mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-20 01:02:44 +02:00
* command.c (cmd_marktrusted): Implemented.
* trustlist.c (agent_marktrusted): New. (open_list): Add APPEND arg. * query.c (agent_get_confirmation): New.
This commit is contained in:
parent
85d9e2e212
commit
822e682c50
|
@ -1,3 +1,11 @@
|
||||||
|
2002-02-18 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* command.c (cmd_marktrusted): Implemented.
|
||||||
|
* trustlist.c (agent_marktrusted): New.
|
||||||
|
(open_list): Add APPEND arg.
|
||||||
|
|
||||||
|
* query.c (agent_get_confirmation): New.
|
||||||
|
|
||||||
2002-02-06 Werner Koch <wk@gnupg.org>
|
2002-02-06 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* cache.c (housekeeping): Fixed linking in the remove case.
|
* cache.c (housekeeping): Fixed linking in the remove case.
|
||||||
|
|
|
@ -110,6 +110,7 @@ int agent_askpin (const char *desc_text, const char *err_text,
|
||||||
int agent_get_passphrase (char **retpass,
|
int agent_get_passphrase (char **retpass,
|
||||||
const char *desc, const char *prompt,
|
const char *desc, const char *prompt,
|
||||||
const char *errtext);
|
const char *errtext);
|
||||||
|
int agent_get_confirmation (const char *desc, const char *prompt);
|
||||||
|
|
||||||
/*-- cache.c --*/
|
/*-- cache.c --*/
|
||||||
int agent_put_cache (const char *key, const char *data, int ttl);
|
int agent_put_cache (const char *key, const char *data, int ttl);
|
||||||
|
@ -139,7 +140,7 @@ int agent_private_key_type (const unsigned char *privatekey);
|
||||||
/*-- trustlist.c --*/
|
/*-- trustlist.c --*/
|
||||||
int agent_istrusted (const char *fpr);
|
int agent_istrusted (const char *fpr);
|
||||||
int agent_listtrusted (void *assuan_context);
|
int agent_listtrusted (void *assuan_context);
|
||||||
|
int agent_marktrusted (const char *name, const char *fpr, int flag);
|
||||||
|
|
||||||
|
|
||||||
#endif /*AGENT_H*/
|
#endif /*AGENT_H*/
|
||||||
|
|
|
@ -108,13 +108,42 @@ cmd_listtrusted (ASSUAN_CONTEXT ctx, char *line)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* MARKTRUSTED <hexstring_with_fingerprint> <flag>
|
/* MARKTRUSTED <hexstring_with_fingerprint> <flag> <display_name>
|
||||||
|
|
||||||
Store a new key in into the trustlist*/
|
Store a new key in into the trustlist*/
|
||||||
static int
|
static int
|
||||||
cmd_marktrusted (ASSUAN_CONTEXT ctx, char *line)
|
cmd_marktrusted (ASSUAN_CONTEXT ctx, char *line)
|
||||||
{
|
{
|
||||||
return ASSUAN_Not_Implemented;
|
int rc, n, i;
|
||||||
|
char *p;
|
||||||
|
char fpr[41];
|
||||||
|
int flag;
|
||||||
|
|
||||||
|
/* parse the fingerprint value */
|
||||||
|
for (p=line,n=0; hexdigitp (p); p++, n++)
|
||||||
|
;
|
||||||
|
if (!spacep (p) || !(n == 40 || n == 32))
|
||||||
|
return set_error (Parameter_Error, "invalid fingerprint");
|
||||||
|
i = 0;
|
||||||
|
if (n==32)
|
||||||
|
{
|
||||||
|
strcpy (fpr, "00000000");
|
||||||
|
i += 8;
|
||||||
|
}
|
||||||
|
for (p=line; i < 40; p++, i++)
|
||||||
|
fpr[i] = *p >= 'a'? (*p & 0xdf): *p;
|
||||||
|
fpr[i] = 0;
|
||||||
|
|
||||||
|
while (spacep (p))
|
||||||
|
p++;
|
||||||
|
flag = *p++;
|
||||||
|
if ( (flag != 'S' && flag != 'P') || !spacep (p) )
|
||||||
|
return set_error (Parameter_Error, "invalid flag - must be P or S");
|
||||||
|
while (spacep (p))
|
||||||
|
p++;
|
||||||
|
|
||||||
|
rc = agent_marktrusted (p, fpr, flag);
|
||||||
|
return map_to_assuan_status (rc);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -476,7 +505,7 @@ register_commands (ASSUAN_CONTEXT ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Startup the server. If LISTEN_FD is given as -1, this is simple
|
/* Startup the server. If LISTEN_FD is given as -1, this is a simple
|
||||||
piper server, otherwise it is a regular server */
|
piper server, otherwise it is a regular server */
|
||||||
void
|
void
|
||||||
start_command_handler (int listen_fd)
|
start_command_handler (int listen_fd)
|
||||||
|
|
|
@ -297,6 +297,42 @@ agent_get_passphrase (char **retpass, const char *desc, const char *prompt,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* Pop up the PIN-entry, display the text and the prompt and ask the
