mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
(cmd_encrypt): Add all enrypt-to marked certs to the list. * encrypt.c (gpgsm_encrypt): Check that real recipients are available. * gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to options work. Pass the list of recients to gpgsm_server. * gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO. (opt): Add NO_ENCRYPT_TO. * certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO. Changed all callers and ignore duplicate entries. (is_cert_in_certlist): New. (gpgsm_add_cert_to_certlist): New.
This commit is contained in:
parent
aac9cea6da
commit
711c4853d6
9
NEWS
9
NEWS
@ -1,8 +1,8 @@
|
||||
Noteworthy changes in version 1.9.3 (unreleased)
|
||||
------------------------------------------------
|
||||
|
||||
* New options --{enable,disable}-ocsp to validate keys using OCSP
|
||||
This requires a not yet released DirMngr 0.5.1. Default is
|
||||
* New gpgsm options --{enable,disable}-ocsp to validate keys using
|
||||
OCSP. This requires a not yet released DirMngr 0.5.1. Default is
|
||||
disabled.
|
||||
|
||||
* The --log-file option may now be used to print logs to a socket.
|
||||
@ -10,6 +10,11 @@ Noteworthy changes in version 1.9.3 (unreleased)
|
||||
not work on all systems and falls back to stderr if there is a
|
||||
problem with the socket.
|
||||
|
||||
* The options --encrypt-to and --no-encrypt-to now work the same in
|
||||
gpgsm as in gpg. Note, they are also used in server mode.
|
||||
|
||||
* Duplicated recipients are now silently removed in gpgsm.
|
||||
|
||||
|
||||
Noteworthy changes in version 1.9.2 (2003-11-17)
|
||||
------------------------------------------------
|
||||
|
13
sm/ChangeLog
13
sm/ChangeLog
@ -1,5 +1,18 @@
|
||||
2003-12-17 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
|
||||
(cmd_encrypt): Add all enrypt-to marked certs to the list.
|
||||
* encrypt.c (gpgsm_encrypt): Check that real recipients are
|
||||
available.
|
||||
* gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
|
||||
options work. Pass the list of recients to gpgsm_server.
|
||||
* gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
|
||||
(opt): Add NO_ENCRYPT_TO.
|
||||
* certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
|
||||
Changed all callers and ignore duplicate entries.
|
||||
(is_cert_in_certlist): New.
|
||||
(gpgsm_add_cert_to_certlist): New.
|
||||
|
||||
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
|
||||
(gpgsm_dump_serial): Ditto.
|
||||
|
||||
|
@ -131,14 +131,54 @@ same_subject_issuer (const char *subject, const char *issuer, ksba_cert_t cert)
|
||||
return tmp;
|
||||
}
|
||||
|
||||
/* Return true if CERT is already contained in CERTLIST. */
|
||||
static int
|
||||
is_cert_in_certlist (ksba_cert_t cert, certlist_t certlist)
|
||||
{
|
||||
const unsigned char *img_a, *img_b;
|
||||
size_t len_a, len_b;
|
||||
|
||||
img_a = ksba_cert_get_image (cert, &len_a);
|
||||
if (img_a)
|
||||
{
|
||||
for ( ; certlist; certlist = certlist->next)
|
||||
{
|
||||
img_b = ksba_cert_get_image (certlist->cert, &len_b);
|
||||
if (img_b && len_a == len_b && !memcmp (img_a, img_b, len_a))
|
||||
return 1; /* Already contained. */
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Add CERT to the list of certificates at CERTADDR but avoid
|
||||
duplicates. */
|
||||
int
|
||||
gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
|
||||
certlist_t *listaddr, int is_encrypt_to)
|
||||
{
|
||||
if (!is_cert_in_certlist (cert, *listaddr))
|
||||
{
|
||||
certlist_t cl = xtrycalloc (1, sizeof *cl);
|
||||
if (!cl)
|
||||
return OUT_OF_CORE (errno);
|
||||
cl->cert = cert;
|
||||
ksba_cert_ref (cert);
|
||||
cl->next = *listaddr;
|
||||
cl->is_encrypt_to = is_encrypt_to;
|
||||
*listaddr = cl;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Add a certificate to a list of certificate and make sure that it is
|
||||
a valid certificate. With SECRET set to true a secret key must be
|
||||
available for the certificate. */
|
||||
available for the certificate. IS_ENCRYPT_TO sets the corresponding
|
||||
flag in the new create LISTADDR item. */
|
||||
int
|
||||
gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
||||
CERTLIST *listaddr)
|
||||
CERTLIST *listaddr, int is_encrypt_to)
|
||||
{
|
||||
int rc;
|
||||
KEYDB_SEARCH_DESC desc;
|
||||
@ -224,6 +264,8 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
||||
xfree (subject);
|
||||
xfree (issuer);
|
||||
|
||||
if (!rc && !is_cert_in_certlist (cert, *listaddr))
|
||||
{
|
||||
if (!rc && secret)
|
||||
{
|
||||
char *p;
|
||||
@ -248,11 +290,13 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
||||
{
|
||||
cl->cert = cert; cert = NULL;
|
||||
cl->next = *listaddr;
|
||||
cl->is_encrypt_to = is_encrypt_to;
|
||||
*listaddr = cl;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
keydb_release (kh);
|
||||
ksba_cert_release (cert);
|
||||
|
12
sm/encrypt.c
12
sm/encrypt.c
@ -306,7 +306,13 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
||||
|
||||
memset (&encparm, 0, sizeof encparm);
|
||||
|
||||
if (!recplist)
|
||||
/* Check that the certificate list is not empty and that at least
|
||||
one certificate is not flagged as encrypt_to; i.e. is a real
|
||||
recipient. */
|
||||
for (cl = recplist; cl; cl = cl->next)
|
||||
if (!cl->is_encrypt_to)
|
||||
break;
|
||||
if (!cl)
|
||||
{
|
||||
log_error(_("no valid recipients given\n"));
|
||||
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
|
||||
@ -412,7 +418,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* gather certificates of recipients, encrypt the session key for
|
||||
/* Gather certificates of recipients, encrypt the session key for
|
||||
each and store them in the CMS object */
|
||||
for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next)
|
||||
{
|
||||
@ -447,7 +453,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
||||
}
|
||||
}
|
||||
|
||||
/* main control loop for encryption */
|
||||
/* Main control loop for encryption. */
|
||||
recpno = 0;
|
||||
do
|
||||
{
|
||||
|
66
sm/gpgsm.c
66
sm/gpgsm.c
@ -277,10 +277,10 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oDefRecipientSelf, "default-recipient-self" ,0,
|
||||
N_("use the default key as default recipient")},
|
||||
{ oNoDefRecipient, "no-default-recipient", 0, "@" },
|
||||
#endif
|
||||
{ oEncryptTo, "encrypt-to", 2, "@" },
|
||||
{ oNoEncryptTo, "no-encrypt-to", 0, "@" },
|
||||
|
||||
#endif
|
||||
{ oUser, "local-user",2, N_("use this user-id to sign or decrypt")},
|
||||
|
||||
#if 0
|
||||
@ -585,6 +585,31 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd)
|
||||
}
|
||||
|
||||
|
||||
/* Helper to add recipients to a list. */
|
||||
static void
|
||||
do_add_recipient (ctrl_t ctrl, const char *name,
|
||||
certlist_t *recplist, int is_encrypt_to)
|
||||
{
|
||||
int rc = gpgsm_add_to_certlist (ctrl, name, 0, recplist, is_encrypt_to);
|
||||
if (rc)
|
||||
{
|
||||
log_error (_("can't encrypt to `%s': %s\n"), name, gpg_strerror (rc));
|
||||
gpgsm_status2 (ctrl, STATUS_INV_RECP,
|
||||
gpg_err_code (rc) == -1? "1":
|
||||
gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
|
||||
gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME? "2":
|
||||
gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
|
||||
gpg_err_code (rc) == GPG_ERR_CERT_REVOKED? "4":
|
||||
gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED? "5":
|
||||
gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN? "6":
|
||||
gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD? "7":
|
||||
gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
|
||||
"0",
|
||||
name, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
main ( int argc, char **argv)
|
||||
{
|
||||
@ -953,8 +978,8 @@ main ( int argc, char **argv)
|
||||
|
||||
case oSkipVerify: opt.skip_verify=1; break;
|
||||
|
||||
case oNoEncryptTo: /*fixme: opt.no_encrypt_to = 1;*/ break;
|
||||
case oEncryptTo: /* store the recipient in the second list */
|
||||
case oNoEncryptTo: opt.no_encrypt_to = 1; break;
|
||||
case oEncryptTo: /* Store the recipient in the second list */
|
||||
sl = add_to_strlist (&remusr, pargs.r.ret_str);
|
||||
sl->flags = 1;
|
||||
break;
|
||||
@ -1107,7 +1132,7 @@ main ( int argc, char **argv)
|
||||
|
||||
for (sl = locusr; sl; sl = sl->next)
|
||||
{
|
||||
int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist);
|
||||
int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 1, &signerlist, 0);
|
||||
if (rc)
|
||||
{
|
||||
log_error (_("can't sign using `%s': %s\n"),
|
||||
@ -1127,27 +1152,22 @@ main ( int argc, char **argv)
|
||||
sl->d, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
/* Build the recipient list. We first add the regular ones and then
|
||||
the encrypt-to ones because the underlying function will silenty
|
||||
ignore duplicates and we can't allow to keep a duplicate which is
|
||||
flagged as encrypt-to as the actually encrypt function would then
|
||||
complain about no (regular) recipients. */
|
||||
for (sl = remusr; sl; sl = sl->next)
|
||||
if (!(sl->flags & 1))
|
||||
do_add_recipient (&ctrl, sl->d, &recplist, 0);
|
||||
if (!opt.no_encrypt_to)
|
||||
{
|
||||
int rc = gpgsm_add_to_certlist (&ctrl, sl->d, 0, &recplist);
|
||||
if (rc)
|
||||
{
|
||||
log_error (_("can't encrypt to `%s': %s\n"),
|
||||
sl->d, gpg_strerror (rc));
|
||||
gpgsm_status2 (&ctrl, STATUS_INV_RECP,
|
||||
gpg_err_code (rc) == -1? "1":
|
||||
gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
|
||||
gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME? "2":
|
||||
gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
|
||||
gpg_err_code (rc) == GPG_ERR_CERT_REVOKED? "4":
|
||||
gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED? "5":
|
||||
gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN? "6":
|
||||
gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD? "7":
|
||||
gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
|
||||
"0",
|
||||
sl->d, NULL);
|
||||
}
|
||||
for (sl = remusr; sl; sl = sl->next)
|
||||
if ((sl->flags & 1))
|
||||
do_add_recipient (&ctrl, sl->d, &recplist, 1);
|
||||
}
|
||||
|
||||
if (log_get_errorcount(0))
|
||||
gpgsm_exit(1); /* must stop for invalid recipients */
|
||||
|
||||
@ -1165,7 +1185,7 @@ main ( int argc, char **argv)
|
||||
sleep (debug_wait);
|
||||
log_debug ("... okay\n");
|
||||
}
|
||||
gpgsm_server ();
|
||||
gpgsm_server (recplist);
|
||||
break;
|
||||
|
||||
case aCallDirmngr:
|
||||
|
56
sm/gpgsm.h
56
sm/gpgsm.h
@ -72,6 +72,8 @@ struct {
|
||||
char *def_recipient; /* userID of the default recipient */
|
||||
int def_recipient_self; /* The default recipient is the default key */
|
||||
|
||||
int no_encrypt_to; /* Ignore all as encrypt to marked recipients. */
|
||||
|
||||
char *local_user; /* NULL or argument to -u */
|
||||
|
||||
int always_trust; /* Trust the given keys even if there is no
|
||||
@ -135,6 +137,7 @@ struct server_control_s {
|
||||
int use_ocsp; /* Set to true if OCSP should be used. */
|
||||
};
|
||||
typedef struct server_control_s *CTRL;
|
||||
typedef struct server_control_s *ctrl_t;
|
||||
|
||||
/* data structure used in base64.c */
|
||||
typedef struct base64_context_s *Base64Context;
|
||||
@ -143,22 +146,26 @@ typedef struct base64_context_s *Base64Context;
|
||||
struct certlist_s {
|
||||
struct certlist_s *next;
|
||||
ksba_cert_t cert;
|
||||
int is_encrypt_to; /* True if the certificate has been set through
|
||||
the --encrypto-to option. */
|
||||
};
|
||||
typedef struct certlist_s *CERTLIST;
|
||||
typedef struct certlist_s *certlist_t;
|
||||
|
||||
/*-- gpgsm.c --*/
|
||||
void gpgsm_exit (int rc);
|
||||
void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
|
||||
|
||||
/*-- server.c --*/
|
||||
void gpgsm_server (void);
|
||||
void gpgsm_status (CTRL ctrl, int no, const char *text);
|
||||
void gpgsm_status2 (CTRL ctrl, int no, ...);
|
||||
void gpgsm_status_with_err_code (CTRL ctrl, int no, const char *text,
|
||||
void gpgsm_server (certlist_t default_recplist);
|
||||
void gpgsm_status (ctrl_t ctrl, int no, const char *text);
|
||||
void gpgsm_status2 (ctrl_t ctrl, int no, ...);
|
||||
void gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
|
||||
gpg_err_code_t ec);
|
||||
|
||||
/*-- fingerprint --*/
|
||||
char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo, char *array, int *r_len);
|
||||
char *gpgsm_get_fingerprint (ksba_cert_t cert, int algo,
|
||||
char *array, int *r_len);
|
||||
char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
|
||||
char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
|
||||
unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
|
||||
@ -169,10 +176,10 @@ char *gpgsm_get_certid (ksba_cert_t cert);
|
||||
|
||||
/*-- base64.c --*/
|
||||
int gpgsm_create_reader (Base64Context *ctx,
|
||||
CTRL ctrl, FILE *fp, ksba_reader_t *r_reader);
|
||||
ctrl_t ctrl, FILE *fp, ksba_reader_t *r_reader);
|
||||
void gpgsm_destroy_reader (Base64Context ctx);
|
||||
int gpgsm_create_writer (Base64Context *ctx,
|
||||
CTRL ctrl, FILE *fp, ksba_writer_t *r_writer);
|
||||
ctrl_t ctrl, FILE *fp, ksba_writer_t *r_writer);
|
||||
int gpgsm_finish_writer (Base64Context ctx);
|
||||
void gpgsm_destroy_writer (Base64Context ctx);
|
||||
|
||||
@ -201,7 +208,8 @@ int gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
|
||||
/*-- certchain.c --*/
|
||||
int gpgsm_walk_cert_chain (ksba_cert_t start, ksba_cert_t *r_next);
|
||||
int gpgsm_is_root_cert (ksba_cert_t cert);
|
||||
int gpgsm_validate_chain (CTRL ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime);
|
||||
int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
|
||||
ksba_isotime_t r_exptime);
|
||||
int gpgsm_basic_cert_check (ksba_cert_t cert);
|
||||
|
||||
/*-- certlist.c --*/
|
||||
@ -210,41 +218,43 @@ int gpgsm_cert_use_encrypt_p (ksba_cert_t cert);
|
||||
int gpgsm_cert_use_verify_p (ksba_cert_t cert);
|
||||
int gpgsm_cert_use_decrypt_p (ksba_cert_t cert);
|
||||
int gpgsm_cert_use_cert_p (ksba_cert_t cert);
|
||||
int gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
|
||||
CERTLIST *listaddr);
|
||||
void gpgsm_release_certlist (CERTLIST list);
|
||||
int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
|
||||
certlist_t *listaddr, int is_encrypt_to);
|
||||
int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
|
||||
certlist_t *listaddr, int is_encrypt_to);
|
||||
void gpgsm_release_certlist (certlist_t list);
|
||||
int gpgsm_find_cert (const char *name, ksba_cert_t *r_cert);
|
||||
|
||||
/*-- keylist.c --*/
|
||||
void gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode);
|
||||
void gpgsm_list_keys (ctrl_t ctrl, STRLIST names, FILE *fp, unsigned int mode);
|
||||
|
||||
/*-- import.c --*/
|
||||
int gpgsm_import (CTRL ctrl, int in_fd);
|
||||
int gpgsm_import_files (CTRL ctrl, int nfiles, char **files,
|
||||
int gpgsm_import (ctrl_t ctrl, int in_fd);
|
||||
int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
|
||||
int (*of)(const char *fname));
|
||||
|
||||
/*-- export.c --*/
|
||||
void gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp);
|
||||
void gpgsm_export (ctrl_t ctrl, STRLIST names, FILE *fp);
|
||||
|
||||
/*-- delete.c --*/
|
||||
int gpgsm_delete (CTRL ctrl, STRLIST names);
|
||||
int gpgsm_delete (ctrl_t ctrl, STRLIST names);
|
||||
|
||||
/*-- verify.c --*/
|
||||
int gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp);
|
||||
int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp);
|
||||
|
||||
/*-- sign.c --*/
|
||||
int gpgsm_get_default_cert (ksba_cert_t *r_cert);
|
||||
int gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
|
||||
int gpgsm_sign (ctrl_t ctrl, CERTLIST signerlist,
|
||||
int data_fd, int detached, FILE *out_fp);
|
||||
|
||||
/*-- encrypt.c --*/
|
||||
int gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int in_fd, FILE *out_fp);
|
||||
int gpgsm_encrypt (ctrl_t ctrl, CERTLIST recplist, int in_fd, FILE *out_fp);
|
||||
|
||||
/*-- decrypt.c --*/
|
||||
int gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp);
|
||||
int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
|
||||
|
||||
/*-- certreqgen.c --*/
|
||||
int gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp);
|
||||
int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);
|
||||
|
||||
/*-- call-agent.c --*/
|
||||
int gpgsm_agent_pksign (const char *keygrip,
|
||||
@ -264,9 +274,9 @@ int gpgsm_agent_passwd (const char *hexkeygrip);
|
||||
|
||||
/*-- call-dirmngr.c --*/
|
||||
int gpgsm_dirmngr_isvalid (ksba_cert_t cert, int use_ocsp);
|
||||
int gpgsm_dirmngr_lookup (CTRL ctrl, STRLIST names,
|
||||
int gpgsm_dirmngr_lookup (ctrl_t ctrl, STRLIST names,
|
||||
void (*cb)(void*, ksba_cert_t), void *cb_value);
|
||||
int gpgsm_dirmngr_run_command (CTRL ctrl, const char *command,
|
||||
int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,
|
||||
int argc, char **argv);
|
||||
|
||||
|
||||
|
36
sm/server.c
36
sm/server.c
@ -39,12 +39,13 @@ static FILE *statusfp;
|
||||
|
||||
/* Data used to assuciate an Assuan context with local server data */
|
||||
struct server_local_s {
|
||||
ASSUAN_CONTEXT assuan_ctx;
|
||||
assuan_context_t assuan_ctx;
|
||||
int message_fd;
|
||||
int list_internal;
|
||||
int list_external;
|
||||
CERTLIST recplist;
|
||||
CERTLIST signerlist;
|
||||
certlist_t recplist;
|
||||
certlist_t signerlist;
|
||||
certlist_t default_recplist; /* As set by main() - don't release. */
|
||||
};
|
||||
|
