mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global scope. * g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME. * g10/keygen.c (prepare_desig_revoker): Use it here. (prepare_adsk): and here. -- The revoker key is required before we create it along with a new key. This is because the we need to know the algo and also to make sure that the key really exists. GnuPG-bug-id: 7133
This commit is contained in:
parent
068ebb6f1e
commit
465ea9116d
23
g10/getkey.c
23
g10/getkey.c
@ -916,6 +916,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
|
|||||||
* auto-key-locate option list!
|
* auto-key-locate option list!
|
||||||
* GET_PUBKEY_NO_LOCAL - Only the auto key locate functionality is
|
* GET_PUBKEY_NO_LOCAL - Only the auto key locate functionality is
|
||||||
* used and no local search is done.
|
* used and no local search is done.
|
||||||
|
* GET_PUBKEY_TRY_LDAP - If the key was not found locally try LDAP.
|
||||||
*
|
*
|
||||||
* If RETCTX is not NULL, then the constructed context is returned in
|
* If RETCTX is not NULL, then the constructed context is returned in
|
||||||
* *RETCTX so that getpubkey_next can be used to get subsequent
|
* *RETCTX so that getpubkey_next can be used to get subsequent
|
||||||
@ -968,7 +969,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
|
|||||||
int nodefault = 0;
|
int nodefault = 0;
|
||||||
int anylocalfirst = 0;
|
int anylocalfirst = 0;
|
||||||
int mechanism_type = AKL_NODEFAULT;
|
int mechanism_type = AKL_NODEFAULT;
|
||||||
|
struct akl *used_akl = opt.auto_key_locate;
|
||||||
|
|
||||||
/* If RETCTX is not NULL, then RET_KDBHD must be NULL. */
|
/* If RETCTX is not NULL, then RET_KDBHD must be NULL. */
|
||||||
log_assert (retctx == NULL || ret_kdbhd == NULL);
|
log_assert (retctx == NULL || ret_kdbhd == NULL);
|
||||||
@ -990,12 +991,12 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
|
|||||||
is_mbox = 1;
|
is_mbox = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If we are called due to --locate-external-key Check whether NAME
|
/* If we are called due to --locate-external-key check whether NAME
|
||||||
* is a fingerprint and then try to lookup that key by configured
|
* is a fingerprint and then try to lookup that key by configured
|
||||||
* method which support lookup by fingerprint. FPRBUF carries the
|
* method which support lookup by fingerprint. FPRBUF carries the
|
||||||
* parsed fingerprint iff IS_FPR is true. */
|
* parsed fingerprint iff IS_FPR is true. */
|
||||||
is_fpr = 0;
|
is_fpr = 0;
|
||||||
if (!is_mbox && mode == GET_PUBKEY_NO_LOCAL)
|
if (!is_mbox && (mode == GET_PUBKEY_NO_LOCAL || mode == GET_PUBKEY_TRY_LDAP))
|
||||||
{
|
{
|
||||||
if (!classify_user_id (name, &fprbuf, 1)
|
if (!classify_user_id (name, &fprbuf, 1)
|
||||||
&& fprbuf.mode == KEYDB_SEARCH_MODE_FPR)
|
&& fprbuf.mode == KEYDB_SEARCH_MODE_FPR)
|
||||||
@ -1021,12 +1022,20 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
|
|||||||
* implicitly). */
|
* implicitly). */
|
||||||
if (mode == GET_PUBKEY_NO_LOCAL)
|
if (mode == GET_PUBKEY_NO_LOCAL)
|
||||||
nodefault = 1; /* Auto-key-locate but ignore "local". */
|
nodefault = 1; /* Auto-key-locate but ignore "local". */
|
||||||
else if (mode != GET_PUBKEY_NO_AKL)
|
else if (mode == GET_PUBKEY_NO_AKL)
|
||||||
|
;
|
||||||
|
else if (mode == GET_PUBKEY_TRY_LDAP)
|
||||||
|
{
|
||||||
|
static struct akl ldap_only_akl = { AKL_LDAP, NULL, NULL };
|
||||||
|
|
||||||
|
used_akl = &ldap_only_akl;
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
/* auto-key-locate is enabled. */
|
/* auto-key-locate is enabled. */
|
||||||
|
|
||||||
/* nodefault is true if "nodefault" or "local" appear. */
|
/* nodefault is true if "nodefault" or "local" appear. */
|
||||||
for (akl = opt.auto_key_locate; akl; akl = akl->next)
|
for (akl = used_akl; akl; akl = akl->next)
|
||||||
if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
|
if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
|
||||||
{
|
{
|
||||||
nodefault = 1;
|
nodefault = 1;
|
||||||
@ -1034,7 +1043,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
|
|||||||
}
|
}
|
||||||
/* anylocalfirst is true if "local" appears before any other
|
/* anylocalfirst is true if "local" appears before any other
|
||||||
search methods (except "nodefault"). */
|
search methods (except "nodefault"). */
|
||||||
for (akl = opt.auto_key_locate; akl; akl = akl->next)
|
