mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-25 15:27:03 +01:00
Fix ownertrust display with --with-colons.
Properly initialize the user ID refcount for user and photo IDs. Tweak a few prompts to change "y/n" to "y/N", which is how most other prompts are written. Warn the user if they are about to revoke an expired sig (not a problem, but they should know). Control-d escapes the keyserver search prompt. If a subkey is considered revoked solely because the parent key is revoked, print the revocation reason from the parent key. Allow revocation/expiration to apply to a uid/key with no entry in the trustdb.
This commit is contained in:
parent
1ca0a0ac0b
commit
0f682ed3f7
@ -1,3 +1,27 @@
|
|||||||
|
2002-03-31 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* keylist.c (list_keyblock_colon): Fix ownertrust display with
|
||||||
|
--with-colons.
|
||||||
|
|
||||||
|
* keygen.c (generate_user_id), photoid.c (generate_photo_id):
|
||||||
|
Properly initialize the user ID refcount. A few more "y/n" ->
|
||||||
|
"y/N" in photoid.c.
|
||||||
|
|
||||||
|
* keyedit.c (ask_revoke_sig): Warn the user if they are about to
|
||||||
|
revoke an expired sig (not a problem, but they should know). Also
|
||||||
|
tweak a few prompts to change "y/n" to "y/N", which is how most
|
||||||
|
other prompts are written.
|
||||||
|
|
||||||
|
* keyserver.c (keyserver_search_prompt): Control-d escapes the
|
||||||
|
keyserver search prompt.
|
||||||
|
|
||||||
|
* pkclist.c (show_revocation_reason & callers): If a subkey is
|
||||||
|
considered revoked solely because the parent key is revoked, print
|
||||||
|
the revocation reason from the parent key.
|
||||||
|
|
||||||
|
* trustdb.c (get_validity): Allow revocation/expiration to apply
|
||||||
|
to a uid/key with no entry in the trustdb.
|
||||||
|
|
||||||
2002-03-29 David Shaw <dshaw@jabberwocky.com>
|
2002-03-29 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* keyserver.c (printunquoted): unquote backslashes from keyserver
|
* keyserver.c (printunquoted): unquote backslashes from keyserver
|
||||||
|
@ -355,7 +355,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
"exportable signature?\n"),
|
"exportable signature?\n"),
|
||||||
uidnode->pkt->pkt.user_id->name);
|
uidnode->pkt->pkt.user_id->name);
|
||||||
if(cpr_get_answer_is_yes("sign_uid.promote",
|
if(cpr_get_answer_is_yes("sign_uid.promote",
|
||||||
"Promote? (y/n) "))
|
"Promote? (y/N) "))
|
||||||
{
|
{
|
||||||
/* Mark these for later deletion. We
|
/* Mark these for later deletion. We
|
||||||
don't want to delete them here, just in
|
don't want to delete them here, just in
|
||||||
@ -406,7 +406,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
tty_printf(_(" Are you sure you still "
|
tty_printf(_(" Are you sure you still "
|
||||||
"want to sign it?\n"));
|
"want to sign it?\n"));
|
||||||
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
||||||
_("Really sign? ")))
|
_("Really sign? (y/N) ")))
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -419,7 +419,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
{
|
{
|
||||||
tty_printf(_("This key is due to expire on %s.\n"),
|
tty_printf(_("This key is due to expire on %s.\n"),
|
||||||
expirestr_from_pk(primary_pk));
|
expirestr_from_pk(primary_pk));
|
||||||
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/n) ")))
|
/* Should this default to yes? -ds */
|
||||||
|
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) ")))
|
||||||
{
|
{
|
||||||
/* This fixes the signature timestamp we're going
|
/* This fixes the signature timestamp we're going
|
||||||
to make as now. This is so the expiration date
|
to make as now. This is so the expiration date
|
||||||
@ -1591,7 +1592,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
|
|||||||
"some versions of PGP.\n"));
|
"some versions of PGP.\n"));
|
||||||
if(!cpr_get_answer_is_yes("keyedit.multi_photo.okay",
