mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
Fix ownertrust display with --with-colons.
Properly initialize the user ID refcount for user and photo IDs. Tweak a few prompts to change "y/n" to "y/N", which is how most other prompts are written. Warn the user if they are about to revoke an expired sig (not a problem, but they should know). Control-d escapes the keyserver search prompt. If a subkey is considered revoked solely because the parent key is revoked, print the revocation reason from the parent key. Allow revocation/expiration to apply to a uid/key with no entry in the trustdb.
This commit is contained in:
parent
1ca0a0ac0b
commit
0f682ed3f7
@ -1,3 +1,27 @@
|
||||
2002-03-31 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keylist.c (list_keyblock_colon): Fix ownertrust display with
|
||||
--with-colons.
|
||||
|
||||
* keygen.c (generate_user_id), photoid.c (generate_photo_id):
|
||||
Properly initialize the user ID refcount. A few more "y/n" ->
|
||||
"y/N" in photoid.c.
|
||||
|
||||
* keyedit.c (ask_revoke_sig): Warn the user if they are about to
|
||||
revoke an expired sig (not a problem, but they should know). Also
|
||||
tweak a few prompts to change "y/n" to "y/N", which is how most
|
||||
other prompts are written.
|
||||
|
||||
* keyserver.c (keyserver_search_prompt): Control-d escapes the
|
||||
keyserver search prompt.
|
||||
|
||||
* pkclist.c (show_revocation_reason & callers): If a subkey is
|
||||
considered revoked solely because the parent key is revoked, print
|
||||
the revocation reason from the parent key.
|
||||
|
||||
* trustdb.c (get_validity): Allow revocation/expiration to apply
|
||||
to a uid/key with no entry in the trustdb.
|
||||
|
||||
2002-03-29 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyserver.c (printunquoted): unquote backslashes from keyserver
|
||||
|
@ -355,7 +355,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
"exportable signature?\n"),
|
||||
uidnode->pkt->pkt.user_id->name);
|
||||
if(cpr_get_answer_is_yes("sign_uid.promote",
|
||||
"Promote? (y/n) "))
|
||||
"Promote? (y/N) "))
|
||||
{
|
||||
/* Mark these for later deletion. We
|
||||
don't want to delete them here, just in
|
||||
@ -406,7 +406,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
tty_printf(_(" Are you sure you still "
|
||||
"want to sign it?\n"));
|
||||
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
||||
_("Really sign? ")))
|
||||
_("Really sign? (y/N) ")))
|
||||
continue;
|
||||
}
|
||||
else
|
||||
@ -419,7 +419,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
{
|
||||
tty_printf(_("This key is due to expire on %s.\n"),
|
||||
expirestr_from_pk(primary_pk));
|
||||
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/n) ")))
|
||||
/* Should this default to yes? -ds */
|
||||
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) ")))
|
||||
{
|
||||
/* This fixes the signature timestamp we're going
|
||||
to make as now. This is so the expiration date
|
||||
@ -1591,7 +1592,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
|
||||
"some versions of PGP.\n"));
|
||||
if(!cpr_get_answer_is_yes("keyedit.multi_photo.okay",
|
||||
_("Are you sure you still want "
|
||||
"to add it? (y/n) ")))
|
||||
"to add it? (y/N) ")))
|
||||
return 0;
|
||||
else
|
||||
break;
|
||||
@ -1618,7 +1619,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
|
||||
|
||||
if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
|
||||
_("Are you sure you still want "
|
||||
"to add it? (y/n) ")))
|
||||
"to add it? (y/N) ")))
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
@ -2317,6 +2318,7 @@ count_selected_keys( KBNODE keyblock )
|
||||
static void
|
||||
ask_revoke_sig( KBNODE keyblock, KBNODE node )
|
||||
{
|
||||
int doit=0;
|
||||
PKT_signature *sig = node->pkt->pkt.signature;
|
||||
KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
|
||||
|
||||
@ -2336,8 +2338,19 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
|
||||
tty_printf(_("\"\nlocally signed with your key %08lX at %s\n"),
|
||||
(ulong)sig->keyid[1], datestr_from_sig(sig) );
|
||||
|
||||
if( cpr_get_answer_is_yes("ask_revoke_sig.one",