|
||||||
|
user to confirm this. We return 0 for success, ie. the used
|
||||||
|
confirmed it, GNUPG_Not_Confirmed for what the text says or an
|
||||||
|
other error. */
|
||||||
|
int
|
||||||
|
agent_get_confirmation (const char *desc, const char *prompt)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
char line[ASSUAN_LINELENGTH];
|
||||||
|
|
||||||
|
rc = start_pinentry ();
|
||||||
|
if (rc)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
if (desc)
|
||||||
|
snprintf (line, DIM(line)-1, "SETDESC %s", desc);
|
||||||
|
else
|
||||||
|
snprintf (line, DIM(line)-1, "RESET");
|
||||||
|
line[DIM(line)-1] = 0;
|
||||||
|
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL);
|
||||||
|
if (rc)
|
||||||
|
return map_assuan_err (rc);
|
||||||
|
|
||||||
|
if (prompt)
|
||||||
|
{
|
||||||
|
snprintf (line, DIM(line)-1, "SETPROMPT %s", prompt);
|
||||||
|
line[DIM(line)-1] = 0;
|
||||||
|
rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL);
|
||||||
|
if (rc)
|
||||||
|
return map_assuan_err (rc);
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = assuan_transact (entry_ctx, "CONFIRM", NULL, NULL, NULL, NULL);
|
||||||
|
return map_assuan_err (rc);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,7 @@ static const char headerblurb[] =
|
||||||
"# length limit but this is not serious limitation as the format of the\n"
|
"# length limit but this is not serious limitation as the format of the\n"
|
||||||
"# entries is fixed and checked by gpg-agent: A non-comment line starts\n"
|
"# entries is fixed and checked by gpg-agent: A non-comment line starts\n"
|
||||||
"# with optional white spaces, followed by exactly 40 hex character,\n"
|
"# with optional white spaces, followed by exactly 40 hex character,\n"
|
||||||
"# optioanlly followed by a flag charcter which my either be 'P', 'S'\n"
|
"# optioanlly followed by a flag character which my either be 'P', 'S'\n"
|
||||||
"# or '*'. Additional data delimited with by a white space is ignored.\n"
|
"# or '*'. Additional data delimited with by a white space is ignored.\n"
|
||||||
"\n";
|
"\n";
|
||||||
|
|
||||||
|
@ -49,12 +49,12 @@ static FILE *trustfp;
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
open_list (void)
|
open_list (int append)
|
||||||
{
|
{
|
||||||
char *fname;
|
char *fname;
|
||||||
|
|
||||||
fname = make_filename (opt.homedir, "trustlist.txt", NULL);
|
fname = make_filename (opt.homedir, "trustlist.txt", NULL);
|
||||||
trustfp = fopen (fname, "r");
|
trustfp = fopen (fname, append? "a+":"r");
|
||||||
if (!trustfp && errno == ENOENT)
|
if (!trustfp && errno == ENOENT)
|
||||||
{
|
{
|
||||||
trustfp = fopen (fname, "wx");
|
trustfp = fopen (fname, "wx");
|
||||||
|
@ -66,7 +66,7 @@ open_list (void)
|
||||||
}
|
}
|
||||||
fputs (headerblurb, trustfp);
|
fputs (headerblurb, trustfp);
|
||||||
fclose (trustfp);
|
fclose (trustfp);
|
||||||
trustfp = fopen (fname, "r");
|
trustfp = fopen (fname, append? "a+":"r");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!trustfp)
|
if (!trustfp)
|
||||||
|
@ -98,7 +98,7 @@ read_list (char *key, int *keyflag)
|
||||||
|
|
||||||
if (!trustfp)
|
if (!trustfp)
|
||||||
{
|
{
|
||||||
rc = open_list ();
|
rc = open_list (0);
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
@ -162,7 +162,7 @@ read_list (char *key, int *keyflag)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check whether the given fr is in our trustdb. We expect FPR to be
|
/* check whether the given fpr is in our trustdb. We expect FPR to be
|
||||||
an all uppercase hexstring of 40 characters. */
|
an all uppercase hexstring of 40 characters. */
|
||||||
int
|
int
|
||||||
agent_istrusted (const char *fpr)
|
agent_istrusted (const char *fpr)
|
||||||
|
@ -220,8 +220,85 @@ agent_listtrusted (void *assuan_context)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Insert the given fpr into our trustdb. We expect FPR to be an all
|
||||||
|
uppercase hexstring of 40 characters. FLAG is either 'P' or 'C'.
