1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

* trustdb.h, trustdb.c (clean_subkeys_from_key): New. Walk through

the subkeys on a key, and mark any that aren't usable for deletion.
Note that a signing subkey is never marked for deletion since these
keys are still useful after expiration or revocation.

* keyedit.c (menu_clean_subkeys_from_key): New function to call
clean_subkeys_from_key() on a key.  Note that the strings here are not
marked for translation yet.  The UI is still in flux, and there is no
point in annoying the translators twice.  (keyedit_menu): Call it here
as part of the "clean" command.
This commit is contained in:
David Shaw 2005-05-31 03:59:24 +00:00
parent e5a100c7c6
commit 0a9827ca07
4 changed files with 129 additions and 20 deletions

View File

@ -1,3 +1,16 @@
2005-05-30 David Shaw <dshaw@jabberwocky.com>
* trustdb.h, trustdb.c (clean_subkeys_from_key): New. Walk
through the subkeys on a key, and mark any that aren't usable for
deletion. Note that a signing subkey is never marked for deletion
since these keys are still useful after expiration or revocation.
* keyedit.c (menu_clean_subkeys_from_key): New function to call
clean_subkeys_from_key() on a key. Note that the strings here are
not marked for translation yet. The UI is still in flux, and
there is no point in annoying the translators twice.
(keyedit_menu): Call it here as part of the "clean" command.
2005-05-29 David Shaw <dshaw@jabberwocky.com> 2005-05-29 David Shaw <dshaw@jabberwocky.com>
* trustdb.h, trustdb.c (clean_uids_from_key): New. Walk through * trustdb.h, trustdb.c (clean_uids_from_key): New. Walk through

View File

@ -55,6 +55,7 @@ static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_delsig( KBNODE pub_keyblock ); static int menu_delsig( KBNODE pub_keyblock );
static int menu_clean_sigs_from_uids(KBNODE keyblock); static int menu_clean_sigs_from_uids(KBNODE keyblock);
static int menu_clean_uids_from_key(KBNODE keyblock); static int menu_clean_uids_from_key(KBNODE keyblock);
static int menu_clean_subkeys_from_key(KBNODE keyblock);
static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock ); static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_addrevoker( KBNODE pub_keyblock, static int menu_addrevoker( KBNODE pub_keyblock,
KBNODE sec_keyblock, int sensitive ); KBNODE sec_keyblock, int sensitive );
@ -2146,18 +2147,21 @@ keyedit_menu( const char *username, STRLIST locusr,
modified=menu_clean_sigs_from_uids(keyblock); modified=menu_clean_sigs_from_uids(keyblock);
else if(ascii_strcasecmp(arg_string,"uids")==0) else if(ascii_strcasecmp(arg_string,"uids")==0)
redisplay=modified=menu_clean_uids_from_key(keyblock); redisplay=modified=menu_clean_uids_from_key(keyblock);
else if(ascii_strcasecmp(arg_string,"subkeys")==0)
redisplay=modified=menu_clean_subkeys_from_key(keyblock);
else if(ascii_strcasecmp(arg_string,"all")==0) else if(ascii_strcasecmp(arg_string,"all")==0)
{ {
modified=menu_clean_sigs_from_uids(keyblock); modified=menu_clean_sigs_from_uids(keyblock);
modified+=menu_clean_uids_from_key(keyblock); modified+=menu_clean_uids_from_key(keyblock);
modified+=menu_clean_subkeys_from_key(keyblock);
redisplay=modified; redisplay=modified;
} }
else else
tty_printf(_("Unable to clean `%s'\n"),arg_string); tty_printf("Unable to clean `%s'\n",arg_string);
} }
else else
tty_printf(_("Please specify item to clean: `sigs'," tty_printf("Please specify item to clean: `sigs',"
" `uids', or `all'\n")); " `uids', `subkeys', or `all'\n");
} }
break; break;
@ -2549,7 +2553,8 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
/* the keys */ /* the keys */
for( node = keyblock; node; node = node->next ) { for( node = keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_PUBLIC_KEY if( node->pkt->pkttype == PKT_PUBLIC_KEY
|| (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ) { || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY
&& !is_deleted_kbnode(node)) ) {
PKT_public_key *pk = node->pkt->pkt.public_key; PKT_public_key *pk = node->pkt->pkt.public_key;
const char *otrust="err",*trust="err"; const char *otrust="err",*trust="err";
@ -3150,7 +3155,7 @@ menu_clean_sigs_from_uids(KBNODE keyblock)
int modified=0; int modified=0;
int select_all=!count_selected_uids(keyblock); int select_all=!count_selected_uids(keyblock);
for(uidnode=keyblock;uidnode;uidnode=uidnode->next) for(uidnode=keyblock->next;uidnode;uidnode=uidnode->next)
{ {
if(uidnode->pkt->pkttype==PKT_USER_ID if(uidnode->pkt->pkttype==PKT_USER_ID
&& (uidnode->flag&NODFLG_SELUID || select_all)) && (uidnode->flag&NODFLG_SELUID || select_all))
@ -3163,8 +3168,8 @@ menu_clean_sigs_from_uids(KBNODE keyblock)
if(deleted) if(deleted)
{ {
tty_printf(deleted==1? tty_printf(deleted==1?
_("User ID \"%s\": %d signature removed.\n"): "User ID \"%s\": %d signature removed.\n":
_("User ID \"%s\": %d signatures removed.\n"), "User ID \"%s\": %d signatures removed.\n",
user,deleted); user,deleted);
modified=1; modified=1;
} }
@ -3182,9 +3187,7 @@ static int
menu_clean_uids_from_key(KBNODE keyblock) menu_clean_uids_from_key(KBNODE keyblock)
{ {
KBNODE node; KBNODE node;
int modified; int modified=clean_uids_from_key(keyblock,0);
modified=clean_uids_from_key(keyblock,opt.verbose);
if(modified) if(modified)
{ {
@ -3203,14 +3206,46 @@ menu_clean_uids_from_key(KBNODE keyblock)
else else
reason=_("invalid"); reason=_("invalid");
tty_printf(_("User ID \"%s\" removed: %s\n"),user,reason); tty_printf("User ID \"%s\" removed: %s\n",user,reason);
m_free(user); m_free(user);
} }
} }
} }
else else
tty_printf(_("No user IDs are removable.\n")); tty_printf("No user IDs are removable.\n");
return modified;
}
static int
menu_clean_subkeys_from_key(KBNODE keyblock)
{
KBNODE node;
int modified=clean_subkeys_from_key(keyblock,0);
if(modified)
{
for(node=keyblock->next;node;node=node->next)
{
if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY && is_deleted_kbnode(node))
{
char *reason;
if(node->pkt->pkt.public_key->is_revoked)
reason=_("revoked");
else if(node->pkt->pkt.public_key->has_expired)
reason=_("expired");
else
reason=_("invalid");
tty_printf("Subkey %s removed: %s\n",
keystr(node->pkt->pkt.public_key->keyid),reason);
}
}
}
else
tty_printf("No subkeys are removable.\n");
return modified; return modified;
} }

