security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-09 23:39:51 +02:00
Code Activity

* keyedit.c (keyedit_menu, menu_set_keyserver_url): Allow passing

Browse Source 
preferred keyserver on "keyserver" command line.  Sanity check keyserver
URL before accepting it.

* keyserver-internal.h, g10.c (main), keyserver.c (parse_keyserver_uri):
Add an option to require the scheme:// and change all callers.
(free_keyserver_spec): Make public.
This commit is contained in:
David Shaw 2004-05-08 13:51:14 +00:00
parent 135946bb02
commit 614304a543
5 changed files with 140 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
g10/ChangeLog
View File

@ -1,3 +1,14 @@
2004-05-08 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (keyedit_menu, menu_set_keyserver_url): Allow passing
preferred keyserver on "keyserver" command line. Sanity check
keyserver URL before accepting it.
* keyserver-internal.h, g10.c (main), keyserver.c
(parse_keyserver_uri): Add an option to require the scheme:// and
change all callers.
(free_keyserver_spec): Make public.
2004-05-07 Werner Koch <wk@gnupg.org>
* sign.c (write_plaintext_packet): Fixed the detection of too

4
g10/g10.c
View File

@ -2084,10 +2084,10 @@ main( int argc, char **argv )
#endif /* __riscos__ */
break;
case oKeyServer:
opt.keyserver=parse_keyserver_uri(pargs.r.ret_str,
opt.keyserver=parse_keyserver_uri(pargs.r.ret_str,0,
configname,configlineno);
if(!opt.keyserver)
log_error(_("could not parse keyserver URI\n"));
log_error(_("could not parse keyserver URL\n"));
break;
case oKeyServerOptions:
if(!parse_keyserver_options(pargs.r.ret_str))

202
g10/keyedit.c
View File

@ -41,6 +41,7 @@
#include "ttyio.h"
#include "status.h"
#include "i18n.h"
#include "keyserver-internal.h"
static void show_prefs( PKT_user_id *uid, int verbose );
static void show_key_with_all_names( KBNODE keyblock, int only_marked,
@ -55,7 +56,8 @@ static int menu_addrevoker( KBNODE pub_keyblock,
static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_set_primary_uid( KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_set_preferences( KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_set_keyserver_url (KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_set_keyserver_url (const char *url,
KBNODE pub_keyblock, KBNODE sec_keyblock );
static int menu_select_uid( KBNODE keyblock, int idx );
static int menu_select_key( KBNODE keyblock, int idx );
static int count_uids( KBNODE keyblock );
@ -1607,11 +1609,13 @@ keyedit_menu( const char *username, STRLIST locusr,
break;
case cmdPREFKS:
if( menu_set_keyserver_url ( keyblock, sec_keyblock ) ) {
if( menu_set_keyserver_url ( *arg_string?arg_string:NULL,
keyblock, sec_keyblock ) )
{
merge_keys_and_selfsig( keyblock );
modified = 1;
redisplay = 1;
}
}
break;
case cmdNOP:
@ -3173,96 +3177,120 @@ menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock )
static int
menu_set_keyserver_url (KBNODE pub_keyblock, KBNODE sec_keyblock )
menu_set_keyserver_url (const char *url,
KBNODE pub_keyblock, KBNODE sec_keyblock )
{
PKT_secret_key *sk; /* copy of the main sk */
PKT_public_key *main_pk;
PKT_user_id *uid;
KBNODE node;
u32 keyid[2];
int selected, select_all;
int modified = 0;
char *answer;
PKT_secret_key *sk; /* copy of the main sk */
PKT_public_key *main_pk;
PKT_user_id *uid;
KBNODE node;
u32 keyid[2];
int selected, select_all;
int modified = 0;
char *answer;
struct keyserver_spec *keyserver;
no_primary_warning(pub_keyblock);
no_primary_warning(pub_keyblock);
answer=cpr_get_utf8("keyedit.add_keyserver",
_("Enter your preferred keyserver URL: "));
if(answer[0]=='\0' || answer[0]=='\004')
{
m_free(answer);
return 0;
}
select_all = !count_selected_uids (pub_keyblock);
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
/* Now we can actually change the self signature(s) */
main_pk = NULL;
uid = NULL;
selected = 0;
for ( node=pub_keyblock; node; node = node->next ) {
if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
break; /* ready */
if ( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
main_pk = node->pkt->pkt.public_key;
keyid_from_pk( main_pk, keyid );
}
else if ( node->pkt->pkttype == PKT_USER_ID ) {
uid = node->pkt->pkt.user_id;
selected = select_all || (node->flag & NODFLG_SELUID);
}
else if ( main_pk && uid && selected
&& node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
&& (uid && (sig->sig_class&~3) == 0x10) ) {
if( sig->version < 4 ) {
char *user=utf8_to_native(uid->name,strlen(uid->name),0);
log_info(_("skipping v3 self-signature on user id \"%s\"\n"),
user);
m_free(user);
}
else {
/* This is a selfsignature which is to be replaced
* We have to ignore v3 signatures because they are
* not able to carry the preferences */
PKT_signature *newsig;
PACKET *newpkt;
int rc;
rc = update_keysig_packet (&newsig, sig,
main_pk, uid, NULL,
sk,
keygen_add_keyserver_url,
answer );
if( rc ) {
log_error ("update_keysig_packet failed: %s\n",
g10_errstr(rc));
m_free(answer);
free_secret_key( sk );
return 0;
}
/* replace the packet */
newpkt = m_alloc_clear( sizeof *newpkt );
newpkt->pkttype = PKT_SIGNATURE;
newpkt->pkt.signature = newsig;
free_packet( node->pkt );
m_free( node->pkt );
node->pkt = newpkt;
modified = 1;
}
}
if(url)
answer=m_strdup(url);
else
{
answer=cpr_get_utf8("keyedit.add_keyserver",
_("Enter your preferred keyserver URL: "));
if(answer[0]=='\0' || answer[0]=='\004')
{
m_free(answer);
return 0;
}
}
m_free(answer);
free_secret_key( sk );
return modified;
/* Sanity check the format */
keyserver=parse_keyserver_uri(answer,1,NULL,0);
m_free(answer);
if(!keyserver)
{
log_info(_("could not parse keyserver URL\n"));
return 0;
}
select_all = !count_selected_uids (pub_keyblock);
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
/* Now we can actually change the self signature(s) */
main_pk = NULL;
uid = NULL;
selected = 0;
for ( node=pub_keyblock; node; node = node->next )
{
if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
break; /* ready */
if ( node->pkt->pkttype == PKT_PUBLIC_KEY )
{
main_pk = node->pkt->pkt.public_key;
keyid_from_pk( main_pk, keyid );
}
else if ( node->pkt->pkttype == PKT_USER_ID )
{
uid = node->pkt->pkt.user_id;
selected = select_all || (node->flag & NODFLG_SELUID);
}
else if ( main_pk && uid && selected
&& node->pkt->pkttype == PKT_SIGNATURE )
{
PKT_signature *sig = node->pkt->pkt.signature;
if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
&& (uid && (sig->sig_class&~3) == 0x10) )
{
if( sig->version < 4 )
{
char *user=utf8_to_native(uid->name,strlen(uid->name),0);
log_info(_("skipping v3 self-signature on user id \"%s\"\n"),
user);
m_free(user);
}
else
{
/* This is a selfsignature which is to be replaced
* We have to ignore v3 signatures because they are
* not able to carry the preferences */
PKT_signature *newsig;
PACKET *newpkt;
int rc;
rc = update_keysig_packet (&newsig, sig,
main_pk, uid, NULL,
sk,
keygen_add_keyserver_url,
keyserver->uri );
if( rc )
{
log_error ("update_keysig_packet failed: %s\n",
g10_errstr(rc));
free_keyserver_spec(keyserver);
free_secret_key( sk );
return 0;
}
/* replace the packet */
newpkt = m_alloc_clear( sizeof *newpkt );
newpkt->pkttype = PKT_SIGNATURE;
newpkt->pkt.signature = newsig;
free_packet( node->pkt );
m_free( node->pkt );
node->pkt = newpkt;
modified = 1;
}
}
}
}
free_keyserver_spec(keyserver);
free_secret_key( sk );
return modified;
}

3
g10/keyserver-internal.h
View File

@ -9,7 +9,8 @@
#include "types.h"
int parse_keyserver_options(char *options);
struct keyserver_spec *parse_keyserver_uri(char *uri,
void free_keyserver_spec(struct keyserver_spec *keyserver);
struct keyserver_spec *parse_keyserver_uri(char *uri,int require_scheme,
const char *configname,
unsigned int configlineno);
int keyserver_export(STRLIST users);

14
g10/keyserver.c
View File

@ -135,7 +135,7 @@ parse_keyserver_options(char *options)
return ret;
}
static void
void
free_keyserver_spec(struct keyserver_spec *keyserver)
{
m_free(keyserver->uri);
@ -146,7 +146,8 @@ free_keyserver_spec(struct keyserver_spec *keyserver)
}
struct keyserver_spec *
parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
parse_keyserver_uri(char *uri,int require_scheme,
const char *configname,unsigned int configlineno)
{
int assume_hkp=0;
struct keyserver_spec *keyserver;
@ -163,6 +164,9 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
scheme=strsep(&uri,":");
if(uri==NULL)
{
if(require_scheme)
return NULL;
/* Assume HKP if there is no scheme */
assume_hkp=1;
uri=scheme;
@ -1361,9 +1365,11 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
dupe[plen]='\0';
/* Make up a keyserver structure and do an
import for this key. */
import for this key. Note that a preferred
keyserver without a scheme:// will be
interpreted as hkp:// */
keyserver=parse_keyserver_uri(dupe,NULL,0);
keyserver=parse_keyserver_uri(dupe,0,NULL,0);
m_free(dupe);
if(keyserver)