mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-21 14:47:03 +01:00
* import.c (check_prefs_warning, check_prefs): --keyid-format conversion
and a little better text. (import_one, import_secret_one, import_revoke_cert, chk_self_sigs, delete_inv_parts, merge_blocks): Still more --keyid-format conversions.
This commit is contained in:
parent
a5208f2e1d
commit
309273f869
@ -1,3 +1,11 @@
|
||||
2004-03-15 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* import.c (check_prefs_warning, check_prefs): --keyid-format
|
||||
conversion and a little better text.
|
||||
(import_one, import_secret_one, import_revoke_cert, chk_self_sigs,
|
||||
delete_inv_parts, merge_blocks): Still more --keyid-format
|
||||
conversions.
|
||||
|
||||
2004-03-06 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keylist.c (print_seckey_info, print_pubkey_info): --keyid-format
|
||||
|
493
g10/import.c
493
g10/import.c
@ -531,15 +531,23 @@ print_import_check (PKT_public_key * pk, PKT_user_id * id)
|
||||
m_free (buf);
|
||||
}
|
||||
|
||||
static void
|
||||
check_prefs_warning(PKT_public_key *pk)
|
||||
{
|
||||
log_info(_("WARNING: key %s contains preferences for unavailable\n"),
|
||||
keystr_from_pk(pk));
|
||||
log_info(_("algorithms on these user IDs:\n"));
|
||||
}
|
||||
|
||||
static void
|
||||
check_prefs(KBNODE keyblock)
|
||||
{
|
||||
KBNODE node;
|
||||
u32 keyid[2];
|
||||
PKT_public_key *pk;
|
||||
int problem=0;
|
||||
|
||||
merge_keys_and_selfsig(keyblock);
|
||||
keyid_from_pk(keyblock->pkt->pkt.public_key,keyid);
|
||||
pk=keyblock->pkt->pkt.public_key;
|
||||
|
||||
for(node=keyblock;node;node=node->next)
|
||||
{
|
||||
@ -564,9 +572,7 @@ check_prefs(KBNODE keyblock)
|
||||
{
|
||||
const char *algo=cipher_algo_to_string(prefs->value);
|
||||
if(!problem)
|
||||
log_info(_("WARNING: key %08lX contains preferences"
|
||||
" for unavailable algorithms:\n"),
|
||||
(ulong)keyid[1]);
|
||||
check_prefs_warning(pk);
|
||||
log_info(_(" \"%s\": preference for cipher"
|
||||
" algorithm %s\n"),user,algo?algo:num);
|
||||
problem=1;
|
||||
@ -578,9 +584,7 @@ check_prefs(KBNODE keyblock)
|
||||
{
|
||||
const char *algo=digest_algo_to_string(prefs->value);
|
||||
if(!problem)
|
||||
log_info(_("WARNING: key %08lX contains preferences"
|
||||
" for unavailable algorithms:\n"),
|
||||
(ulong)keyid[1]);
|
||||
check_prefs_warning(pk);
|
||||
log_info(_(" \"%s\": preference for digest"
|
||||
" algorithm %s\n"),user,algo?algo:num);
|
||||
problem=1;
|
||||
@ -592,9 +596,7 @@ check_prefs(KBNODE keyblock)
|
||||
{
|
||||
const char *algo=compress_algo_to_string(prefs->value);
|
||||
if(!problem)
|
||||
log_info(_("WARNING: key %08lX contains preferences"
|
||||
" for unavailable algorithms:\n"),
|
||||
(ulong)keyid[1]);
|
||||
check_prefs_warning(pk);
|
||||
log_info(_(" \"%s\": preference for compression"
|
||||
" algorithm %s\n"),user,algo?algo:num);
|
||||
problem=1;
|
||||
@ -621,7 +623,7 @@ check_prefs(KBNODE keyblock)
|
||||
char username[(MAX_FINGERPRINT_LEN*2)+1];
|
||||
unsigned int i;
|
||||
|
||||
p=fingerprint_from_pk(keyblock->pkt->pkt.public_key,fpr,&fprlen);
|
||||
p=fingerprint_from_pk(pk,fpr,&fprlen);
|
||||
for(i=0;i<fprlen;i++,p++)
|
||||
sprintf(username+2*i,"%02X",*p);
|
||||
add_to_strlist(&locusr,username);
|
||||
@ -635,7 +637,7 @@ check_prefs(KBNODE keyblock)
|
||||
}
|
||||
else if(!opt.quiet)
|
||||
log_info(_("you can update your preferences with:"
|
||||
" gpg --edit-key %08lX updpref save\n"),(ulong)keyid[1]);
|
||||
" gpg --edit-key %s updpref save\n"),keystr_from_pk(pk));
|
||||
}
|
||||
}
|
||||
|
||||
@ -668,20 +670,23 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
keyid_from_pk( pk, keyid );
|
||||
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
|
||||
|
||||
if( opt.verbose && !opt.interactive ) {
|
||||
log_info( "pub %4u%c/%08lX %s ",
