wks: Send only the newest UID to the server.

* tools/wks-util.c (list_key_status_cb): Rename to key_status_cb. (wks_filter_uid): New. (wks_list_key): Allow FPR to be NULL. Return an error if no fingerprint was found. * tools/gpg-wks-server.c (process_new_key) (check_and_publish): Remove now useless extra check for FPR. * tools/gpg-wks-client.c (command_check): Ditto. (command_send): Filter out the newest uid. -- This fixes the case of having several userids with all the the same mailbox. Now we use the latest user id created. This patch is also a prerequisite to automatically create a new user id for providers with the mailbox-only policy. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2017-09-18 12:52:20 +02:00 · 2017-09-18 12:52:20 +02:00 · 7f7f5d06fa
commit 7f7f5d06fa
parent a0035986a8
4 changed files with 158 additions and 22 deletions
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@ -644,10 +644,9 @@ command_check (char *userid)

  /* Look closer at the key.  */
  err = wks_list_key (key, &fpr, &mboxes);
-  if (err || !fpr)
+  if (err)
    {
-      log_error ("error parsing key: %s\n",
-                 err? gpg_strerror (err) : "no fingerprint found");
+      log_error ("error parsing key: %s\n", gpg_strerror (err));
      err = gpg_error (GPG_ERR_NO_PUBKEY);
      goto leave;
    }
@ -700,6 +699,9 @@ command_send (const char *fingerprint, const char *userid)
  int no_encrypt = 0;
  int posteo_hack = 0;
  const char *domain;
+  uidinfo_list_t uidlist = NULL;
+  uidinfo_list_t uid, thisuid;
+  time_t thistime;

  memset (&policy, 0, sizeof policy);

@ -769,6 +771,57 @@ command_send (const char *fingerprint, const char *userid)
  if (policy.auth_submit)
    log_info ("no confirmation required for '%s'\n", addrspec);

+  /* In case the key has several uids with the same addr-spec we will
+   * use the newest one.  */
+  err = wks_list_key (key, NULL, &uidlist);
+  if (err)
+    {
+      log_error ("error parsing key: %s\n",gpg_strerror (err));
+      err = gpg_error (GPG_ERR_NO_PUBKEY);
+      goto leave;
+    }
+  thistime = 0;
+  thisuid = NULL;
+  for (uid = uidlist; uid; uid = uid->next)
+    {
+      if (!uid->mbox)
+        continue; /* Should not happen anyway.  */
+      if (uid->created > thistime)
+        {
+          thistime = uid->created;
+          thisuid = uid;
+        }
+    }
+  if (!thisuid)
+    thisuid = uid;  /* This is the case for a missing timestamp.  */
+  if (opt.verbose)
+    log_info ("submitting key with user id '%s'\n", thisuid->uid);
+
+  /* If we have more than one user id we need to filter the key to
+   * include only THISUID.  */
+  if (uidlist->next)
+    {
+      estream_t newkey;
+
+      es_rewind (key);
+      err = wks_filter_uid (&newkey, key, thisuid->uid);
+      if (err)
+        {
+          log_error ("error filtering key: %s\n", gpg_strerror (err));
+          err = gpg_error (GPG_ERR_NO_PUBKEY);
+          goto leave;
+        }
+      es_fclose (key);
+      key = newkey;
+    }
+
+  if (policy.mailbox_only
+      && ascii_strcasecmp (userid, addrspec))
+    {
+      log_info ("Warning: policy requires 'mailbox-only'"
+                " - creating new user id'\n");
+    }
+
  /* Hack to support posteo but let them disable this by setting the
   * new policy-version flag.  */
  if (policy.protocol_version < 3
@ -885,6 +938,7 @@ command_send (const char *fingerprint, const char *userid)
 leave:
  mime_maker_release (mime);
  xfree (submission_to);
+  free_uidinfo_list (uidlist);
  es_fclose (keyenc);
  es_fclose (key);
  xfree (addrspec);