|
if(!cpr_get_answer_is_yes("keyedit.multi_photo.okay",
|
||||||
_("Are you sure you still want "
|
_("Are you sure you still want "
|
||||||
"to add it? (y/n) ")))
|
"to add it? (y/N) ")))
|
||||||
return 0;
|
return 0;
|
||||||
else
|
else
|
||||||
break;
|
break;
|
||||||
@ -1618,7 +1619,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
|
|||||||
|
|
||||||
if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
|
if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
|
||||||
_("Are you sure you still want "
|
_("Are you sure you still want "
|
||||||
"to add it? (y/n) ")))
|
"to add it? (y/N) ")))
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -2317,6 +2318,7 @@ count_selected_keys( KBNODE keyblock )
|
|||||||
static void
|
static void
|
||||||
ask_revoke_sig( KBNODE keyblock, KBNODE node )
|
ask_revoke_sig( KBNODE keyblock, KBNODE node )
|
||||||
{
|
{
|
||||||
|
int doit=0;
|
||||||
PKT_signature *sig = node->pkt->pkt.signature;
|
PKT_signature *sig = node->pkt->pkt.signature;
|
||||||
KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
|
KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
|
||||||
|
|
||||||
@ -2336,8 +2338,19 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
|
|||||||
tty_printf(_("\"\nlocally signed with your key %08lX at %s\n"),
|
tty_printf(_("\"\nlocally signed with your key %08lX at %s\n"),
|
||||||
(ulong)sig->keyid[1], datestr_from_sig(sig) );
|
(ulong)sig->keyid[1], datestr_from_sig(sig) );
|
||||||
|
|
||||||
if( cpr_get_answer_is_yes("ask_revoke_sig.one",
|
if(sig->flags.expired)
|
||||||
_("Create a revocation certificate for this signature? (y/N)")) ) {
|
{
|
||||||
|
tty_printf(_("This signature expired on %s.\n"),
|
||||||
|
expirestr_from_sig(sig));
|
||||||
|
/* Use a different question so we can have different help text */
|
||||||
|
doit=cpr_get_answer_is_yes("ask_revoke_sig.expired",
|
||||||
|
_("Are you sure you still want to revoke it? (y/N) "));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
doit=cpr_get_answer_is_yes("ask_revoke_sig.one",
|
||||||
|
_("Create a revocation certificate for this signature? (y/N) "));
|
||||||
|
|
||||||
|
if(doit) {
|
||||||
node->flag |= NODFLG_MARK_A;
|
node->flag |= NODFLG_MARK_A;
|
||||||
unode->flag |= NODFLG_MARK_A;
|
unode->flag |= NODFLG_MARK_A;
|
||||||
}
|
}
|
||||||
@ -2422,7 +2435,7 @@ menu_revsig( KBNODE keyblock )
|
|||||||
return 0; /* none selected */
|
return 0; /* none selected */
|
||||||
|
|
||||||
if( !cpr_get_answer_is_yes("ask_revoke_sig.okay",
|
if( !cpr_get_answer_is_yes("ask_revoke_sig.okay",
|
||||||
_("Really create the revocation certificates? (y/N)")) )
|
_("Really create the revocation certificates? (y/N) ")) )
|
||||||
return 0; /* forget it */
|
return 0; /* forget it */
|
||||||
|
|
||||||
reason = ask_revocation_reason( 0, 1, 0 );
|
reason = ask_revocation_reason( 0, 1, 0 );
|
||||||
|
@ -1280,6 +1280,7 @@ generate_user_id()
|
|||||||
uid = m_alloc_clear( sizeof *uid + n - 1 );
|
uid = m_alloc_clear( sizeof *uid + n - 1 );
|
||||||
uid->len = n;
|
uid->len = n;
|
||||||
strcpy(uid->name, p);
|
strcpy(uid->name, p);
|
||||||
|
uid->ref = 1;
|
||||||
return uid;
|
return uid;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -561,8 +561,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
|
|||||||
if( pk->local_id )
|
if( pk->local_id )
|
||||||
printf("%lu", pk->local_id );
|
printf("%lu", pk->local_id );
|
||||||
putchar(':');
|
putchar(':');
|
||||||
if( pk->local_id && !opt.fast_list_mode
|
if( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
|
||||||
&& !opt.no_expensive_trust_checks )
|
|
||||||
putchar( get_ownertrust_info(pk) );
|
putchar( get_ownertrust_info(pk) );
|
||||||
putchar(':');
|
putchar(':');
|
||||||
}
|
}
|
||||||
|
@ -144,7 +144,8 @@ parse_keyserver_uri(char *uri)
|
|||||||
return G10ERR_BAD_URI;
|