|
||||
if( opt.verbose && !opt.interactive )
|
||||
{
|
||||
log_info( "pub %4u%c/%s %s ",
|
||||
nbits_from_pk( pk ),
|
||||
pubkey_letter( pk->pubkey_algo ),
|
||||
(ulong)keyid[1], datestr_from_pk(pk) );
|
||||
keystr_from_pk(pk), datestr_from_pk(pk) );
|
||||
if( uidnode )
|
||||
print_utf8_string( stderr, uidnode->pkt->pkt.user_id->name,
|
||||
uidnode->pkt->pkt.user_id->len );
|
||||
print_utf8_string( stderr, uidnode->pkt->pkt.user_id->name,
|
||||
uidnode->pkt->pkt.user_id->len );
|
||||
putc('\n', stderr);
|
||||
}
|
||||
if( !uidnode ) {
|
||||
log_error( _("key %08lX: no user ID\n"), (ulong)keyid[1]);
|
||||
}
|
||||
|
||||
if( !uidnode )
|
||||
{
|
||||
log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (opt.interactive) {
|
||||
if(is_status_enabled())
|
||||
@ -699,8 +704,8 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
|
||||
if((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
|
||||
&& opt.verbose)
|
||||
log_info(_("key %08lX: PKS subkey corruption repaired\n"),
|
||||
(ulong)keyid[1]);
|
||||
log_info(_("key %s: PKS subkey corruption repaired\n"),
|
||||
keystr_from_pk(pk));
|
||||
|
||||
rc = chk_self_sigs( fname, keyblock , pk, keyid, &non_self );
|
||||
if( rc )
|
||||
@ -714,13 +719,13 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
char *user=utf8_to_native(node->pkt->pkt.user_id->name,
|
||||
node->pkt->pkt.user_id->len,0);
|
||||
node->flag |= 1;
|
||||
log_info( _("key %08lX: accepted non self-signed user ID '%s'\n"),
|
||||
(ulong)keyid[1],user);
|
||||
log_info( _("key %s: accepted non self-signed user ID '%s'\n"),
|
||||
keystr_from_pk(pk),user);
|
||||
m_free(user);
|
||||
}
|
||||
|
||||
if( !delete_inv_parts( fname, keyblock, keyid, options ) ) {
|
||||
log_error( _("key %08lX: no valid user IDs\n"), (ulong)keyid[1]);
|
||||
log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
|
||||
if( !opt.quiet )
|
||||
log_info(_("this may be caused by a missing self-signature\n"));
|
||||
stats->no_user_id++;
|
||||
@ -730,14 +735,15 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
/* do we have this key already in one of our pubrings ? */
|
||||
pk_orig = m_alloc_clear( sizeof *pk_orig );
|
||||
rc = get_pubkey_fast ( pk_orig, keyid );
|
||||
if( rc && rc != G10ERR_NO_PUBKEY && rc != G10ERR_UNU_PUBKEY ) {
|
||||
log_error( _("key %08lX: public key not found: %s\n"),
|
||||
(ulong)keyid[1], g10_errstr(rc));
|
||||
}
|
||||
if( rc && rc != G10ERR_NO_PUBKEY && rc != G10ERR_UNU_PUBKEY )
|
||||
{
|
||||
log_error( _("key %s: public key not found: %s\n"),
|
||||
keystr(keyid), g10_errstr(rc));
|
||||
}
|
||||
else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) )
|
||||
{
|
||||
if( opt.verbose )
|
||||
log_info( _("key %08lX: new key - skipped\n"), (ulong)keyid[1] );
|
||||
log_info( _("key %s: new key - skipped\n"), keystr(keyid));
|
||||
rc = 0;
|
||||
stats->skipped_new_keys++;
|
||||
}
|
||||
@ -770,18 +776,20 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
keydb_release (hd);
|
||||
|
||||
/* we are ready */
|
||||
if( !opt.quiet ) {
|
||||
if( !opt.quiet )
|
||||
{
|
||||
char *p=get_user_id_printable (keyid);
|
||||
log_info( _("key %08lX: public key \"%s\" imported\n"),
|
||||
(ulong)keyid[1],p);
|
||||
log_info( _("key %s: public key \"%s\" imported\n"),
|
||||
keystr(keyid),p);
|
||||
m_free(p);
|
||||
}
|
||||
if( is_status_enabled() ) {
|
||||
}
|
||||
if( is_status_enabled() )
|
||||
{
|
||||
char *us = get_long_user_id_string( keyid );
|
||||
write_status_text( STATUS_IMPORTED, us );
|
||||
m_free(us);
|
||||
print_import_ok (pk,NULL, 1);
|
||||
}
|
||||
}
|
||||
stats->imported++;
|
||||
if( is_RSA( pk->pubkey_algo ) )
|
||||
stats->imported_rsa++;
|
||||
@ -793,11 +801,11 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
|
||||
/* Compare the original against the new key; just to be sure nothing
