From 730247b19e0beb29245140b4c4832d0274844c67 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 19 Jul 2005 08:50:28 +0000 Subject: [PATCH] * configure.ac [W32]: Always set DISABLE_KEYSERVER_PATH. * export.c (parse_export_options): New option export-reset-subkey-passwd. (do_export_stream): Implement it. * misc.c (get_libexecdir): New. * keyserver.c (keyserver_spawn): Use it --- ChangeLog | 4 ++++ NEWS | 2 ++ TODO | 2 ++ configure.ac | 9 ++++++++- doc/README.W32 | 3 +++ doc/gpg.sgml | 11 +++++++++++ g10/ChangeLog | 9 +++++++++ g10/export.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++- g10/keyserver.c | 12 +++++++----- g10/main.h | 1 + g10/misc.c | 33 +++++++++++++++++++++++++++++++ g10/options.h | 1 + 12 files changed, 132 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 81eb422be..c24b045e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2005-07-19 Werner Koch + + * configure.ac [W32]: Always set DISABLE_KEYSERVER_PATH. + 2005-06-21 Werner Koch Released 1.4.2rc2. diff --git a/NEWS b/NEWS index 6eaa8d9df..bb898402b 100644 --- a/NEWS +++ b/NEWS @@ -36,6 +36,8 @@ Noteworthy changes in version 1.4.2 replace the import-unusable-sigs/export-unusable-sigs options from version 1.4.1. + * New export option export-reset-subkey-passwd. + Noteworthy changes in version 1.4.1 (2005-03-15) ------------------------------------------------ diff --git a/TODO b/TODO index b9a2b8ed3..7d9eee763 100644 --- a/TODO +++ b/TODO @@ -74,3 +74,5 @@ * Add the NEWSIG status. * Delete a card key as well as a wiping. + + * Make 2 strings translatable in export.c after releasing 1.4.2. \ No newline at end of file diff --git a/configure.ac b/configure.ac index 950fa0745..ebb24ba1d 100644 --- a/configure.ac +++ b/configure.ac @@ -153,6 +153,7 @@ use_bzip2=yes use_exec=yes card_support=yes agent_support=yes +disable_keyserver_path=no AC_ARG_ENABLE(minimal, AC_HELP_STRING([--enable-minimal],[build the smallest gpg binary possible]), @@ -371,7 +372,7 @@ dnl LDAP is defined only after we confirm the library is available later AC_HELP_STRING([--disable-keyserver-path], [disable the exec-path option for keyserver helpers]), [if test "$enableval" = no ; then - AC_DEFINE(DISABLE_KEYSERVER_PATH,1,[define to disable exec-path for keyserver helpers]) + disable_keyserver_path=yes fi],enableval=yes) AC_MSG_RESULT($enableval) fi @@ -483,6 +484,7 @@ case "${host}" in we use a simplified version of gettext]) AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system]) + disable_keyserver_path=yes have_dosish_system=yes need_dlopen=no try_gettext="no" @@ -547,6 +549,11 @@ if test "$have_dosish_system" = yes; then fi AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes) +if test "$disable_keyserver_path" = yes; then + AC_DEFINE(DISABLE_KEYSERVER_PATH,1, + [define to disable exec-path for keyserver helpers]) +fi + AC_SUBST(MPI_OPT_FLAGS) GNUPG_SYS_SYMBOL_UNDERSCORE diff --git a/doc/README.W32 b/doc/README.W32 index a82e63861..659c885ec 100644 --- a/doc/README.W32 +++ b/doc/README.W32 @@ -19,6 +19,9 @@ Directory". The installer does not change the PATH environment variable to include this directory. You might want to do this manually. +Note, that this registry entry is also used to locate the keyserver +helper programs (e.g. gpgkeys_ldap). + Below the Installation directory, you will find directories named "Doc", "gnupg.nls" and "Src". The latter will be used for distributed patched, if any, and to store the source file if they have been diff --git a/doc/gpg.sgml b/doc/gpg.sgml index 9cd593177..3cf4da293 100644 --- a/doc/gpg.sgml +++ b/doc/gpg.sgml @@ -1478,6 +1478,15 @@ exported if the user IDs are not usable. This is the same as running the --edit-key command "clean uids" before export. Defaults to no. + +export-reset-subkey-passwd + +When using the "--export-secret-subkeys" command, this option resets +the passphrases for all exported subkeys to empty. This is useful +when the exported subkey is to be used on an unattended amchine where +a passphrase won't make sense. Defaults to no. + + @@ -1657,6 +1666,8 @@ Sets a list of directories to search for photo viewers and keyserver helpers. If not provided, keyserver helpers use the compiled-in default directory, and photo viewers use the $PATH environment variable. +Note, that on W32 system this value is ignored when searching for +keyserver helpers. diff --git a/g10/ChangeLog b/g10/ChangeLog index 36c2bccd2..241a04115 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +2005-07-19 Werner Koch + + * export.c (parse_export_options): New option + export-reset-subkey-passwd. + (do_export_stream): Implement it. + + * misc.c (get_libexecdir): New. + * keyserver.c (keyserver_spawn): Use it + 2005-07-18 Werner Koch * tdbio.c (open_db): Check for EROFS. Suggested by Bryce Nichols. diff --git a/g10/export.c b/g10/export.c index 4eba4ee20..3a6ebb505 100644 --- a/g10/export.c +++ b/g10/export.c @@ -54,6 +54,9 @@ parse_export_options(char *str,unsigned int *options,int noisy) {"export-clean",EXPORT_CLEAN_SIGS|EXPORT_CLEAN_UIDS,NULL}, {"export-clean-sigs",EXPORT_CLEAN_SIGS,NULL}, {"export-clean-uids",EXPORT_CLEAN_UIDS,NULL}, + + {"export-reset-subkey-passwd", EXPORT_RESET_SUBKEY_PASSWD, NULL}, + /* Aliases for backward compatibility */ {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL}, {"include-attributes",EXPORT_ATTRIBUTES,NULL}, @@ -382,7 +385,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY ) { - /* we don't want to export the secret parts of the + /* We don't want to export the secret parts of the * primary key, this is done by using GNU protection mode 1001 */ int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode; @@ -390,6 +393,53 @@ do_export_stream( IOBUF out, STRLIST users, int secret, rc = build_packet( out, node->pkt ); node->pkt->pkt.secret_key->protect.s2k.mode = save_mode; } + else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY + && (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD)) + { + /* If the subkey is protected reset the passphrase to + export an unprotected subkey. This feature is + useful in cases of a subkey copied to an unattended + machine where a passphrase is not required. */ + PKT_secret_key *sk_save, *sk; + + sk_save = node->pkt->pkt.secret_key; + sk = copy_secret_key (NULL, sk_save); + node->pkt->pkt.secret_key = sk; + + log_info ("about to export an unprotected subkey\n"); + switch (is_secret_key_protected (sk)) + { + case -1: + rc = G10ERR_PUBKEY_ALGO; + break; + case 0: + break; + default: + if (sk->protect.s2k.mode == 1001) + ; /* No secret parts. */ + else if( sk->protect.s2k.mode == 1002 ) + ; /* Card key stub. */ + else + { + rc = check_secret_key( sk, 0 ); + } + break; + } + if (rc) + { + node->pkt->pkt.secret_key = sk_save; + free_secret_key (sk); + /* FIXME: Make translatable after releasing 1.4.2 */ + log_error ("failed to unprotect the subkey: %s\n", + g10_errstr (rc)); + goto leave; + } + + rc = build_packet (out, node->pkt); + + node->pkt->pkt.secret_key = sk_save; + free_secret_key (sk); + } else { /* Warn the user if the secret key or any of the secret diff --git a/g10/keyserver.c b/g10/keyserver.c index e98802528..39911acc9 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -865,6 +865,7 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc, struct parse_options *kopts; struct exec_info *spawn; const char *scheme; + const char *libexecdir = get_libexecdir (); assert(keyserver); @@ -886,7 +887,7 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc, Unix-like systems (since we're going to give a full path to gpgkeys_foo), but on W32 it prevents loading any DLLs from directories in %PATH%. */ - set_exec_path(GNUPG_LIBEXECDIR); + set_exec_path(libexecdir); #else if(opt.exec_path_set) { @@ -900,9 +901,9 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc, #endif { /* Specify a full path to gpgkeys_foo. */ - command=m_alloc(strlen(GNUPG_LIBEXECDIR)+strlen(DIRSEP_S)+ + command=m_alloc(strlen(libexecdir)+strlen(DIRSEP_S)+ strlen(GPGKEYS_PREFIX)+strlen(scheme)+1); - strcpy(command,GNUPG_LIBEXECDIR); + strcpy(command,libexecdir); strcat(command,DIRSEP_S); } @@ -1324,8 +1325,9 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc, } fail: - m_free(line); - m_free(searchstr); + xfree(line); + xfree(searchstr); + *prog=exec_finish(spawn); diff --git a/g10/main.h b/g10/main.h index 5024e5d01..8ffefbb5b 100644 --- a/g10/main.h +++ b/g10/main.h @@ -126,6 +126,7 @@ int parse_options(char *str,unsigned int *options, struct parse_options *opts,int noisy); char *unescape_percent_string (const unsigned char *s); char *default_homedir (void); +const char *get_libexecdir (void); /*-- helptext.c --*/ diff --git a/g10/misc.c b/g10/misc.c index 70667cf7e..0bf71c264 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1146,3 +1146,36 @@ default_homedir (void) return dir; } + + +/* Return the name of the libexec directory. The name is allocated in + a static area on the first use. This function won't fail. */ +const char * +get_libexecdir (void) +{ +#ifdef HAVE_W32_SYSTEM + static int got_dir; + static char *dir; + + if (!got_dir) + { + dir = read_w32_registry_string ("HKEY_LOCAL_MACHINE", + "Software\\GNU\\GnuPG", + "Install Directory"); + if (dir && !*dir) + { + /* To avoid problems with using an empty dir we don't allow + for that. */ + free (dir); + dir = NULL; + } + got_dir = 1; + } + + if (dir) + return dir; + /* Fallback to the hardwired value. */ +#endif /*HAVE_W32_SYSTEM*/ + + return GNUPG_LIBEXECDIR; +} diff --git a/g10/options.h b/g10/options.h index 0ced05932..05741a937 100644 --- a/g10/options.h +++ b/g10/options.h @@ -261,6 +261,7 @@ struct { #define EXPORT_MINIMAL (1<<3) #define EXPORT_CLEAN_SIGS (1<<4) #define EXPORT_CLEAN_UIDS (1<<5) +#define EXPORT_RESET_SUBKEY_PASSWD (1<<6) #define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_POLICY_URLS (1<<1)