* call-agent.c (learn_cb): Use log_info instead of log_error on

successful import. * keydb.c (keydb_set_ephemeral): New. (keydb_store_cert): New are ephemeral, changed all callers. * keylist.c (list_external_cb): Store cert as ephemeral. * export.c (gpgsm_export): Kludge to export epehmeral certificates. * gpgsm.c (main): New command --list-external-keys.
2025-01-21 14:47:03 +01:00 · 2002-06-19 08:30:10 +00:00 · 2002-06-19 08:30:10 +00:00 · 52146943d1
commit 52146943d1
parent 031a856a7e
9 changed files with 78 additions and 8 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,15 @@
+2002-06-19  Werner Koch  <wk@gnupg.org>
+
+	* call-agent.c (learn_cb): Use log_info instead of log_error on
+	successful import.
+
+	* keydb.c (keydb_set_ephemeral): New.
+	(keydb_store_cert): New are ephemeral, changed all callers.
+	* keylist.c (list_external_cb): Store cert as ephemeral.
+	* export.c (gpgsm_export): Kludge to export epehmeral certificates.
+
+	* gpgsm.c (main): New command --list-external-keys.
+	
 2002-06-17  Werner Koch  <wk@gnupg.org>

 	* certreqgen.c (read_parameters): Improved error handling.
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -693,8 +693,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
    log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
  else
    {
-      if (!keydb_store_cert (cert))
-        log_error ("certificate imported\n");
+      if (!keydb_store_cert (cert, 0))
+        log_info ("certificate imported\n");
    }

  ksba_cert_release (cert);
--- a/sm/export.c
+++ b/sm/export.c
@ -50,6 +50,7 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
  KsbaCert cert = NULL;
  int rc=0;
  int count = 0;
+  int i;

  hd = keydb_new (0);
  if (!hd)
@ -91,7 +92,23 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
        }
    }

+  /* If all specifications are done by fingerprint, we switch to
+     ephemeral mode so that _all_ currently available and matching
+     certificates are exported. 

+     fixme: we should in this case keep a list of certificates to
+     avoid accidential export of duplicate certificates. */
+  if (names && ndesc)
+    {
+      for (i=0; (i < ndesc
+                 && (desc[i].mode == KEYDB_SEARCH_MODE_FPR
+                     || desc[i].mode == KEYDB_SEARCH_MODE_FPR20
+                     || desc[i].mode == KEYDB_SEARCH_MODE_FPR16)); i++)
+        ;
+      if (i == ndesc)
+        keydb_set_ephemeral (hd, 1);
+    }
+      
  while (!(rc = keydb_search (hd, desc, ndesc)))
    {
      const unsigned char *image;
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -68,6 +68,7 @@ enum cmd_and_opt_values {
  aVerify,
  aVerifyFiles,
  aListKeys,
+  aListExternalKeys,
  aListSigs,
  aListSecretKeys,
  aSendKeys,
@ -212,7 +213,8 @@ static ARGPARSE_OPTS opts[] = {
    { aVerify, "verify"   , 256, N_("verify a signature")},
    { aVerifyFiles, "verify-files" , 256, "@" },
    { aListKeys, "list-keys", 256, N_("list keys")},
-    { aListKeys, "list-public-keys", 256, "@" },
+    { aListKeys, "list-keys", 256, N_("list keys")},
+    { aListExternalKeys, "list-external-keys", 256, N_("list external keys")},
    { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
    { aListSigs,   "list-sigs", 256, N_("list certificate chain")}, 
    { aListSigs,   "check-sigs",256, "@"},
@ -730,6 +732,7 @@ main ( int argc, char **argv)
        case aRecvKeys: set_cmd (&cmd, aRecvKeys); break;
        case aExport: set_cmd (&cmd, aExport); break;
        case aListKeys: set_cmd (&cmd, aListKeys); break;
+        case aListExternalKeys: set_cmd (&cmd, aListExternalKeys); break;
        case aListSecretKeys: set_cmd (&cmd, aListSecretKeys); break;
        case aListSigs: set_cmd (&cmd, aListSigs); break;