|
||||
* weird is going on */
|
||||
if( cmp_public_keys( pk_orig, pk ) ) {
|
||||
log_error( _("key %08lX: doesn't match our copy\n"),
|
||||
(ulong)keyid[1]);
|
||||
if( cmp_public_keys( pk_orig, pk ) )
|
||||
{
|
||||
log_error( _("key %s: doesn't match our copy\n"),keystr(keyid));
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
|
||||
/* now read the original keyblock */
|
||||
hd = keydb_new (0);
|
||||
@ -810,19 +818,21 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
afp[an++] = 0;
|
||||
rc = keydb_search_fpr (hd, afp);
|
||||
}
|
||||
if( rc ) {
|
||||
log_error (_("key %08lX: can't locate original keyblock: %s\n"),
|
||||
(ulong)keyid[1], g10_errstr(rc));
|
||||
if( rc )
|
||||
{
|
||||
log_error (_("key %s: can't locate original keyblock: %s\n"),
|
||||
keystr(keyid), g10_errstr(rc));
|
||||
keydb_release (hd);
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
rc = keydb_get_keyblock (hd, &keyblock_orig );
|
||||
if (rc) {
|
||||
log_error (_("key %08lX: can't read original keyblock: %s\n"),
|
||||
(ulong)keyid[1], g10_errstr(rc));
|
||||
if (rc)
|
||||
{
|
||||
log_error (_("key %s: can't read original keyblock: %s\n"),
|
||||
keystr(keyid), g10_errstr(rc));
|
||||
keydb_release (hd);
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
|
||||
collapse_uids( &keyblock );
|
||||
/* and try to merge the block */
|
||||
@ -846,28 +856,29 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
revalidation_mark ();
|
||||
|
||||
/* we are ready */
|
||||
if( !opt.quiet ) {
|
||||
if( !opt.quiet )
|
||||
{
|
||||
char *p=get_user_id_printable(keyid);
|
||||
if( n_uids == 1 )
|
||||
log_info( _("key %08lX: \"%s\" 1 new user ID\n"),
|
||||
(ulong)keyid[1], p);
|
||||
log_info( _("key %s: \"%s\" 1 new user ID\n"),
|
||||
keystr(keyid),p);
|
||||
else if( n_uids )
|
||||
log_info( _("key %08lX: \"%s\" %d new user IDs\n"),
|
||||
(ulong)keyid[1], p, n_uids );
|
||||
log_info( _("key %s: \"%s\" %d new user IDs\n"),
|
||||
keystr(keyid),p,n_uids);
|
||||
if( n_sigs == 1 )
|
||||
log_info( _("key %08lX: \"%s\" 1 new signature\n"),
|
||||
(ulong)keyid[1], p);
|
||||
log_info( _("key %s: \"%s\" 1 new signature\n"),
|
||||
keystr(keyid), p);
|
||||
else if( n_sigs )
|
||||
log_info( _("key %08lX: \"%s\" %d new signatures\n"),
|
||||
(ulong)keyid[1], p, n_sigs );
|
||||
log_info( _("key %s: \"%s\" %d new signatures\n"),
|
||||
keystr(keyid), p, n_sigs );
|
||||
if( n_subk == 1 )
|
||||
log_info( _("key %08lX: \"%s\" 1 new subkey\n"),
|
||||
(ulong)keyid[1], p);
|
||||
log_info( _("key %s: \"%s\" 1 new subkey\n"),
|
||||
keystr(keyid), p);
|
||||
else if( n_subk )
|
||||
log_info( _("key %08lX: \"%s\" %d new subkeys\n"),
|
||||
(ulong)keyid[1], p, n_subk );
|
||||
log_info( _("key %s: \"%s\" %d new subkeys\n"),
|
||||
keystr(keyid), p, n_subk );
|
||||
m_free(p);
|
||||
}
|
||||
}
|
||||
|
||||
stats->n_uids +=n_uids;
|
||||
stats->n_sigs +=n_sigs;
|
||||
@ -885,8 +896,7 @@ import_one( const char *fname, KBNODE keyblock,
|
||||
if( !opt.quiet )
|
||||
{
|
||||
char *p=get_user_id_printable(keyid);
|
||||
log_info( _("key %08lX: \"%s\" not changed\n"),
|
||||
(ulong)keyid[1],p);
|
||||
log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
|
||||
m_free(p);
|
||||
}
|
||||
|
||||
@ -1010,27 +1020,29 @@ import_secret_one( const char *fname, KBNODE keyblock,
|
||||
keyid_from_sk( sk, keyid );
|
||||
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
|
||||
|
||||
if( opt.verbose ) {
|
||||
log_info( "sec %4u%c/%08lX %s ",
|
||||
if( opt.verbose )
|
||||
{
|
||||
log_info( "sec %4u%c/%s %s ",
|
||||
nbits_from_sk( sk ),
|
||||
pubkey_letter( sk->pubkey_algo ),
|
||||
(ulong)keyid[1], datestr_from_sk(sk) );
|
||||
keystr_from_sk(sk), datestr_from_sk(sk) );
|
||||
if( uidnode )
|
||||
print_utf8_string( stderr, uidnode->pkt->pkt.user_id->name,
|
