Fix ownertrust display with --with-colons.

Properly initialize the user ID refcount for user and photo IDs. Tweak a few prompts to change "y/n" to "y/N", which is how most other prompts are written. Warn the user if they are about to revoke an expired sig (not a problem, but they should know). Control-d escapes the keyserver search prompt. If a subkey is considered revoked solely because the parent key is revoked, print the revocation reason from the parent key. Allow revocation/expiration to apply to a uid/key with no entry in the trustdb.
2025-01-10 13:04:23 +01:00 · 2002-03-31 23:51:33 +00:00 · 2002-03-31 23:51:33 +00:00 · 0f682ed3f7
commit 0f682ed3f7
parent 1ca0a0ac0b
8 changed files with 82 additions and 28 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,27 @@
 2002-03-31  David Shaw  <dshaw@jabberwocky.com>
 	* keylist.c (list_keyblock_colon): Fix ownertrust display with
 	--with-colons.
 	* keygen.c (generate_user_id), photoid.c (generate_photo_id):
 	Properly initialize the user ID refcount.  A few more "y/n" ->
 	"y/N" in photoid.c.
 	* keyedit.c (ask_revoke_sig): Warn the user if they are about to
 	revoke an expired sig (not a problem, but they should know).  Also
 	tweak a few prompts to change "y/n" to "y/N", which is how most
 	other prompts are written.
 	* keyserver.c (keyserver_search_prompt): Control-d escapes the
 	keyserver search prompt.
 	* pkclist.c (show_revocation_reason & callers): If a subkey is
 	considered revoked solely because the parent key is revoked, print
 	the revocation reason from the parent key.
 	* trustdb.c (get_validity): Allow revocation/expiration to apply
 	to a uid/key with no entry in the trustdb.
 2002-03-29  David Shaw  <dshaw@jabberwocky.com>
 	* keyserver.c (printunquoted): unquote backslashes from keyserver
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -355,7 +355,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 				     "exportable signature?\n"),
 				   uidnode->pkt->pkt.user_id->name);
 			if(cpr_get_answer_is_yes("sign_uid.promote",
-						 "Promote? (y/n) "))
+						 "Promote? (y/N) "))
 			  {
 			    /* Mark these for later deletion.  We
                               don't want to delete them here, just in
@ -406,7 +406,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 		    tty_printf(_("  Are you sure you still "
 				 "want to sign it?\n"));
 		    if(!cpr_get_answer_is_yes("sign_uid.okay",
-					      _("Really sign? ")))
+					      _("Really sign? (y/N) ")))
 		      continue;
 		  }
 		else
@ -419,7 +419,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 	      {
 		tty_printf(_("This key is due to expire on %s.\n"),
 			   expirestr_from_pk(primary_pk));
-		if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/n) ")))
+		/* Should this default to yes? -ds */
 		if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) ")))
 		  {
 		    /* This fixes the signature timestamp we're going
 		       to make as now.  This is so the expiration date
@ -1591,7 +1592,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
 			     "some versions of PGP.\n"));
 		if(!cpr_get_answer_is_yes("keyedit.multi_photo.okay",
 					  _("Are you sure you still want "
-					    "to add it? (y/n) ")))
+					    "to add it? (y/N) ")))
 		  return 0;
 		else
 		  break;
@ -1618,7 +1619,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
 	      if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
 					_("Are you sure you still want "
-					  "to add it? (y/n) ")))
+					  "to add it? (y/N) ")))
 		return 0;
 	    }
 	  else
@ -2317,6 +2318,7 @@ count_selected_keys( KBNODE keyblock )
 static void
 ask_revoke_sig( KBNODE keyblock, KBNODE node )
 {
    int doit=0;
    PKT_signature *sig = node->pkt->pkt.signature;
    KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
@ -2336,8 +2338,19 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
      tty_printf(_("\"\nlocally signed with your key %08lX at %s\n"),
 		 (ulong)sig->keyid[1], datestr_from_sig(sig) );
