gpg: New command --locate-external-key.

* g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit d00c8024e5)
2019-07-04 15:13:26 +02:00 · 2019-07-04 15:13:26 +02:00 · 46f3283b34
parent 1187143343
commit 46f3283b34
7 changed files with 63 additions and 32 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -346,12 +346,17 @@ numbers 1-9 or "T" for 10 and above to indicate trust signature levels


@item --locate-keys
+@itemx --locate-external-keys
@opindex locate-keys
+@opindex locate-external-keys
 Locate the keys given as arguments.  This command basically uses the
-same algorithm as used when locating keys for encryption or signing and
-may thus be used to see what keys @command{@gpgname} might use.  In
-particular external methods as defined by @option{--auto-key-locate} may
-be used to locate a key.  Only public keys are listed.
+same algorithm as used when locating keys for encryption or signing
+and may thus be used to see what keys @command{@gpgname} might use.
+In particular external methods as defined by
+@option{--auto-key-locate} may be used to locate a key.  Only public
+keys are listed.  The variant @option{--locate-external-keys} does not
+consider a locally existing key and can thus be used to force the
+refresh of a key via the defined external methods.

@item --show-keys
@opindex show-keys
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1043,7 +1043,9 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
   * Note: we only save the search context in RETCTX if the local
   * method is the first method tried (either explicitly or
   * implicitly).  */
-  if (mode != GET_PUBKEY_NO_AKL)
+  if (mode == GET_PUBKEY_NO_LOCAL)
+    nodefault = 1;  /* Auto-key-locate but ignore "local".  */
+  else if (mode != GET_PUBKEY_NO_AKL)
    {
      /* auto-key-locate is enabled.  */

@ -1072,7 +1074,13 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
      anylocalfirst = 1;
    }

-  if (nodefault && is_mbox)
+  if (mode == GET_PUBKEY_NO_LOCAL)
+    {
+      /* Force using the AKL.  If IS_MBOX is not set this is the final
+       * error code.  */
+      rc = GPG_ERR_NO_PUBKEY;
+    }
+  else if (nodefault && is_mbox)
    {
      /* Either "nodefault" or "local" (explicitly) appeared in the
       * auto key locate list and NAME appears to be an email address.
@ -1119,17 +1127,25 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 	      break;

 	    case AKL_LOCAL:
-	      mechanism_string = "Local";
-	      did_akl_local = 1;
-	      if (retctx)
-		{
-		  getkey_end (ctrl, *retctx);
-		  *retctx = NULL;
-		}
-	      add_to_strlist (&namelist, name);
-	      rc = key_byname (ctrl, anylocalfirst ? retctx : NULL,
-			       namelist, pk, 0,
-			       include_unusable, ret_keyblock, ret_kdbhd);
+              if (mode == GET_PUBKEY_NO_LOCAL)
+                {
+                  mechanism_string = "None";
+                  rc = GPG_ERR_NO_PUBKEY;
+                }
+              else
+                {
+                  mechanism_string = "Local";
+                  did_akl_local = 1;
+                  if (retctx)
+                    {
+                      getkey_end (ctrl, *retctx);
+                      *retctx = NULL;
+                    }
+                  add_to_strlist (&namelist, name);
+                  rc = key_byname (ctrl, anylocalfirst ? retctx : NULL,
+                                   namelist, pk, 0,
+                                   include_unusable, ret_keyblock, ret_kdbhd);
+                }
 	      break;

 	    case AKL_CERT:
@ -1264,7 +1280,6 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 	}
    }

