From 330212efb927c119bb5135856f8582c0e4e2e6b7 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 13 Jul 2017 18:22:36 +0200 Subject: [PATCH] gpg: Pass key origin values to import functions. * g10/import.c (import_keys_stream): Remove this unused function. (import_keys_internal): Add arg origin. (import_keys): Ditto. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. (apply_meta_data): New stub. (import_secret_one): Pass 0 for ORIGIN. * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN. (keyserver_fetch): Add arg origin. (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN. (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN. * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and keyserver_fetch. * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN. -- This is just the framework; applying the meta data will be done in another commit. GnuPG-bug-id: 3252 Signed-off-by: Werner Koch --- g10/card-util.c | 2 +- g10/gpg.c | 5 ++-- g10/import.c | 64 +++++++++++++++++++++++++--------------- g10/keyserver-internal.h | 2 +- g10/keyserver.c | 11 +++---- g10/main.h | 8 ++--- 6 files changed, 55 insertions(+), 37 deletions(-) diff --git a/g10/card-util.c b/g10/card-util.c index 78cd52bfe..f1795b8c6 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -818,7 +818,7 @@ fetch_url (ctrl_t ctrl) strlist_t sl = NULL; add_to_strlist (&sl, info.pubkey_url); - rc = keyserver_fetch (ctrl, sl); + rc = keyserver_fetch (ctrl, sl, KEYORG_URL); free_strlist (sl); } else if (info.fpr1valid) diff --git a/g10/gpg.c b/g10/gpg.c index 38eeddf21..5c60e1d1b 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4508,7 +4508,8 @@ main (int argc, char **argv) case aFastImport: opt.import_options |= IMPORT_FAST; /* fall through */ case aImport: - import_keys (ctrl, argc? argv:NULL, argc, NULL, opt.import_options); + import_keys (ctrl, argc? argv:NULL, argc, NULL, + opt.import_options, opt.key_origin); break; /* TODO: There are a number of command that use this same @@ -4596,7 +4597,7 @@ main (int argc, char **argv) sl = NULL; for( ; argc; argc--, argv++ ) append_to_strlist2( &sl, *argv, utf8_strings ); - rc = keyserver_fetch (ctrl, sl); + rc = keyserver_fetch (ctrl, sl, opt.key_origin); if(rc) { write_status_failure ("fetch-keys", rc); diff --git a/g10/import.c b/g10/import.c index 491609d0a..8010fa521 100644 --- a/g10/import.c +++ b/g10/import.c @@ -97,7 +97,7 @@ struct import_filter_s import_filter; static int import (ctrl_t ctrl, IOBUF inp, const char* fname, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, - import_screener_t screener, void *screener_arg); + import_screener_t screener, void *screener_arg, int origin); static int read_block (IOBUF a, int with_meta, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys); static void revocation_present (ctrl_t ctrl, kbnode_t keyblock); @@ -106,7 +106,8 @@ static int import_one (ctrl_t ctrl, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, int from_sk, int silent, - import_screener_t screener, void *screener_arg); + import_screener_t screener, void *screener_arg, + int origin); static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, int batch, unsigned int options, int for_migration, @@ -430,7 +431,8 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options, - import_screener_t screener, void *screener_arg) + import_screener_t screener, void *screener_arg, + int origin) { int i; int rc = 0; @@ -442,7 +444,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, if (inp) { rc = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options, - screener, screener_arg); + screener, screener_arg, origin); } else { @@ -467,7 +469,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, else { rc = import (ctrl, inp2, fname, stats, fpr, fpr_len, options, - screener, screener_arg); + screener, screener_arg, origin); iobuf_close (inp2); /* Must invalidate that ugly cache to actually close it. */ iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname); @@ -501,28 +503,20 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames, void import_keys (ctrl_t ctrl, char **fnames, int nnames, - import_stats_t stats_handle, unsigned int options ) + import_stats_t stats_handle, unsigned int options, int origin) { import_keys_internal (ctrl, NULL, fnames, nnames, stats_handle, - NULL, NULL, options, NULL, NULL); -} - -int -import_keys_stream (ctrl_t ctrl, IOBUF inp, import_stats_t stats_handle, - unsigned char **fpr, size_t *fpr_len, unsigned int options) -{ - return import_keys_internal (ctrl, inp, NULL, 0, stats_handle, - fpr, fpr_len, options, NULL, NULL); + NULL, NULL, options, NULL, NULL, origin); } -/* Variant of import_keys_stream reading from an estream_t. */ int import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options, - import_screener_t screener, void *screener_arg) + import_screener_t screener, void *screener_arg, + int origin) { int rc; iobuf_t inp; @@ -537,7 +531,7 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp, rc = import_keys_internal (ctrl, inp, NULL, 0, stats_handle, fpr, fpr_len, options, - screener, screener_arg); + screener, screener_arg, origin); iobuf_close (inp); return rc; @@ -547,7 +541,7 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp, static int import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, unsigned char **fpr,size_t *fpr_len, unsigned int options, - import_screener_t screener, void *screener_arg) + import_screener_t screener, void *screener_arg, int origin) { PACKET *pending_pkt = NULL; kbnode_t keyblock = NULL; /* Need to initialize because gcc can't @@ -575,7 +569,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats, if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) rc = import_one (ctrl, keyblock, stats, fpr, fpr_len, options, 0, 0, - screener, screener_arg); + screener, screener_arg, origin); else if (keyblock->pkt->pkttype == PKT_SECRET_KEY) rc = import_secret_one (ctrl, keyblock, stats, opt.batch, options, 0, @@ -1384,19 +1378,32 @@ apply_drop_sig_filter (ctrl_t ctrl, kbnode_t keyblock, recsel_expr_t selector) } +/* Apply meta data to KEYBLOCK. This sets the origin of the key to + * ORIGIN. If MERGE is true KEYBLOCK has been updated and the meta + * data is merged and not simply inserted. */ +static gpg_error_t +apply_meta_data (kbnode_t keyblock, int merge, int origin) +{ + + return 0; +} + + /* * Try to import one keyblock. Return an error only in serious cases, * but never for an invalid keyblock. It uses log_error to increase * the internal errorcount, so that invalid input can be detected by * programs which called gpg. If SILENT is no messages are printed - - * even most error messages are suppressed. + * even most error messages are suppressed. ORIGIN is the origin of + * the key (0 for unknown). */ static int import_one (ctrl_t ctrl, kbnode_t keyblock, struct import_stats_s *stats, unsigned char **fpr, size_t *fpr_len, unsigned int options, int from_sk, int silent, - import_screener_t screener, void *screener_arg) + import_screener_t screener, void *screener_arg, + int origin) { PKT_public_key *pk; PKT_public_key *pk_orig = NULL; @@ -1614,6 +1621,17 @@ import_one (ctrl_t ctrl, if (opt.verbose > 1 ) log_info (_("writing to '%s'\n"), keydb_get_resource_name (hd) ); + /* Unless we are in restore mode apply meta data to the + * keyblock. Note that this will never change the first packet + * and thus the address of KEYBLOCK won't change. */ + if ( !(options & IMPORT_RESTORE) ) + { + rc = apply_meta_data (keyblock, 0, origin); + log_error ("apply_meta_data failed: %s\n", gpg_strerror (rc)); + keydb_release (hd); + return GPG_ERR_GENERAL; + } + rc = keydb_insert_keyblock (hd, keyblock ); if (rc) log_error (_("error writing keyring '%s': %s\n"), @@ -2286,7 +2304,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, the secret keys. FIXME? */ import_one (ctrl, pub_keyblock, stats, NULL, NULL, options, 1, for_migration, - screener, screener_arg); + screener, screener_arg, 0); /* Fixme: We should check for an invalid keyblock and cancel the secret key import in this case. */ diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h index 02452e88a..46a1e1d9f 100644 --- a/g10/keyserver-internal.h +++ b/g10/keyserver-internal.h @@ -40,7 +40,7 @@ int keyserver_import_keyid (ctrl_t ctrl, u32 *keyid, struct keyserver_spec *keyserver, int quick); gpg_error_t keyserver_refresh (ctrl_t ctrl, strlist_t users); gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens); -int keyserver_fetch (ctrl_t ctrl, strlist_t urilist); +int keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin); int keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode, unsigned char **fpr,size_t *fpr_len); gpg_error_t keyserver_import_pka (ctrl_t ctrl, const char *name, diff --git a/g10/keyserver.c b/g10/keyserver.c index c9be1f020..bec30e37d 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1746,7 +1746,8 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, r_fpr, r_fprlen, (opt.keyserver_options.import_options | IMPORT_NO_SECKEY), - keyserver_retrieval_screener, &screenerarg); + keyserver_retrieval_screener, &screenerarg, + 0 /* FIXME? */); } es_fclose (datastream); xfree (source); @@ -1852,7 +1853,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs) that the fetch operation ignores the configured keyservers and instead directly retrieves the keys. */ int -keyserver_fetch (ctrl_t ctrl, strlist_t urilist) +keyserver_fetch (ctrl_t ctrl, strlist_t urilist, int origin) { gpg_error_t err; strlist_t sl; @@ -1877,7 +1878,7 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist) stats_handle = import_new_stats_handle(); import_keys_es_stream (ctrl, datastream, stats_handle, NULL, NULL, opt.keyserver_options.import_options, - NULL, NULL); + NULL, NULL, origin); import_print_stats (stats_handle); import_release_stats_handle (stats_handle); @@ -1932,7 +1933,7 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode, err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len, (opt.keyserver_options.import_options | IMPORT_NO_SECKEY), - NULL, NULL); + NULL, NULL, KEYORG_DANE); opt.no_armor=armor_status; @@ -2055,7 +2056,7 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name, int quick, if (!err) err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len, IMPORT_NO_SECKEY, - NULL, NULL); + NULL, NULL, KEYORG_WKD); } diff --git a/g10/main.h b/g10/main.h index dad0fe3f9..e69ed9da7 100644 --- a/g10/main.h +++ b/g10/main.h @@ -352,15 +352,13 @@ void restore_import_filter (import_filter_t filt); gpg_error_t read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock); void import_keys (ctrl_t ctrl, char **fnames, int nnames, - import_stats_t stats_hd, unsigned int options); -int import_keys_stream (ctrl_t ctrl, iobuf_t inp, import_stats_t stats_hd, - unsigned char **fpr, - size_t *fpr_len, unsigned int options); + import_stats_t stats_hd, unsigned int options, int origin); int import_keys_es_stream (ctrl_t ctrl, estream_t fp, import_stats_t stats_handle, unsigned char **fpr, size_t *fpr_len, unsigned int options, - import_screener_t screener, void *screener_arg); + import_screener_t screener, void *screener_arg, + int origin); gpg_error_t import_old_secring (ctrl_t ctrl, const char *fname); import_stats_t import_new_stats_handle (void); void import_release_stats_handle (import_stats_t hd);