-    if( cpr_get_answer_is_yes("ask_revoke_sig.one",
+    if(sig->flags.expired)
-       _("Create a revocation certificate for this signature? (y/N)")) ) {
+      {
 	tty_printf(_("This signature expired on %s.\n"),
 		   expirestr_from_sig(sig));
 	/* Use a different question so we can have different help text */
 	doit=cpr_get_answer_is_yes("ask_revoke_sig.expired",
 			_("Are you sure you still want to revoke it? (y/N) "));
      }
    else
      doit=cpr_get_answer_is_yes("ask_revoke_sig.one",
 	      _("Create a revocation certificate for this signature? (y/N) "));
    if(doit) {
      node->flag |= NODFLG_MARK_A;
      unode->flag |= NODFLG_MARK_A;
    }
@ -2422,7 +2435,7 @@ menu_revsig( KBNODE keyblock )
 	return 0; /* none selected */
    if( !cpr_get_answer_is_yes("ask_revoke_sig.okay",
-	 _("Really create the revocation certificates? (y/N)")) )
+	 _("Really create the revocation certificates? (y/N) ")) )
 	return 0; /* forget it */
    reason = ask_revocation_reason( 0, 1, 0 );
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -1280,6 +1280,7 @@ generate_user_id()
    uid = m_alloc_clear( sizeof *uid + n - 1 );
    uid->len = n;
    strcpy(uid->name, p);
    uid->ref = 1;
    return uid;
 }
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -561,8 +561,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
        if( pk->local_id )
            printf("%lu", pk->local_id );
        putchar(':');
-        if( pk->local_id && !opt.fast_list_mode
+        if( !opt.fast_list_mode && !opt.no_expensive_trust_checks  )
            && !opt.no_expensive_trust_checks  )
            putchar( get_ownertrust_info(pk) );
 	    putchar(':');
    }
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@ -144,7 +144,8 @@ parse_keyserver_uri(char *uri)
 	return G10ERR_BAD_URI;
    }
-  /* (any path part of the URI is discarded for now) */
+  /* (any path part of the URI is discarded for now as no keyserver
     uses it) */
  if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
    return G10ERR_BAD_URI;
@ -152,7 +153,7 @@ parse_keyserver_uri(char *uri)
  return 0;
 }
-/* Unquote only the delimiter character and backslash */
+/* Unquote only the delimiter character and backslashes (\x5C) */
 static void 
 printunquoted(char *string,char delim)
 {
@ -943,6 +944,13 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
 	{
 	  answer=cpr_get_no_help("keysearch.prompt",
 				 _("Enter number(s), N)ext, or Q)uit > "));
 	  /* control-d */
 	  if(answer[0]=='\x04')
 	    {
 	      printf("Q\n");
 	      answer[0]='q';
 	    }
 	  if(answer[0]=='q' || answer[0]=='Q')
 	    {
 	      m_free(answer);
--- a/g10/photoid.c
+++ b/g10/photoid.c
@ -90,7 +90,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
 	{
 	  printf("This JPEG is really large (%d bytes) !\n",len);
 	  if(!cpr_get_answer_is_yes("photoid.jpeg.size",
-			    _("Are you sure you want to use it (y/n)? ")))
+			    _("Are you sure you want to use it (y/N)? ")))
 	  {
 	    iobuf_close(file);
 	    continue;
@ -118,7 +118,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
      show_photo(uid->attribs,pk);
      switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
-					_("Is this photo correct (y/n/q)? ")))
+					_("Is this photo correct (y/N/q)? ")))
 	{
 	case -1:
 	  goto scram;
@ -131,6 +131,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
    }
  error=0;
  uid->ref=1;
 scram:
  m_free(filename);
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -96,18 +96,20 @@ do_show_revocation_reason( PKT_signature *sig )
    }
 }
 /* Mode 0: try and find the revocation based on the pk (i.e. check
   subkeys, etc.)  Mode 1: use only the revocation on the main pk */
 static void
-show_revocation_reason( PKT_public_key *pk )
+show_revocation_reason( PKT_public_key *pk, int mode )
 {
    /* Hmmm, this is not so easy becuase we have to duplicate the code
     * used in the trustbd to calculate the keyflags.  We need to find
-     * a clean way to check revocation certificates on keys and signatures.
