mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-23 15:07:03 +01:00
New option --expert
Do not allow signing a revoked UID unless --expert is set, and ask even then. Do not allow signing a revoked key unless --expert is set, and ask even then.
This commit is contained in:
David Shaw
parent
ebd148e553
commit
2e941ab7a3
@ -1,3 +1,13 @@
|
|||||||
|
2001-12-04 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* keyedit.c (keyedit_menu): Do not allow signing a revoked key
|
||||||
|
unless --expert is set, and ask even then.
|
||||||
|
|
||||||
|
* keyedit.c (sign_uids): Do not allow signing a revoked UID unless
|
||||||
|
--expert is set, and ask even then.
|
||||||
|
|
||||||
|
* g10.c, options.h : New option --expert
|
||||||
|
|
||||||
2001-11-16 David Shaw <dshaw@jabberwocky.com>
|
2001-11-16 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* Allow the user to select no compression via "--compress-algo 0"
|
* Allow the user to select no compression via "--compress-algo 0"
|
||||||
|
|||||||
@ -119,6 +119,8 @@ enum cmd_and_opt_values { aNull = 0,
|
|||||||
aRefreshKeys,
|
aRefreshKeys,
|
||||||
|
|
||||||
oTextmode,
|
oTextmode,
|
||||||
|
oExpert,
|
||||||
|
oNoExpert,
|
||||||
oFingerprint,
|
oFingerprint,
|
||||||
oWithFingerprint,
|
oWithFingerprint,
|
||||||
oAnswerYes,
|
oAnswerYes,
|
||||||
@ -322,6 +324,8 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
|
{ oCompress, NULL, 1, N_("|N|set compress level N (0 disables)") },
|
||||||
{ oTextmodeShort, NULL, 0, "@"},
|
{ oTextmodeShort, NULL, 0, "@"},
|
||||||
{ oTextmode, "textmode", 0, N_("use canonical text mode")},
|
{ oTextmode, "textmode", 0, N_("use canonical text mode")},
|
||||||
|
{ oExpert, "expert", 0, "@"},
|
||||||
|
{ oNoExpert, "no-expert", 0, "@"},
|
||||||
{ oOutput, "output", 2, N_("use as output file")},
|
{ oOutput, "output", 2, N_("use as output file")},
|
||||||
{ oVerbose, "verbose", 0, N_("verbose") },
|
{ oVerbose, "verbose", 0, N_("verbose") },
|
||||||
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
|
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
|
||||||
@ -1054,6 +1058,8 @@ main( int argc, char **argv )
|
|||||||
break;
|
break;
|
||||||
case oTextmodeShort: opt.textmode = 2; break;
|
case oTextmodeShort: opt.textmode = 2; break;
|
||||||
case oTextmode: opt.textmode=1; break;
|
case oTextmode: opt.textmode=1; break;
|
||||||
|
case oExpert: opt.expert = 1; break;
|
||||||
|
case oNoExpert: opt.expert = 0; break;
|
||||||
case oUser: /* store the local users */
|
case oUser: /* store the local users */
|
||||||
add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
|
add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
|
||||||
break;
|
break;
|
||||||
|
|||||||
@ -275,14 +275,14 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
|
|||||||
*
|
*
|
||||||
* We use the CERT flag to request the primary which must always
|
* We use the CERT flag to request the primary which must always
|
||||||
* be one which is capable of signing keys. I can't see a reason
|
* be one which is capable of signing keys. I can't see a reason
|
||||||
* why to sign keys using a subkey. Implementation of SUAGE_CERT
|
* why to sign keys using a subkey. Implementation of USAGE_CERT
|
||||||
* is just a hack in getkey.c and does not mean that a subkey
|
* is just a hack in getkey.c and does not mean that a subkey
|
||||||
* marked as certification capable will be used */
|
* marked as certification capable will be used */
|
||||||
rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
|
rc=build_sk_list( locusr, &sk_list, 0, PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT);
|
||||||
if( rc )
|
if( rc )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
/* loop over all signaturs */
|
/* loop over all signators */
|
||||||
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
|
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
