1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

wkd: Do not send/install/mirror expired user ids.

* tools/gpg-wks.h (struct uidinfo_list_s): Add fields expired and
revoked.
* tools/wks-util.c (append_to_uidinfo_list): Add args expired and
revoked.
(set_expired_revoked): New.
(wks_list_key): Set expired and revoked.
(wks_cmd_install_key): Skip expired uids.
* tools/gpg-wks-client.c (command_check): Print flags.
(command_send): Ignore expired keys.
(mirror_one_key): Ditto.

* g10/export.c (do_export_stream): Silence warning.
--

GnuPG-bug-id: 6292
This commit is contained in:
Werner Koch 2022-12-06 09:23:16 +01:00
parent 58819c024a
commit 278f85d1bc
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 72 additions and 8 deletions

View File

@ -2455,8 +2455,8 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
keydb_release (kdbhd); keydb_release (kdbhd);
if (err || !keyblock_out) if (err || !keyblock_out)
release_kbnode( keyblock ); release_kbnode( keyblock );
if( !*any ) if( !*any && !opt.quiet)
log_info(_("WARNING: nothing exported\n")); log_info (_("WARNING: nothing exported\n"));
return err; return err;
} }

View File

@ -1115,6 +1115,9 @@ command_check (char *userid)
log_info (" created: %s\n", asctimestamp (sl->created)); log_info (" created: %s\n", asctimestamp (sl->created));
if (sl->mbox) if (sl->mbox)
log_info (" addr-spec: %s\n", sl->mbox); log_info (" addr-spec: %s\n", sl->mbox);
if (sl->expired || sl->revoked)
log_info (" flags:%s%s\n",
sl->expired? " expired":"", sl->revoked?" revoked":"");
} }
} }
if (!found) if (!found)
@ -1153,6 +1156,7 @@ command_send (const char *fingerprint, const char *userid)
uidinfo_list_t uidlist = NULL; uidinfo_list_t uidlist = NULL;
uidinfo_list_t uid, thisuid; uidinfo_list_t uid, thisuid;
time_t thistime; time_t thistime;
int any;
if (classify_user_id (fingerprint, &desc, 1) if (classify_user_id (fingerprint, &desc, 1)
|| desc.mode != KEYDB_SEARCH_MODE_FPR) || desc.mode != KEYDB_SEARCH_MODE_FPR)
@ -1213,12 +1217,20 @@ command_send (const char *fingerprint, const char *userid)
} }
thistime = 0; thistime = 0;
thisuid = NULL; thisuid = NULL;
any = 0;
for (uid = uidlist; uid; uid = uid->next) for (uid = uidlist; uid; uid = uid->next)
{ {
if (!uid->mbox) if (!uid->mbox)
continue; /* Should not happen anyway. */ continue; /* Should not happen anyway. */
if (policy->mailbox_only && ascii_strcasecmp (uid->uid, uid->mbox)) if (policy->mailbox_only && ascii_strcasecmp (uid->uid, uid->mbox))
continue; /* UID has more than just the mailbox. */ continue; /* UID has more than just the mailbox. */
if (uid->expired)
{
if (opt.verbose)
log_info ("ignoring expired user id '%s'\n", uid->uid);
continue;
}
any = 1;
if (uid->created > thistime) if (uid->created > thistime)
{ {
thistime = uid->created; thistime = uid->created;
@ -1227,6 +1239,14 @@ command_send (const char *fingerprint, const char *userid)
} }
if (!thisuid) if (!thisuid)
thisuid = uidlist; /* This is the case for a missing timestamp. */ thisuid = uidlist; /* This is the case for a missing timestamp. */
if (!any)
{
log_error ("public key %s has no mail address '%s'\n",
fingerprint, addrspec);
err = gpg_error (GPG_ERR_INV_USER_ID);
goto leave;
}
if (opt.verbose) if (opt.verbose)
log_info ("submitting key with user id '%s'\n", thisuid->uid); log_info ("submitting key with user id '%s'\n", thisuid->uid);
@ -1968,6 +1988,8 @@ mirror_one_key (estream_t key)
{ {
if (!uid->mbox || (uid->flags & 1)) if (!uid->mbox || (uid->flags & 1))
continue; /* No mail box or already processed. */ continue; /* No mail box or already processed. */
if (uid->expired)
continue;
if (!domain_matches_mbox (domain, uid->mbox)) if (!domain_matches_mbox (domain, uid->mbox))
continue; /* We don't want this one. */ continue; /* We don't want this one. */
if (is_in_blacklist (uid->mbox)) if (is_in_blacklist (uid->mbox))

View File

@ -81,6 +81,8 @@ struct uidinfo_list_s
time_t created; /* Time the userid was created. */ time_t created; /* Time the userid was created. */
char *mbox; /* NULL or the malloced mailbox from UID. */ char *mbox; /* NULL or the malloced mailbox from UID. */
unsigned int flags; /* These flags are cleared on creation. */ unsigned int flags; /* These flags are cleared on creation. */
unsigned int expired:1;
unsigned int revoked:1;
char uid[1]; char uid[1];
}; };
typedef struct uidinfo_list_s *uidinfo_list_t; typedef struct uidinfo_list_s *uidinfo_list_t;