||||
|
||||
@ -233,7 +234,7 @@ output_notify (ASSUAN_CONTEXT ctx, const char *line)
|
||||
way of specification [we will support this]. If this is a valid and
|
||||
trusted recipient the server does respond with OK, otherwise the
|
||||
return is an ERR with the reason why the recipient can't be used,
|
||||
the encryption will then not be done for this recipient. IF the
|
||||
the encryption will then not be done for this recipient. If the
|
||||
policy is not to encrypt at all if not all recipients are valid, the
|
||||
client has to take care of this. All RECIPIENT commands are
|
||||
cumulative until a RESET or an successful ENCRYPT command. */
|
||||
@ -243,7 +244,7 @@ cmd_recipient (ASSUAN_CONTEXT ctx, char *line)
|
||||
CTRL ctrl = assuan_get_pointer (ctx);
|
||||
int rc;
|
||||
|
||||
rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist);
|
||||
rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist, 0);
|
||||
if (rc)
|
||||
{
|
||||
gpg_err_code_t r = gpg_err_code (rc);
|
||||
@ -286,7 +287,8 @@ cmd_signer (ASSUAN_CONTEXT ctx, char *line)
|
||||
CTRL ctrl = assuan_get_pointer (ctx);
|
||||
int rc;
|
||||
|
||||
rc = gpgsm_add_to_certlist (ctrl, line, 1, &ctrl->server_local->signerlist);
|
||||
rc = gpgsm_add_to_certlist (ctrl, line, 1,
|
||||
&ctrl->server_local->signerlist, 0);
|
||||
if (rc)
|
||||
{
|
||||
gpg_err_code_t r = gpg_err_code (rc);
|
||||
@ -325,6 +327,7 @@ static int
|
||||
cmd_encrypt (ASSUAN_CONTEXT ctx, char *line)
|
||||
{
|
||||
CTRL ctrl = assuan_get_pointer (ctx);
|
||||
certlist_t cl;
|
||||
int inp_fd, out_fd;
|
||||
FILE *out_fp;
|
||||
int rc;
|
||||
@ -339,6 +342,18 @@ cmd_encrypt (ASSUAN_CONTEXT ctx, char *line)
|
||||
out_fp = fdopen ( dup(out_fd), "w");
|
||||
if (!out_fp)
|
||||
return set_error (General_Error, "fdopen() failed");
|
||||
|
||||
/* Now add all encrypt-to marked recipients from the default
|
||||
list. */
|
||||
rc = 0;
|
||||
if (!opt.no_encrypt_to)
|
||||
{
|
||||
for (cl=ctrl->server_local->recplist; !rc && cl; cl = cl->next)
|
||||
if (cl->is_encrypt_to)
|
||||
rc = gpgsm_add_cert_to_certlist (ctrl, cl->cert,
|
||||
&ctrl->server_local->recplist, 1);
|
||||
}
|
||||
if (!rc)
|
||||
rc = gpgsm_encrypt (assuan_get_pointer (ctx),
|
||||
ctrl->server_local->recplist,
|
||||
inp_fd, out_fp);
|
||||
@ -346,7 +361,7 @@ cmd_encrypt (ASSUAN_CONTEXT ctx, char *line)
|
||||
|
||||
gpgsm_release_certlist (ctrl->server_local->recplist);
|
||||
ctrl->server_local->recplist = NULL;
|
||||
/* close and reset the fd */
|
||||
/* Close and reset the fd */
|
||||
close_message_fd (ctrl);
|
||||
assuan_close_input_fd (ctx);
|
||||
assuan_close_output_fd (ctx);
|
||||
@ -755,9 +770,11 @@ register_commands (ASSUAN_CONTEXT ctx)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Startup the server */
|
||||
/* Startup the server. DEFAULT_RECPLIST is the list of recipients as
|
||||
set from the command line or config file. We only require those
|
||||
marked as encrypt-to. */
|
||||
void
|
||||
gpgsm_server (void)
|
||||
gpgsm_server (certlist_t default_recplist)
|
||||
{
|
||||
int rc;
|
||||
int filedes[2];
|
||||
@ -799,6 +816,7 @@ gpgsm_server (void)
|
||||
ctrl.server_local->message_fd = -1;
|
||||
ctrl.server_local->list_internal = 1;
|
||||
ctrl.server_local->list_external = 0;
|
||||
ctrl.server_local->default_recplist = default_recplist;
|
||||
|
||||
if (DBG_ASSUAN)
|
||||
assuan_set_log_stream (ctx, log_get_stream ());
|
||||
|
Loading…
x
Reference in New Issue
Block a user