@ -1214,6 +1217,13 @@ main ( int argc, char **argv)
      free_strlist(sl);
      break;

+    case aListExternalKeys:
+      for (sl=NULL; argc; argc--, argv++)
+        add_to_strlist (&sl, *argv);
+      gpgsm_list_keys (&ctrl, sl, stdout, (0 | (1<<7)));
+      free_strlist(sl);
+      break;
+
    case aListSecretKeys:
      for (sl=NULL; argc; argc--, argv++)
        add_to_strlist (&sl, *argv);
--- a/sm/import.c
+++ b/sm/import.c
@ -104,7 +104,7 @@ gpgsm_import (CTRL ctrl, int in_fd)
        {
          if ( !gpgsm_basic_cert_check (cert) )
            {
-              if (!keydb_store_cert (cert))
+              if (!keydb_store_cert (cert, 0))
                {
                  if (opt.verbose)
                    log_info ("certificate imported\n");
@ -139,7 +139,7 @@ gpgsm_import (CTRL ctrl, int in_fd)
      
      if ( !gpgsm_basic_cert_check (cert) )
        {
-          if (!keydb_store_cert (cert))
+          if (!keydb_store_cert (cert, 0))
            {
              if (opt.verbose)
                log_info ("certificate imported\n");
--- a/sm/keydb.c
+++ b/sm/keydb.c
@ -59,6 +59,7 @@ struct keydb_handle {
  int locked;
  int found;
  int current;
+  int ephemeral;
  int used; /* items in active */
  struct resource_item active[MAX_KEYDB_RESOURCES];
 };
@ -331,6 +332,29 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
  return s? s: "";
 }

+int
+keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
+{
+  int i;
+
+  if (!hd)
+    return GNUPG_Invalid_Value;
+
+  for (i=0; i < hd->used; i++)
+    {
+      switch (hd->active[i].type) 
+        {
+        case KEYDB_RESOURCE_TYPE_NONE:
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYBOX:
+          keybox_set_ephemeral (hd->active[i].u.kr, yes);
+          break;
+        }
+    }
+
+  return 0;
+}
+


 static int 
@ -1147,7 +1171,7 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
 /* Store the certificate in the key Db but make sure that it does not
   already exists.  We do this simply by comparing the fingerprint */
 int
-keydb_store_cert (KsbaCert cert)
+keydb_store_cert (KsbaCert cert, int ephemeral)
 {
  KEYDB_HANDLE kh;
  int rc;
@ -1166,6 +1190,9 @@ keydb_store_cert (KsbaCert cert)
      return GNUPG_Out_Of_Core;
    }

+  if (ephemeral)
+    keydb_set_ephemeral (kh, 1);
+  
  rc = keydb_search_fpr (kh, fpr);
  if (rc != -1)
    {
--- a/sm/keydb.h
+++ b/sm/keydb.h
@ -32,6 +32,7 @@ typedef struct keydb_handle *KEYDB_HANDLE;
 int keydb_add_resource (const char *url, int force, int secret);
 KEYDB_HANDLE keydb_new (int secret);
 void keydb_release (KEYDB_HANDLE hd);
+int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);
 const char *keydb_get_resource_name (KEYDB_HANDLE hd);

 #if 0 /* pgp stuff */
@ -62,7 +63,7 @@ int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer);

 int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc);

-int keydb_store_cert (KsbaCert cert);
+int keydb_store_cert (KsbaCert cert, int ephemeral);


 #endif /*GNUPG_KEYDB_H*/
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -548,6 +548,9 @@ list_external_cb (void *cb_value, KsbaCert cert)
 {
  struct list_external_parm_s *parm = cb_value;

+  if (keydb_store_cert (cert, 1))
+    log_error ("error storing certificate as ephemeral\n");
+
  if (parm->print_header)
    {
      const char *resname = "[external keys]";
--- a/sm/verify.c
+++ b/sm/verify.c
@ -242,7 +242,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
         certificate first before entering it into the DB.  This way
         we would avoid cluttering the DB with invalid
         certificates. */
-      keydb_store_cert (cert);
+      keydb_store_cert (cert, 0);
      ksba_cert_release (cert);
    }