From 0f682ed3f78019cf0a14b99c9ae3b848b68adcb2 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Sun, 31 Mar 2002 23:51:33 +0000 Subject: [PATCH] Fix ownertrust display with --with-colons. Properly initialize the user ID refcount for user and photo IDs. Tweak a few prompts to change "y/n" to "y/N", which is how most other prompts are written. Warn the user if they are about to revoke an expired sig (not a problem, but they should know). Control-d escapes the keyserver search prompt. If a subkey is considered revoked solely because the parent key is revoked, print the revocation reason from the parent key. Allow revocation/expiration to apply to a uid/key with no entry in the trustdb. --- g10/ChangeLog | 24 ++++++++++++++++++++++++ g10/keyedit.c | 29 +++++++++++++++++++++-------- g10/keygen.c | 1 + g10/keylist.c | 3 +-- g10/keyserver.c | 12 ++++++++++-- g10/photoid.c | 5 +++-- g10/pkclist.c | 34 +++++++++++++++++++++------------- g10/trustdb.c | 2 +- 8 files changed, 82 insertions(+), 28 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 1e72d2a0d..c4ce2c5e5 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,27 @@ +2002-03-31 David Shaw + + * keylist.c (list_keyblock_colon): Fix ownertrust display with + --with-colons. + + * keygen.c (generate_user_id), photoid.c (generate_photo_id): + Properly initialize the user ID refcount. A few more "y/n" -> + "y/N" in photoid.c. + + * keyedit.c (ask_revoke_sig): Warn the user if they are about to + revoke an expired sig (not a problem, but they should know). Also + tweak a few prompts to change "y/n" to "y/N", which is how most + other prompts are written. + + * keyserver.c (keyserver_search_prompt): Control-d escapes the + keyserver search prompt. + + * pkclist.c (show_revocation_reason & callers): If a subkey is + considered revoked solely because the parent key is revoked, print + the revocation reason from the parent key. + + * trustdb.c (get_validity): Allow revocation/expiration to apply + to a uid/key with no entry in the trustdb. + 2002-03-29 David Shaw * keyserver.c (printunquoted): unquote backslashes from keyserver diff --git a/g10/keyedit.c b/g10/keyedit.c index bad55db57..491ef4e2b 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -355,7 +355,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, "exportable signature?\n"), uidnode->pkt->pkt.user_id->name); if(cpr_get_answer_is_yes("sign_uid.promote", - "Promote? (y/n) ")) + "Promote? (y/N) ")) { /* Mark these for later deletion. We don't want to delete them here, just in @@ -406,7 +406,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, tty_printf(_(" Are you sure you still " "want to sign it?\n")); if(!cpr_get_answer_is_yes("sign_uid.okay", - _("Really sign? "))) + _("Really sign? (y/N) "))) continue; } else @@ -419,7 +419,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, { tty_printf(_("This key is due to expire on %s.\n"), expirestr_from_pk(primary_pk)); - if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/n) "))) + /* Should this default to yes? -ds */ + if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) "))) { /* This fixes the signature timestamp we're going to make as now. This is so the expiration date @@ -1591,7 +1592,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo) "some versions of PGP.\n")); if(!cpr_get_answer_is_yes("keyedit.multi_photo.okay", _("Are you sure you still want " - "to add it? (y/n) "))) + "to add it? (y/N) "))) return 0; else break; @@ -1618,7 +1619,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo) if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay", _("Are you sure you still want " - "to add it? (y/n) "))) + "to add it? (y/N) "))) return 0; } else @@ -2317,6 +2318,7 @@ count_selected_keys( KBNODE keyblock ) static void ask_revoke_sig( KBNODE keyblock, KBNODE node ) { + int doit=0; PKT_signature *sig = node->pkt->pkt.signature; KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID ); @@ -2336,8 +2338,19 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node ) tty_printf(_("\"\nlocally signed with your key %08lX at %s\n"), (ulong)sig->keyid[1], datestr_from_sig(sig) ); - if( cpr_get_answer_is_yes("ask_revoke_sig.one", - _("Create a revocation certificate for this signature? (y/N)")) ) { + if(sig->flags.expired) + { + tty_printf(_("This signature expired on %s.\n"), + expirestr_from_sig(sig)); + /* Use a different question so we can have different help text */ + doit=cpr_get_answer_is_yes("ask_revoke_sig.expired", + _("Are you sure you still want to revoke it? (y/N) ")); + } + else + doit=cpr_get_answer_is_yes("ask_revoke_sig.one", + _("Create a revocation certificate for this signature? (y/N) ")); + + if(doit) { node->flag |= NODFLG_MARK_A; unode->flag |= NODFLG_MARK_A; } @@ -2422,7 +2435,7 @@ menu_revsig( KBNODE keyblock ) return 0; /* none selected */ if( !cpr_get_answer_is_yes("ask_revoke_sig.okay", - _("Really create the revocation certificates? (y/N)")) ) + _("Really create the revocation certificates? (y/N) ")) ) return 0; /* forget it */ reason = ask_revocation_reason( 0, 1, 0 ); diff --git a/g10/keygen.c b/g10/keygen.c index eb35b8eab..540857762 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1280,6 +1280,7 @@ generate_user_id() uid = m_alloc_clear( sizeof *uid + n - 1 ); uid->len = n; strcpy(uid->name, p); + uid->ref = 1; return uid; } diff --git a/g10/keylist.c b/g10/keylist.c index 4655e9adc..20fa7d8b8 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -561,8 +561,7 @@ list_keyblock_colon( KBNODE keyblock, int secret ) if( pk->local_id ) printf("%lu", pk->local_id ); putchar(':'); - if( pk->local_id && !opt.fast_list_mode - && !opt.no_expensive_trust_checks ) + if( !opt.fast_list_mode && !opt.no_expensive_trust_checks ) putchar( get_ownertrust_info(pk) ); putchar(':'); } diff --git a/g10/keyserver.c