mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Snapshot release 0.4.2
This commit is contained in:
parent
1f460046d5
commit
6e16296864
12
NEWS
12
NEWS
@ -1,5 +1,8 @@
|
|||||||
Noteworthy changes in version 0.4.2
|
Noteworthy changes in version 0.4.2
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
|
||||||
|
* This is only a snapshot: There are still a few bugs.
|
||||||
|
|
||||||
* Fixed this huge memory leak.
|
* Fixed this huge memory leak.
|
||||||
|
|
||||||
* Redesigned the trust database: You should run "gpgm --check-trustdb".
|
* Redesigned the trust database: You should run "gpgm --check-trustdb".
|
||||||
@ -26,6 +29,15 @@ Noteworthy changes in version 0.4.2
|
|||||||
of packets, so that the keyservers don't accept these keys.
|
of packets, so that the keyservers don't accept these keys.
|
||||||
Simply using "--edit-key" fixes the problem.
|
Simply using "--edit-key" fixes the problem.
|
||||||
|
|
||||||
|
* New option --force-v3-sigs to generate signed messages which are
|
||||||
|
compatible to PGP 5.
|
||||||
|
|
||||||
|
* Add some code to support DLD (for non ELF systems) - but this is
|
||||||
|
not tested because my BSD box is currently broken.
|
||||||
|
|
||||||
|
* New command "expire" in the edit-key menu.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 0.4.1
|
Noteworthy changes in version 0.4.1
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
8
README
8
README
@ -331,11 +331,3 @@
|
|||||||
please subscribe before posting, see above (~line 33)).
|
please subscribe before posting, see above (~line 33)).
|
||||||
|
|
||||||
|
|
||||||
Supported targets:
|
|
||||||
------------------
|
|
||||||
powerpc-unknown-linux-gnu (linuxppc)
|
|
||||||
hppa1.1-hp-hpux10.20
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
33
TODO
33
TODO
@ -1,33 +1,15 @@
|
|||||||
* change ringedit:
|
|
||||||
- avoid all copy operations
|
|
||||||
- delete for update by changing the packet type to a
|
|
||||||
special unused packet. (export most know about this)
|
|
||||||
- do an append instead of an update or insert
|
|
||||||
- export may be used to compress a keyring.
|
|
||||||
- keep track of all offset in the trustbd and index them
|
|
||||||
by keyid.
|
|
||||||
- If the lookup does not find a public key block at the
|
|
||||||
stored offset disable this keyid.
|
|
||||||
- If the keyid was not found or is disabled, walk thru
|
|
||||||
the pubring.
|
|
||||||
- use ftruncate to recover from keyring errors.
|
|
||||||
maybe a new option to do this or simply mark the
|
|
||||||
wrong part as unused.
|
|
||||||
This makes signature checks and imports much faster; only keys
|
|
||||||
given by a userid or a fingerprint (RSA only) have to walk tru
|
|
||||||
the ring.
|
|
||||||
|
|
||||||
* There is a new memory leak in update-trustdb
|
* There is a new memory leak in update-trustdb :-(
|
||||||
|
|
||||||
|
* Fix ;) revocation and expire stuff.
|
||||||
|
|
||||||
* OpenBSD: dynamic loading with dlopen works on OpenBSD, but:
|
* OpenBSD: dynamic loading with dlopen works on OpenBSD, but:
|
||||||
OpenBSD binaries are a.out, so every symbol begins with "_"
|
OpenBSD binaries are a.out, so every symbol begins with "_"
|
||||||
|
|
||||||
* use dld if we don't have dlopen.
|
|
||||||
|
|
||||||
* should we flush the getkey.c caches while doing an import?
|
* should we flush the getkey.c caches while doing an import?
|
||||||
|
|
||||||
* prefer a type 16 subkey for encryption because pgp cannot handle
|
* prefer a type 16 subkey for encryption because pgp cannot handle
|
||||||
type 20.
|
type 20?
|
||||||
|
|
||||||
* calculation of marginals never yields a completely trusted key.
|
* calculation of marginals never yields a completely trusted key.
|
||||||
|
|
||||||
@ -36,6 +18,11 @@
|
|||||||
|
|
||||||
* Exportable Certification Flag is ignored
|
* Exportable Certification Flag is ignored
|
||||||
|
|
||||||
|
* We need a maintainence pass over the trustdb which flags
|
||||||
|
signatures as expired if the key used to make the signature has
|
||||||
|
expired. Maybe it is a good idea to store the exiration time
|
||||||
|
in the key record of the trustdb.
|
||||||
|
|
||||||
* write a tool to extract selected keys from a file.
|
* write a tool to extract selected keys from a file.
|
||||||
|
|
||||||
* new menu to delete signatures and list signature in menu
|
* new menu to delete signatures and list signature in menu
|
||||||
@ -71,8 +58,6 @@
|
|||||||
* add an option to re-create a public key from a secret key; we
|
* add an option to re-create a public key from a secret key; we
|
||||||
can do this in trustdb.c:verify_own_keys.
|
can do this in trustdb.c:verify_own_keys.
|
||||||
|
|
||||||
* OpenBSD has sometimes problems reading from /dev/random.
|
|
||||||
|
|
||||||
* change the fake_data stuff to mpi_set_opaque
|
* change the fake_data stuff to mpi_set_opaque
|
||||||
|
|
||||||
* Is it okay to use gettext for the help system?
|
* Is it okay to use gettext for the help system?
|
||||||
|
@ -364,6 +364,14 @@ Other Notes
|
|||||||
to keep them small.
|
to keep them small.
|
||||||
|
|
||||||
|
|
||||||
|
Supported targets:
|
||||||
|
------------------
|
||||||
|
powerpc-unknown-linux-gnu (linuxppc)
|
||||||
|
hppa1.1-hp-hpux10.20
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
6
doc/FAQ
6
doc/FAQ
@ -103,6 +103,12 @@
|
|||||||
is choosen. You may add an type 16 ElGamal key to your public
|
is choosen. You may add an type 16 ElGamal key to your public
|
||||||
key which is easy as your key signatures are still valid.
|
key which is easy as your key signatures are still valid.
|
||||||
|
|
||||||
|
Q: Why is PGP 5.x not able to verify my messages.
|
||||||
|
A: PGP 5.x does not accept V4 signatures for data material but
|
||||||
|
OpenPGP requires generation of V3 signatures for all kind of
|
||||||
|
data. Use the option "--force-v3-sigs" to generate V3 signatures
|
||||||
|
for data.
|
||||||
|
|
||||||
Q: I can't delete a user id because it is already deleted on my
|
Q: I can't delete a user id because it is already deleted on my
|
||||||
public keyring.
|
public keyring.
|
||||||
A: Because you can only select from the public key ring, there is
|
A: Because you can only select from the public key ring, there is
|
||||||
|
14
doc/OpenPGP
14
doc/OpenPGP
@ -1,4 +1,4 @@
|
|||||||
GNUPG and OpenPGP
|
GnuPG and OpenPGP
|
||||||
=================
|
=================
|
||||||
|
|
||||||
The current OpenPGP draft expires 1999-02.
|
The current OpenPGP draft expires 1999-02.
|
||||||
@ -22,17 +22,21 @@
|
|||||||
|
|
||||||
Compatibility Notes
|
Compatibility Notes
|
||||||
===================
|
===================
|
||||||
GNUPG (>=0.4.1) is in compliance with OpenPGP despite these exeptions:
|
GnuPG (>=0.4.1) is in compliance with OpenPGP despite these exeptions:
|
||||||
|
|
||||||
* (5.1) The critical bit in signature subpackets is currently
|
* (5.1) The critical bit in signature subpackets is currently
|
||||||
ignored. This will be fixed soon.
|
ignored. This will be fixed soon.
|
||||||
|
|
||||||
* (5.3) GNUPG has an option to use simple S2K for "Symmetric-Key
|
|
||||||
|
* (5.2) GnuPG generates V4 signatures for all V4 keys. The option
|
||||||
|
--force-v3-sigs allows to override.
|
||||||
|
|
||||||
|
* (5.3) GnuPG has an option to use simple S2K for "Symmetric-Key
|
||||||
Encrypted Session-Key Packets"; however a warning message is
|
Encrypted Session-Key Packets"; however a warning message is
|
||||||
issued if this option is active.
|
issued if this option is active.
|
||||||
|
|
||||||
* (5.5.2) states that an implementaion MUST NOT create a v3 key
|
* (5.5.2) states that an implementaion MUST NOT create a v3 key
|
||||||
with an algorithm other than RSA. GNUPG has an option to
|
with an algorithm other than RSA. GnuPG has an option to
|
||||||
create an ElGamal key in a v3 packet; the properties of such
|
create an ElGamal key in a v3 packet; the properties of such
|
||||||
a key are as good as a v4 key. RFC1991 does not specifiy how
|
a key are as good as a v4 key. RFC1991 does not specifiy how
|
||||||
to create fingerprints for algorithms other than RSA and so it
|
to create fingerprints for algorithms other than RSA and so it
|
||||||
@ -46,7 +50,7 @@
|
|||||||
due to patent problems.
|
due to patent problems.
|
||||||
|
|
||||||
* (12.1) states that an implementaion MUST NOT use a symmetric
|
* (12.1) states that an implementaion MUST NOT use a symmetric
|
||||||
algorithm which is not in the preference list. GNUPG has an
|
algorithm which is not in the preference list. GnuPG has an
|
||||||
option to override this.
|
option to override this.
|
||||||
|
|
||||||
* A special format of partial packet length exists for v3 packets
|
* A special format of partial packet length exists for v3 packets
|
||||||
|
25
doc/gpg.1pod
25
doc/gpg.1pod
@ -128,6 +128,11 @@ B<--edit-key> I<name>
|
|||||||
Add a subkey to this key.
|
Add a subkey to this key.
|
||||||
B<delkey>
|
B<delkey>
|
||||||
Remove a subkey.
|
Remove a subkey.
|
||||||
|
B<expire>
|
||||||
|
Change the key expiration time. If a key is
|
||||||
|
select, the time of this key will be changed.
|
||||||
|
With no selection the key expiration of the
|
||||||
|
primary key is changed.
|
||||||
B<passwd>
|
B<passwd>
|
||||||
Change the passphrase of the secret key.
|
Change the passphrase of the secret key.
|
||||||
B<uid> I<n>
|
B<uid> I<n>
|
||||||
@ -303,7 +308,16 @@ B<--status-fd> I<n>
|
|||||||
Write special status strings to the file descriptor I<n>.
|
Write special status strings to the file descriptor I<n>.
|
||||||
|
|
||||||
B<--no-comment>
|
B<--no-comment>
|
||||||
Do not write comment packets.
|
Do not write comment packets. This option affects only
|
||||||
|
the generation of secret keys. Output of option packets
|
||||||
|
is disabled since version 0.4.2.
|
||||||
|
|
||||||
|
B<--comment> I<string>
|
||||||
|
Use I<string> as comment string in clear text signatures.
|
||||||
|
|
||||||
|
B<--set-filename> I<string>
|
||||||
|
Use I<string> as the name of file which is stored in
|
||||||
|
messages.
|
||||||
|
|
||||||
B<--completes-needed> I<n>
|
B<--completes-needed> I<n>
|
||||||
Number of completely trusted users to introduce a new
|
Number of completely trusted users to introduce a new
|
||||||
@ -373,6 +387,15 @@ B<--passphrase-fd> I<n>
|
|||||||
can only be used if only one passphrase is supplied.
|
can only be used if only one passphrase is supplied.
|
||||||
B<Don't use this option if you can avoid it>
|
B<Don't use this option if you can avoid it>
|
||||||
|
|
||||||
|
B<--rfc1991>
|
||||||
|
Try to be more RFC1991 (PGP 2.x) compliant.
|
||||||
|
|
||||||
|
B<--force-v3-sigs>
|
||||||
|
OpenPGP states that a implemenation should generate
|
||||||
|
v4 signatures but PGP 5.x does only recognize such
|
||||||
|
signatures on key material. This options forces
|
||||||
|
v3 signatures for signatures on data.
|
||||||
|
|
||||||
B<--no-verbose>
|
B<--no-verbose>
|
||||||
Reset verbose level to 0.
|
Reset verbose level to 0.
|
||||||
|
|
||||||
|
@ -1,3 +1,15 @@
|
|||||||
|
Sun Oct 18 11:49:03 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||||
|
|
||||||
|
* sign.c (only_old_style): Add option force_v3_sigs
|
||||||
|
(sign_file): Fixed a bug in sig->version
|
||||||
|
(clearsign_file): Ditto.
|
||||||
|
|
||||||
|
* parse-packet.c (dump_sig_subpkt): New
|
||||||
|
|
||||||
|
* keyedit.c (menu_expire): New.
|
||||||
|
* free-packet.c (cmp_signatures): New
|
||||||
|
|
||||||
|
|
||||||
Sat Oct 17 10:22:39 1998 Werner Koch (wk@isil.d.shuttle.de)
|
Sat Oct 17 10:22:39 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||||
|
|
||||||
* armor.c: changed output line length from 72 to 64.
|
* armor.c: changed output line length from 72 to 64.
|
||||||
|
@ -51,10 +51,4 @@ run-as-shm-coprocess [request-locked-shm-size]
|
|||||||
# You will have to use "--status-fd" too
|
# You will have to use "--status-fd" too
|
||||||
# Note: This option dioes only work if given on the command line.
|
# Note: This option dioes only work if given on the command line.
|
||||||
|
|
||||||
set-filename <name>
|
|
||||||
# Set <name> as the filename into the plaintext packet
|
|
||||||
|
|
||||||
comment <string>
|
|
||||||
# Add <string> as comment to the output
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -215,7 +215,7 @@ do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
|
|||||||
ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
|
ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
|
||||||
else
|
else
|
||||||
ndays = 0;
|
ndays = 0;
|
||||||
write_16(a, 0 );
|
write_16(a, ndays );
|
||||||
}
|
}
|
||||||
iobuf_put(a, pk->pubkey_algo );
|
iobuf_put(a, pk->pubkey_algo );
|
||||||
n = pubkey_get_npkey( pk->pubkey_algo );
|
n = pubkey_get_npkey( pk->pubkey_algo );
|
||||||
|
@ -395,6 +395,30 @@ cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk )
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
cmp_signatures( PKT_signature *a, PKT_signature *b )
|
||||||
|
{
|
||||||
|
int n, i;
|
||||||
|
|
||||||
|
if( a->keyid[0] != b->keyid[0] )
|
||||||
|
return -1;
|
||||||
|
if( a->keyid[1] != b->keyid[1] )
|
||||||
|
return -1;
|
||||||
|
if( a->pubkey_algo != b->pubkey_algo )
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
n = pubkey_get_nsig( a->pubkey_algo );
|
||||||
|
if( !n )
|
||||||
|
return -1; /* can't compare due to unknown algorithm */
|
||||||
|
for(i=0; i < n; i++ ) {
|
||||||
|
if( mpi_cmp( a->data[i] , b->data[i] ) )
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
cmp_user_ids( PKT_user_id *a, PKT_user_id *b )
|
cmp_user_ids( PKT_user_id *a, PKT_user_id *b )
|
||||||
{
|
{
|
||||||
|
@ -137,6 +137,7 @@ enum cmd_and_opt_values { aNull = 0,
|
|||||||
oSetFilename,
|
oSetFilename,
|
||||||
oComment,
|
oComment,
|
||||||
oThrowKeyid,
|
oThrowKeyid,
|
||||||
|
oForceV3Sigs,
|
||||||
oS2KMode,
|
oS2KMode,
|
||||||
oS2KDigest,
|
oS2KDigest,
|
||||||
oS2KCipher,
|
oS2KCipher,
|
||||||
@ -205,6 +206,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
#endif
|
#endif
|
||||||
{ oOutput, "output", 2, N_("use as output file")},
|
{ oOutput, "output", 2, N_("use as output file")},
|
||||||
{ oVerbose, "verbose", 0, N_("verbose") },
|
{ oVerbose, "verbose", 0, N_("verbose") },
|
||||||
|
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
|
||||||
/* { oDryRun, "dry-run", 0, N_("do not make any changes") }, */
|
/* { oDryRun, "dry-run", 0, N_("do not make any changes") }, */
|
||||||
{ oBatch, "batch", 0, N_("batch mode: never ask")},
|
{ oBatch, "batch", 0, N_("batch mode: never ask")},
|
||||||
{ oAnswerYes, "yes", 0, N_("assume yes on most questions")},
|
{ oAnswerYes, "yes", 0, N_("assume yes on most questions")},
|
||||||
@ -714,6 +716,7 @@ main( int argc, char **argv )
|
|||||||
case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
|
case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
|
||||||
case oComment: opt.comment_string = pargs.r.ret_str; break;
|
case oComment: opt.comment_string = pargs.r.ret_str; break;
|
||||||
case oThrowKeyid: opt.throw_keyid = 1; break;
|
case oThrowKeyid: opt.throw_keyid = 1; break;
|
||||||
|
case oForceV3Sigs: opt.force_v3_sigs = 1; break;
|
||||||
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
|
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
|
||||||
case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break;
|
case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break;
|
||||||
case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break;
|
case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break;
|
||||||
|
@ -610,7 +610,7 @@ merge_one_pk_and_selfsig( KBNODE keyblock, KBNODE knode )
|
|||||||
for(k=keyblock; k; k = k->next ) {
|
for(k=keyblock; k; k = k->next ) {
|
||||||
if( k->pkt->pkttype == PKT_SIGNATURE
|
if( k->pkt->pkttype == PKT_SIGNATURE
|
||||||
&& (sig=k->pkt->pkt.signature)->sig_class >= 0x10
|
&& (sig=k->pkt->pkt.signature)->sig_class >= 0x10
|
||||||
&& sig->sig_class <= 0x13
|
&& sig->sig_class <= 0x30
|
||||||
&& sig->keyid[0] == kid[0]
|
&& sig->keyid[0] == kid[0]
|
||||||
&& sig->keyid[1] == kid[1]
|
&& sig->keyid[1] == kid[1]
|
||||||
&& sig->version > 3 ) {
|
&& sig->version > 3 ) {
|
||||||
@ -660,7 +660,7 @@ merge_keys_and_selfsig( KBNODE keyblock )
|
|||||||
}
|
}
|
||||||
else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE
|
else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE
|
||||||
&& (sig=k->pkt->pkt.signature)->sig_class >= 0x10
|
&& (sig=k->pkt->pkt.signature)->sig_class >= 0x10
|
||||||
&& sig->sig_class <= 0x13 && sig->version > 3
|
&& sig->sig_class <= 0x30 && sig->version > 3
|
||||||
&& sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) {
|
&& sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) {
|
||||||
/* okay this is (the first) self-signature which can be used
|
/* okay this is (the first) self-signature which can be used
|
||||||
* FIXME: We should only use this if the signature is valid
|
* FIXME: We should only use this if the signature is valid
|
||||||
|
125
g10/keyedit.c
125
g10/keyedit.c
@ -48,6 +48,7 @@ static void show_fingerprint( PKT_public_key *pk );
|
|||||||
static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock );
|
static int menu_adduid( KBNODE keyblock, KBNODE sec_keyblock );
|
||||||
static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
static void menu_deluid( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
||||||
static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
static void menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
||||||
|
static int menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
||||||
static int menu_select_uid( KBNODE keyblock, int index );
|
static int menu_select_uid( KBNODE keyblock, int index );
|
||||||
static int menu_select_key( KBNODE keyblock, int index );
|
static int menu_select_key( KBNODE keyblock, int index );
|
||||||
static int count_uids( KBNODE keyblock );
|
static int count_uids( KBNODE keyblock );
|
||||||
@ -478,7 +479,7 @@ keyedit_menu( const char *username, STRLIST locusr )
|
|||||||
enum cmdids { cmdNONE = 0,
|
enum cmdids { cmdNONE = 0,
|
||||||
cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
|
cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
|
||||||
cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY,
|
cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY,
|
||||||
cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF,
|
cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
|
||||||
cmdNOP };
|
cmdNOP };
|
||||||
static struct { const char *name;
|
static struct { const char *name;
|
||||||
enum cmdids id;
|
enum cmdids id;
|
||||||
@ -504,6 +505,7 @@ keyedit_menu( const char *username, STRLIST locusr )
|
|||||||
{ N_("deluid") , cmdDELUID , 0, N_("delete user id") },
|
{ N_("deluid") , cmdDELUID , 0, N_("delete user id") },
|
||||||
{ N_("addkey") , cmdADDKEY , 1, N_("add a secondary key") },
|
{ N_("addkey") , cmdADDKEY , 1, N_("add a secondary key") },
|
||||||
{ N_("delkey") , cmdDELKEY , 0, N_("delete a secondary key") },
|
{ N_("delkey") , cmdDELKEY , 0, N_("delete a secondary key") },
|
||||||
|
{ N_("expire") , cmdEXPIRE , 1, N_("change the expire date") },
|
||||||
{ N_("toggle") , cmdTOGGLE , 1, N_("toggle between secret "
|
{ N_("toggle") , cmdTOGGLE , 1, N_("toggle between secret "
|
||||||
"and public key listing") },
|
"and public key listing") },
|
||||||
{ N_("t" ) , cmdTOGGLE , 1, NULL },
|
{ N_("t" ) , cmdTOGGLE , 1, NULL },
|
||||||
@ -761,6 +763,16 @@ keyedit_menu( const char *username, STRLIST locusr )
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case cmdEXPIRE:
|
||||||
|
if( menu_expire( keyblock, sec_keyblock ) ) {
|
||||||
|
merge_keys_and_selfsig( sec_keyblock );
|
||||||
|
merge_keys_and_selfsig( keyblock );
|
||||||
|
sec_modified = 1;
|
||||||
|
modified = 1;
|
||||||
|
redisplay = 1;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
case cmdPASSWD:
|
case cmdPASSWD:
|
||||||
if( change_passphrase( sec_keyblock ) )
|
if( change_passphrase( sec_keyblock ) )
|
||||||
sec_modified = 1;
|
sec_modified = 1;
|
||||||
@ -1149,6 +1161,117 @@ menu_delkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
static int
|
||||||
|
menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
||||||
|
{
|
||||||
|
int n1, rc;
|
||||||
|
u32 expiredate;
|
||||||
|
int mainkey=0;
|
||||||
|
PKT_secret_key *sk; /* copy of the main sk */
|
||||||
|
PKT_public_key *main_pk, *sub_pk;
|
||||||
|
PKT_user_id *uid;
|
||||||
|
KBNODE node;
|
||||||
|
u32 keyid[2];
|
||||||
|
|
||||||
|
if( count_selected_keys( sec_keyblock ) ) {
|
||||||
|
tty_printf(_("Please remove selections from the secret keys.\n"));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
n1 = count_selected_keys( pub_keyblock );
|
||||||
|
if( n1 > 1 ) {
|
||||||
|
tty_printf(_("Please select at most one secondary key.\n"));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
else if( n1 )
|
||||||
|
tty_printf(_("Changing exiration time for a secondary key.\n"));
|
||||||
|
else {
|
||||||
|
tty_printf(_("Changing exiration time for the primary key.\n"));
|
||||||
|
mainkey=1;
|
||||||
|
}
|
||||||
|
|
||||||
|
expiredate = ask_expiredate();
|
||||||
|
/* fixme: check that expiredate is > key creation date */
|
||||||
|
|
||||||
|
/* get the secret key , make a copy and set the expiration time into
|
||||||
|
* that key (because keygen_add-key-expire expects it there)
|
||||||
|
*/
|
||||||
|
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
|
||||||
|
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key);
|
||||||
|
sk->expiredate = expiredate;
|
||||||
|
|
||||||
|
/* Now we can actually change the self signature(s) */
|
||||||
|
main_pk = sub_pk = NULL;
|
||||||
|
uid = NULL;
|
||||||
|
for( node=pub_keyblock; node; node = node->next ) {
|
||||||
|
if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
|
||||||
|
main_pk = node->pkt->pkt.public_key;
|
||||||
|
keyid_from_pk( main_pk, keyid );
|
||||||
|
}
|
||||||
|
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|
||||||
|
&& (node->flag & NODFLG_SELKEY ) )
|
||||||
|
sub_pk = node->pkt->pkt.public_key;
|
||||||
|
else if( node->pkt->pkttype == PKT_USER_ID )
|
||||||
|
uid = node->pkt->pkt.user_id;
|
||||||
|
else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE ) {
|
||||||
|
PKT_signature *sig = node->pkt->pkt.signature;
|
||||||
|
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
|
||||||
|
&& ( (mainkey && uid && (sig->sig_class&~3) == 0x10)
|
||||||
|
|| (!mainkey && sig->sig_class == 0x18) ) ) {
|
||||||
|
/* this is a selfsignature which should be replaced */
|
||||||
|
PKT_signature *newsig;
|
||||||
|
PACKET *newpkt;
|
||||||
|
KBNODE sn;
|
||||||
|
|
||||||
|
/* find the corresponding secret self-signature */
|
||||||
|
for( sn=sec_keyblock; sn; sn = sn->next ) {
|
||||||
|
if( sn->pkt->pkttype == PKT_SIGNATURE
|
||||||
|
&& !cmp_signatures( sn->pkt->pkt.signature, sig ) )
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if( !sn )
|
||||||
|
log_info(_("No corresponding signature in secret ring\n"));
|
||||||
|
|
||||||
|
/* create new self signature */
|
||||||
|
if( mainkey )
|
||||||
|
rc = make_keysig_packet( &newsig, main_pk, uid, NULL,
|
||||||
|
sk, 0x13, 0,
|
||||||
|
keygen_add_std_prefs, sk );
|
||||||
|
else
|
||||||
|
rc = make_keysig_packet( &newsig, main_pk, NULL, sub_pk,
|
||||||
|
sk, 0x18, 0,
|
||||||
|
keygen_add_key_expire, sk );
|
||||||
|
if( rc ) {
|
||||||
|
log_error("make_keysig_packet failed: %s\n",
|
||||||
|
g10_errstr(rc));
|
||||||
|
free_secret_key( sk );
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
/* replace the packet */
|
||||||
|
newpkt = m_alloc_clear( sizeof *newpkt );
|
||||||
|
newpkt->pkttype = PKT_SIGNATURE;
|
||||||
|
newpkt->pkt.signature = newsig;
|
||||||
|
free_packet( node->pkt );
|
||||||
|
m_free( node->pkt );
|
||||||
|
node->pkt = newpkt;
|
||||||
|
if( sn ) {
|
||||||
|
newpkt = m_alloc_clear( sizeof *newpkt );
|
||||||
|
newpkt->pkttype = PKT_SIGNATURE;
|
||||||
|
newpkt->pkt.signature = copy_signature( NULL, newsig );
|
||||||
|
free_packet( sn->pkt );
|
||||||
|
m_free( sn->pkt );
|
||||||
|
sn->pkt = newpkt;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
free_secret_key( sk );
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Select one user id or remove all selection if index is 0.
|
* Select one user id or remove all selection if index is 0.