||||
uidnode->pkt->pkt.user_id->len );
|
||||
print_utf8_string( stderr, uidnode->pkt->pkt.user_id->name,
|
||||
uidnode->pkt->pkt.user_id->len );
|
||||
putc('\n', stderr);
|
||||
}
|
||||
}
|
||||
stats->secret_read++;
|
||||
|
||||
if( !uidnode ) {
|
||||
log_error( _("key %08lX: no user ID\n"), (ulong)keyid[1]);
|
||||
if( !uidnode )
|
||||
{
|
||||
log_error( _("key %s: no user ID\n"), keystr_from_sk(sk));
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if(sk->protect.algo>110)
|
||||
{
|
||||
log_error(_("key %08lX: secret key with invalid cipher %d "
|
||||
"- skipped\n"),(ulong)keyid[1],sk->protect.algo);
|
||||
log_error(_("key %s: secret key with invalid cipher %d"
|
||||
" - skipped\n"),keystr_from_sk(sk),sk->protect.algo);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1057,7 +1069,7 @@ import_secret_one( const char *fname, KBNODE keyblock,
|
||||
keydb_release (hd);
|
||||
/* we are ready */
|
||||
if( !opt.quiet )
|
||||
log_info( _("key %08lX: secret key imported\n"), (ulong)keyid[1]);
|
||||
log_info( _("key %s: secret key imported\n"), keystr_from_sk(sk));
|
||||
stats->secret_imported++;
|
||||
if (is_status_enabled ())
|
||||
print_import_ok (NULL, sk, 1|16);
|
||||
@ -1084,19 +1096,20 @@ import_secret_one( const char *fname, KBNODE keyblock,
|
||||
release_kbnode(node);
|
||||
}
|
||||
}
|
||||
else if( !rc ) { /* we can't merge secret keys */
|
||||
log_error( _("key %08lX: already in secret keyring\n"),
|
||||
(ulong)keyid[1]);
|
||||
else if( !rc )
|
||||
{ /* we can't merge secret keys */
|
||||
log_error( _("key %s: already in secret keyring\n"),
|
||||
keystr_from_sk(sk));
|
||||
stats->secret_dups++;
|
||||
if (is_status_enabled ())
|
||||
print_import_ok (NULL, sk, 16);
|
||||
print_import_ok (NULL, sk, 16);
|
||||
|
||||
/* TODO: if we ever do merge secret keys, make sure to handle
|
||||
the sec_to_pub_keyblock feature as well. */
|
||||
}
|
||||
}
|
||||
else
|
||||
log_error( _("key %08lX: secret key not found: %s\n"),
|
||||
(ulong)keyid[1], g10_errstr(rc));
|
||||
log_error( _("key %s: secret key not found: %s\n"),
|
||||
keystr_from_sk(sk), g10_errstr(rc));
|
||||
|
||||
return rc;
|
||||
}
|
||||
@ -1123,17 +1136,19 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
|
||||
|
||||
pk = m_alloc_clear( sizeof *pk );
|
||||
rc = get_pubkey( pk, keyid );
|
||||
if( rc == G10ERR_NO_PUBKEY ) {
|
||||
log_error( _("key %08lX: no public key - "
|
||||
"can't apply revocation certificate\n"), (ulong)keyid[1]);
|
||||
if( rc == G10ERR_NO_PUBKEY )
|
||||
{
|
||||
log_error(_("key %s: no public key -"
|
||||
" can't apply revocation certificate\n"), keystr(keyid));
|
||||
rc = 0;
|
||||
goto leave;
|
||||
}
|
||||
else if( rc ) {
|
||||
log_error( _("key %08lX: public key not found: %s\n"),
|
||||
(ulong)keyid[1], g10_errstr(rc));
|
||||
}
|
||||
else if( rc )
|
||||
{
|
||||
log_error(_("key %s: public key not found: %s\n"),
|
||||
keystr(keyid), g10_errstr(rc));
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
|
||||
/* read the original keyblock */
|
||||
hd = keydb_new (0);
|
||||
@ -1146,29 +1161,30 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
|
||||
afp[an++] = 0;
|
||||
rc = keydb_search_fpr (hd, afp);
|
||||
}
|
||||
if (rc) {
|
||||
log_error (_("key %08lX: can't locate original keyblock: %s\n"),
|
||||
(ulong)keyid[1], g10_errstr(rc));
|
||||
if (rc)
|
||||
{
|
||||
log_error (_("key %s: can't locate original keyblock: %s\n"),
|
||||
keystr(keyid), g10_errstr(rc));
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
rc = keydb_get_keyblock (hd, &keyblock );
|
||||
if (rc) {
|
||||
log_error (_("key %08lX: can't read original keyblock: %s\n"),
|
||||
(ulong)keyid[1], g10_errstr(rc));
|
||||
if (rc)
|
||||
{
|
||||
log_error (_("key %s: can't read original keyblock: %s\n"),
|
||||
keystr(keyid), g10_errstr(rc));