View File

@ -1644,7 +1644,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy)
int int
clean_uids_from_key(KBNODE keyblock,int noisy) clean_uids_from_key(KBNODE keyblock,int noisy)
{ {
int uidcount=0,delete_until_next,deleted=0; int uidcount=0,delete_until_next=0,deleted=0;
KBNODE node; KBNODE node;
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY); assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
@ -1667,11 +1667,12 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
{ {
if(node->pkt->pkttype==PKT_USER_ID) if(node->pkt->pkttype==PKT_USER_ID)
{ {
PKT_user_id *uid=node->pkt->pkt.user_id;
/* Skip valid user IDs, and non-self-signed user IDs if /* Skip valid user IDs, and non-self-signed user IDs if
--allow-non-selfsigned-uid is set. */ --allow-non-selfsigned-uid is set. */
if(node->pkt->pkt.user_id->created if(uid->created
|| (!node->pkt->pkt.user_id->is_expired || (!uid->is_expired && !uid->is_revoked
&& !node->pkt->pkt.user_id->is_revoked
&& opt.allow_non_selfsigned_uid)) && opt.allow_non_selfsigned_uid))
delete_until_next=0; delete_until_next=0;
else else
@ -1682,12 +1683,11 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
if(noisy) if(noisy)
{ {
char *reason; char *reason;
char *user=utf8_to_native(node->pkt->pkt.user_id->name, char *user=utf8_to_native(uid->name,uid->len,0);
node->pkt->pkt.user_id->len,0);
if(node->pkt->pkt.user_id->is_revoked) if(uid->is_revoked)
reason=_("revoked"); reason=_("revoked");
else if(node->pkt->pkt.user_id->is_expired) else if(uid->is_expired)
reason=_("expired"); reason=_("expired");
else else
reason=_("invalid"); reason=_("invalid");
@ -1708,6 +1708,66 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
return deleted; return deleted;
} }
/* Another cleaning function. This only cleans encrypt-only subkeys
since an expired/revoked encryption key is basically useless, but
an expired/revoked key that can sign is still needed to verify old
signatures. */
int
clean_subkeys_from_key(KBNODE keyblock,int noisy)
{
int delete_until_next=0,deleted=0;
KBNODE node;
char *main_key=NULL;
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
merge_keys_and_selfsig(keyblock);
if(noisy)
main_key=m_strdup(keystr(keyblock->pkt->pkt.public_key->keyid));
for(node=keyblock->next;node;node=node->next)
{
if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY)
{
PKT_public_key *pk=node->pkt->pkt.public_key;
/* If it is valid, not expired, and not revoked, leave it
alone. If a key can make signatures, leave it alone. */
if(pk->pubkey_usage!=PUBKEY_USAGE_ENC
|| (pk->is_valid && !pk->has_expired && !pk->is_revoked))
delete_until_next=0;
else
{
delete_until_next=1;
deleted++;
if(noisy)
{
char *reason;
if(pk->is_revoked)
reason=_("revoked");
else if(pk->has_expired)
reason=_("expired");
else
reason=_("invalid");
log_info("removing subkey %s from key %s: %s\n",
keystr_from_pk(pk),main_key,reason);
}
}
}
if(delete_until_next)
delete_kbnode(node);
}
m_free(main_key);
return deleted;
}
/* Used by validate_one_keyblock to confirm a regexp within a trust /* Used by validate_one_keyblock to confirm a regexp within a trust
signature. Returns 1 for match, and 0 for no match or regex signature. Returns 1 for match, and 0 for no match or regex
error. */ error. */

View File

@ -83,6 +83,7 @@ int clear_ownertrusts (PKT_public_key *pk);
int clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy); int clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy);
int clean_uids_from_key(KBNODE keyblock,int noisy); int clean_uids_from_key(KBNODE keyblock,int noisy);
int clean_subkeys_from_key(KBNODE keyblock,int noisy);
/*-- tdbdump.c --*/ /*-- tdbdump.c --*/
void list_trustdb(const char *username); void list_trustdb(const char *username);