|
||||||
u32 sk_keyid[2];
|
u32 sk_keyid[2];
|
||||||
size_t n;
|
size_t n;
|
||||||
@ -308,6 +308,24 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
|
|||||||
for( node=keyblock; node; node = node->next ) {
|
for( node=keyblock; node; node = node->next ) {
|
||||||
if( node->pkt->pkttype == PKT_USER_ID ) {
|
if( node->pkt->pkttype == PKT_USER_ID ) {
|
||||||
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
|
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
|
||||||
|
if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
|
||||||
|
{
|
||||||
|
tty_printf(_("User ID \"%s\" is revoked.\n"),
|
||||||
|
uidnode->pkt->pkt.user_id->name);
|
||||||
|
|
||||||
|
if(opt.expert)
|
||||||
|
{
|
||||||
|
tty_printf(_("Are you sure you still "
|
||||||
|
"want to sign it?\n"));
|
||||||
|
|
||||||
|
/* No, so remove the mark and continue */
|
||||||
|
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
||||||
|
_("Really sign? ")))
|
||||||
|
uidnode->flag &= ~NODFLG_MARK_A;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
uidnode->flag &= ~NODFLG_MARK_A;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
|
else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
|
||||||
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
|
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
|
||||||
@ -317,7 +335,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
|
|||||||
|
|
||||||
/* Fixme: see whether there is a revocation in which
|
/* Fixme: see whether there is a revocation in which
|
||||||
* case we should allow to sign it again. */
|
* case we should allow to sign it again. */
|
||||||
tty_printf(_("Already signed by key %08lX\n"),
|
tty_printf(_("User ID \"%s\" is already signed "
|
||||||
|
"by key %08lX\n"),
|
||||||
|
uidnode->pkt->pkt.user_id->name,
|
||||||
(ulong)sk_keyid[1] );
|
(ulong)sk_keyid[1] );
|
||||||
sprintf (buf, "%08lX%08lX",
|
sprintf (buf, "%08lX%08lX",
|
||||||
(ulong)sk->keyid[0], (ulong)sk->keyid[1] );
|
(ulong)sk->keyid[0], (ulong)sk->keyid[1] );
|
||||||
@ -764,6 +784,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
|||||||
int i, arg_number;
|
int i, arg_number;
|
||||||
const char *arg_string = "";
|
const char *arg_string = "";
|
||||||
char *p;
|
char *p;
|
||||||
|
PKT_public_key *pk=keyblock->pkt->pkt.public_key;
|
||||||
|
|
||||||
tty_printf("\n");
|
tty_printf("\n");
|
||||||
if( redisplay ) {
|
if( redisplay ) {
|
||||||
@ -865,6 +886,22 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
|||||||
|
|
||||||
case cmdSIGN: /* sign (only the public key) */
|
case cmdSIGN: /* sign (only the public key) */
|
||||||
case cmdLSIGN: /* sign (only the public key) */
|
case cmdLSIGN: /* sign (only the public key) */
|
||||||
|
if( pk->is_revoked )
|
||||||
|
{
|
||||||
|
tty_printf(_("Key is revoked.\n"));
|
||||||
|
|
||||||
|
if(opt.expert)
|
||||||
|
{
|
||||||
|
tty_printf(_("Are you sure you still want to sign it?\n"));
|
||||||
|
|
||||||
|
if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
|
||||||
|
_("Really sign? ")))
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
|
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
|
||||||
if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
|
if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
|
||||||
_("Really sign all user IDs? ")) ) {
|
_("Really sign all user IDs? ")) ) {
|
||||||
|
|||||||
@ -45,6 +45,7 @@ struct {
|
|||||||
int dry_run;
|
int dry_run;
|
||||||
int list_only;
|
int list_only;
|
||||||
int textmode;
|
int textmode;
|
||||||
|
int expert;
|
||||||
int batch; /* run in batch mode */
|
int batch; /* run in batch mode */
|
||||||
int answer_yes; /* answer yes on most questions */
|
int answer_yes; /* answer yes on most questions */
|
||||||
int answer_no; /* answer no on most questions */
|
int answer_no; /* answer no on most questions */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user