|
||||
goto leave;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* it is okay, that node is not in keyblock because
|
||||
* check_key_signature works fine for sig_class 0x20 in this
|
||||
* special case. */
|
||||
rc = check_key_signature( keyblock, node, NULL);
|
||||
if( rc ) {
|
||||
log_error( _("key %08lX: invalid revocation certificate"
|
||||
": %s - rejected\n"), (ulong)keyid[1], g10_errstr(rc));
|
||||
if( rc )
|
||||
{
|
||||
log_error( _("key %s: invalid revocation certificate"
|
||||
": %s - rejected\n"), keystr(keyid), g10_errstr(rc));
|
||||
goto leave;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* check whether we already have this */
|
||||
for(onode=keyblock->next; onode; onode=onode->next ) {
|
||||
@ -1194,12 +1210,13 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
|
||||
keydb_get_resource_name (hd), g10_errstr(rc) );
|
||||
keydb_release (hd); hd = NULL;
|
||||
/* we are ready */
|
||||
if( !opt.quiet ) {
|
||||
if( !opt.quiet )
|
||||
{
|
||||
char *p=get_user_id_printable (keyid);
|
||||
log_info( _("key %08lX: \"%s\" revocation certificate imported\n"),
|
||||
(ulong)keyid[1],p);
|
||||
log_info( _("key %s: \"%s\" revocation certificate imported\n"),
|
||||
keystr(keyid),p);
|
||||
m_free(p);
|
||||
}
|
||||
}
|
||||
stats->n_revoc++;
|
||||
|
||||
/* If the key we just revoked was ultimately trusted, remove its
|
||||
@ -1259,11 +1276,12 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||
|
||||
if( (sig->sig_class&~3) == 0x10 ) {
|
||||
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
|
||||
if( !unode ) {
|
||||
log_error( _("key %08lX: no user ID for signature\n"),
|
||||
(ulong)keyid[1]);
|
||||
if( !unode )
|
||||
{
|
||||
log_error( _("key %s: no user ID for signature\n"),
|
||||
keystr(keyid));
|
||||
return -1; /* the complete keyblock is invalid */
|
||||
}
|
||||
}
|
||||
|
||||
/* If it hasn't been marked valid yet, keep trying */
|
||||
if(!(unode->flag&1)) {
|
||||
@ -1275,11 +1293,11 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||
char *p=utf8_to_native(unode->pkt->pkt.user_id->name,
|
||||
strlen(unode->pkt->pkt.user_id->name),0);
|
||||
log_info( rc == G10ERR_PUBKEY_ALGO ?
|
||||
_("key %08lX: unsupported public key "
|
||||
_("key %s: unsupported public key "
|
||||
"algorithm on user id \"%s\"\n"):
|
||||
_("key %08lX: invalid self-signature "
|
||||
_("key %s: invalid self-signature "
|
||||
"on user id \"%s\"\n"),
|
||||
(ulong)keyid[1],p);
|
||||
keystr(keyid),p);
|
||||
m_free(p);
|
||||
}
|
||||
}
|
||||
@ -1292,42 +1310,48 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||
like the rest of gpg. If the standard gets
|
||||
revocation targets, this may need to be revised. */
|
||||
|
||||
if( !knode ) {
|
||||
if( !knode )
|
||||
{
|
||||
if(opt.verbose)
|
||||
log_info( _("key %08lX: no subkey for key binding\n"),
|
||||
(ulong)keyid[1]);
|
||||
log_info( _("key %s: no subkey for key binding\n"),
|
||||
keystr(keyid));
|
||||
n->flag |= 4; /* delete this */
|
||||
}
|
||||
else {
|
||||
rc = check_key_signature( keyblock, n, NULL);
|
||||
if( rc ) {
|
||||
if(opt.verbose)
|
||||
log_info(rc == G10ERR_PUBKEY_ALGO ?
|
||||
_("key %08lX: unsupported public key algorithm\n"):
|
||||
_("key %08lX: invalid subkey binding\n"),
|
||||
(ulong)keyid[1]);
|
||||
n->flag|=4;
|
||||
}
|
||||
else {
|
||||
/* It's valid, so is it newer? */
|
||||
if(sig->timestamp>=bsdate) {
|
||||
knode->flag |= 1; /* the subkey is valid */
|
||||
if(bsnode) {
|
||||
bsnode->flag|=4; /* Delete the last binding
|
||||
sig since this one is
|
||||
newer */
|
||||
else
|
||||
{
|
||||
rc = check_key_signature( keyblock, n, NULL);
|
||||
if( rc )
|
||||
{
|
||||
if(opt.verbose)
|
||||
log_info(_("key %08lX: removed multiple subkey "
|
||||
"binding\n"),(ulong)keyid[1]);
|
||||
log_info(rc == G10ERR_PUBKEY_ALGO ?
