1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

Fix ownertrust display with --with-colons.

Properly initialize the user ID refcount for user and photo IDs.

Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.

Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).

Control-d escapes the keyserver search prompt.

If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.

Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
This commit is contained in:
David Shaw 2002-03-31 23:51:33 +00:00
parent 1ca0a0ac0b
commit 0f682ed3f7
8 changed files with 82 additions and 28 deletions

View File

@ -1,3 +1,27 @@
2002-03-31 David Shaw <dshaw@jabberwocky.com>
* keylist.c (list_keyblock_colon): Fix ownertrust display with
--with-colons.
* keygen.c (generate_user_id), photoid.c (generate_photo_id):
Properly initialize the user ID refcount. A few more "y/n" ->
"y/N" in photoid.c.
* keyedit.c (ask_revoke_sig): Warn the user if they are about to
revoke an expired sig (not a problem, but they should know). Also
tweak a few prompts to change "y/n" to "y/N", which is how most
other prompts are written.
* keyserver.c (keyserver_search_prompt): Control-d escapes the
keyserver search prompt.
* pkclist.c (show_revocation_reason & callers): If a subkey is
considered revoked solely because the parent key is revoked, print
the revocation reason from the parent key.
* trustdb.c (get_validity): Allow revocation/expiration to apply
to a uid/key with no entry in the trustdb.
2002-03-29 David Shaw <dshaw@jabberwocky.com>
* keyserver.c (printunquoted): unquote backslashes from keyserver

View File

@ -355,7 +355,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
"exportable signature?\n"),
uidnode->pkt->pkt.user_id->name);
if(cpr_get_answer_is_yes("sign_uid.promote",
"Promote? (y/n) "))
"Promote? (y/N) "))
{
/* Mark these for later deletion. We
don't want to delete them here, just in
@ -406,7 +406,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
tty_printf(_(" Are you sure you still "
"want to sign it?\n"));
if(!cpr_get_answer_is_yes("sign_uid.okay",
_("Really sign? ")))
_("Really sign? (y/N) ")))
continue;
}
else
@ -419,7 +419,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
{
tty_printf(_("This key is due to expire on %s.\n"),
expirestr_from_pk(primary_pk));
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/n) ")))
/* Should this default to yes? -ds */
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) ")))
{
/* This fixes the signature timestamp we're going
to make as now. This is so the expiration date
@ -1591,7 +1592,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
"some versions of PGP.\n"));
if(!cpr_get_answer_is_yes("keyedit.multi_photo.okay",
_("Are you sure you still want "
"to add it? (y/n) ")))
"to add it? (y/N) ")))
return 0;
else
break;
@ -1618,7 +1619,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
_("Are you sure you still want "
"to add it? (y/n) ")))
"to add it? (y/N) ")))
return 0;
}
else
@ -2317,6 +2318,7 @@ count_selected_keys( KBNODE keyblock )
static void
ask_revoke_sig( KBNODE keyblock, KBNODE node )
{
int doit=0;
PKT_signature *sig = node->pkt->pkt.signature;
KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
@ -2336,8 +2338,19 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
tty_printf(_("\"\nlocally signed with your key %08lX at %s\n"),
(ulong)sig->keyid[1], datestr_from_sig(sig) );
if( cpr_get_answer_is_yes("ask_revoke_sig.one",
_("Create a revocation certificate for this signature? (y/N)")) ) {
if(sig->flags.expired)
{
tty_printf(_("This signature expired on %s.\n"),
expirestr_from_sig(sig));
/* Use a different question so we can have different help text */
doit=cpr_get_answer_is_yes("ask_revoke_sig.expired",
_("Are you sure you still want to revoke it? (y/N) "));
}
else
doit=cpr_get_answer_is_yes("ask_revoke_sig.one",
_("Create a revocation certificate for this signature? (y/N) "));
if(doit) {
node->flag |= NODFLG_MARK_A;
unode->flag |= NODFLG_MARK_A;
}
@ -2422,7 +2435,7 @@ menu_revsig( KBNODE keyblock )
return 0; /* none selected */
if( !cpr_get_answer_is_yes("ask_revoke_sig.okay",
_("Really create the revocation certificates? (y/N)")) )
_("Really create the revocation certificates? (y/N) ")) )
return 0; /* forget it */
reason = ask_revocation_reason( 0, 1, 0 );

View File

@ -1280,6 +1280,7 @@ generate_user_id()
uid = m_alloc_clear( sizeof *uid + n - 1 );
uid->len = n;
strcpy(uid->name, p);
uid->ref = 1;
return uid;
}

View File

@ -561,8 +561,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
if( pk->local_id )
printf("%lu", pk->local_id );
putchar(':');
if( pk->local_id && !opt.fast_list_mode
&& !opt.no_expensive_trust_checks )
if( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
putchar( get_ownertrust_info(pk) );
putchar(':');
}