return G10ERR_BAD_URI;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* (any path part of the URI is discarded for now) */
|
/* (any path part of the URI is discarded for now as no keyserver
|
||||||
|
uses it) */
|
||||||
|
|
||||||
if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
|
if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
|
||||||
return G10ERR_BAD_URI;
|
return G10ERR_BAD_URI;
|
||||||
@ -152,7 +153,7 @@ parse_keyserver_uri(char *uri)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Unquote only the delimiter character and backslash */
|
/* Unquote only the delimiter character and backslashes (\x5C) */
|
||||||
static void
|
static void
|
||||||
printunquoted(char *string,char delim)
|
printunquoted(char *string,char delim)
|
||||||
{
|
{
|
||||||
@ -943,6 +944,13 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
|
|||||||
{
|
{
|
||||||
answer=cpr_get_no_help("keysearch.prompt",
|
answer=cpr_get_no_help("keysearch.prompt",
|
||||||
_("Enter number(s), N)ext, or Q)uit > "));
|
_("Enter number(s), N)ext, or Q)uit > "));
|
||||||
|
/* control-d */
|
||||||
|
if(answer[0]=='\x04')
|
||||||
|
{
|
||||||
|
printf("Q\n");
|
||||||
|
answer[0]='q';
|
||||||
|
}
|
||||||
|
|
||||||
if(answer[0]=='q' || answer[0]=='Q')
|
if(answer[0]=='q' || answer[0]=='Q')
|
||||||
{
|
{
|
||||||
m_free(answer);
|
m_free(answer);
|
||||||
|
@ -90,7 +90,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
|
|||||||
{
|
{
|
||||||
printf("This JPEG is really large (%d bytes) !\n",len);
|
printf("This JPEG is really large (%d bytes) !\n",len);
|
||||||
if(!cpr_get_answer_is_yes("photoid.jpeg.size",
|
if(!cpr_get_answer_is_yes("photoid.jpeg.size",
|
||||||
_("Are you sure you want to use it (y/n)? ")))
|
_("Are you sure you want to use it (y/N)? ")))
|
||||||
{
|
{
|
||||||
iobuf_close(file);
|
iobuf_close(file);
|
||||||
continue;
|
continue;
|
||||||
@ -118,7 +118,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
|
|||||||
|
|
||||||
show_photo(uid->attribs,pk);
|
show_photo(uid->attribs,pk);
|
||||||
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
|
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
|
||||||
_("Is this photo correct (y/n/q)? ")))
|
_("Is this photo correct (y/N/q)? ")))
|
||||||
{
|
{
|
||||||
case -1:
|
case -1:
|
||||||
goto scram;
|
goto scram;
|
||||||
@ -131,6 +131,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
|
|||||||
}
|
}
|
||||||
|
|
||||||
error=0;
|
error=0;
|
||||||
|
uid->ref=1;
|
||||||
|
|
||||||
scram:
|
scram:
|
||||||
m_free(filename);
|
m_free(filename);
|
||||||
|
@ -96,18 +96,20 @@ do_show_revocation_reason( PKT_signature *sig )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Mode 0: try and find the revocation based on the pk (i.e. check
|
||||||
|
subkeys, etc.) Mode 1: use only the revocation on the main pk */
|
||||||
|
|
||||||
static void
|
static void
|
||||||
show_revocation_reason( PKT_public_key *pk )
|
show_revocation_reason( PKT_public_key *pk, int mode )
|
||||||
{
|
{
|
||||||
/* Hmmm, this is not so easy becuase we have to duplicate the code
|
/* Hmmm, this is not so easy becuase we have to duplicate the code
|
||||||
* used in the trustbd to calculate the keyflags. We need to find
|
* used in the trustbd to calculate the keyflags. We need to find
|
||||||
* a clean way to check revocation certificates on keys and signatures.
|
* a clean way to check revocation certificates on keys and
|
||||||
* And there should be no duplicate code. Because we enter this function
|
* signatures. And there should be no duplicate code. Because we
|
||||||
* only when the trustdb toldus, taht we have a revoked key, we could
|
* enter this function only when the trustdb told us that we have
|
||||||
* simplylook for a revocation cert and display this one, when there is
|
* a revoked key, we could simply look for a revocation cert and
|
||||||
* only one. Let's try to do this until we have a better solution.