|
||||
_("key %s: unsupported public key"
|
||||
" algorithm\n"):
|
||||
_("key %s: invalid subkey binding\n"),
|
||||
keystr(keyid));
|
||||
n->flag|=4;
|
||||
}
|
||||
|
||||
bsnode=n;
|
||||
bsdate=sig->timestamp;
|
||||
}
|
||||
else
|
||||
n->flag|=4; /* older */
|
||||
{
|
||||
/* It's valid, so is it newer? */
|
||||
if(sig->timestamp>=bsdate) {
|
||||
knode->flag |= 1; /* the subkey is valid */
|
||||
if(bsnode)
|
||||
{
|
||||
bsnode->flag|=4; /* Delete the last binding
|
||||
sig since this one is
|
||||
newer */
|
||||
if(opt.verbose)
|
||||
log_info(_("key %s: removed multiple subkey"
|
||||
" binding\n"),keystr(keyid));
|
||||
}
|
||||
|
||||
bsnode=n;
|
||||
bsdate=sig->timestamp;
|
||||
}
|
||||
else
|
||||
n->flag|=4; /* older */
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else if( sig->sig_class == 0x28 ) {
|
||||
/* We don't actually mark the subkey as revoked right
|
||||
@ -1336,42 +1360,48 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
|
||||
the binding sig is newer than the revocation sig.
|
||||
See the comment in getkey.c:merge_selfsigs_subkey for
|
||||
more */
|
||||
if( !knode ) {
|
||||
if( !knode )
|
||||
{
|
||||
if(opt.verbose)
|
||||
log_info( _("key %08lX: no subkey for key revocation\n"),
|
||||
(ulong)keyid[1]);
|
||||
log_info( _("key %s: no subkey for key revocation\n"),
|
||||
keystr(keyid));
|
||||
n->flag |= 4; /* delete this */
|
||||
}
|
||||
else {
|
||||
rc = check_key_signature( keyblock, n, NULL);
|
||||
if( rc ) {
|
||||
if(opt.verbose)
|
||||
log_info(rc == G10ERR_PUBKEY_ALGO ?
|
||||
_("key %08lX: unsupported public key algorithm\n"):
|
||||
_("key %08lX: invalid subkey revocation\n"),
|
||||
(ulong)keyid[1]);
|
||||
|
||||
n->flag|=4;
|
||||
}
|
||||
else {
|
||||
/* It's valid, so is it newer? */
|
||||
if(sig->timestamp>=rsdate) {
|
||||
if(rsnode) {
|
||||
rsnode->flag|=4; /* Delete the last revocation
|
||||
sig since this one is
|
||||
newer */
|
||||
else
|
||||
{
|
||||
rc = check_key_signature( keyblock, n, NULL);
|
||||
if( rc )
|
||||
{
|
||||
if(opt.verbose)
|
||||
log_info(_("key %08lX: removed multiple subkey "
|
||||
"revocation\n"),(ulong)keyid[1]);
|
||||
log_info(rc == G10ERR_PUBKEY_ALGO ?