|
||||||
|
This function does first check whether that key has alreay ben put
|
||||||
|
into the trustdb and returns success in this case. Before a FPR
|
||||||
|
actually gets inserted, the user is asked by means of the pin-entry
|
||||||
|
whether this is actual wants he want to do.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
agent_marktrusted (const char *name, const char *fpr, int flag)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
static char key[41];
|
||||||
|
int keyflag;
|
||||||
|
char *desc;
|
||||||
|
|
||||||
|
if (trustfp)
|
||||||
|
rewind (trustfp);
|
||||||
|
while (!(rc=read_list (key, &keyflag)))
|
||||||
|
{
|
||||||
|
if (!strcmp (key, fpr))
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
fclose (trustfp);
|
||||||
|
trustfp = NULL;
|
||||||
|
if (rc != -1)
|
||||||
|
return rc; /* error in the trustdb */
|
||||||
|
|
||||||
|
/* insert a new one */
|
||||||
|
if (asprintf (&desc,
|
||||||
|
"Please verify that the certificate identified as:%%0A"
|
||||||
|
" \"%s\"%%0A"
|
||||||
|
"has the fingerprint:%%0A"
|
||||||
|
" %s", name, fpr) < 0 )
|
||||||
|
return GNUPG_Out_Of_Core;
|
||||||
|
rc = agent_get_confirmation (desc, "Correct|No");
|
||||||
|
free (desc);
|
||||||
|
if (rc)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
if (asprintf (&desc,
|
||||||
|
"Do you ultimately trust%%0A"
|
||||||
|
" \"%s\"%%0A"
|
||||||
|
"to correctly certify user certificates?",
|
||||||
|
name) < 0 )
|
||||||
|
return GNUPG_Out_Of_Core;
|
||||||
|
rc = agent_get_confirmation (desc, "Yes|No");
|
||||||
|
free (desc);
|
||||||
|
if (rc)
|
||||||
|
return rc;
|
||||||
|
|
||||||
|
/* now check again to avoid duplicates. Also open in append mode now */
|
||||||
|
rc = open_list (1);
|
||||||
|
if (rc)
|
||||||
|
return rc;
|
||||||
|
rewind (trustfp);
|
||||||
|
while (!(rc=read_list (key, &keyflag)))
|
||||||
|
{
|
||||||
|
if (!strcmp (key, fpr))
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
if (rc != -1)
|
||||||
|
{
|
||||||
|
fclose (trustfp);
|
||||||
|
trustfp = NULL;
|
||||||
|
return rc; /* error in the trustdb */
|
||||||
|
}
|
||||||
|
rc = 0;
|
||||||
|
|
||||||
|
/* append the key */
|
||||||
|
fflush (trustfp);
|
||||||
|
fputs ("\n# ", trustfp);
|
||||||
|
print_sanitized_string (trustfp, name, 0);
|
||||||
|
fprintf (trustfp, "\n%s %c\n", fpr, flag);
|
||||||
|
if (ferror (trustfp))
|
||||||
|
rc = GNUPG_Write_Error;
|
||||||
|
|
||||||
|
/* close because we are in append mode */
|
||||||
|
if (fclose (trustfp))
|
||||||
|
rc = GNUPG_File_Error;
|
||||||
|
trustfp = NULL;
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user