security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-21 14:47:03 +01:00
Code Activity

* call-agent.c (learn_cb): Use log_info instead of log_error on

Browse Source 
successful import.

* keydb.c (keydb_set_ephemeral): New.
(keydb_store_cert): New are ephemeral, changed all callers.
* keylist.c (list_external_cb): Store cert as ephemeral.
* export.c (gpgsm_export): Kludge to export epehmeral certificates.

* gpgsm.c (main): New command --list-external-keys.
This commit is contained in:
Werner Koch 2002-06-19 08:30:10 +00:00
parent 031a856a7e
commit 52146943d1
9 changed files with 78 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sm/ChangeLog
View File

@ -1,3 +1,15 @@
2002-06-19 Werner Koch <wk@gnupg.org>
* call-agent.c (learn_cb): Use log_info instead of log_error on
successful import.
* keydb.c (keydb_set_ephemeral): New.
(keydb_store_cert): New are ephemeral, changed all callers.
* keylist.c (list_external_cb): Store cert as ephemeral.
* export.c (gpgsm_export): Kludge to export epehmeral certificates.
* gpgsm.c (main): New command --list-external-keys.
2002-06-17 Werner Koch <wk@gnupg.org> 2002-06-17 Werner Koch <wk@gnupg.org>
* certreqgen.c (read_parameters): Improved error handling. * certreqgen.c (read_parameters): Improved error handling.

4
sm/call-agent.c
View File

@ -693,8 +693,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
log_error ("invalid certificate: %s\n", gnupg_strerror (rc)); log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
else else
{ {
if (!keydb_store_cert (cert)) if (!keydb_store_cert (cert, 0))
log_error ("certificate imported\n"); log_info ("certificate imported\n");
} }
ksba_cert_release (cert); ksba_cert_release (cert);

17
sm/export.c
View File

@ -50,6 +50,7 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
KsbaCert cert = NULL; KsbaCert cert = NULL;
int rc=0; int rc=0;
int count = 0; int count = 0;
int i;
hd = keydb_new (0); hd = keydb_new (0);
if (!hd) if (!hd)
@ -91,6 +92,22 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
} }
} }
/* If all specifications are done by fingerprint, we switch to
ephemeral mode so that _all_ currently available and matching
certificates are exported.
fixme: we should in this case keep a list of certificates to
avoid accidential export of duplicate certificates. */
if (names && ndesc)
{
for (i=0; (i < ndesc
&& (desc[i].mode == KEYDB_SEARCH_MODE_FPR
|| desc[i].mode == KEYDB_SEARCH_MODE_FPR20
|| desc[i].mode == KEYDB_SEARCH_MODE_FPR16)); i++)
;
if (i == ndesc)
keydb_set_ephemeral (hd, 1);
}
while (!(rc = keydb_search (hd, desc, ndesc))) while (!(rc = keydb_search (hd, desc, ndesc)))
{ {

12
sm/gpgsm.c
View File

@ -68,6 +68,7 @@ enum cmd_and_opt_values {
aVerify, aVerify,
aVerifyFiles, aVerifyFiles,
aListKeys, aListKeys,
aListExternalKeys,
aListSigs, aListSigs,
aListSecretKeys, aListSecretKeys,
aSendKeys, aSendKeys,
@ -212,7 +213,8 @@ static ARGPARSE_OPTS opts[] = {
{ aVerify, "verify" , 256, N_("verify a signature")}, { aVerify, "verify" , 256, N_("verify a signature")},
{ aVerifyFiles, "verify-files" , 256, "@" }, { aVerifyFiles, "verify-files" , 256, "@" },
{ aListKeys, "list-keys", 256, N_("list keys")}, { aListKeys, "list-keys", 256, N_("list keys")},
{ aListKeys, "list-public-keys", 256, "@" }, { aListKeys, "list-keys", 256, N_("list keys")},
{ aListExternalKeys, "list-external-keys", 256, N_("list external keys")},
{ aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
{ aListSigs, "list-sigs", 256, N_("list certificate chain")}, { aListSigs, "list-sigs", 256, N_("list certificate chain")},
{ aListSigs, "check-sigs",256, "@"}, { aListSigs, "check-sigs",256, "@"},
@ -730,6 +732,7 @@ main ( int argc, char **argv)
case aRecvKeys: set_cmd (&cmd, aRecvKeys); break; case aRecvKeys: set_cmd (&cmd, aRecvKeys); break;
case aExport: set_cmd (&cmd, aExport); break; case aExport: set_cmd (&cmd, aExport); break;
case aListKeys: set_cmd (&cmd, aListKeys); break; case aListKeys: set_cmd (&cmd, aListKeys); break;
case aListExternalKeys: set_cmd (&cmd, aListExternalKeys); break;
case aListSecretKeys: set_cmd (&cmd, aListSecretKeys); break; case aListSecretKeys: set_cmd (&cmd, aListSecretKeys); break;
case aListSigs: set_cmd (&cmd, aListSigs); break; case aListSigs: set_cmd (&cmd, aListSigs); break;
@ -1214,6 +1217,13 @@ main ( int argc, char **argv)
free_strlist(sl); free_strlist(sl);
break; break;
case aListExternalKeys:
for (sl=NULL; argc; argc--, argv++)
add_to_strlist (&sl, *argv);
gpgsm_list_keys (&ctrl, sl, stdout, (0 | (1<<7)));
free_strlist(sl);
break;
case aListSecretKeys: case aListSecretKeys:
for (sl=NULL; argc; argc--, argv++) for (sl=NULL; argc; argc--, argv++)
add_to_strlist (&sl, *argv); add_to_strlist (&sl, *argv);

