|||||||
if(deleted)
|
if(deleted)
|
||||||
{
|
{
|
||||||
tty_printf(deleted==1?
|
tty_printf(deleted==1?
|
||||||
_("User ID \"%s\": %d signature removed.\n"):
|
"User ID \"%s\": %d signature removed.\n":
|
||||||
_("User ID \"%s\": %d signatures removed.\n"),
|
"User ID \"%s\": %d signatures removed.\n",
|
||||||
user,deleted);
|
user,deleted);
|
||||||
modified=1;
|
modified=1;
|
||||||
}
|
}
|
||||||
@ -3182,9 +3187,7 @@ static int
|
|||||||
menu_clean_uids_from_key(KBNODE keyblock)
|
menu_clean_uids_from_key(KBNODE keyblock)
|
||||||
{
|
{
|
||||||
KBNODE node;
|
KBNODE node;
|
||||||
int modified;
|
int modified=clean_uids_from_key(keyblock,0);
|
||||||
|
|
||||||
modified=clean_uids_from_key(keyblock,opt.verbose);
|
|
||||||
|
|
||||||
if(modified)
|
if(modified)
|
||||||
{
|
{
|
||||||
@ -3203,14 +3206,46 @@ menu_clean_uids_from_key(KBNODE keyblock)
|
|||||||
else
|
else
|
||||||
reason=_("invalid");
|
reason=_("invalid");
|
||||||
|
|
||||||
tty_printf(_("User ID \"%s\" removed: %s\n"),user,reason);
|
tty_printf("User ID \"%s\" removed: %s\n",user,reason);
|
||||||
|
|
||||||
m_free(user);
|
m_free(user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
tty_printf(_("No user IDs are removable.\n"));
|
tty_printf("No user IDs are removable.\n");
|
||||||
|
|
||||||
|
return modified;
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
menu_clean_subkeys_from_key(KBNODE keyblock)
|
||||||
|
{
|
||||||
|
KBNODE node;
|
||||||
|
int modified=clean_subkeys_from_key(keyblock,0);
|
||||||
|
|
||||||
|
if(modified)
|
||||||
|
{
|
||||||
|
for(node=keyblock->next;node;node=node->next)
|
||||||
|
{
|
||||||
|
if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY && is_deleted_kbnode(node))
|
||||||
|
{
|
||||||
|
char *reason;
|
||||||
|
|
||||||
|
if(node->pkt->pkt.public_key->is_revoked)
|
||||||
|
reason=_("revoked");
|
||||||
|
else if(node->pkt->pkt.public_key->has_expired)
|
||||||
|
reason=_("expired");
|
||||||
|
else
|
||||||
|
reason=_("invalid");
|
||||||
|
|
||||||
|
tty_printf("Subkey %s removed: %s\n",
|
||||||
|
keystr(node->pkt->pkt.public_key->keyid),reason);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
tty_printf("No subkeys are removable.\n");
|
||||||
|
|
||||||
return modified;
|
return modified;
|
||||||
}
|
}
|
||||||
|
@ -1644,7 +1644,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy)
|
|||||||
int
|
int
|
||||||
clean_uids_from_key(KBNODE keyblock,int noisy)
|
clean_uids_from_key(KBNODE keyblock,int noisy)
|
||||||
{
|
{
|
||||||
int uidcount=0,delete_until_next,deleted=0;
|
int uidcount=0,delete_until_next=0,deleted=0;
|
||||||
KBNODE node;
|
KBNODE node;
|
||||||
|
|
||||||
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
|
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
|
||||||
@ -1667,11 +1667,12 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
|
|||||||
{
|
{
|
||||||
if(node->pkt->pkttype==PKT_USER_ID)
|
if(node->pkt->pkttype==PKT_USER_ID)
|
||||||
{
|
{
|
||||||
|
PKT_user_id *uid=node->pkt->pkt.user_id;
|
||||||
|
|
||||||
/* Skip valid user IDs, and non-self-signed user IDs if
|
/* Skip valid user IDs, and non-self-signed user IDs if
|
||||||
--allow-non-selfsigned-uid is set. */
|
--allow-non-selfsigned-uid is set. */
|
||||||
if(node->pkt->pkt.user_id->created
|
if(uid->created
|
||||||
|| (!node->pkt->pkt.user_id->is_expired
|
|| (!uid->is_expired && !uid->is_revoked
|
||||||
&& !node->pkt->pkt.user_id->is_revoked
|
|
||||||
&& opt.allow_non_selfsigned_uid))
|
&& opt.allow_non_selfsigned_uid))
|
||||||
delete_until_next=0;
|
delete_until_next=0;
|
||||||
else
|
else
|
||||||