View File

@ -101,7 +101,8 @@ wks_write_status (int no, const char *format, ...)
* updated. C-style escaping is removed from UID. On error ERRNO is * updated. C-style escaping is removed from UID. On error ERRNO is
* set and NULL returned. */ * set and NULL returned. */
static uidinfo_list_t static uidinfo_list_t
append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created) append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created,
int expired, int revoked)
{ {
uidinfo_list_t r, sl; uidinfo_list_t r, sl;
char *plainuid; char *plainuid;
@ -121,6 +122,8 @@ append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created)
sl->created = created; sl->created = created;
sl->flags = 0; sl->flags = 0;
sl->mbox = mailbox_from_userid (plainuid, 0); sl->mbox = mailbox_from_userid (plainuid, 0);
sl->expired = !!expired;
sl->revoked = !!revoked;
sl->next = NULL; sl->next = NULL;
if (!*list) if (!*list)
*list = sl; *list = sl;
@ -296,6 +299,22 @@ key_status_cb (void *opaque, const char *keyword, char *args)
} }
/* Parse field 1 and set revoked and expired on return. */
static void
set_expired_revoked (const char *string, int *expired, int *revoked)
{
*expired = *revoked = 0;
/* Look at letters and stop at the first digit. */
for ( ;*string && !digitp (string); string++)
{
if (*string == 'e')
*expired = 1;
else if (*string == 'r')
*revoked = 1;
}
}
/* Run gpg on KEY and store the primary fingerprint at R_FPR and the /* Run gpg on KEY and store the primary fingerprint at R_FPR and the
* list of mailboxes at R_MBOXES. Returns 0 on success; on error NULL * list of mailboxes at R_MBOXES. Returns 0 on success; on error NULL
* is stored at R_FPR and R_MBOXES and an error code is returned. * is stored at R_FPR and R_MBOXES and an error code is returned.
@ -316,6 +335,7 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
int lnr; int lnr;
char *fpr = NULL; char *fpr = NULL;
uidinfo_list_t mboxes = NULL; uidinfo_list_t mboxes = NULL;
int expired, revoked;
if (r_fpr) if (r_fpr)
*r_fpr = NULL; *r_fpr = NULL;
@ -364,6 +384,7 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
es_rewind (listing); es_rewind (listing);
lnr = 0; lnr = 0;
expired = revoked = 0;
maxlen = 2048; /* Set limit. */ maxlen = 2048; /* Set limit. */
while ((len = es_read_line (listing, &line, &length_of_line, &maxlen)) > 0) while ((len = es_read_line (listing, &line, &length_of_line, &maxlen)) > 0)
{ {
@ -408,12 +429,20 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
err = gpg_error (GPG_ERR_INV_ENGINE); err = gpg_error (GPG_ERR_INV_ENGINE);
goto leave; goto leave;
} }
if (lnr > 1 && !strcmp (fields[0], "pub")) if (!strcmp (fields[0], "pub"))
{
if (lnr > 1)
{ {
/* More than one public key. */ /* More than one public key. */
err = gpg_error (GPG_ERR_TOO_MANY); err = gpg_error (GPG_ERR_TOO_MANY);
goto leave; goto leave;
} }
if (nfields > 1)
set_expired_revoked (fields[1], &expired, &revoked);
else
expired = revoked = 0;
}
if (!strcmp (fields[0], "sub") || !strcmp (fields[0], "ssb")) if (!strcmp (fields[0], "sub") || !strcmp (fields[0], "ssb"))
break; /* We can stop parsing here. */ break; /* We can stop parsing here. */
@ -428,8 +457,13 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
} }
else if (!strcmp (fields[0], "uid") && nfields > 9) else if (!strcmp (fields[0], "uid") && nfields > 9)
{ {
int uidexpired, uidrevoked;
set_expired_revoked (fields[1], &uidexpired, &uidrevoked);
if (!append_to_uidinfo_list (&mboxes, fields[9], if (!append_to_uidinfo_list (&mboxes, fields[9],
parse_timestamp (fields[5], NULL))) parse_timestamp (fields[5], NULL),
expired || uidexpired,
revoked || uidrevoked))
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
goto leave; goto leave;
@ -1279,6 +1313,12 @@ wks_cmd_install_key (const char *fname, const char *userid)
continue; /* Should not happen anyway. */ continue; /* Should not happen anyway. */
if (ascii_strcasecmp (uid->mbox, addrspec)) if (ascii_strcasecmp (uid->mbox, addrspec))
continue; /* Not the requested addrspec. */ continue; /* Not the requested addrspec. */
if (uid->expired)
{
if (opt.verbose)
log_info ("ignoring expired user id '%s'\n", uid->uid);
continue;
}
any = 1; any = 1;
if (uid->created > thistime) if (uid->created > thistime)
{ {