mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-05 12:31:50 +01:00
* trustdb.c (clean_uids_from_key), keyedit.c
(menu_clean_uids_from_key): Tweak algorithm to preserve the last selfsig which helps prevent uid resurrections.
This commit is contained in:
David Shaw
parent
dddcb6d90c
commit
475107dff3
@ -1,5 +1,9 @@
|
|||||||
2005-06-08 David Shaw <dshaw@jabberwocky.com>
|
2005-06-08 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* trustdb.c (clean_uids_from_key), keyedit.c
|
||||||
|
(menu_clean_uids_from_key): Tweak algorithm to preserve the last
|
||||||
|
selfsig which helps prevent uid resurrections.
|
||||||
|
|
||||||
* getkey.c (fixup_uidnode, merge_selfsigs_main): Handle both
|
* getkey.c (fixup_uidnode, merge_selfsigs_main): Handle both
|
||||||
expired and revoked uids in fixup_uidnode(). No need to special
|
expired and revoked uids in fixup_uidnode(). No need to special
|
||||||
case in merge_selfsigs_main(). This also means that an expired
|
case in merge_selfsigs_main(). This also means that an expired
|
||||||
|
|||||||
@ -1435,7 +1435,8 @@ static struct
|
|||||||
{ "enable" , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") },
|
{ "enable" , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") },
|
||||||
{ "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") },
|
{ "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") },
|
||||||
{ "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") },
|
{ "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") },
|
||||||
{ "clean", cmdCLEAN , KEYEDIT_NOT_SK, NULL },
|
{ "clean", cmdCLEAN , KEYEDIT_NOT_SK,
|
||||||
|
N_("clean unusable parts from key") },
|
||||||
{ NULL, cmdNONE, 0, NULL }
|
{ NULL, cmdNONE, 0, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -2150,19 +2151,16 @@ keyedit_menu( const char *username, STRLIST locusr,
|
|||||||
redisplay=modified=menu_clean_uids_from_key(keyblock);
|
redisplay=modified=menu_clean_uids_from_key(keyblock);
|
||||||
else if(ascii_strcasecmp(arg_string,"subkeys")==0)
|
else if(ascii_strcasecmp(arg_string,"subkeys")==0)
|
||||||
redisplay=modified=menu_clean_subkeys_from_key(keyblock);
|
redisplay=modified=menu_clean_subkeys_from_key(keyblock);
|
||||||
else if(ascii_strcasecmp(arg_string,"all")==0)
|
else
|
||||||
|
tty_printf("Unable to clean `%s'\n",arg_string);
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
modified=menu_clean_sigs_from_uids(keyblock);
|
modified=menu_clean_sigs_from_uids(keyblock);
|
||||||
modified+=menu_clean_uids_from_key(keyblock);
|
modified+=menu_clean_uids_from_key(keyblock);
|
||||||
modified+=menu_clean_subkeys_from_key(keyblock);
|
modified+=menu_clean_subkeys_from_key(keyblock);
|
||||||
redisplay=modified;
|
redisplay=modified;
|
||||||
}
|
}
|
||||||
else
|
|
||||||
tty_printf("Unable to clean `%s'\n",arg_string);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
tty_printf("Please specify item to clean: `sigs',"
|
|
||||||
" `uids', `subkeys', or `all'\n");
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -3187,34 +3185,40 @@ menu_clean_sigs_from_uids(KBNODE keyblock)
|
|||||||
static int
|
static int
|
||||||
menu_clean_uids_from_key(KBNODE keyblock)
|
menu_clean_uids_from_key(KBNODE keyblock)
|
||||||
{
|
{
|
||||||
KBNODE node;
|
|
||||||
int modified=clean_uids_from_key(keyblock,0);
|
int modified=clean_uids_from_key(keyblock,0);
|
||||||
|
|
||||||
if(modified)
|
if(modified)
|
||||||
{
|
{
|
||||||
|
KBNODE node,uidnode=NULL;
|
||||||
|
|
||||||
for(node=keyblock->next;node;node=node->next)
|
for(node=keyblock->next;node;node=node->next)
|
||||||
{
|
{
|
||||||
if(node->pkt->pkttype==PKT_USER_ID && is_deleted_kbnode(node))
|
if(node->pkt->pkttype==PKT_USER_ID)
|
||||||
|
uidnode=node;
|
||||||
|
else if(uidnode && node->pkt->pkttype==PKT_SIGNATURE
|
||||||
|
&& is_deleted_kbnode(node))
|
||||||
{
|
{
|
||||||
const char *reason;
|
const char *reason;
|
||||||