-
  if (rc && retctx)
    {
      getkey_end (ctrl, *retctx);
@ -1417,7 +1432,8 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
 * resembles a mail address, the results are ranked and only the best
 * result is returned.  */
 gpg_error_t
-get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
+get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
+                        GETKEY_CTX *retctx, PKT_public_key *pk,
                        const char *name, KBNODE *ret_keyblock,
                        int include_unusable)
 {
@ -1440,7 +1456,7 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
      getkey_end (ctrl, ctx);
      ctx = NULL;
    }
-  err = get_pubkey_byname (ctrl, GET_PUBKEY_NORMAL,
+  err = get_pubkey_byname (ctrl, mode,
                           &ctx, pk, name, ret_keyblock,
                           NULL, include_unusable);
  if (err)
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -147,6 +147,7 @@ enum cmd_and_opt_values
    aSendKeys,
    aRecvKeys,
    aLocateKeys,
+    aLocateExtKeys,
    aSearchKeys,
    aRefreshKeys,
    aFetchKeys,
@ -499,6 +500,7 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_c (aRefreshKeys, "refresh-keys",
              N_("update all keys from a keyserver")),
  ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
+  ARGPARSE_c (aLocateExtKeys, "locate-external-keys", "@"),
  ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
  ARGPARSE_c (aShowKeys, "show-keys" , "@" ),
  ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
@ -2561,6 +2563,7 @@ main (int argc, char **argv)
 #endif /* ENABLE_CARD_SUPPORT*/
 	  case aListKeys:
 	  case aLocateKeys:
+	  case aLocateExtKeys:
 	  case aListSigs:
 	  case aExportSecret:
 	  case aExportSecretSub:
@ -4415,7 +4418,7 @@ main (int argc, char **argv)
 	sl = NULL;
 	for( ; argc; argc--, argv++ )
 	    add_to_strlist2( &sl, *argv, utf8_strings );
-	public_key_list (ctrl, sl, 0);
+	public_key_list (ctrl, sl, 0, 0);
 	free_strlist(sl);
 	break;
      case aListSecretKeys:
@ -4426,10 +4429,11 @@ main (int argc, char **argv)
 	free_strlist(sl);
 	break;
      case aLocateKeys:
+      case aLocateExtKeys:
 	sl = NULL;
 	for (; argc; argc--, argv++)
          add_to_strlist2( &sl, *argv, utf8_strings );
-	public_key_list (ctrl, sl, 1);
+	public_key_list (ctrl, sl, 1, cmd == aLocateExtKeys);
 	free_strlist (sl);
 	break;

--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -363,7 +363,7 @@ int get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,

 /* Likewise, but only return the best match if NAME resembles a mail
 * address.  */
-gpg_error_t get_best_pubkey_byname (ctrl_t ctrl,
+gpg_error_t get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
                                    GETKEY_CTX *retctx, PKT_public_key *pk,
                                    const char *name, KBNODE *ret_keyblock,
                                    int include_unusable);
--- a/g10/keylist.c
+++ b/g10/keylist.c
@ -50,7 +50,7 @@
 static void list_all (ctrl_t, int, int);
 static void list_one (ctrl_t ctrl,
                      strlist_t names, int secret, int mark_secret);
-static void locate_one (ctrl_t ctrl, strlist_t names);
+static void locate_one (ctrl_t ctrl, strlist_t names, int no_local);
 static void print_card_serialno (const char *serialno);

 struct keylist_context
@ -82,10 +82,11 @@ keylist_context_release (struct keylist_context *listctx)


 /* List the keys.  If list is NULL, all available keys are listed.
-   With LOCATE_MODE set the locate algorithm is used to find a
-   key.  */
+ * With LOCATE_MODE set the locate algorithm is used to find a key; if
+ * in addition NO_LOCAL is set the locate does not look into the local
+ * keyring.  */
 void
-public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
+public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode, int no_local)
 {
 #ifndef NO_TRUST_MODELS
  if (opt.with_colons)
@ -139,7 +140,7 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
 #endif

  if (locate_mode)
-    locate_one (ctrl, list);
+    locate_one (ctrl, list, no_local);
  else if (!list)
    list_all (ctrl, 0, opt.with_secret);
  else
@ -641,7 +642,7 @@ list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)


 static void
-locate_one (ctrl_t ctrl, strlist_t names)
+locate_one (ctrl_t ctrl, strlist_t names, int no_local)
 {
  int rc = 0;
  strlist_t sl;
@ -655,7 +656,10 @@ locate_one (ctrl_t ctrl, strlist_t names)

  for (sl = names; sl; sl = sl->next)
    {
-      rc = get_best_pubkey_byname (ctrl, &ctx, NULL, sl->d, &keyblock, 1);
+      rc = get_best_pubkey_byname (ctrl,
+                                   no_local? GET_PUBKEY_NO_LOCAL
+                                   /*    */: GET_PUBKEY_NORMAL,
+                                   &ctx, NULL, sl->d, &keyblock, 1);
      if (rc)
 	{
 	  if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
--- a/g10/main.h
+++ b/g10/main.h
@ -438,7 +438,8 @@ struct revocation_reason_info * get_default_uid_revocation_reason(void);
 void release_revocation_reason_info( struct revocation_reason_info *reason );

 /*-- keylist.c --*/
-void public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode );
+void public_key_list (ctrl_t ctrl, strlist_t list,
+                      int locate_mode, int no_local);
 void secret_key_list (ctrl_t ctrl, strlist_t list );
 void print_subpackets_colon(PKT_signature *sig);
 void reorder_keyblock (KBNODE keyblock);
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -834,7 +834,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
  if (from_file)
    rc = get_pubkey_fromfile (ctrl, pk, name);
  else
-    rc = get_best_pubkey_byname (ctrl, NULL, pk, name, &keyblock, 0);
+    rc = get_best_pubkey_byname (ctrl, GET_PUBKEY_NORMAL,
+                                 NULL, pk, name, &keyblock, 0);
  if (rc)
    {
      int code;