4
sm/import.c
View File

@ -104,7 +104,7 @@ gpgsm_import (CTRL ctrl, int in_fd)
{ {
if ( !gpgsm_basic_cert_check (cert) ) if ( !gpgsm_basic_cert_check (cert) )
{ {
if (!keydb_store_cert (cert)) if (!keydb_store_cert (cert, 0))
{ {
if (opt.verbose) if (opt.verbose)
log_info ("certificate imported\n"); log_info ("certificate imported\n");
@ -139,7 +139,7 @@ gpgsm_import (CTRL ctrl, int in_fd)
if ( !gpgsm_basic_cert_check (cert) ) if ( !gpgsm_basic_cert_check (cert) )
{ {
if (!keydb_store_cert (cert)) if (!keydb_store_cert (cert, 0))
{ {
if (opt.verbose) if (opt.verbose)
log_info ("certificate imported\n"); log_info ("certificate imported\n");

29
sm/keydb.c
View File

@ -59,6 +59,7 @@ struct keydb_handle {
int locked; int locked;
int found; int found;
int current; int current;
int ephemeral;
int used; /* items in active */ int used; /* items in active */
struct resource_item active[MAX_KEYDB_RESOURCES]; struct resource_item active[MAX_KEYDB_RESOURCES];
}; };
@ -331,6 +332,29 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
return s? s: ""; return s? s: "";
} }
int
keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
{
int i;
if (!hd)
return GNUPG_Invalid_Value;
for (i=0; i < hd->used; i++)
{
switch (hd->active[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
keybox_set_ephemeral (hd->active[i].u.kr, yes);
break;
}
}
return 0;
}
static int static int
@ -1147,7 +1171,7 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
/* Store the certificate in the key Db but make sure that it does not /* Store the certificate in the key Db but make sure that it does not
already exists. We do this simply by comparing the fingerprint */ already exists. We do this simply by comparing the fingerprint */
int int
keydb_store_cert (KsbaCert cert) keydb_store_cert (KsbaCert cert, int ephemeral)
{ {
KEYDB_HANDLE kh; KEYDB_HANDLE kh;
int rc; int rc;
@ -1166,6 +1190,9 @@ keydb_store_cert (KsbaCert cert)
return GNUPG_Out_Of_Core; return GNUPG_Out_Of_Core;
} }
if (ephemeral)
keydb_set_ephemeral (kh, 1);
rc = keydb_search_fpr (kh, fpr); rc = keydb_search_fpr (kh, fpr);
if (rc != -1) if (rc != -1)
{ {

3
sm/keydb.h
View File

@ -32,6 +32,7 @@ typedef struct keydb_handle *KEYDB_HANDLE;
int keydb_add_resource (const char *url, int force, int secret); int keydb_add_resource (const char *url, int force, int secret);
KEYDB_HANDLE keydb_new (int secret); KEYDB_HANDLE keydb_new (int secret);
void keydb_release (KEYDB_HANDLE hd); void keydb_release (KEYDB_HANDLE hd);
int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);
const char *keydb_get_resource_name (KEYDB_HANDLE hd); const char *keydb_get_resource_name (KEYDB_HANDLE hd);
#if 0 /* pgp stuff */ #if 0 /* pgp stuff */
@ -62,7 +63,7 @@ int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer);
int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc); int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc);
int keydb_store_cert (KsbaCert cert); int keydb_store_cert (KsbaCert cert, int ephemeral);
#endif /*GNUPG_KEYDB_H*/ #endif /*GNUPG_KEYDB_H*/

3
sm/keylist.c
View File

@ -548,6 +548,9 @@ list_external_cb (void *cb_value, KsbaCert cert)
{ {
struct list_external_parm_s *parm = cb_value; struct list_external_parm_s *parm = cb_value;
if (keydb_store_cert (cert, 1))
log_error ("error storing certificate as ephemeral\n");
if (parm->print_header) if (parm->print_header)
{ {
const char *resname = "[external keys]"; const char *resname = "[external keys]";

2
sm/verify.c
View File

@ -242,7 +242,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
certificate first before entering it into the DB. This way certificate first before entering it into the DB. This way
we would avoid cluttering the DB with invalid we would avoid cluttering the DB with invalid
certificates. */ certificates. */
keydb_store_cert (cert); keydb_store_cert (cert, 0);
ksba_cert_release (cert); ksba_cert_release (cert);
} }