* gpgv.c: Add stub for get_ownertrust().

* g10.c (main): --allow-freeform-uid should be implied by OpenPGP. Add --no-allow-freeform-uid. * keyedit.c (sign_uids): Issue a warning when signing a non-selfsigned uid. * getkey.c (merge_selfsigs_main): If a key has no selfsigs, and allow-non-selfsigned-uid is not set, still try and make the key valid by checking all uids for a signature from an ultimately trusted key.
2025-01-10 13:04:23 +01:00 · 2002-05-17 18:49:30 +00:00 · 2002-05-17 18:49:30 +00:00 · 28ae0d878f
commit 28ae0d878f
parent 5c759fee31
5 changed files with 85 additions and 19 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,18 @@
+2002-05-17  David Shaw  <dshaw@jabberwocky.com>
+
+	* gpgv.c: Add stub for get_ownertrust().
+
+	* g10.c (main): --allow-freeform-uid should be implied by
+	OpenPGP.  Add --no-allow-freeform-uid.
+
+	* keyedit.c (sign_uids): Issue a warning when signing a
+	non-selfsigned uid.
+
+	* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
+	allow-non-selfsigned-uid is not set, still try and make the key
+	valid by checking all uids for a signature from an ultimately
+	trusted key.
+
 2002-05-16  David Shaw  <dshaw@jabberwocky.com>

 	* main.h, keygen.c (keygen_add_revkey): Add revocation key
--- a/g10/g10.c
+++ b/g10/g10.c
@ -249,6 +249,7 @@ enum cmd_and_opt_values { aNull = 0,
    oAllowNonSelfsignedUID,
    oNoAllowNonSelfsignedUID,
    oAllowFreeformUID,
+    oNoAllowFreeformUID,
    oAllowSecretKeyImport,                      
    oEnableSpecialFilenames,
    oNoLiteral,
@ -526,6 +527,7 @@ static ARGPARSE_OPTS opts[] = {
    { oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", 0, "@" },
    { oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", 0, "@" },
    { oAllowFreeformUID, "allow-freeform-uid", 0, "@" },
+    { oNoAllowFreeformUID, "no-allow-freeform-uid", 0, "@" },
    { oNoLiteral, "no-literal", 0, "@" },
    { oSetFilesize, "set-filesize", 20, "@" },
    { oHonorHttpProxy,"honor-http-proxy", 0, "@" },
@ -1108,6 +1110,7 @@ main( int argc, char **argv )
 	    opt.rfc1991 = 0;
 	    opt.rfc2440 = 1;
 	    opt.allow_non_selfsigned_uid = 1;
+	    opt.allow_freeform_uid = 1;
 	    opt.pgp2_workarounds = 0;
 	    opt.escape_from = 0;
 	    opt.force_v3_sigs = 0;
@ -1272,6 +1275,7 @@ main( int argc, char **argv )
 	  case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
 	  case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
 	  case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
+	  case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
 	  case oNoLiteral: opt.no_literal = 1; break;
 	  case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
 	  case oHonorHttpProxy:
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1440,8 +1440,40 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
 	pk->is_valid = 1;
      }

-    if ( sigdate > uiddate )
-        uiddate = sigdate;
+    /* The key STILL isn't valid, so try and find an ultimately
+       trusted signature. */
+    if(!pk->is_valid)
+      {
+	uidnode=NULL;
+
+	for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k=k->next)
+	  {
+	    if ( k->pkt->pkttype == PKT_USER_ID )
+	      uidnode = k;
+	    else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
+	      {
+		PKT_signature *sig = k->pkt->pkt.signature;
+
+		if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
+		  {
+		    PKT_public_key *ultimate_pk;
+
+		    ultimate_pk=m_alloc_clear(sizeof(*ultimate_pk));
+
+		    if(get_pubkey(ultimate_pk,sig->keyid)==0 &&
+		       check_key_signature(keyblock,k,NULL)==0 &&
+		       get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
+		      {
+			free_public_key(ultimate_pk);
+			pk->is_valid=1;
+			break;
+		      }
+
+		    free_public_key(ultimate_pk);
+		  }
+	      }
+	  }
+      }

    /* Record the highest selfsigversion so we know if this is a v3
       key through and through, or a v3 key with a v4 selfsig, which
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@ -240,6 +240,12 @@ get_ownertrust_info (PKT_public_key *pk)
    return '?';
 }

+unsigned int
+get_ownertrust (PKT_public_key *pk)
+{
+    return TRUST_UNKNOWN;
+}
+

 /* Stub:
 * Because we only work with trusted keys, it does not make sense to
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -339,30 +339,39 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 	    }
 	    else if( node->pkt->pkttype == PKT_USER_ID ) {
 		uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
-		if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
+		if(uidnode)
 		  {
 		    char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
 					      uidnode->pkt->pkt.user_id->len,
 					      0);

-		    tty_printf(_("User ID \"%s\" is revoked."),user);
+		    if(uidnode->pkt->pkt.user_id->is_revoked)
+		      {
+			tty_printf(_("User ID \"%s\" is revoked."),user);
+
+			if(opt.expert)
+			  {
+			    tty_printf("\n");
+			    /* No, so remove the mark and continue */
+			    if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
+						      _("Are you sure you "
+							"still want to sign "
+							"it? (y/N) ")))
+			      uidnode->flag &= ~NODFLG_MARK_A;
+			  }
+			else
+			  {
+			    uidnode->flag &= ~NODFLG_MARK_A;
+			    tty_printf(_("  Unable to sign.\n"));
+			  }
+		      }
+		    else if(!uidnode->pkt->pkt.user_id->created)
+		      {
+			tty_printf(_("Warning: user ID \"%s\" is not "
+				     "self-signed.\n"),user);
+		      }

 		    m_free(user);
-
-		    if(opt.expert)
-		      {
-			tty_printf("\n");
-			/* No, so remove the mark and continue */
-			if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
-						 _("Are you sure you still "
-						   "want to sign it? (y/N) ")))
-			  uidnode->flag &= ~NODFLG_MARK_A;
-		      }
-		    else
-		      {
-			uidnode->flag &= ~NODFLG_MARK_A;
-			tty_printf(_("  Unable to sign.\n"));
-		      }
 		  }
 	    }
 	    else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE