mirror of
git://git.gnupg.org/gnupg.git
synced 2025-04-17 15:44:34 +02:00
keyboxd: Add ephemeral and revoked flag to the sqlite backend.
* kbx/backend-support.c (be_return_pubkey): Add args is_ephemeral and is_revoked. Adjust callers. * kbx/backend-sqlite.c: Alter table pubkey to add new columns. (run_select_statement): Add new column to all selects. (be_sqlite_search): Return the new flags. -- For existing test databases the new column can be added with: alter table pubkey add ephemeral integer not null default 0; alter table pubkey add revoked integer not null default 0; Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
d62797ebcc
commit
616c60d93d
@ -1171,7 +1171,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
|
|||||||
Status codes are also used between the components of the GnuPG
|
Status codes are also used between the components of the GnuPG
|
||||||
system via the Assuan S lines. Some of them are documented here:
|
system via the Assuan S lines. Some of them are documented here:
|
||||||
|
|
||||||
*** PUBKEY_INFO <n> <ubid>
|
*** PUBKEY_INFO <n> <ubid> <flags>
|
||||||
The type of the public key in the following D-lines or
|
The type of the public key in the following D-lines or
|
||||||
communicated via a pipe. <n> is the value of =enum pubkey_types=
|
communicated via a pipe. <n> is the value of =enum pubkey_types=
|
||||||
and <ubid> the Unique Blob ID (UBID) which is the fingerprint of
|
and <ubid> the Unique Blob ID (UBID) which is the fingerprint of
|
||||||
@ -1179,6 +1179,10 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
|
|||||||
that the keyboxd SEARCH command can be used to lookup the public
|
that the keyboxd SEARCH command can be used to lookup the public
|
||||||
key using the <ubid> prefixed with a caret (^).
|
key using the <ubid> prefixed with a caret (^).
|
||||||
|
|
||||||
|
<flags> is a string extra information about the blob. The first
|
||||||
|
byte is either '-' for standard key or 'e' for an ephemeral key.
|
||||||
|
The second byte is either '-' or 'r' for a known revoked key.
|
||||||
|
|
||||||
*** KEYPAIRINFO <grip> <keyref> [<usage>] [<keytime>]
|
*** KEYPAIRINFO <grip> <keyref> [<usage>] [<keytime>]
|
||||||
|
|
||||||
This status is emitted by scdaemon and gpg-agent to convey brief
|
This status is emitted by scdaemon and gpg-agent to convey brief
|
||||||
|
|||||||
@ -1016,7 +1016,7 @@ be_cache_search (ctrl_t ctrl, backend_handle_t backend_hd, db_request_t request,
|
|||||||
if (b)
|
if (b)
|
||||||
{
|
{
|
||||||
err = be_return_pubkey (ctrl, b->data, b->datalen,
|
err = be_return_pubkey (ctrl, b->data, b->datalen,
|
||||||
b->pktype, desc[n].u.ubid);
|
b->pktype, desc[n].u.ubid, 0, 0);
|
||||||
blob_unref (b);
|
blob_unref (b);
|
||||||
reqpart->cache_seqno.ubid++;
|
reqpart->cache_seqno.ubid++;
|
||||||
}
|
}
|
||||||
@ -1058,7 +1058,7 @@ be_cache_search (ctrl_t ctrl, backend_handle_t backend_hd, db_request_t request,
|
|||||||
if (b)
|
if (b)
|
||||||
{
|
{
|
||||||
err = be_return_pubkey (ctrl, b->data, b->datalen,
|
err = be_return_pubkey (ctrl, b->data, b->datalen,
|
||||||
PUBKEY_TYPE_OPGP, bl->ubid);
|
PUBKEY_TYPE_OPGP, bl->ubid, 0, 0);
|
||||||
blob_unref (b);
|
blob_unref (b);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|||||||
@ -277,7 +277,8 @@ be_kbx_search (ctrl_t ctrl, backend_handle_t backend_hd, db_request_t request,
|
|||||||
&pubkey_type, ubid);
|
&pubkey_type, ubid);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
err = be_return_pubkey (ctrl, buffer, buflen, pubkey_type, ubid);
|
/* FIXME: Return the ephemeral flag. */
|
||||||
|
err = be_return_pubkey (ctrl, buffer, buflen, pubkey_type, ubid, 0, 0);
|
||||||
if (!err)
|
if (!err)
|
||||||
be_cache_pubkey (ctrl, ubid, buffer, buflen, pubkey_type);
|
be_cache_pubkey (ctrl, ubid, buffer, buflen, pubkey_type);
|
||||||
xfree (buffer);
|
xfree (buffer);
|
||||||
|
|||||||
@ -115,6 +115,10 @@ static struct
|
|||||||
"ubid BLOB NOT NULL PRIMARY KEY,"
|
"ubid BLOB NOT NULL PRIMARY KEY,"
|
||||||
/* The type of the public key: 1 = openpgp, 2 = X.509. */
|
/* The type of the public key: 1 = openpgp, 2 = X.509. */
|
||||||
"type INTEGER NOT NULL,"
|
"type INTEGER NOT NULL,"
|
||||||
|
/* The Ephemeral flag as used by gpgsm. Values: 0 or 1. */
|
||||||
|
"ephemeral INTEGER NOT NULL DEFAULT 0,"
|
||||||
|
/* The Revoked flag as set by gpgsm. Values: 0 or 1. */
|
||||||
|
"revoked INTEGER NOT NULL DEFAULT 0,"
|
||||||
/* The OpenPGP keyblock or X.509 certificate. */
|
/* The OpenPGP keyblock or X.509 certificate. */
|
||||||
"keyblob BLOB NOT NULL"
|
"keyblob BLOB NOT NULL"
|
||||||
")" },
|
")" },
|
||||||
@ -752,17 +756,18 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
|
|
||||||
case KEYDB_SEARCH_MODE_EXACT:
|
case KEYDB_SEARCH_MODE_EXACT:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
|
||||||
|
" p.keyblob"
|
||||||
" FROM pubkey as p, userid as u"
|
" FROM pubkey as p, userid as u"
|
||||||
" WHERE p.ubid = u.ubid AND u.uid = ?1",
|
" WHERE p.ubid = u.ubid AND u.uid = ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
if (!err)
|
if (!err)
|
||||||
err = run_sql_bind_text (ctx->select_stmt, 1, desc[descidx].u.name);
|
err = run_sql_bind_text (ctx->select_stmt, 1, desc[descidx].u.name);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case KEYDB_SEARCH_MODE_MAIL:
|
case KEYDB_SEARCH_MODE_MAIL:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
|
||||||
|
" p.keyblob"
|
||||||
" FROM pubkey as p, userid as u"
|
" FROM pubkey as p, userid as u"
|
||||||
" WHERE p.ubid = u.ubid AND u.addrspec = ?1",
|
" WHERE p.ubid = u.ubid AND u.addrspec = ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
@ -772,7 +777,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
|
|
||||||
case KEYDB_SEARCH_MODE_MAILSUB:
|
case KEYDB_SEARCH_MODE_MAILSUB:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
|
||||||
|
" p.keyblob"
|
||||||
" FROM pubkey as p, userid as u"
|
" FROM pubkey as p, userid as u"
|
||||||
" WHERE p.ubid = u.ubid AND u.addrspec LIKE ?1",
|
" WHERE p.ubid = u.ubid AND u.addrspec LIKE ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
@ -783,7 +789,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
|
|
||||||
case KEYDB_SEARCH_MODE_SUBSTR:
|
case KEYDB_SEARCH_MODE_SUBSTR:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
|
||||||
|
" p.keyblob"
|
||||||
" FROM pubkey as p, userid as u"
|
" FROM pubkey as p, userid as u"
|
||||||
" WHERE p.ubid = u.ubid AND u.uid LIKE ?1",
|
" WHERE p.ubid = u.ubid AND u.uid LIKE ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
@ -799,7 +806,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
|
|
||||||
case KEYDB_SEARCH_MODE_ISSUER:
|
case KEYDB_SEARCH_MODE_ISSUER:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
|
||||||
|
" p.keyblob"
|
||||||
" FROM pubkey as p, issuer as i"
|
" FROM pubkey as p, issuer as i"
|
||||||
" WHERE p.ubid = i.ubid"
|
" WHERE p.ubid = i.ubid"
|
||||||
" AND i.dn = $1",
|
" AND i.dn = $1",
|
||||||
@ -819,7 +827,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral,"
|
||||||
|
" p.revoked, p.keyblob"
|
||||||
" FROM pubkey as p, issuer as i"
|
" FROM pubkey as p, issuer as i"
|
||||||
" WHERE p.ubid = i.ubid"
|
" WHERE p.ubid = i.ubid"
|
||||||
" AND i.sn = $1 AND i.dn = $2",
|
" AND i.sn = $1 AND i.dn = $2",
|
||||||
@ -841,7 +850,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case KEYDB_SEARCH_MODE_SUBJECT:
|
case KEYDB_SEARCH_MODE_SUBJECT:
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
|
||||||
|
" p.keyblob"
|
||||||
" FROM pubkey as p, userid as u"
|
" FROM pubkey as p, userid as u"
|
||||||
" WHERE p.ubid = u.ubid"
|
" WHERE p.ubid = u.ubid"
|
||||||
" AND u.uid = $1",
|
" AND u.uid = $1",
|
||||||
@ -860,7 +870,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
|
|
||||||
case KEYDB_SEARCH_MODE_LONG_KID:
|
case KEYDB_SEARCH_MODE_LONG_KID:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral,"
|
||||||
|
" p.revoked, p.keyblob"
|
||||||
" FROM pubkey as p, fingerprint as f"
|
" FROM pubkey as p, fingerprint as f"
|
||||||
" WHERE p.ubid = f.ubid AND f.kid = ?1",
|
" WHERE p.ubid = f.ubid AND f.kid = ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
@ -871,7 +882,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
|
|
||||||
case KEYDB_SEARCH_MODE_FPR:
|
case KEYDB_SEARCH_MODE_FPR:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral,"
|
||||||
|
" p.revoked, p.keyblob"
|
||||||
" FROM pubkey as p, fingerprint as f"
|
" FROM pubkey as p, fingerprint as f"
|
||||||
" WHERE p.ubid = f.ubid AND f.fpr = ?1",
|
" WHERE p.ubid = f.ubid AND f.fpr = ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
@ -882,7 +894,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
|
|
||||||
case KEYDB_SEARCH_MODE_KEYGRIP:
|
case KEYDB_SEARCH_MODE_KEYGRIP:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT p.ubid, p.type, p.keyblob"
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral, p.revoked,"
|
||||||
|
" p.keyblob"
|
||||||
" FROM pubkey as p, fingerprint as f"
|
" FROM pubkey as p, fingerprint as f"
|
||||||
" WHERE p.ubid = f.ubid AND f.keygrip = ?1",
|
" WHERE p.ubid = f.ubid AND f.keygrip = ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
@ -893,7 +906,7 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
|
|
||||||
case KEYDB_SEARCH_MODE_UBID:
|
case KEYDB_SEARCH_MODE_UBID:
|
||||||
if (!ctx->select_stmt)
|
if (!ctx->select_stmt)
|
||||||
err = run_sql_prepare ("SELECT ubid, type, keyblob"
|
err = run_sql_prepare ("SELECT ubid, type, ephemeral, revoked, keyblob"
|
||||||
" FROM pubkey as p"
|
" FROM pubkey as p"
|
||||||
" WHERE ubid = ?1",
|
" WHERE ubid = ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
@ -914,7 +927,7 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
else
|
else
|
||||||
extra = " ORDER by ubid";
|
extra = " ORDER by ubid";
|
||||||
|
|
||||||
err = run_sql_prepare ("SELECT ubid, type, keyblob"
|
err = run_sql_prepare ("SELECT ubid, type, ephemeral, keyblob"
|
||||||
" FROM pubkey as p",
|
" FROM pubkey as p",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
}
|
}
|
||||||
@ -992,6 +1005,7 @@ be_sqlite_search (ctrl_t ctrl,
|
|||||||
const void *ubid, *keyblob;
|
const void *ubid, *keyblob;
|
||||||
size_t keybloblen;
|
size_t keybloblen;
|
||||||
enum pubkey_types pubkey_type;
|
enum pubkey_types pubkey_type;
|
||||||
|
int is_ephemeral, is_revoked;
|
||||||
|
|
||||||
ubid = sqlite3_column_blob (ctx->select_stmt, 0);
|
ubid = sqlite3_column_blob (ctx->select_stmt, 0);
|
||||||
n = sqlite3_column_bytes (ctx->select_stmt, 0);
|
n = sqlite3_column_bytes (ctx->select_stmt, 0);
|
||||||
@ -1024,8 +1038,30 @@ be_sqlite_search (ctrl_t ctrl,
|
|||||||
}
|
}
|
||||||
pubkey_type = n;
|
pubkey_type = n;
|
||||||
|
|
||||||
keyblob = sqlite3_column_blob (ctx->select_stmt, 2);
|
n = sqlite3_column_int (ctx->select_stmt, 2);
|
||||||
n = sqlite3_column_bytes (ctx->select_stmt, 2);
|
if (!n && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
|
||||||
|
{
|
||||||
|
err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
|
||||||
|
show_sqlstmt (ctx->select_stmt);
|
||||||
|
log_error ("error in returned SQL column EPHEMERAL: %s)\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
is_ephemeral = !!n;
|
||||||
|
|
||||||
|
n = sqlite3_column_int (ctx->select_stmt, 3);
|
||||||
|
if (!n && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
|
||||||
|
{
|
||||||
|
err = gpg_error (gpg_err_code_from_sqlite (SQLITE_NOMEM));
|
||||||
|
show_sqlstmt (ctx->select_stmt);
|
||||||
|
log_error ("error in returned SQL column REVOKED: %s)\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
is_revoked = !!n;
|
||||||
|
|
||||||
|
keyblob = sqlite3_column_blob (ctx->select_stmt, 4);
|
||||||
|
n = sqlite3_column_bytes (ctx->select_stmt, 4);
|
||||||
if (!keyblob || n < 0)
|
if (!keyblob || n < 0)
|
||||||
{
|
{
|
||||||
if (!keyblob && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
|
if (!keyblob && sqlite3_errcode (database_hd) == SQLITE_NOMEM)
|
||||||
@ -1039,7 +1075,8 @@ be_sqlite_search (ctrl_t ctrl,
|
|||||||
}
|
}
|
||||||
keybloblen = n;
|
keybloblen = n;
|
||||||
|
|
||||||
err = be_return_pubkey (ctrl, keyblob, keybloblen, pubkey_type, ubid);
|
err = be_return_pubkey (ctrl, keyblob, keybloblen, pubkey_type,
|
||||||
|
ubid, is_ephemeral, is_revoked);
|
||||||
if (!err)
|
if (!err)
|
||||||
be_cache_pubkey (ctrl, ubid, keyblob, keybloblen, pubkey_type);
|
be_cache_pubkey (ctrl, ubid, keyblob, keybloblen, pubkey_type);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -166,13 +166,17 @@ be_find_request_part (backend_handle_t backend_hd, db_request_t request,
|
|||||||
* PUBKEY_TYPE to the caller. */
|
* PUBKEY_TYPE to the caller. */
|
||||||
gpg_error_t
|
gpg_error_t
|
||||||
be_return_pubkey (ctrl_t ctrl, const void *buffer, size_t buflen,
|
be_return_pubkey (ctrl_t ctrl, const void *buffer, size_t buflen,
|
||||||
enum pubkey_types pubkey_type, const unsigned char *ubid)
|
enum pubkey_types pubkey_type, const unsigned char *ubid,
|
||||||
|
int is_ephemeral, int is_revoked)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
char hexubid[2*UBID_LEN+1];
|
char hexubid[2*UBID_LEN+1];
|
||||||
|
|
||||||
bin2hex (ubid, UBID_LEN, hexubid);
|
bin2hex (ubid, UBID_LEN, hexubid);
|
||||||
err = status_printf (ctrl, "PUBKEY_INFO", "%d %s", pubkey_type, hexubid);
|
err = status_printf (ctrl, "PUBKEY_INFO", "%d %s %c%c",
|
||||||
|
pubkey_type, hexubid,
|
||||||
|
is_ephemeral? 'e':'-',
|
||||||
|
is_revoked? 'r':'-' );
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
|
|||||||
@ -115,7 +115,8 @@ gpg_error_t be_find_request_part (backend_handle_t backend_hd,
|
|||||||
db_request_part_t *r_part);
|
db_request_part_t *r_part);
|
||||||
gpg_error_t be_return_pubkey (ctrl_t ctrl, const void *buffer, size_t buflen,
|
gpg_error_t be_return_pubkey (ctrl_t ctrl, const void *buffer, size_t buflen,
|
||||||
enum pubkey_types pubkey_type,
|
enum pubkey_types pubkey_type,
|
||||||
const unsigned char *ubid);
|
const unsigned char *ubid,
|
||||||
|
int is_ephemeral, int is_revoked);
|
||||||
int be_is_x509_blob (const unsigned char *blob, size_t bloblen);
|
int be_is_x509_blob (const unsigned char *blob, size_t bloblen);
|
||||||
gpg_error_t be_ubid_from_blob (const void *blob, size_t bloblen,
|
gpg_error_t be_ubid_from_blob (const void *blob, size_t bloblen,
|
||||||
enum pubkey_types *r_pktype, char *r_ubid);
|
enum pubkey_types *r_pktype, char *r_ubid);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user