From 52146943d10e5a72ef8b4fef8e4c24a3dbb6c5a1 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 19 Jun 2002 08:30:10 +0000 Subject: [PATCH] * call-agent.c (learn_cb): Use log_info instead of log_error on successful import. * keydb.c (keydb_set_ephemeral): New. (keydb_store_cert): New are ephemeral, changed all callers. * keylist.c (list_external_cb): Store cert as ephemeral. * export.c (gpgsm_export): Kludge to export epehmeral certificates. * gpgsm.c (main): New command --list-external-keys. --- sm/ChangeLog | 12 ++++++++++++ sm/call-agent.c | 4 ++-- sm/export.c | 17 +++++++++++++++++ sm/gpgsm.c | 12 +++++++++++- sm/import.c | 4 ++-- sm/keydb.c | 29 ++++++++++++++++++++++++++++- sm/keydb.h | 3 ++- sm/keylist.c | 3 +++ sm/verify.c | 2 +- 9 files changed, 78 insertions(+), 8 deletions(-) diff --git a/sm/ChangeLog b/sm/ChangeLog index 9154d9e88..87426cbb3 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,15 @@ +2002-06-19 Werner Koch + + * call-agent.c (learn_cb): Use log_info instead of log_error on + successful import. + + * keydb.c (keydb_set_ephemeral): New. + (keydb_store_cert): New are ephemeral, changed all callers. + * keylist.c (list_external_cb): Store cert as ephemeral. + * export.c (gpgsm_export): Kludge to export epehmeral certificates. + + * gpgsm.c (main): New command --list-external-keys. + 2002-06-17 Werner Koch * certreqgen.c (read_parameters): Improved error handling. diff --git a/sm/call-agent.c b/sm/call-agent.c index e11053220..f4b6087e2 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -693,8 +693,8 @@ learn_cb (void *opaque, const void *buffer, size_t length) log_error ("invalid certificate: %s\n", gnupg_strerror (rc)); else { - if (!keydb_store_cert (cert)) - log_error ("certificate imported\n"); + if (!keydb_store_cert (cert, 0)) + log_info ("certificate imported\n"); } ksba_cert_release (cert); diff --git a/sm/export.c b/sm/export.c index ce2909fdf..fc82b7e6c 100644 --- a/sm/export.c +++ b/sm/export.c @@ -50,6 +50,7 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp) KsbaCert cert = NULL; int rc=0; int count = 0; + int i; hd = keydb_new (0); if (!hd) @@ -91,7 +92,23 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp) } } + /* If all specifications are done by fingerprint, we switch to + ephemeral mode so that _all_ currently available and matching + certificates are exported. + fixme: we should in this case keep a list of certificates to + avoid accidential export of duplicate certificates. */ + if (names && ndesc) + { + for (i=0; (i < ndesc + && (desc[i].mode == KEYDB_SEARCH_MODE_FPR + || desc[i].mode == KEYDB_SEARCH_MODE_FPR20 + || desc[i].mode == KEYDB_SEARCH_MODE_FPR16)); i++) + ; + if (i == ndesc) + keydb_set_ephemeral (hd, 1); + } + while (!(rc = keydb_search (hd, desc, ndesc))) { const unsigned char *image; diff --git a/sm/gpgsm.c b/sm/gpgsm.c index de62088bc..06a3a9c60 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -68,6 +68,7 @@ enum cmd_and_opt_values { aVerify, aVerifyFiles, aListKeys, + aListExternalKeys, aListSigs, aListSecretKeys, aSendKeys, @@ -212,7 +213,8 @@ static ARGPARSE_OPTS opts[] = { { aVerify, "verify" , 256, N_("verify a signature")}, { aVerifyFiles, "verify-files" , 256, "@" }, { aListKeys, "list-keys", 256, N_("list keys")}, - { aListKeys, "list-public-keys", 256, "@" }, + { aListKeys, "list-keys", 256, N_("list keys")}, + { aListExternalKeys, "list-external-keys", 256, N_("list external keys")}, { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, { aListSigs, "list-sigs", 256, N_("list certificate chain")}, { aListSigs, "check-sigs",256, "@"}, @@ -730,6 +732,7 @@ main ( int argc, char **argv) case aRecvKeys: set_cmd (&cmd, aRecvKeys); break; case aExport: set_cmd (&cmd, aExport); break; case aListKeys: set_cmd (&cmd, aListKeys); break; + case aListExternalKeys: set_cmd (&cmd, aListExternalKeys); break; case aListSecretKeys: set_cmd (&cmd, aListSecretKeys); break; case aListSigs: set_cmd (&cmd, aListSigs); break; @@ -1214,6 +1217,13 @@ main ( int argc, char **argv) free_strlist(sl); break; + case aListExternalKeys: + for (sl=NULL; argc; argc--, argv++) + add_to_strlist (&sl, *argv); + gpgsm_list_keys (&ctrl, sl, stdout, (0 | (1<<7))); + free_strlist(sl); + break; + case aListSecretKeys: for (sl=NULL; argc; argc--, argv++) add_to_strlist (&sl, *argv); diff --git a/sm/import.c b/sm/import.c index 0f4547206..1258d308b 100644 --- a/sm/import.c +++ b/sm/import.c @@ -104,7 +104,7 @@ gpgsm_import (CTRL ctrl, int in_fd) { if ( !gpgsm_basic_cert_check (cert) ) { - if (!keydb_store_cert (cert)) + if (!keydb_store_cert (cert, 0)) { if (opt.verbose) log_info ("certificate imported\n"); @@ -139,7 +139,7 @@ gpgsm_import (CTRL ctrl, int in_fd) if ( !gpgsm_basic_cert_check (cert) ) { - if (!keydb_store_cert (cert)) + if (!keydb_store_cert (cert, 0)) { if (opt.verbose) log_info ("certificate imported\n"); diff --git a/sm/keydb.c b/sm/keydb.c index 4f7bbb594..50c9e54bd 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -59,6 +59,7 @@ struct keydb_handle { int locked; int found; int current; + int ephemeral; int used; /* items in active */ struct resource_item active[MAX_KEYDB_RESOURCES]; }; @@ -331,6 +332,29 @@ keydb_get_resource_name (KEYDB_HANDLE hd) return s? s: ""; } +int +keydb_set_ephemeral (KEYDB_HANDLE hd, int yes) +{ + int i; + + if (!hd) + return GNUPG_Invalid_Value; + + for (i=0; i < hd->used; i++) + { + switch (hd->active[i].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_set_ephemeral (hd->active[i].u.kr, yes); + break; + } + } + + return 0; +} + static int @@ -1147,7 +1171,7 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc) /* Store the certificate in the key Db but make sure that it does not already exists. We do this simply by comparing the fingerprint */ int -keydb_store_cert (KsbaCert cert) +keydb_store_cert (KsbaCert cert, int ephemeral) { KEYDB_HANDLE kh; int rc; @@ -1166,6 +1190,9 @@ keydb_store_cert (KsbaCert cert) return GNUPG_Out_Of_Core; } + if (ephemeral) + keydb_set_ephemeral (kh, 1); + rc = keydb_search_fpr (kh, fpr); if (rc != -1) { diff --git a/sm/keydb.h b/sm/keydb.h index 9032c5296..0721f431a 100644 --- a/sm/keydb.h +++ b/sm/keydb.h @@ -32,6 +32,7 @@ typedef struct keydb_handle *KEYDB_HANDLE; int keydb_add_resource (const char *url, int force, int secret); KEYDB_HANDLE keydb_new (int secret); void keydb_release (KEYDB_HANDLE hd); +int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes); const char *keydb_get_resource_name (KEYDB_HANDLE hd); #if 0 /* pgp stuff */ @@ -62,7 +63,7 @@ int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer); int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc); -int keydb_store_cert (KsbaCert cert); +int keydb_store_cert (KsbaCert cert, int ephemeral); #endif /*GNUPG_KEYDB_H*/ diff --git a/sm/keylist.c b/sm/keylist.c index 65171a1d4..a8d9c5411 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -548,6 +548,9 @@ list_external_cb (void *cb_value, KsbaCert cert) { struct list_external_parm_s *parm = cb_value; + if (keydb_store_cert (cert, 1)) + log_error ("error storing certificate as ephemeral\n"); + if (parm->print_header) { const char *resname = "[external keys]"; diff --git a/sm/verify.c b/sm/verify.c index 394939eb0..286dc68bb 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -242,7 +242,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp) certificate first before entering it into the DB. This way we would avoid cluttering the DB with invalid certificates. */ - keydb_store_cert (cert); + keydb_store_cert (cert, 0); ksba_cert_release (cert); }