1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-06 12:33:23 +01:00

* trustdb.c (clean_uids_from_key), keyedit.c

(menu_clean_uids_from_key): Tweak algorithm to preserve the last
selfsig which helps prevent uid resurrections.
This commit is contained in:
David Shaw 2005-06-09 02:53:18 +00:00
parent dddcb6d90c
commit 475107dff3
3 changed files with 35 additions and 33 deletions

View File

@ -1,5 +1,9 @@
2005-06-08 David Shaw <dshaw@jabberwocky.com> 2005-06-08 David Shaw <dshaw@jabberwocky.com>
* trustdb.c (clean_uids_from_key), keyedit.c
(menu_clean_uids_from_key): Tweak algorithm to preserve the last
selfsig which helps prevent uid resurrections.
* getkey.c (fixup_uidnode, merge_selfsigs_main): Handle both * getkey.c (fixup_uidnode, merge_selfsigs_main): Handle both
expired and revoked uids in fixup_uidnode(). No need to special expired and revoked uids in fixup_uidnode(). No need to special
case in merge_selfsigs_main(). This also means that an expired case in merge_selfsigs_main(). This also means that an expired

View File

@ -1435,7 +1435,8 @@ static struct
{ "enable" , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") }, { "enable" , cmdENABLEKEY , KEYEDIT_NOT_SK, N_("enable key") },
{ "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") }, { "disable" , cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key") },
{ "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") }, { "showphoto",cmdSHOWPHOTO , 0, N_("show selected photo IDs") },
{ "clean", cmdCLEAN , KEYEDIT_NOT_SK, NULL }, { "clean", cmdCLEAN , KEYEDIT_NOT_SK,
N_("clean unusable parts from key") },
{ NULL, cmdNONE, 0, NULL } { NULL, cmdNONE, 0, NULL }
}; };
@ -2150,19 +2151,16 @@ keyedit_menu( const char *username, STRLIST locusr,
redisplay=modified=menu_clean_uids_from_key(keyblock); redisplay=modified=menu_clean_uids_from_key(keyblock);
else if(ascii_strcasecmp(arg_string,"subkeys")==0) else if(ascii_strcasecmp(arg_string,"subkeys")==0)
redisplay=modified=menu_clean_subkeys_from_key(keyblock); redisplay=modified=menu_clean_subkeys_from_key(keyblock);
else if(ascii_strcasecmp(arg_string,"all")==0) else
tty_printf("Unable to clean `%s'\n",arg_string);
}
else
{ {
modified=menu_clean_sigs_from_uids(keyblock); modified=menu_clean_sigs_from_uids(keyblock);
modified+=menu_clean_uids_from_key(keyblock); modified+=menu_clean_uids_from_key(keyblock);
modified+=menu_clean_subkeys_from_key(keyblock); modified+=menu_clean_subkeys_from_key(keyblock);
redisplay=modified; redisplay=modified;
} }
else
tty_printf("Unable to clean `%s'\n",arg_string);
}
else
tty_printf("Please specify item to clean: `sigs',"
" `uids', `subkeys', or `all'\n");
} }
break; break;
@ -3187,34 +3185,40 @@ menu_clean_sigs_from_uids(KBNODE keyblock)
static int static int
menu_clean_uids_from_key(KBNODE keyblock) menu_clean_uids_from_key(KBNODE keyblock)
{ {
KBNODE node;
int modified=clean_uids_from_key(keyblock,0); int modified=clean_uids_from_key(keyblock,0);
if(modified) if(modified)
{ {
KBNODE node,uidnode=NULL;
for(node=keyblock->next;node;node=node->next) for(node=keyblock->next;node;node=node->next)
{ {
if(node->pkt->pkttype==PKT_USER_ID && is_deleted_kbnode(node)) if(node->pkt->pkttype==PKT_USER_ID)
uidnode=node;
else if(uidnode && node->pkt->pkttype==PKT_SIGNATURE
&& is_deleted_kbnode(node))
{ {
const char *reason; const char *reason;
char *user=utf8_to_native(node->pkt->pkt.user_id->name, char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
node->pkt->pkt.user_id->len,0); uidnode->pkt->pkt.user_id->len,0);
if(node->pkt->pkt.user_id->is_revoked) if(uidnode->pkt->pkt.user_id->is_revoked)
reason=_("revoked"); reason=_("revoked");
else if(node->pkt->pkt.user_id->is_expired) else if(uidnode->pkt->pkt.user_id->is_expired)
reason=_("expired"); reason=_("expired");
else else
reason=_("invalid"); reason=_("invalid");
tty_printf("User ID \"%s\" removed: %s\n",user,reason); tty_printf("User ID \"%s\" compacted: %s\n",user,reason);
uidnode=NULL;
m_free(user); m_free(user);
} }
} }
} }
else else
tty_printf("No user IDs are removable.\n"); tty_printf("No user IDs are compactable.\n");
return modified; return modified;
} }

View File

@ -1641,30 +1641,23 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy)
and is not expired. Note that this does not take into account and is not expired. Note that this does not take into account
whether the uid has a trust path to it - just whether the keyholder whether the uid has a trust path to it - just whether the keyholder
themselves has certified the uid. Returns how many user IDs were themselves has certified the uid. Returns how many user IDs were
removed. */ removed. To "remove" a user ID, we simply remove ALL signatures
except the self-sig that caused the user ID to be remove-worthy.
We don't actually remove the user ID packet itself since it might
be ressurected in a later merge. */
int int
clean_uids_from_key(KBNODE keyblock,int noisy) clean_uids_from_key(KBNODE keyblock,int noisy)
{ {
int uidcount=0,delete_until_next=0,deleted=0; int delete_until_next=0,deleted=0;
KBNODE node; KBNODE node;
assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY); assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
merge_keys_and_selfsig(keyblock); merge_keys_and_selfsig(keyblock);
/* First count how many user IDs we have. We need to be careful
that we don't delete them all as some keys could actually have NO
valid user IDs. 2440 requires at least 1 user ID packet, valid
or not. */
for(node=keyblock->next; for(node=keyblock->next;
node && node->pkt->pkttype!=PKT_PUBLIC_SUBKEY; node && node->pkt->pkttype!=PKT_PUBLIC_SUBKEY;
node=node->next) node=node->next)
if(node->pkt->pkttype==PKT_USER_ID)
uidcount++;
for(node=keyblock->next;
node && node->pkt->pkttype!=PKT_PUBLIC_SUBKEY && uidcount>deleted+1;
node=node->next)
{ {
if(node->pkt->pkttype==PKT_USER_ID) if(node->pkt->pkttype==PKT_USER_ID)
{ {
@ -1693,7 +1686,7 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
else else
reason=_("invalid"); reason=_("invalid");
log_info("removing user ID \"%s\" from key %s: %s\n", log_info("compacting user ID \"%s\" on key %s: %s\n",
user,keystr(keyblock->pkt->pkt.public_key->keyid), user,keystr(keyblock->pkt->pkt.public_key->keyid),
reason); reason);
@ -1701,8 +1694,9 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
} }
} }
} }
else if(node->pkt->pkttype==PKT_SIGNATURE
if(delete_until_next) && delete_until_next
&& !node->pkt->pkt.signature->flags.chosen_selfsig)
delete_kbnode(node); delete_kbnode(node);
} }