|
||||
_("Create a revocation certificate for this signature? (y/N)")) ) {
|
||||
if(sig->flags.expired)
|
||||
{
|
||||
tty_printf(_("This signature expired on %s.\n"),
|
||||
expirestr_from_sig(sig));
|
||||
/* Use a different question so we can have different help text */
|
||||
doit=cpr_get_answer_is_yes("ask_revoke_sig.expired",
|
||||
_("Are you sure you still want to revoke it? (y/N) "));
|
||||
}
|
||||
else
|
||||
doit=cpr_get_answer_is_yes("ask_revoke_sig.one",
|
||||
_("Create a revocation certificate for this signature? (y/N) "));
|
||||
|
||||
if(doit) {
|
||||
node->flag |= NODFLG_MARK_A;
|
||||
unode->flag |= NODFLG_MARK_A;
|
||||
}
|
||||
@ -2422,7 +2435,7 @@ menu_revsig( KBNODE keyblock )
|
||||
return 0; /* none selected */
|
||||
|
||||
if( !cpr_get_answer_is_yes("ask_revoke_sig.okay",
|
||||
_("Really create the revocation certificates? (y/N)")) )
|
||||
_("Really create the revocation certificates? (y/N) ")) )
|
||||
return 0; /* forget it */
|
||||
|
||||
reason = ask_revocation_reason( 0, 1, 0 );
|
||||
|
@ -1280,6 +1280,7 @@ generate_user_id()
|
||||
uid = m_alloc_clear( sizeof *uid + n - 1 );
|
||||
uid->len = n;
|
||||
strcpy(uid->name, p);
|
||||
uid->ref = 1;
|
||||
return uid;
|
||||
}
|
||||
|
||||
|
@ -561,8 +561,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
|
||||
if( pk->local_id )
|
||||
printf("%lu", pk->local_id );
|
||||
putchar(':');
|
||||
if( pk->local_id && !opt.fast_list_mode
|
||||
&& !opt.no_expensive_trust_checks )
|
||||
if( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
|
||||
putchar( get_ownertrust_info(pk) );
|
||||
putchar(':');
|
||||
}
|
||||
|
@ -144,7 +144,8 @@ parse_keyserver_uri(char *uri)
|
||||
return G10ERR_BAD_URI;
|
||||
}
|
||||
|
||||
/* (any path part of the URI is discarded for now) */
|
||||
/* (any path part of the URI is discarded for now as no keyserver
|
||||
uses it) */
|
||||
|
||||
if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
|
||||
return G10ERR_BAD_URI;
|
||||
@ -152,7 +153,7 @@ parse_keyserver_uri(char *uri)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Unquote only the delimiter character and backslash */
|
||||
/* Unquote only the delimiter character and backslashes (\x5C) */
|
||||
static void
|
||||
printunquoted(char *string,char delim)
|
||||
{
|
||||
@ -943,6 +944,13 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
|
||||
{
|
||||
answer=cpr_get_no_help("keysearch.prompt",
|
||||
_("Enter number(s), N)ext, or Q)uit > "));
|
||||
/* control-d */
|
||||
if(answer[0]=='\x04')
|
||||
{
|
||||
printf("Q\n");
|
||||
answer[0]='q';
|
||||
}
|
||||
|
||||
if(answer[0]=='q' || answer[0]=='Q')
|
||||
{
|
||||
m_free(answer);
|
||||
|
@ -90,7 +90,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
|
||||
{
|
||||
printf("This JPEG is really large (%d bytes) !\n",len);
|
||||
if(!cpr_get_answer_is_yes("photoid.jpeg.size",
|
||||
_("Are you sure you want to use it (y/n)? ")))
|
||||
_("Are you sure you want to use it (y/N)? ")))
|
||||
{
|
||||
iobuf_close(file);
|
||||
continue;
|
||||
@ -118,7 +118,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
|
||||
|
||||
show_photo(uid->attribs,pk);
|
||||
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
|
||||
_("Is this photo correct (y/n/q)? ")))
|
||||
_("Is this photo correct (y/N/q)? ")))
|
||||
{
|
||||
case -1:
|
||||
goto scram;
|
||||
@ -131,6 +131,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
|
||||
}
|
||||
|
||||
error=0;
|
||||
uid->ref=1;
|
||||
|
||||
scram:
|
||||
m_free(filename);
|
||||
|
@ -96,18 +96,20 @@ do_show_revocation_reason( PKT_signature *sig )
|
||||
}
|
||||
}
|
||||
|
||||
/* Mode 0: try and find the revocation based on the pk (i.e. check
|
||||
subkeys, etc.) Mode 1: use only the revocation on the main pk */
|
||||
|
||||
static void
|
||||
show_revocation_reason( PKT_public_key *pk )
|
||||
show_revocation_reason( PKT_public_key *pk, int mode )
|
||||
{
|
||||
/* Hmmm, this is not so easy becuase we have to duplicate the code
|
||||
* used in the trustbd to calculate the keyflags. We need to find
|
||||
* a clean way to check revocation certificates on keys and signatures.