|
||||||
* Returns: True if the selection changed;
|
* Returns: True if the selection changed;
|
||||||
|
12
g10/keygen.c
12
g10/keygen.c
@ -51,8 +51,8 @@ write_uid( KBNODE root, const char *s )
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
static int
|
int
|
||||||
add_key_expire( PKT_signature *sig, void *opaque )
|
keygen_add_key_expire( PKT_signature *sig, void *opaque )
|
||||||
{
|
{
|
||||||
PKT_secret_key *sk = opaque;
|
PKT_secret_key *sk = opaque;
|
||||||
byte buf[8];
|
byte buf[8];
|
||||||
@ -80,7 +80,7 @@ keygen_add_std_prefs( PKT_signature *sig, void *opaque )
|
|||||||
{
|
{
|
||||||
byte buf[8];
|
byte buf[8];
|
||||||
|
|
||||||
add_key_expire( sig, opaque );
|
keygen_add_key_expire( sig, opaque );
|
||||||
|
|
||||||
buf[0] = CIPHER_ALGO_BLOWFISH;
|
buf[0] = CIPHER_ALGO_BLOWFISH;
|
||||||
buf[1] = CIPHER_ALGO_CAST5;
|
buf[1] = CIPHER_ALGO_CAST5;
|
||||||
@ -176,7 +176,7 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
|
|||||||
|
|
||||||
/* and make the signature */
|
/* and make the signature */
|
||||||
rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0,
|
rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0,
|
||||||
add_key_expire, sk );
|
keygen_add_key_expire, sk );
|
||||||
if( rc ) {
|
if( rc ) {
|
||||||
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
|
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
|
||||||
return rc;
|
return rc;
|
||||||
@ -481,7 +481,7 @@ ask_keysize( int algo )
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static u32
|
u32
|
||||||
ask_expiredate()
|
ask_expiredate()
|
||||||
{
|
{
|
||||||
char *answer;
|
char *answer;
|
||||||
@ -495,7 +495,7 @@ ask_expiredate()
|
|||||||
" <n>m = key expires in n months\n"
|
" <n>m = key expires in n months\n"
|
||||||
" <n>y = key expires in n years\n"));
|
" <n>y = key expires in n years\n"));
|
||||||
/* Note: The elgamal subkey for DSA has no exiration date because
|
/* Note: The elgamal subkey for DSA has no exiration date because
|
||||||
* is must be signed with the DSA key and this one has the expiration
|
* it must be signed with the DSA key and this one has the expiration
|
||||||
* date */
|
* date */
|
||||||
|
|
||||||
answer = NULL;
|
answer = NULL;
|
||||||
|
@ -78,7 +78,9 @@ int delete_key( const char *username, int secure );
|
|||||||
void keyedit_menu( const char *username, STRLIST locusr );
|
void keyedit_menu( const char *username, STRLIST locusr );
|
||||||
|
|
||||||
/*-- keygen.c --*/
|
/*-- keygen.c --*/
|
||||||
|
u32 ask_expiredate(void);
|
||||||
void generate_keypair(void);
|
void generate_keypair(void);
|
||||||
|
int keygen_add_key_expire( PKT_signature *sig, void *opaque );
|
||||||
int keygen_add_std_prefs( PKT_signature *sig, void *opaque );
|
int keygen_add_std_prefs( PKT_signature *sig, void *opaque );
|
||||||
int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock );
|
||||||
|
|
||||||
|
@ -41,7 +41,7 @@ struct {
|
|||||||
int no_armor;
|
int no_armor;
|
||||||
int list_packets; /* list-packets mode */
|
int list_packets; /* list-packets mode */
|
||||||
int def_cipher_algo;
|
int def_cipher_algo;
|
||||||
int reserved1;
|
int force_v3_sigs;
|
||||||
int def_digest_algo;
|
int def_digest_algo;
|
||||||
int def_compress_algo;
|
int def_compress_algo;
|
||||||
const char *def_secret_key;
|
const char *def_secret_key;
|
||||||
|
@ -273,6 +273,7 @@ PKT_secret_key *copy_secret_key( PKT_secret_key *d, PKT_secret_key *s );
|
|||||||
PKT_signature *copy_signature( PKT_signature *d, PKT_signature *s );
|
PKT_signature *copy_signature( PKT_signature *d, PKT_signature *s );
|
||||||
PKT_user_id *copy_user_id( PKT_user_id *d, PKT_user_id *s );
|
PKT_user_id *copy_user_id( PKT_user_id *d, PKT_user_id *s );
|
||||||
int cmp_public_keys( PKT_public_key *d, PKT_public_key *s );
|
int cmp_public_keys( PKT_public_key *d, PKT_public_key *s );
|
||||||
|
int cmp_signatures( PKT_signature *a, PKT_signature *b );
|
||||||
int cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk );
|
int cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk );
|
||||||
int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
|
int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
|
||||||
|
|
||||||
|
@ -608,6 +608,97 @@ parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
dump_sig_subpkt( int hashed, int type, int critical,
|
||||||
|
const char * buffer, size_t buflen, size_t length )
|
||||||
|
{
|
||||||
|
const char *p=NULL;
|
||||||
|
|
||||||
|
printf("\t%s%ssubpkt %d len %u (", /*)*/
|
||||||
|
critical ? "critical ":"",
|
||||||
|
hashed ? "hashed ":"", type, (unsigned)length );
|
||||||
|
buffer++;
|
||||||
|
length--;
|
||||||
|
if( length > buflen ) {
|
||||||
|
printf("too short: buffer is only %u)\n", (unsigned)buflen );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
switch( type ) {
|
||||||
|
case SIGSUBPKT_SIG_CREATED:
|
||||||
|
if( length >= 4 )
|
||||||
|
printf("sig created %s", strtimestamp( buffer_to_u32(buffer) ) );
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_SIG_EXPIRE:
|
||||||
|
if( length >= 4 )
|
||||||
|
printf("sig expires %s", strtimestamp( buffer_to_u32(buffer) ) );
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_EXPORTABLE:
|
||||||
|
p = "exportable";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_TRUST:
|
||||||
|
p = "trust signature";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_REGEXP:
|
||||||
|
p = "regular expression";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_REVOCABLE:
|
||||||
|
p = "revocable";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_KEY_EXPIRE:
|
||||||
|
if( length >= 4 )
|
||||||
|
printf("key expires %s", strtimestamp( buffer_to_u32(buffer) ) );
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_ARR:
|
||||||
|
p = "additional recipient request";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_PREF_SYM:
|
||||||
|
p = "preferred symmetric algorithms";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_REV_KEY:
|
||||||
|
p = "revocation key";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_ISSUER:
|
||||||
|
if( length >= 8 )
|
||||||
|
printf("issuer key ID %08lX%08lX",
|
||||||
|
(ulong)buffer_to_u32(buffer),
|
||||||
|
(ulong)buffer_to_u32(buffer+4) );
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_NOTATION:
|
||||||
|
p = "notation data";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_PREF_HASH:
|
||||||
|
p = "preferred hash algorithms";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_PREF_COMPR:
|
||||||
|
p = "preferred compression algorithms";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_KS_FLAGS:
|
||||||
|
p = "key server preferences";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_PREF_KS:
|
||||||
|
p = "preferred key server";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_PRIMARY_UID:
|
||||||
|
p = "primary user id";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_POLICY:
|
||||||
|
p = "policy URL";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_KEY_FLAGS:
|
||||||
|
p = "key flags";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_SIGNERS_UID:
|
||||||
|
p = "signer's user id";
|
||||||
|
break;
|
||||||
|
case SIGSUBPKT_PRIV_ADD_SIG:
|
||||||
|
p = "signs additional user id";
|
||||||
|
break;
|
||||||
|
default: p = "?"; break;
|
||||||
|
}
|
||||||
|
|
||||||
|
printf("%s)\n", p? p: "");
|
||||||
|
}
|
||||||
|
|
||||||
const byte *
|
const byte *
|
||||||
parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n )
|
parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n )
|
||||||
{
|
{
|
||||||
@ -648,32 +739,9 @@ parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n )
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
critical = 0;
|
critical = 0;
|
||||||
if( reqtype < 0 ) { /* list packets */
|
if( reqtype < 0 ) /* list packets */
|
||||||
printf("\t%ssubpacket %d of length %u (%s)\n",
|
dump_sig_subpkt( reqtype == SIGSUBPKT_LIST_HASHED,
|
||||||
reqtype == SIGSUBPKT_LIST_HASHED ? "hashed ":"", type, (unsigned)n,
|
type, critical, buffer, buflen, n );
|
||||||
type == SIGSUBPKT_SIG_CREATED ? "signature creation time"
|
|
||||||
: type == SIGSUBPKT_SIG_EXPIRE ? "signature expiration time"
|
|
||||||
: type == SIGSUBPKT_EXPORTABLE ? "exportable"
|
|
||||||
: type == SIGSUBPKT_TRUST ? "trust signature"
|
|
||||||
: type == SIGSUBPKT_REGEXP ? "regular expression"
|
|
||||||
: type == SIGSUBPKT_REVOCABLE ? "revocable"
|
|
||||||
: type == SIGSUBPKT_KEY_EXPIRE ? "key expiration time"
|
|
||||||
: type == SIGSUBPKT_ARR ? "additional recipient request"
|
|
||||||
: type == SIGSUBPKT_PREF_SYM ? "preferred symmetric algorithms"
|
|
||||||
: type == SIGSUBPKT_REV_KEY ? "revocation key"
|
|
||||||
: type == SIGSUBPKT_ISSUER ? "issuer key ID"
|
|
||||||
: type == SIGSUBPKT_NOTATION ? "notation data"
|
|
||||||
: type == SIGSUBPKT_PREF_HASH ? "preferred hash algorithms"
|
|
||||||
: type == SIGSUBPKT_PREF_COMPR ? "preferred compression algorithms"
|
|
||||||
: type == SIGSUBPKT_KS_FLAGS ? "key server preferences"
|
|
||||||
: type == SIGSUBPKT_PREF_KS ? "preferred key server"
|
|
||||||
: type == SIGSUBPKT_PRIMARY_UID ? "primary user id"
|
|
||||||
: type == SIGSUBPKT_POLICY ? "policy URL"
|
|
||||||
: type == SIGSUBPKT_KEY_FLAGS ? "key flags"
|
|
||||||
: type == SIGSUBPKT_SIGNERS_UID ? "signer's user id"
|
|
||||||
: type == SIGSUBPKT_PRIV_ADD_SIG? "signs additional user id"
|
|
||||||
: "?");
|
|
||||||
}
|
|
||||||
else if( type == reqtype )
|
else if( type == reqtype )
|
||||||
break; /* found */
|
break; /* found */
|
||||||
buffer += n; buflen -=n;
|
buffer += n; buflen -=n;
|
||||||
|
@ -62,6 +62,8 @@
|
|||||||
#include "options.h"
|
#include "options.h"
|
||||||
#include "i18n.h"
|
#include "i18n.h"
|
||||||
|
|
||||||
|
#undef HAVE_LIBGDBM /* <--- not ready */
|
||||||
|
|
||||||
struct resource_table_struct {
|
struct resource_table_struct {
|
||||||
int used;
|
int used;
|
||||||
int secret; /* this is a secret keyring */
|
int secret; /* this is a secret keyring */
|
||||||
@ -275,6 +277,7 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
|
|||||||
if( !filename || !strcmp( resource_table[i].fname, filename ) ) {
|
if( !filename || !strcmp( resource_table[i].fname, filename ) ) {
|
||||||
memset( kbpos, 0, sizeof *kbpos );
|
memset( kbpos, 0, sizeof *kbpos );
|
||||||
kbpos->resno = i;
|
kbpos->resno = i;
|
||||||
|
kbpos->rt = resource_table[i].rt;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -108,6 +108,9 @@ only_old_style( SK_LIST sk_list )
|
|||||||
SK_LIST sk_rover = NULL;
|
SK_LIST sk_rover = NULL;
|
||||||
int old_style = 0;
|
int old_style = 0;
|
||||||
|
|
||||||
|
if( opt.force_v3_sigs )
|
||||||
|
return 1;
|
||||||
|
|
||||||
/* if there are only old style capable key we use the old sytle */
|
/* if there are only old style capable key we use the old sytle */
|
||||||
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
|
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
|
||||||
PKT_secret_key *sk = sk_rover->sk;
|
PKT_secret_key *sk = sk_rover->sk;
|
||||||
@ -369,7 +372,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
|
|||||||
/* build the signature packet */
|
/* build the signature packet */
|
||||||
/* fixme: this code is partly duplicated in make_keysig_packet */
|
/* fixme: this code is partly duplicated in make_keysig_packet */
|
||||||
sig = m_alloc_clear( sizeof *sig );
|
sig = m_alloc_clear( sizeof *sig );
|
||||||
sig->version = sk->version;
|
sig->version = old_style? 3 : sk->version;
|
||||||
keyid_from_sk( sk, sig->keyid );
|
keyid_from_sk( sk, sig->keyid );
|
||||||
sig->digest_algo = hash_for(sk->pubkey_algo);
|
sig->digest_algo = hash_for(sk->pubkey_algo);
|
||||||
sig->pubkey_algo = sk->pubkey_algo;
|
sig->pubkey_algo = sk->pubkey_algo;
|
||||||
@ -605,7 +608,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
|
|||||||
/* build the signature packet */
|
/* build the signature packet */
|
||||||
/* fixme: this code is duplicated above */
|
/* fixme: this code is duplicated above */
|
||||||
sig = m_alloc_clear( sizeof *sig );
|
sig = m_alloc_clear( sizeof *sig );
|
||||||
sig->version = sk->version;
|
sig->version = old_style? 3 : sk->version;
|
||||||
keyid_from_sk( sk, sig->keyid );
|
keyid_from_sk( sk, sig->keyid );
|
||||||
sig->digest_algo = hash_for(sk->pubkey_algo);
|
sig->digest_algo = hash_for(sk->pubkey_algo);
|
||||||
sig->pubkey_algo = sk->pubkey_algo;
|
sig->pubkey_algo = sk->pubkey_algo;
|
||||||
|
@ -962,7 +962,7 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
|
|||||||
rc = G10ERR_TRUSTDB;
|
rc = G10ERR_TRUSTDB;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case RECTYPE_CACH: /* cache record (FIXME)*/
|
case RECTYPE_CACH: /* cache record */
|
||||||
rec->r.cache.lid = buftoulong(p); p += 4;
|
rec->r.cache.lid = buftoulong(p); p += 4;
|
||||||
memcpy(rec->r.cache.blockhash, p, 20); p += 20;
|
memcpy(rec->r.cache.blockhash, p, 20); p += 20;
|
||||||
rec->r.cache.trustlevel = *p++;
|
rec->r.cache.trustlevel = *p++;
|
||||||
@ -990,7 +990,6 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
|
|||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Write the record at RECNUM
|
* Write the record at RECNUM
|
||||||
* FIXME: create/update keyhash record.
|
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
tdbio_write_record( TRUSTREC *rec )
|
tdbio_write_record( TRUSTREC *rec )
|
||||||
@ -1081,7 +1080,7 @@ tdbio_write_record( TRUSTREC *rec )
|
|||||||
ulongtobuf( p, rec->r.sdir.hintlist );
|
ulongtobuf( p, rec->r.sdir.hintlist );
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case RECTYPE_CACH: /* FIXME*/
|
case RECTYPE_CACH:
|
||||||
ulongtobuf(p, rec->r.cache.lid); p += 4;
|
ulongtobuf(p, rec->r.cache.lid); p += 4;
|
||||||
memcpy(p, rec->r.cache.blockhash, 20); p += 20;
|
memcpy(p, rec->r.cache.blockhash, 20); p += 20;
|
||||||
*p++ = rec->r.cache.trustlevel;
|
*p++ = rec->r.cache.trustlevel;
|
||||||
|
@ -55,7 +55,8 @@
|
|||||||
but we mark it to avoid duplicate checks */
|
but we mark it to avoid duplicate checks */
|
||||||
#define DIRF_REVOKED 8 /* the complete key has been revoked */
|
#define DIRF_REVOKED 8 /* the complete key has been revoked */
|
||||||
|
|
||||||
#define KEYF_REVOKED 8 /* this key has been revoked (only useful on subkeys)*/
|
#define KEYF_EXPIRED 4 /* this key is expired */
|
||||||
|
#define KEYF_REVOKED 8 /* this key has been revoked */
|
||||||
|
|
||||||
#define UIDF_CHECKED 1 /* user id has been checked - other bits are valid */
|
#define UIDF_CHECKED 1 /* user id has been checked - other bits are valid */
|
||||||
#define UIDF_VALID 2 /* this is a valid user id */
|
#define UIDF_VALID 2 /* this is a valid user id */
|
||||||
|
@ -2054,7 +2054,7 @@ upd_pref_record( PKT_signature *sig, TRUSTREC *drec,
|
|||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Note: A signature made with a secondayr key is not considered a
|
* Note: A signature made with a secondary key is not considered a
|
||||||
* self-signature.
|
* self-signature.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
@ -2067,10 +2067,20 @@ upd_sig_record( PKT_signature *sig, TRUSTREC *drec,
|
|||||||
ulong lid = drec->recnum;
|
ulong lid = drec->recnum;
|
||||||
|
|
||||||
if( !*uidrecno ) {
|
if( !*uidrecno ) {
|
||||||
/* fixme: handle direct key signatures */
|
switch( sig->sig_class ) {
|
||||||
log_error("key %08lX: signature without user id\n", (ulong)keyid[1] );
|
case 0x20:
|
||||||
|
case 0x28: /* We do not need uids for [sub]key revications */
|
||||||
|
case 0x18: /* or subkey binding */
|
||||||
|
memset( &urec, 0, sizeof urec ); /* to catch errors */
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
log_error("key %08lX: signature (class %02x) without user id\n",
|
||||||
|
(ulong)keyid[1], sig->sig_class );
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
read_record( *uidrecno, &urec, RECTYPE_UID );
|
read_record( *uidrecno, &urec, RECTYPE_UID );
|
||||||
|
|
||||||
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
|
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
|
||||||
@ -2099,12 +2109,19 @@ upd_sig_record( PKT_signature *sig, TRUSTREC *drec,
|
|||||||
urec.dirty = 1;
|
urec.dirty = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {/* is revocation sig etc */
|
else if( sig->sig_class == 0x18 ) { /* key binding */
|
||||||
|
/* FIXME */
|
||||||
|
}
|
||||||
|
else if( sig->sig_class == 0x20 ) { /* key revocation */
|
||||||
|
/* FIXME */
|
||||||
|
}
|
||||||
|
else if( sig->sig_class == 0x28 ) { /* subkey revocation */
|
||||||
|
/* FIXME */
|
||||||
|
}
|
||||||
|
else if( sig->sig_class == 0x30 ) { /* cert revocation */
|
||||||
/* FIXME */
|
/* FIXME */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if( !*uidrecno )
|
|
||||||
; /* skip record with direct key signatures here */
|
|
||||||
else if( (sig->sig_class&~3) == 0x10 ) {
|
else if( (sig->sig_class&~3) == 0x10 ) {
|
||||||
/* We simply insert the signature into the sig records but
|
/* We simply insert the signature into the sig records but
|
||||||
* avoid duplicate ones. We do not check them here because
|
* avoid duplicate ones. We do not check them here because
|
||||||
@ -2365,8 +2382,20 @@ upd_sig_record( PKT_signature *sig, TRUSTREC *drec,
|
|||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
else {
|
else if( sig->sig_class == 0x18 ) { /* key binding */
|
||||||
/* handle other sig classes */
|
log_info(_("key %08lX: bogus key binding by %08lX\n"),
|
||||||
|
(ulong)keyid[1], (ulong)sig->keyid[1] );
|
||||||
|
}
|
||||||
|
else if( sig->sig_class == 0x20 ) { /* key revocation */
|
||||||
|
log_info(_("key %08lX: bogus key revocation by %08lX\n"),
|
||||||
|
(ulong)keyid[1], (ulong)sig->keyid[1] );
|
||||||
|
}
|
||||||
|
else if( sig->sig_class == 0x28 ) { /* subkey revocation */
|
||||||
|
log_info(_("key %08lX: bogus subkey revocation by %08lX\n"),
|
||||||
|
(ulong)keyid[1], (ulong)sig->keyid[1] );
|
||||||
|
}
|
||||||
|
else if( sig->sig_class == 0x30 ) { /* cert revocation */
|
||||||
|
/* FIXME: a signator wants to revoke his certification signature */
|
||||||
}
|
}
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
|
@ -2,34 +2,32 @@
|
|||||||
# Run this to generate all the initial makefiles, etc.
|
# Run this to generate all the initial makefiles, etc.
|
||||||
|
|
||||||
PGM=GnuPG
|
PGM=GnuPG
|
||||||
|
|
||||||
DIE=no
|
DIE=no
|
||||||
NO_AUTOMAKE=no
|
|
||||||
|
|
||||||
(autoconf --version) < /dev/null > /dev/null 2>&1 || {
|
if (autoconf --version) < /dev/null > /dev/null 2>&1 ; then
|
||||||
|
:
|
||||||
|
else
|
||||||
echo
|
echo
|
||||||
echo "**Error**: You must have "\`autoconf\'" installed to compile $PGM."
|
echo "**Error**: You must have "\`autoconf\'" installed to compile $PGM."
|
||||||
echo ' (version 2.10 or newer is required'
|
echo ' (version 2.10 or newer is required'
|
||||||
DIE=yes
|
DIE="yes"
|
||||||
}
|
fi
|
||||||
|
|
||||||
(automake --version) < /dev/null > /dev/null 2>&1 || {
|
if (automake --version) < /dev/null > /dev/null 2>&1 ; then
|
||||||
echo
|
if (aclocal --version) < /dev/null > /dev/null 2>&1; then
|
||||||
echo "**Error**: You must have "\`automake\'" installed to compile $PGM."