char *user=utf8_to_native(node->pkt->pkt.user_id->name,
|
char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
|
||||||
node->pkt->pkt.user_id->len,0);
|
uidnode->pkt->pkt.user_id->len,0);
|
||||||
|
|
||||||
if(node->pkt->pkt.user_id->is_revoked)
|
if(uidnode->pkt->pkt.user_id->is_revoked)
|
||||||
reason=_("revoked");
|
reason=_("revoked");
|
||||||
else if(node->pkt->pkt.user_id->is_expired)
|
else if(uidnode->pkt->pkt.user_id->is_expired)
|
||||||
reason=_("expired");
|
reason=_("expired");
|
||||||
else
|
else
|
||||||
reason=_("invalid");
|
reason=_("invalid");
|
||||||
|
|
||||||
tty_printf("User ID \"%s\" removed: %s\n",user,reason);
|
tty_printf("User ID \"%s\" compacted: %s\n",user,reason);
|
||||||
|
|
||||||
|
uidnode=NULL;
|
||||||
|
|
||||||
m_free(user);
|
m_free(user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
tty_printf("No user IDs are removable.\n");
|
tty_printf("No user IDs are compactable.\n");
|
||||||
|
|
||||||
return modified;
|
return modified;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1641,30 +1641,23 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy)
|
|||||||
and is not expired. Note that this does not take into account
|
and is not expired. Note that this does not take into account
|
||||||
whether the uid has a trust path to it - just whether the keyholder
|
whether the uid has a trust path to it - just whether the keyholder
|
||||||
themselves has certified the uid. Returns how many user IDs were
|
themselves has certified the uid. Returns how many user IDs were
|
||||||
removed. */
|
removed. To "remove" a user ID, we simply remove ALL signatures
|
||||||
|
except the self-sig that caused the user ID to be remove-worthy.
|
||||||
|
We don't actually remove the user ID packet itself since it might
|
||||||
|
be ressurected in a later merge. */
|
||||||
int
|
int
|
||||||
clean_uids_from_key(KBNODE keyblock,int noisy)
|
clean_uids_from_key(KBNODE keyblock,int noisy)
|
||||||
{
|
{
|
||||||
int uidcount=0,delete_until_next=0,deleted=0;
|
int delete_until_next=0,deleted=0;
|
||||||
KBNODE node;
|
KBNODE node;
|
||||||
|
|
||||||
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
|
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
|
||||||
|
|
||||||
merge_keys_and_selfsig(keyblock);
|
merge_keys_and_selfsig(keyblock);
|
||||||
|
|
||||||
/* First count how many user IDs we have. We need to be careful
|
|
||||||
that we don't delete them all as some keys could actually have NO
|
|
||||||
valid user IDs. 2440 requires at least 1 user ID packet, valid
|
|
||||||
or not. */
|
|
||||||
for(node=keyblock->next;
|
for(node=keyblock->next;
|
||||||
node && node->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
|
node && node->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
|
||||||
node=node->next)
|
node=node->next)
|
||||||
if(node->pkt->pkttype==PKT_USER_ID)
|
|
||||||
uidcount++;
|
|
||||||
|
|
||||||
for(node=keyblock->next;
|
|
||||||
node && node->pkt->pkttype!=PKT_PUBLIC_SUBKEY && uidcount>deleted+1;
|
|
||||||
node=node->next)
|
|
||||||
{
|
{
|
||||||
if(node->pkt->pkttype==PKT_USER_ID)
|
if(node->pkt->pkttype==PKT_USER_ID)
|
||||||
{
|
{
|
||||||
@ -1693,7 +1686,7 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
|
|||||||
else
|
else
|
||||||
reason=_("invalid");
|
reason=_("invalid");
|
||||||
|
|
||||||
log_info("removing user ID \"%s\" from key %s: %s\n",
|
log_info("compacting user ID \"%s\" on key %s: %s\n",
|
||||||
user,keystr(keyblock->pkt->pkt.public_key->keyid),
|
user,keystr(keyblock->pkt->pkt.public_key->keyid),
|
||||||
reason);
|
reason);
|
||||||
|
|
||||||
@ -1701,8 +1694,9 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if(node->pkt->pkttype==PKT_SIGNATURE
|
||||||
if(delete_until_next)
|
&& delete_until_next
|
||||||
|
&& !node->pkt->pkt.signature->flags.chosen_selfsig)
|
||||||
delete_kbnode(node);
|
delete_kbnode(node);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user