|
||||
* And there should be no duplicate code. Because we enter this function
|
||||
* only when the trustdb toldus, taht we have a revoked key, we could
|
||||
* simplylook for a revocation cert and display this one, when there is
|
||||
* only one. Let's try to do this until we have a better solution.
|
||||
*/
|
||||
* a clean way to check revocation certificates on keys and
|
||||
* signatures. And there should be no duplicate code. Because we
|
||||
* enter this function only when the trustdb told us that we have
|
||||
* a revoked key, we could simply look for a revocation cert and
|
||||
* display this one, when there is only one. Let's try to do this
|
||||
* until we have a better solution. */
|
||||
KBNODE node, keyblock = NULL;
|
||||
byte fingerprint[MAX_FINGERPRINT_LEN];
|
||||
size_t fingerlen;
|
||||
@ -122,9 +124,10 @@ show_revocation_reason( PKT_public_key *pk )
|
||||
}
|
||||
|
||||
for( node=keyblock; node; node = node->next ) {
|
||||
if( ( node->pkt->pkttype == PKT_PUBLIC_KEY
|
||||
if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
|
||||
( ( node->pkt->pkttype == PKT_PUBLIC_KEY
|
||||
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
|
||||
&& !cmp_public_keys( node->pkt->pkt.public_key, pk ) )
|
||||
&& !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
|
||||
break;
|
||||
}
|
||||
if( !node ) {
|
||||
@ -141,9 +144,14 @@ show_revocation_reason( PKT_public_key *pk )
|
||||
|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
|
||||
/* FIXME: we should check the signature here */
|
||||
do_show_revocation_reason ( node->pkt->pkt.signature );
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* We didn't find it, so check if the whole key is revoked */
|
||||
if(!node && !mode)
|
||||
show_revocation_reason(pk,1);
|
||||
|
||||
release_kbnode( keyblock );
|
||||
}
|
||||
|
||||
@ -390,7 +398,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
||||
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
|
||||
log_info(_("key %08lX: key has been revoked!\n"),
|
||||
(ulong)keyid_from_pk( pk, NULL) );
|
||||
show_revocation_reason( pk );
|
||||
show_revocation_reason( pk, 0 );
|
||||
if( opt.batch )
|
||||
return 0; /* no */
|
||||
|
||||
@ -402,7 +410,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
||||
if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
|
||||
log_info(_("key %08lX: subkey has been revoked!\n"),
|
||||
(ulong)keyid_from_pk( pk, NULL) );
|
||||
show_revocation_reason( pk );
|
||||
show_revocation_reason( pk, 0 );
|
||||
if( opt.batch )
|
||||
return 0;
|
||||
|
||||
@ -553,13 +561,13 @@ check_signatures_trust( PKT_signature *sig )
|
||||
write_status( STATUS_KEYREVOKED );
|
||||
log_info(_("WARNING: This key has been revoked by its owner!\n"));
|
||||
log_info(_(" This could mean that the signature is forgery.\n"));
|
||||
show_revocation_reason( pk );
|
||||
show_revocation_reason( pk, 0 );
|
||||
}
|
||||
else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
|
||||
{
|
||||
write_status( STATUS_KEYREVOKED );
|
||||
log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
|
||||
show_revocation_reason( pk );
|
||||
show_revocation_reason( pk, 0 );
|
||||
}
|
||||
|
||||
if ((trustlevel & TRUST_FLAG_DISABLED))
|
||||
|
@ -759,6 +759,7 @@ get_validity (PKT_public_key *pk, const byte *namehash)
|
||||
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
|
||||
validity |= TRUST_FLAG_DISABLED;
|
||||
|
||||
leave:
|
||||
/* set some flags direct from the key */
|
||||
if (main_pk->is_revoked)
|
||||
validity |= TRUST_FLAG_REVOKED;
|
||||
@ -769,7 +770,6 @@ get_validity (PKT_public_key *pk, const byte *namehash)
|
||||
if (main_pk->has_expired || pk->has_expired)
|
||||
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
|
||||
|
||||
leave:
|
||||
if (main_pk != pk)
|
||||
free_public_key (main_pk);
|
||||
return validity;
|
||||
|
Loading…
x
Reference in New Issue
Block a user