|
* display this one, when there is only one. Let's try to do this
|
||||||
*/
|
* until we have a better solution. */
|
||||||
KBNODE node, keyblock = NULL;
|
KBNODE node, keyblock = NULL;
|
||||||
byte fingerprint[MAX_FINGERPRINT_LEN];
|
byte fingerprint[MAX_FINGERPRINT_LEN];
|
||||||
size_t fingerlen;
|
size_t fingerlen;
|
||||||
@ -122,9 +124,10 @@ show_revocation_reason( PKT_public_key *pk )
|
|||||||
}
|
}
|
||||||
|
|
||||||
for( node=keyblock; node; node = node->next ) {
|
for( node=keyblock; node; node = node->next ) {
|
||||||
if( ( node->pkt->pkttype == PKT_PUBLIC_KEY
|
if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
|
||||||
|
( ( node->pkt->pkttype == PKT_PUBLIC_KEY
|
||||||
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
|
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
|
||||||
&& !cmp_public_keys( node->pkt->pkt.public_key, pk ) )
|
&& !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if( !node ) {
|
if( !node ) {
|
||||||
@ -141,9 +144,14 @@ show_revocation_reason( PKT_public_key *pk )
|
|||||||
|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
|
|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
|
||||||
/* FIXME: we should check the signature here */
|
/* FIXME: we should check the signature here */
|
||||||
do_show_revocation_reason ( node->pkt->pkt.signature );
|
do_show_revocation_reason ( node->pkt->pkt.signature );
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* We didn't find it, so check if the whole key is revoked */
|
||||||
|
if(!node && !mode)
|
||||||
|
show_revocation_reason(pk,1);
|
||||||
|
|
||||||
release_kbnode( keyblock );
|
release_kbnode( keyblock );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -390,7 +398,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
|||||||
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
|
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
|
||||||
log_info(_("key %08lX: key has been revoked!\n"),
|
log_info(_("key %08lX: key has been revoked!\n"),
|
||||||
(ulong)keyid_from_pk( pk, NULL) );
|
(ulong)keyid_from_pk( pk, NULL) );
|
||||||
show_revocation_reason( pk );
|
show_revocation_reason( pk, 0 );
|
||||||
if( opt.batch )
|
if( opt.batch )
|
||||||
return 0; /* no */
|
return 0; /* no */
|
||||||
|
|
||||||
@ -402,7 +410,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
|
|||||||
if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
|
if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
|
||||||
log_info(_("key %08lX: subkey has been revoked!\n"),
|
log_info(_("key %08lX: subkey has been revoked!\n"),
|
||||||
(ulong)keyid_from_pk( pk, NULL) );
|
(ulong)keyid_from_pk( pk, NULL) );
|
||||||
show_revocation_reason( pk );
|
show_revocation_reason( pk, 0 );
|
||||||
if( opt.batch )
|
if( opt.batch )
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
@ -553,13 +561,13 @@ check_signatures_trust( PKT_signature *sig )
|
|||||||
write_status( STATUS_KEYREVOKED );
|
write_status( STATUS_KEYREVOKED );
|
||||||
log_info(_("WARNING: This key has been revoked by its owner!\n"));
|
log_info(_("WARNING: This key has been revoked by its owner!\n"));
|
||||||
log_info(_(" This could mean that the signature is forgery.\n"));
|
log_info(_(" This could mean that the signature is forgery.\n"));
|
||||||
show_revocation_reason( pk );
|
show_revocation_reason( pk, 0 );
|
||||||
}
|
}
|
||||||
else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
|
else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
|
||||||
{
|
{
|
||||||
write_status( STATUS_KEYREVOKED );
|
write_status( STATUS_KEYREVOKED );
|
||||||
log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
|
log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
|
||||||
show_revocation_reason( pk );
|
show_revocation_reason( pk, 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((trustlevel & TRUST_FLAG_DISABLED))
|
if ((trustlevel & TRUST_FLAG_DISABLED))
|
||||||
|
@ -759,6 +759,7 @@ get_validity (PKT_public_key *pk, const byte *namehash)
|
|||||||
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
|
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
|
||||||
validity |= TRUST_FLAG_DISABLED;
|
validity |= TRUST_FLAG_DISABLED;
|
||||||
|
|
||||||
|
leave:
|
||||||
/* set some flags direct from the key */
|
/* set some flags direct from the key */
|
||||||
if (main_pk->is_revoked)
|
if (main_pk->is_revoked)
|
||||||
validity |= TRUST_FLAG_REVOKED;
|
validity |= TRUST_FLAG_REVOKED;
|
||||||
@ -769,7 +770,6 @@ get_validity (PKT_public_key *pk, const byte *namehash)
|
|||||||
if (main_pk->has_expired || pk->has_expired)
|
if (main_pk->has_expired || pk->has_expired)
|
||||||
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
|
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
|
||||||
|
|
||||||
leave:
|
|
||||||
if (main_pk != pk)
|
if (main_pk != pk)
|
||||||
free_public_key (main_pk);
|
free_public_key (main_pk);
|
||||||
return validity;
|
return validity;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user