|
||||
_("key %s: unsupported public"
|
||||
" key algorithm\n"):
|
||||
_("key %s: invalid subkey revocation\n"),
|
||||
keystr(keyid));
|
||||
n->flag|=4;
|
||||
}
|
||||
|
||||
rsnode=n;
|
||||
rsdate=sig->timestamp;
|
||||
}
|
||||
else
|
||||
n->flag|=4; /* older */
|
||||
{
|
||||
/* It's valid, so is it newer? */
|
||||
if(sig->timestamp>=rsdate)
|
||||
{
|
||||
if(rsnode)
|
||||
{
|
||||
rsnode->flag|=4; /* Delete the last revocation
|
||||
sig since this one is
|
||||
newer */
|
||||
if(opt.verbose)
|
||||
log_info(_("key %s: removed multiple subkey"
|
||||
" revocation\n"),keystr(keyid));
|
||||
}
|
||||
|
||||
rsnode=n;
|
||||
rsdate=sig->timestamp;
|
||||
}
|
||||
else
|
||||
n->flag|=4; /* older */
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -1399,13 +1429,14 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
|
||||
if( node->pkt->pkttype == PKT_USER_ID ) {
|
||||
uid_seen = 1;
|
||||
if( (node->flag & 2) || !(node->flag & 1) ) {
|
||||
if( opt.verbose ) {
|
||||
log_info( _("key %08lX: skipped user ID '"),
|
||||
(ulong)keyid[1]);
|
||||
print_utf8_string( stderr, node->pkt->pkt.user_id->name,
|
||||
node->pkt->pkt.user_id->len );
|
||||
fputs("'\n", stderr );
|
||||
}
|
||||
if( opt.verbose )
|
||||
{
|
||||
char *p=utf8_to_native(node->pkt->pkt.user_id->name,
|
||||
node->pkt->pkt.user_id->len,0);
|
||||
log_info( _("key %s: skipped user ID '%s'\n"),
|
||||
keystr(keyid),p);
|
||||
m_free(p);
|
||||
}
|
||||
delete_kbnode( node ); /* the user-id */
|
||||
/* and all following packets up to the next user-id */
|
||||
while( node->next
|
||||
@ -1422,10 +1453,9 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
|
||||
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|
||||
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
|
||||
if( (node->flag & 2) || !(node->flag & 1) ) {
|
||||
if( opt.verbose ) {
|
||||
log_info( _("key %08lX: skipped subkey\n"),
|
||||
(ulong)keyid[1]);
|
||||
}
|
||||
if( opt.verbose )
|
||||
log_info( _("key %s: skipped subkey\n"),keystr(keyid));
|
||||
|
||||
delete_kbnode( node ); /* the subkey */
|
||||
/* and all following signature packets */
|
||||
while( node->next
|
||||
@ -1444,25 +1474,27 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
|
||||
else if( node->pkt->pkttype == PKT_SIGNATURE &&
|
||||
!node->pkt->pkt.signature->flags.exportable &&
|
||||
!(options&IMPORT_ALLOW_LOCAL_SIGS) &&
|
||||
seckey_available( node->pkt->pkt.signature->keyid ) ) {
|
||||
seckey_available( node->pkt->pkt.signature->keyid ) )
|
||||
{
|
||||
/* here we violate the rfc a bit by still allowing
|
||||
* to import non-exportable signature when we have the
|
||||
* the secret key used to create this signature - it
|
||||
* seems that this makes sense */
|
||||
if(opt.verbose)
|
||||
log_info( _("key %08lX: non exportable signature "
|
||||
"(class %02x) - skipped\n"),
|
||||
(ulong)keyid[1], node->pkt->pkt.signature->sig_class );
|
||||
log_info( _("key %s: non exportable signature"
|
||||
" (class %02x) - skipped\n"),
|
||||
keystr(keyid), node->pkt->pkt.signature->sig_class );
|
||||
delete_kbnode( node );
|
||||
}
|
||||
}
|
||||
else if( node->pkt->pkttype == PKT_SIGNATURE
|
||||
&& node->pkt->pkt.signature->sig_class == 0x20 ) {
|
||||
if( uid_seen ) {
|
||||
if( uid_seen )
|
||||
{
|
||||
if(opt.verbose)
|
||||
log_info( _("key %08lX: revocation certificate "
|
||||
"at wrong place - skipped\n"), (ulong)keyid[1]);
|
||||
log_info( _("key %s: revocation certificate"
|
||||
" at wrong place - skipped\n"),keystr(keyid));
|
||||
delete_kbnode( node );
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* If the revocation cert is from a different key than
|
||||
the one we're working on don't check it - it's
|
||||
@ -1476,9 +1508,9 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
|
||||
if( rc )
|
||||
{
|
||||
if(opt.verbose)
|
||||
log_info( _("key %08lX: invalid revocation "
|
||||
"certificate: %s - skipped\n"),
|
||||
(ulong)keyid[1], g10_errstr(rc));
|
||||
log_info( _("key %s: invalid revocation"
|
||||
" certificate: %s - skipped\n"),
|
||||
keystr(keyid), g10_errstr(rc));
|
||||
delete_kbnode( node );
|
||||
}
|
||||
}
|
||||
@ -1487,18 +1519,19 @@ delete_inv_parts( const char *fname, KBNODE keyblock,
