From 299e2bf3367fe2f546e4e8bf30ab28348ef641b5 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Tue, 17 Sep 2002 03:21:13 +0000 Subject: [PATCH] From stable branch * keyedit.c (menu_addrevoker): The direct key signature for revocation keys must be at least v4 to carry the revocation key subpacket. Add a PGP 2.x warning for revocation keys. * g10.c (check_permissions): Rearrange strings to make translating easier (don't incorporate string parts). * keyedit.c (sign_uids): Make strings translatable. * sig-check.c (check_key_signature2): Make string translatable. --- g10/ChangeLog | 15 +++++++++++ g10/g10.c | 66 +++++++++++++++++++++++++++++++++++-------------- g10/keyedit.c | 44 +++++++++++++++++++++++++++------ g10/sig-check.c | 3 ++- 4 files changed, 102 insertions(+), 26 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 438e6e0d6..cd988f27f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +2002-09-16 David Shaw + + * keyedit.c (menu_addrevoker): The direct key signature for + revocation keys must be at least v4 to carry the revocation key + subpacket. Add a PGP 2.x warning for revocation keys. + +2002-09-14 David Shaw + + * g10.c (check_permissions): Rearrange strings to make translating + easier (don't incorporate string parts). + + * keyedit.c (sign_uids): Make strings translatable. + + * sig-check.c (check_key_signature2): Make string translatable. + 2002-09-13 David Shaw * getkey.c (check_revocation_keys): Move.... diff --git a/g10/g10.c b/g10/g10.c index 7beb5ae03..625b614ac 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -25,6 +25,7 @@ #include #include #include +#include #ifdef HAVE_DOSISH_SYSTEM #include /* for setmode() */ #endif @@ -850,7 +851,7 @@ check_permissions(const char *path,int item) { #if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM) static int homedir_cache=-1; - char *tmppath,*isa,*dir; + char *tmppath,*dir; struct stat statbuf,dirbuf; int homedir=0,ret=0,checkonly=0; int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0; @@ -858,6 +859,8 @@ check_permissions(const char *path,int item) if(opt.no_perm_warn) return 0; + assert(item==0 || item==1 || item==2); + /* extensions may attach a path */ if(item==2 && path[0]!=DIRSEP_C) { @@ -907,8 +910,6 @@ check_permissions(const char *path,int item) if(item==0) { - isa="homedir"; - /* The homedir must be x00, a directory, and owned by the user. */ if(S_ISDIR(statbuf.st_mode)) @@ -928,11 +929,6 @@ check_permissions(const char *path,int item) } else if(item==1 || item==2) { - if(item==1) - isa="configuration file"; - else - isa="extension"; - /* The options or extension file. Okay unless it or its containing directory is group or other writable or not owned by us or root. */ @@ -980,19 +976,53 @@ check_permissions(const char *path,int item) if(!checkonly) { if(own) - log_info(_("WARNING: unsafe ownership on %s \"%s\"\n"), - isa,tmppath); + { + if(item==0) + log_info(_("WARNING: unsafe ownership on " + "homedir \"%s\"\n"),tmppath); + else if(item==1) + log_info(_("WARNING: unsafe ownership on " + "configuration file \"%s\"\n"),tmppath); + else + log_info(_("WARNING: unsafe ownership on " + "extension \"%s\"\n"),tmppath); + } if(perm) - log_info(_("WARNING: unsafe permissions on %s \"%s\"\n"), - isa,tmppath); + { + if(item==0) + log_info(_("WARNING: unsafe permissions on " + "homedir \"%s\"\n"),tmppath); + else if(item==1) + log_info(_("WARNING: unsafe permissions on " + "configuration file \"%s\"\n"),tmppath); + else + log_info(_("WARNING: unsafe permissions on " + "extension \"%s\"\n"),tmppath); + } if(enc_dir_own) - log_info(_("WARNING: unsafe enclosing directory " - "ownership on %s \"%s\"\n"), - isa,tmppath); + { + if(item==0) + log_info(_("WARNING: unsafe enclosing directory ownership on " + "homedir \"%s\"\n"),tmppath); + else if(item==1) + log_info(_("WARNING: unsafe enclosing directory ownership on " + "configuration