View File

@ -144,7 +144,8 @@ parse_keyserver_uri(char *uri)
return G10ERR_BAD_URI;
}
/* (any path part of the URI is discarded for now) */
/* (any path part of the URI is discarded for now as no keyserver
uses it) */
if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
return G10ERR_BAD_URI;
@ -152,7 +153,7 @@ parse_keyserver_uri(char *uri)
return 0;
}
/* Unquote only the delimiter character and backslash */
/* Unquote only the delimiter character and backslashes (\x5C) */
static void
printunquoted(char *string,char delim)
{
@ -943,6 +944,13 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
{
answer=cpr_get_no_help("keysearch.prompt",
_("Enter number(s), N)ext, or Q)uit > "));
/* control-d */
if(answer[0]=='\x04')
{
printf("Q\n");
answer[0]='q';
}
if(answer[0]=='q' || answer[0]=='Q')
{
m_free(answer);

View File

@ -90,7 +90,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
{
printf("This JPEG is really large (%d bytes) !\n",len);
if(!cpr_get_answer_is_yes("photoid.jpeg.size",
_("Are you sure you want to use it (y/n)? ")))
_("Are you sure you want to use it (y/N)? ")))
{
iobuf_close(file);
continue;
@ -118,7 +118,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
show_photo(uid->attribs,pk);
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
_("Is this photo correct (y/n/q)? ")))
_("Is this photo correct (y/N/q)? ")))
{
case -1:
goto scram;
@ -131,6 +131,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
}
error=0;
uid->ref=1;
scram:
m_free(filename);

View File

@ -96,18 +96,20 @@ do_show_revocation_reason( PKT_signature *sig )
}
}
/* Mode 0: try and find the revocation based on the pk (i.e. check
subkeys, etc.) Mode 1: use only the revocation on the main pk */
static void
show_revocation_reason( PKT_public_key *pk )
show_revocation_reason( PKT_public_key *pk, int mode )
{
/* Hmmm, this is not so easy becuase we have to duplicate the code
* used in the trustbd to calculate the keyflags. We need to find
* a clean way to check revocation certificates on keys and signatures.
* And there should be no duplicate code. Because we enter this function
* only when the trustdb toldus, taht we have a revoked key, we could
* simplylook for a revocation cert and display this one, when there is
* only one. Let's try to do this until we have a better solution.
*/
* a clean way to check revocation certificates on keys and
* signatures. And there should be no duplicate code. Because we
* enter this function only when the trustdb told us that we have
* a revoked key, we could simply look for a revocation cert and
* display this one, when there is only one. Let's try to do this
* until we have a better solution. */
KBNODE node, keyblock = NULL;
byte fingerprint[MAX_FINGERPRINT_LEN];
size_t fingerlen;
@ -122,9 +124,10 @@ show_revocation_reason( PKT_public_key *pk )
}
for( node=keyblock; node; node = node->next ) {
if( ( node->pkt->pkttype == PKT_PUBLIC_KEY
if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
( ( node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
&& !cmp_public_keys( node->pkt->pkt.public_key, pk ) )
&& !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
break;
}
if( !node ) {
@ -141,9 +144,14 @@ show_revocation_reason( PKT_public_key *pk )
|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
/* FIXME: we should check the signature here */
do_show_revocation_reason ( node->pkt->pkt.signature );
break;
}
}
/* We didn't find it, so check if the whole key is revoked */
if(!node && !mode)
show_revocation_reason(pk,1);
release_kbnode( keyblock );
}
@ -390,7 +398,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
log_info(_("key %08lX: key has been revoked!\n"),
(ulong)keyid_from_pk( pk, NULL) );
show_revocation_reason( pk );
show_revocation_reason( pk, 0 );
if( opt.batch )
return 0; /* no */
@ -402,7 +410,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
log_info(_("key %08lX: subkey has been revoked!\n"),
(ulong)keyid_from_pk( pk, NULL) );
show_revocation_reason( pk );
show_revocation_reason( pk, 0 );
if( opt.batch )
return 0;
@ -553,13 +561,13 @@ check_signatures_trust( PKT_signature *sig )
write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This key has been revoked by its owner!\n"));
log_info(_(" This could mean that the signature is forgery.\n"));
show_revocation_reason( pk );
show_revocation_reason( pk, 0 );
}
else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
{
write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
show_revocation_reason( pk );
show_revocation_reason( pk, 0 );
}
if ((trustlevel & TRUST_FLAG_DISABLED))

View File

@ -759,6 +759,7 @@ get_validity (PKT_public_key *pk, const byte *namehash)
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
validity |= TRUST_FLAG_DISABLED;
leave:
/* set some flags direct from the key */
if (main_pk->is_revoked)
validity |= TRUST_FLAG_REVOKED;
@ -769,7 +770,6 @@ get_validity (PKT_public_key *pk, const byte *namehash)
if (main_pk->has_expired || pk->has_expired)
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
leave:
if (main_pk != pk)
free_public_key (main_pk);
return validity;