|
||||
else if( node->pkt->pkttype == PKT_SIGNATURE &&
|
||||
(node->pkt->pkt.signature->sig_class == 0x18 ||
|
||||
node->pkt->pkt.signature->sig_class == 0x28) &&
|
||||
!subkey_seen ) {
|
||||
!subkey_seen )
|
||||
{
|
||||
if(opt.verbose)
|
||||
log_info( _("key %08lX: subkey signature "
|
||||
"in wrong place - skipped\n"), (ulong)keyid[1]);
|
||||
log_info( _("key %s: subkey signature"
|
||||
" in wrong place - skipped\n"), keystr(keyid));
|
||||
delete_kbnode( node );
|
||||
}
|
||||
}
|
||||
else if( node->pkt->pkttype == PKT_SIGNATURE
|
||||
&& !IS_CERT(node->pkt->pkt.signature))
|
||||
{
|
||||
if(opt.verbose)
|
||||
log_info(_("key %08lX: unexpected signature class (0x%02X) -"
|
||||
" skipped\n"),(ulong)keyid[1],
|
||||
log_info(_("key %s: unexpected signature class (0x%02X) -"
|
||||
" skipped\n"),keystr(keyid),
|
||||
node->pkt->pkt.signature->sig_class);
|
||||
delete_kbnode(node);
|
||||
}
|
||||
@ -1525,7 +1558,6 @@ collapse_uids( KBNODE *keyblock )
|
||||
KBNODE n, n2;
|
||||
int in_uid;
|
||||
int any=0;
|
||||
u32 kid1;
|
||||
|
||||
restart:
|
||||
for( n = *keyblock; n; n = n->next ) {
|
||||
@ -1589,15 +1621,17 @@ collapse_uids( KBNODE *keyblock )
|
||||
}
|
||||
}
|
||||
|
||||
if( (n = find_kbnode( *keyblock, PKT_PUBLIC_KEY )) )
|
||||
kid1 = keyid_from_pk( n->pkt->pkt.public_key, NULL );
|
||||
else if( (n = find_kbnode( *keyblock, PKT_SECRET_KEY )) )
|
||||
kid1 = keyid_from_sk( n->pkt->pkt.secret_key, NULL );
|
||||
else
|
||||
kid1 = 0;
|
||||
if(!opt.quiet)
|
||||
log_info(_("key %08lX: duplicated user ID detected - merged\n"),
|
||||
(ulong)kid1);
|
||||
{
|
||||
const char *key="???";
|
||||
|
||||
if( (n = find_kbnode( *keyblock, PKT_PUBLIC_KEY )) )
|
||||
key=keystr_from_pk(n->pkt->pkt.public_key);
|
||||
else if( (n = find_kbnode( *keyblock, PKT_SECRET_KEY )) )
|
||||
key=keystr_from_sk(n->pkt->pkt.secret_key);
|
||||
|
||||
log_info(_("key %s: duplicated user ID detected - merged\n"),key);
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -1651,14 +1685,15 @@ revocation_present(KBNODE keyblock)
|
||||
MAX_FINGERPRINT_LEN);
|
||||
if(rc==G10ERR_NO_PUBKEY || rc==G10ERR_UNU_PUBKEY)
|
||||
{
|
||||
char *tempkeystr=m_strdup(keystr_from_pk(pk));
|
||||
|
||||
/* No, so try and get it */
|
||||
if(opt.keyserver_scheme &&
|
||||
opt.keyserver_options.auto_key_retrieve)
|
||||
{
|
||||
log_info(_("WARNING: key %08lX may be revoked: "
|
||||
"fetching revocation key %08lX\n"),
|
||||
(ulong)keyid_from_pk(pk,NULL),
|
||||
(ulong)keyid[1]);
|
||||
log_info(_("WARNING: key %s may be revoked:"
|
||||
" fetching revocation key %s\n"),
|
||||
tempkeystr,keystr(keyid));
|
||||
keyserver_import_fprint(sig->revkey[idx]->fpr,
|
||||
MAX_FINGERPRINT_LEN);
|
||||
|
||||
@ -1669,10 +1704,11 @@ revocation_present(KBNODE keyblock)
|
||||
}
|
||||
|
||||
if(rc==G10ERR_NO_PUBKEY || rc==G10ERR_UNU_PUBKEY)
|
||||
log_info(_("WARNING: key %08lX may be revoked: "
|
||||
"revocation key %08lX not present.\n"),
|
||||
(ulong)keyid_from_pk(pk,NULL),
|
||||
(ulong)keyid[1]);
|
||||
log_info(_("WARNING: key %s may be revoked:"
|
||||
" revocation key %s not present.\n"),
|
||||
tempkeystr,keystr(keyid));
|
||||
|
||||
m_free(tempkeystr);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1727,8 +1763,8 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
|
||||
if(!opt.quiet)
|
||||
{
|
||||
char *p=get_user_id_printable (keyid);
|
||||
log_info(_("key %08lX: \"%s\" revocation "
|
||||
"certificate added\n"), (ulong)keyid[1],p);
|
||||
log_info(_("key %s: \"%s\" revocation"
|
||||
" certificate added\n"), keystr(keyid),p);
|
||||
m_free(p);
|
||||
}
|
||||
}
|
||||
@ -1754,15 +1790,16 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
|
||||
break;
|
||||
}
|
||||
}
|
||||
if( !found ) {
|
||||
if( !found )
|
||||
{
|
||||
KBNODE n2 = clone_kbnode(node);
|
||||
insert_kbnode( keyblock_orig, n2, 0 );
|
||||
n2->flag |= 1;
|
||||
++*n_sigs;
|
||||
if(!opt.quiet)
|
||||
log_info( _("key %08lX: direct key signature added\n"),
|
||||
(ulong)keyid[1]);
|
||||
}
|
||||
log_info( _("key %s: direct key signature added\n"),
|
||||
keystr(keyid));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user