file \"%s\"\n"),tmppath); + else + log_info(_("WARNING: unsafe enclosing directory ownership on " + "extension \"%s\"\n"),tmppath); + } if(enc_dir_perm) - log_info(_("WARNING: unsafe enclosing directory " - "permissions on %s \"%s\"\n"), - isa,tmppath); + { + if(item==0) + log_info(_("WARNING: unsafe enclosing directory permissions on " + "homedir \"%s\"\n"),tmppath); + else if(item==1) + log_info(_("WARNING: unsafe enclosing directory permissions on " + "configuration file \"%s\"\n"),tmppath); + else + log_info(_("WARNING: unsafe enclosing directory permissions on " + "extension \"%s\"\n"),tmppath); + } } end: diff --git a/g10/keyedit.c b/g10/keyedit.c index 413ca81f1..5743944d2 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -562,13 +562,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, "above? If you don't know what to answer, enter \"0\".\n")); tty_printf("\n"); tty_printf(_(" (0) I will not answer.%s\n"), - opt.def_cert_check_level==0?" (default)":""); + opt.def_cert_check_level==0?_(" (default)"):""); tty_printf(_(" (1) I have not checked at all.%s\n"), - opt.def_cert_check_level==1?" (default)":""); + opt.def_cert_check_level==1?_(" (default)"):""); tty_printf(_(" (2) I have done casual checking.%s\n"), - opt.def_cert_check_level==2?" (default)":""); + opt.def_cert_check_level==2?_(" (default)"):""); tty_printf(_(" (3) I have done very careful checking.%s\n"), - opt.def_cert_check_level==3?" (default)":""); + opt.def_cert_check_level==3?_(" (default)"):""); tty_printf("\n"); while(class==0) @@ -1992,8 +1992,9 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo) /* It is legal but bad for compatibility to add a photo ID to a v3 key as it means that PGP2 will not be able to use that key - anymore. Don't bother to ask this if the key already has a - photo - any damage has already been done at that point. -dms */ + anymore. Also, PGP may not expect a photo on a v3 key. + Don't bother to ask this if the key already has a photo - any + damage has already been done at that point. -dms */ if(pk->version==3 && !hasattrib) { if(opt.expert) @@ -2261,6 +2262,33 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive ) assert(sec_keyblock->pkt->pkttype==PKT_SECRET_KEY); pk=pub_keyblock->pkt->pkt.public_key; + + if(pk->numrevkeys==0 && pk->version==3) + { + /* It is legal but bad for compatibility to add a revoker to a + v3 key as it means that PGP2 will not be able to use that key + anymore. Also, PGP may not expect a revoker on a v3 key. + Don't bother to ask this if the key already has a revoker - + any damage has already been done at that point. -dms */ + if(opt.expert) + { + tty_printf(_("WARNING: This is a PGP 2.x-style key. " + "Adding a designated revoker may cause\n" + " some versions of PGP to reject this key.\n")); + + if(!cpr_get_answer_is_yes("keyedit.v3_revoker.okay", + _("Are you sure you still want " + "to add it? (y/N) "))) + return 0; + } + else + { + tty_printf(_("You may not add a designated revoker to " + "a PGP 2.x-style key.\n")); + return 0; + } + } + sk=copy_secret_key(NULL,sec_keyblock->pkt->pkt.secret_key); for(;;) @@ -2340,7 +2368,9 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive ) break; } - rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 0, 0, 0, + /* The 1F signature must be at least v4 to carry the revocation key + subpacket. */ + rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x1F, 0, 4, 0, 0, keygen_add_revkey,&revkey ); if( rc ) { diff --git a/g10/sig-check.c b/g10/sig-check.c index d4e8957b1..e4e3b766b 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -546,7 +546,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, } else { if (!opt.quiet) - log_info ("key %08lX: no subkey for subkey revocation packet\n", + log_info (_("key %08lX: no subkey for subkey " + "revocation packet\n"), (ulong)keyid_from_pk (pk, NULL)); rc = G10ERR_SIG_CLASS; }