@ -1682,12 +1683,11 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
|
|||||||
if(noisy)
|
if(noisy)
|
||||||
{
|
{
|
||||||
char *reason;
|
char *reason;
|
||||||
char *user=utf8_to_native(node->pkt->pkt.user_id->name,
|
char *user=utf8_to_native(uid->name,uid->len,0);
|
||||||
node->pkt->pkt.user_id->len,0);
|
|
||||||
|
|
||||||
if(node->pkt->pkt.user_id->is_revoked)
|
if(uid->is_revoked)
|
||||||
reason=_("revoked");
|
reason=_("revoked");
|
||||||
else if(node->pkt->pkt.user_id->is_expired)
|
else if(uid->is_expired)
|
||||||
reason=_("expired");
|
reason=_("expired");
|
||||||
else
|
else
|
||||||
reason=_("invalid");
|
reason=_("invalid");
|
||||||
@ -1708,6 +1708,66 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
|
|||||||
return deleted;
|
return deleted;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Another cleaning function. This only cleans encrypt-only subkeys
|
||||||
|
since an expired/revoked encryption key is basically useless, but
|
||||||
|
an expired/revoked key that can sign is still needed to verify old
|
||||||
|
signatures. */
|
||||||
|
int
|
||||||
|
clean_subkeys_from_key(KBNODE keyblock,int noisy)
|
||||||
|
{
|
||||||
|
int delete_until_next=0,deleted=0;
|
||||||
|
KBNODE node;
|
||||||
|
char *main_key=NULL;
|
||||||
|
|
||||||
|
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
|
||||||
|
|
||||||
|
merge_keys_and_selfsig(keyblock);
|
||||||
|
|
||||||
|
if(noisy)
|
||||||
|
main_key=m_strdup(keystr(keyblock->pkt->pkt.public_key->keyid));
|
||||||
|
|
||||||
|
for(node=keyblock->next;node;node=node->next)
|
||||||
|
{
|
||||||
|
if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY)
|
||||||
|
{
|
||||||
|
PKT_public_key *pk=node->pkt->pkt.public_key;
|
||||||
|
|
||||||
|
/* If it is valid, not expired, and not revoked, leave it
|
||||||
|
alone. If a key can make signatures, leave it alone. */
|
||||||
|
if(pk->pubkey_usage!=PUBKEY_USAGE_ENC
|
||||||
|
|| (pk->is_valid && !pk->has_expired && !pk->is_revoked))
|
||||||
|
delete_until_next=0;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
delete_until_next=1;
|
||||||
|
deleted++;
|
||||||
|
|
||||||
|
if(noisy)
|
||||||
|
{
|
||||||
|
char *reason;
|
||||||
|
|
||||||
|
if(pk->is_revoked)
|
||||||
|
reason=_("revoked");
|
||||||
|
else if(pk->has_expired)
|
||||||
|
reason=_("expired");
|
||||||
|
else
|
||||||
|
reason=_("invalid");
|
||||||
|
|
||||||
|
log_info("removing subkey %s from key %s: %s\n",
|
||||||
|
keystr_from_pk(pk),main_key,reason);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(delete_until_next)
|
||||||
|
delete_kbnode(node);
|
||||||
|
}
|
||||||
|
|
||||||
|
m_free(main_key);
|
||||||
|
|
||||||
|
return deleted;
|
||||||
|
}
|
||||||
|
|
||||||
/* Used by validate_one_keyblock to confirm a regexp within a trust
|
/* Used by validate_one_keyblock to confirm a regexp within a trust
|
||||||
signature. Returns 1 for match, and 0 for no match or regex
|
signature. Returns 1 for match, and 0 for no match or regex
|
||||||
error. */
|
error. */
|
||||||
|
@ -83,6 +83,7 @@ int clear_ownertrusts (PKT_public_key *pk);
|
|||||||
|
|
||||||
int clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy);
|
int clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy);
|
||||||
int clean_uids_from_key(KBNODE keyblock,int noisy);
|
int clean_uids_from_key(KBNODE keyblock,int noisy);
|
||||||
|
int clean_subkeys_from_key(KBNODE keyblock,int noisy);
|
||||||
|
|
||||||
/*-- tdbdump.c --*/
|
/*-- tdbdump.c --*/
|
||||||
void list_trustdb(const char *username);
|
void list_trustdb(const char *username);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user