for (akl = used_akl; akl; akl = akl->next)
|
||||||
if (akl->type != AKL_NODEFAULT)
|
if (akl->type != AKL_NODEFAULT)
|
||||||
{
|
{
|
||||||
if (akl->type == AKL_LOCAL)
|
if (akl->type == AKL_LOCAL)
|
||||||
@ -1085,7 +1094,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
|
|||||||
* the local keyring). Since the auto key locate feature is
|
* the local keyring). Since the auto key locate feature is
|
||||||
* enabled and NAME appears to be an email address, try the auto
|
* enabled and NAME appears to be an email address, try the auto
|
||||||
* locate feature. */
|
* locate feature. */
|
||||||
for (akl = opt.auto_key_locate; akl; akl = akl->next)
|
for (akl = used_akl; akl; akl = akl->next)
|
||||||
{
|
{
|
||||||
unsigned char *fpr = NULL;
|
unsigned char *fpr = NULL;
|
||||||
size_t fpr_len;
|
size_t fpr_len;
|
||||||
|
@ -372,7 +372,8 @@ enum get_pubkey_modes
|
|||||||
{
|
{
|
||||||
GET_PUBKEY_NORMAL = 0,
|
GET_PUBKEY_NORMAL = 0,
|
||||||
GET_PUBKEY_NO_AKL = 1,
|
GET_PUBKEY_NO_AKL = 1,
|
||||||
GET_PUBKEY_NO_LOCAL = 2
|
GET_PUBKEY_NO_LOCAL = 2,
|
||||||
|
GET_PUBKEY_TRY_LDAP = 3
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Find a public key identified by NAME. */
|
/* Find a public key identified by NAME. */
|
||||||
|
@ -4504,7 +4504,7 @@ prepare_desig_revoker (ctrl_t ctrl, const char *name)
|
|||||||
|
|
||||||
revoker_pk = xcalloc (1, sizeof *revoker_pk);
|
revoker_pk = xcalloc (1, sizeof *revoker_pk);
|
||||||
revoker_pk->req_usage = PUBKEY_USAGE_CERT;
|
revoker_pk->req_usage = PUBKEY_USAGE_CERT;
|
||||||
err = get_pubkey_byname (ctrl, GET_PUBKEY_NO_AKL,
|
err = get_pubkey_byname (ctrl, GET_PUBKEY_TRY_LDAP,
|
||||||
NULL, revoker_pk, name, NULL, NULL, 1);
|
NULL, revoker_pk, name, NULL, NULL, 1);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -4565,7 +4565,7 @@ prepare_adsk (ctrl_t ctrl, const char *name)
|
|||||||
|
|
||||||
adsk_pk = xcalloc (1, sizeof *adsk_pk);
|
adsk_pk = xcalloc (1, sizeof *adsk_pk);
|
||||||
adsk_pk->req_usage = PUBKEY_USAGE_ENC;
|
adsk_pk->req_usage = PUBKEY_USAGE_ENC;
|
||||||
err = get_pubkey_byname (ctrl, GET_PUBKEY_NO_AKL,
|
err = get_pubkey_byname (ctrl, GET_PUBKEY_TRY_LDAP,
|
||||||
NULL, adsk_pk, name, NULL, NULL, 1);
|
NULL, adsk_pk, name, NULL, NULL, 1);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
@ -41,6 +41,26 @@ struct keyserver_spec
|
|||||||
};
|
};
|
||||||
typedef struct keyserver_spec *keyserver_spec_t;
|
typedef struct keyserver_spec *keyserver_spec_t;
|
||||||
|
|
||||||
|
/* The --auto-key-locate mechanisms object. */
|
||||||
|
struct akl
|
||||||
|
{
|
||||||
|
enum {
|
||||||
|
AKL_NODEFAULT,
|
||||||
|
AKL_LOCAL,
|
||||||
|
AKL_CERT,
|
||||||
|
AKL_PKA,
|
||||||
|
AKL_DANE,
|
||||||
|
AKL_WKD,
|
||||||
|
AKL_LDAP,
|
||||||
|
AKL_NTDS,
|
||||||
|
AKL_KEYSERVER,
|
||||||
|
AKL_SPEC
|
||||||
|
} type;
|
||||||
|
keyserver_spec_t spec;
|
||||||
|
struct akl *next;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Global options for GPG. */
|
/* Global options for GPG. */
|
||||||
EXTERN_UNLESS_MAIN_MODULE
|
EXTERN_UNLESS_MAIN_MODULE
|
||||||
@ -290,23 +310,7 @@ struct
|
|||||||
|
|
||||||
/* Linked list of ways to find a key if the key isn't on the local
|
/* Linked list of ways to find a key if the key isn't on the local
|
||||||
keyring. */
|
keyring. */
|
||||||
struct akl
|
struct akl *auto_key_locate;
|
||||||
{
|
|
||||||
enum {
|
|
||||||
AKL_NODEFAULT,
|
|
||||||
AKL_LOCAL,
|
|
||||||
AKL_CERT,
|
|
||||||
AKL_PKA,
|
|
||||||
AKL_DANE,
|
|
||||||
AKL_WKD,
|
|
||||||
AKL_LDAP,
|
|
||||||
AKL_NTDS,
|
|
||||||
AKL_KEYSERVER,
|
|
||||||
AKL_SPEC
|
|
||||||
} type;
|
|
||||||
keyserver_spec_t spec;
|
|
||||||
struct akl *next;
|
|
||||||
} *auto_key_locate;
|
|
||||||
|
|
||||||
/* The value of --key-origin. See parse_key_origin(). */
|
/* The value of --key-origin. See parse_key_origin(). */
|
||||||
int key_origin;
|
int key_origin;
|
||||||
@ -327,6 +331,7 @@ struct
|
|||||||
unsigned int compat_flags;
|
unsigned int compat_flags;
|
||||||
} opt;
|
} opt;
|
||||||
|
|
||||||
|
|
||||||
/* CTRL is used to keep some global variables we currently can't
|
/* CTRL is used to keep some global variables we currently can't
|
||||||
avoid. Future concurrent versions of gpg will put it into a per
|
avoid. Future concurrent versions of gpg will put it into a per
|
||||||
request structure CTRL. */
|
request structure CTRL. */
|
||||||
|
Loading…
x
Reference in New Issue
Block a user