b/g10/keyserver.c index d5a65526e..ed724c6ab 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -144,7 +144,8 @@ parse_keyserver_uri(char *uri) return G10ERR_BAD_URI; } - /* (any path part of the URI is discarded for now) */ + /* (any path part of the URI is discarded for now as no keyserver + uses it) */ if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0') return G10ERR_BAD_URI; @@ -152,7 +153,7 @@ parse_keyserver_uri(char *uri) return 0; } -/* Unquote only the delimiter character and backslash */ +/* Unquote only the delimiter character and backslashes (\x5C) */ static void printunquoted(char *string,char delim) { @@ -943,6 +944,13 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr) { answer=cpr_get_no_help("keysearch.prompt", _("Enter number(s), N)ext, or Q)uit > ")); + /* control-d */ + if(answer[0]=='\x04') + { + printf("Q\n"); + answer[0]='q'; + } + if(answer[0]=='q' || answer[0]=='Q') { m_free(answer); diff --git a/g10/photoid.c b/g10/photoid.c index 526448bf2..02c87a090 100644 --- a/g10/photoid.c +++ b/g10/photoid.c @@ -90,7 +90,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk) { printf("This JPEG is really large (%d bytes) !\n",len); if(!cpr_get_answer_is_yes("photoid.jpeg.size", - _("Are you sure you want to use it (y/n)? "))) + _("Are you sure you want to use it (y/N)? "))) { iobuf_close(file); continue; @@ -118,7 +118,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk) show_photo(uid->attribs,pk); switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay", - _("Is this photo correct (y/n/q)? "))) + _("Is this photo correct (y/N/q)? "))) { case -1: goto scram; @@ -131,6 +131,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk) } error=0; + uid->ref=1; scram: m_free(filename); diff --git a/g10/pkclist.c b/g10/pkclist.c index 128ef5c65..120fb4865 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -96,18 +96,20 @@ do_show_revocation_reason( PKT_signature *sig ) } } +/* Mode 0: try and find the revocation based on the pk (i.e. check + subkeys, etc.) Mode 1: use only the revocation on the main pk */ static void -show_revocation_reason( PKT_public_key *pk ) +show_revocation_reason( PKT_public_key *pk, int mode ) { /* Hmmm, this is not so easy becuase we have to duplicate the code * used in the trustbd to calculate the keyflags. We need to find - * a clean way to check revocation certificates on keys and signatures. - * And there should be no duplicate code. Because we enter this function - * only when the trustdb toldus, taht we have a revoked key, we could - * simplylook for a revocation cert and display this one, when there is - * only one. Let's try to do this until we have a better solution. - */ + * a clean way to check revocation certificates on keys and + * signatures. And there should be no duplicate code. Because we + * enter this function only when the trustdb told us that we have + * a revoked key, we could simply look for a revocation cert and + * display this one, when there is only one. Let's try to do this + * until we have a better solution. */ KBNODE node, keyblock = NULL; byte fingerprint[MAX_FINGERPRINT_LEN]; size_t fingerlen; @@ -122,9 +124,10 @@ show_revocation_reason( PKT_public_key *pk ) } for( node=keyblock; node; node = node->next ) { - if( ( node->pkt->pkttype == PKT_PUBLIC_KEY + if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) || + ( ( node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) - && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) + && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) ) break; } if( !node ) { @@ -141,9 +144,14 @@ show_revocation_reason( PKT_public_key *pk ) || node->pkt->pkt.signature->sig_class == 0x28 ) ) { /* FIXME: we should check the signature here */ do_show_revocation_reason ( node->pkt->pkt.signature ); + break; } } + /* We didn't find it, so check if the whole key is revoked */ + if(!node && !mode) + show_revocation_reason(pk,1); + release_kbnode( keyblock ); } @@ -390,7 +398,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel ) if( (*trustlevel & TRUST_FLAG_REVOKED) ) { log_info(_("key %08lX: key has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); - show_revocation_reason( pk ); + show_revocation_reason( pk, 0 ); if( opt.batch ) return 0; /* no */ @@ -402,7 +410,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel ) if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) { log_info(_("key %08lX: subkey has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); - show_revocation_reason( pk ); + show_revocation_reason( pk, 0 ); if( opt.batch ) return 0; @@ -553,13 +561,13 @@ check_signatures_trust( PKT_signature *sig ) write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This key has been revoked by its owner!\n")); log_info(_(" This could mean that the signature is forgery.\n")); - show_revocation_reason( pk ); + show_revocation_reason( pk, 0 ); } else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) ) { write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This subkey has been revoked by its owner!\n")); - show_revocation_reason( pk ); + show_revocation_reason( pk, 0 ); } if ((trustlevel & TRUST_FLAG_DISABLED)) diff --git a/g10/trustdb.c b/g10/trustdb.c index ab5d1a488..df49231d1 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -759,6 +759,7 @@ get_validity (PKT_public_key *pk, const byte *namehash) if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) ) validity |= TRUST_FLAG_DISABLED; + leave: /* set some flags direct from the key */ if (main_pk->is_revoked) validity |= TRUST_FLAG_REVOKED; @@ -769,7 +770,6 @@ get_validity (PKT_public_key *pk, const byte *namehash) if (main_pk->has_expired || pk->has_expired) validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED; - leave: if (main_pk != pk) free_public_key (main_pk); return validity;