+     * a clean way to check revocation certificates on keys and
-     * And there should be no duplicate code.  Because we enter this function
+     * signatures.  And there should be no duplicate code.  Because we
-     * only when the trustdb toldus, taht we have a revoked key, we could
+     * enter this function only when the trustdb told us that we have
-     * simplylook for a revocation cert and display this one, when there is
+     * a revoked key, we could simply look for a revocation cert and
-     * only one. Let's try to do this until we have a better solution.
+     * display this one, when there is only one. Let's try to do this
-     */
+     * until we have a better solution.  */
    KBNODE node, keyblock = NULL;
    byte fingerprint[MAX_FINGERPRINT_LEN];
    size_t fingerlen;
@ -122,9 +124,10 @@ show_revocation_reason( PKT_public_key *pk )
    }
    for( node=keyblock; node; node = node->next ) {
-	if( ( node->pkt->pkttype == PKT_PUBLIC_KEY
+        if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
 	  ( ( node->pkt->pkttype == PKT_PUBLIC_KEY
 	      || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
-	    && !cmp_public_keys( node->pkt->pkt.public_key, pk ) )
+	    && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
 	    break;
    }
    if( !node ) {
@ -141,9 +144,14 @@ show_revocation_reason( PKT_public_key *pk )
 		|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
 		/* FIXME: we should check the signature here */
 		do_show_revocation_reason ( node->pkt->pkt.signature );
 		break;
 	}
    }
    /* We didn't find it, so check if the whole key is revoked */
    if(!node && !mode)
      show_revocation_reason(pk,1);
    release_kbnode( keyblock );
 }
@ -390,7 +398,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
    if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
 	log_info(_("key %08lX: key has been revoked!\n"),
 					(ulong)keyid_from_pk( pk, NULL) );
-	show_revocation_reason( pk );
+	show_revocation_reason( pk, 0 );
 	if( opt.batch )
          return 0; /* no */
@ -402,7 +410,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
    if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
 	log_info(_("key %08lX: subkey has been revoked!\n"),
 					(ulong)keyid_from_pk( pk, NULL) );
-	show_revocation_reason( pk );
+	show_revocation_reason( pk, 0 );
 	if( opt.batch )
 	    return 0;
@ -553,13 +561,13 @@ check_signatures_trust( PKT_signature *sig )
      write_status( STATUS_KEYREVOKED );
      log_info(_("WARNING: This key has been revoked by its owner!\n"));
      log_info(_("         This could mean that the signature is forgery.\n"));
-      show_revocation_reason( pk );
+      show_revocation_reason( pk, 0 );
    }
  else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) ) 
    {
      write_status( STATUS_KEYREVOKED );
      log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
-      show_revocation_reason( pk );
+      show_revocation_reason( pk, 0 );
    }
  if ((trustlevel & TRUST_FLAG_DISABLED))
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -759,6 +759,7 @@ get_validity (PKT_public_key *pk, const byte *namehash)
  if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
    validity |= TRUST_FLAG_DISABLED;
 leave:
  /* set some flags direct from the key */
  if (main_pk->is_revoked)
    validity |= TRUST_FLAG_REVOKED;
@ -769,7 +770,6 @@ get_validity (PKT_public_key *pk, const byte *namehash)
  if (main_pk->has_expired || pk->has_expired)
    validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
 leave:
  if (main_pk != pk)
    free_public_key (main_pk);
  return validity;