|
:
|
||||||
echo ' (version 1.3 or newer is required)'
|
else
|
||||||
DIE=yes
|
|
||||||
NO_AUTOMAKE=yes
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# if no automake, don't bother testing for aclocal
|
|
||||||
test "$NO_AUTOMAKE" = "no" \
|
|
||||||
|| (aclocal --version) < /dev/null > /dev/null 2>&1 || {
|
|
||||||
echo
|
echo
|
||||||
echo "**Error**: Missing "\`aclocal\'". The version of "\`automake\'
|
echo "**Error**: Missing "\`aclocal\'". The version of "\`automake\'
|
||||||
echo " installed doesn't appear recent enough."
|
echo " installed doesn't appear recent enough."
|
||||||
DIE=yes
|
DIE="yes"
|
||||||
}
|
fi
|
||||||
|
else
|
||||||
|
echo
|
||||||
|
echo "**Error**: You must have "\`automake\'" installed to compile $PGM."
|
||||||
|
echo ' (version 1.3 or newer is required)'
|
||||||
|
DIE="yes"
|
||||||
|
fi
|
||||||
|
|
||||||
if test "$DIE" = "yes"; then
|
if test "$DIE" = "yes"; then
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -35,7 +35,7 @@
|
|||||||
* Create a lockfile with the given name. A TIMEOUT of 0
|
* Create a lockfile with the given name. A TIMEOUT of 0
|
||||||
* returns immediately, -1 waits forever (hopefully not), other
|
* returns immediately, -1 waits forever (hopefully not), other
|
||||||
* values are timeouts in milliseconds.
|
* values are timeouts in milliseconds.
|
||||||
* Returns: a char pointer used as handle for reelase lock
|
* Returns: a char pointer used as handle for release lock
|
||||||
* or NULL in case of an error.
|
* or NULL in case of an error.
|
||||||
*
|
*
|
||||||
* Notes: This function creates a lock file in the same directory
|
* Notes: This function creates a lock file in the same directory
|
||||||
@ -43,7 +43,7 @@
|
|||||||
* A temporary file ".#lk.<pid>.<hostname> is used.
|
* A temporary file ".#lk.<pid>.<hostname> is used.
|
||||||
* This function does nothing for Windoze.
|
* This function does nothing for Windoze.
|
||||||
*/
|
*/
|
||||||
int
|
const char *
|
||||||
make_dotlock( const char *file_to_lock, long timeout )
|
make_dotlock( const char *file_to_lock, long timeout )
|
||||||
{
|
{
|
||||||
int rc=-1, fd=-1, pid;
|
int rc=-1, fd=-1, pid;
|
||||||
@ -61,7 +61,7 @@ make_dotlock( const char *file_to_lock, long timeout )
|
|||||||
if( !tname )
|
if( !tname )
|
||||||
log_fatal( "could not create temporary lock file '%s'\n");
|
log_fatal( "could not create temporary lock file '%s'\n");
|
||||||
log_debug( "dotlock_make: tmpname='%s'\n", tname );
|
log_debug( "dotlock_make: tmpname='%s'\n", tname );
|
||||||
chmod( tname, 0644 ); /* just in case an "umask" is set */
|
chmod( tname, 0644 ); /* just in case an umask is set */
|
||||||
if( !(fd = open( tname, O_WRONLY )) )
|
if( !(fd = open( tname, O_WRONLY )) )
|
||||||
log_fatal( "could not open temporary lock file '%s'\n", tname);
|
log_fatal( "could not open temporary lock file '%s'\n", tname);
|
||||||
if( write(fd, pidstr, 11 ) != 11 )
|
if( write(fd, pidstr, 11 ) != 11 )
|
||||||
@ -126,21 +126,21 @@ make_dotlock( const char *file_to_lock, long timeout )
|
|||||||
int
|
int
|
||||||
release_dotlock( const char *lockfile )
|
release_dotlock( const char *lockfile )
|
||||||
{
|
{
|
||||||
int pid = ReadLockfile( lockfile );
|
int pid = rad_lockfile( lockfile );
|
||||||
if( pid == -1 ) {
|
if( pid == -1 ) {
|
||||||
Log_printf( LERROR, "ReleaseLock: lockfile error");
|
log_error( "release_dotlock: lockfile error");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if( pid != getpid() ) {
|
if( pid != getpid() ) {
|
||||||
Log_printf( LERROR, "ReleaseLock: not our lock (pid=%d)", pid);
|
log_error( "release_dotlock: not our lock (pid=%d)", pid);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if( remove( lockfile ) ) {
|
if( remove( lockfile ) ) {
|
||||||
Log_printf( LERROR, "ReleaseLock: error removing lockfile '%s'",
|
log_error( "release_dotlock: error removing lockfile '%s'",
|
||||||
lockfile);
|
lockfile);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
Log_printf( LMESG, "ReleaseLock: released lockfile '%s'", lockfile);
|
log_debug( "release_dotlock: released lockfile '%s'", lockfile);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -156,12 +156,12 @@ read_lockfile( const char *name )
|
|||||||
|
|
||||||
if( (fd = open(name, O_RDONLY)) == -1 ) {
|
if( (fd = open(name, O_RDONLY)) == -1 ) {
|
||||||
int e = errno;
|
int e = errno;
|
||||||
Log_printf(LJUNK, "error opening lockfile '%s'", name );
|
log_debug("error opening lockfile '%s'", name );
|
||||||
errno = e; /* restore errno */
|
errno = e;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if( read(fd, pidstr, 10 ) != 10 ) {
|
if( read(fd, pidstr, 10 ) != 10 ) {
|
||||||
Log_printf(LNOISE, "error reading lockfile '%s'", name );
|
log_debug("error reading lockfile '%s'", name );
|
||||||
close(fd);
|
close(fd);
|
||||||
errno = 0;
|
errno = 0;
|
||||||
return -1;
|
return -1;
|
||||||
@ -169,7 +169,7 @@ read_lockfile( const char *name )
|
|||||||
close(fd);
|
close(fd);
|
||||||
pid = atoi(pidstr);
|
pid = atoi(pidstr);
|
||||||
if( !pid || pid == -1 ) {
|
if( !pid || pid == -1 ) {
|
||||||
Log_printf(LERROR, "invalid pid %d in lockfile '%s'", pid, name );
|
log_error("invalid pid %d in lockfile '%s'", pid, name );
|
||||||
errno = 0;
|
errno = 0;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -431,7 +431,7 @@ iobuf_close( IOBUF a )
|
|||||||
size_t dummy_len;
|
size_t dummy_len;
|
||||||
int rc=0;
|
int rc=0;
|
||||||
|
|
||||||
if( a->directfp ) {
|
if( a && a->directfp ) {
|
||||||
fclose( a->directfp );
|
fclose( a->directfp );
|
||||||
if( DBG_IOBUF )
|
if( DBG_IOBUF )
|
||||||
log_debug("iobuf-close -> %p\n", a->directfp );
|
log_debug("iobuf-close -> %p\n", a->directfp );
|
||||||
|
Loading…
x
Reference in New Issue
Block a user