security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

* verify.c (gpgsm_verify): Detect certs-only message.

This commit is contained in:
Werner Koch 2002-03-12 13:36:29 +00:00
parent c1791a8d15
commit 8337455483
11 changed files with 120 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
sm/ChangeLog
View File

@ -1,3 +1,21 @@
2002-03-12 Werner Koch <wk@gnupg.org>
* verify.c (gpgsm_verify): Detect certs-only message.
2002-03-11 Werner Koch <wk@gnupg.org>
* import.c (gpgsm_import): Print a notice about imported certificates
when in verbose mode.
* gpgsm.c (main): Print INV_RECP status.
* server.c (cmd_recipient): Ditto.
* server.c (gpgsm_status2): New. Allows for a list of strings.
(gpgsm_status): Divert to gpgsm_status2.
* encrypt.c (gpgsm_encrypt): Don't use a default key when no
recipients are given. Print a NO_RECP status.
2002-03-06 Werner Koch <wk@gnupg.org>
* server.c (cmd_listkeys, cmd_listsecretkeys): Divert to

4
sm/call-agent.c
View File

@ -574,8 +574,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
else
{
keydb_store_cert (cert);
log_error ("certificate stored\n");
if (!keydb_store_cert (cert))
log_error ("certificate imported\n");
}
ksba_cert_release (cert);

16
sm/certchain.c
View File

@ -282,6 +282,13 @@ gpgsm_validate_path (KsbaCert cert)
KsbaCert subject_cert = NULL, issuer_cert = NULL;
time_t current_time = time (NULL);
if ((opt.debug & 4096))
{
log_info ("WARNING: bypassing path validation\n");
return 0;
}
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
@ -521,6 +528,12 @@ gpgsm_basic_cert_check (KsbaCert cert)
KEYDB_HANDLE kh = keydb_new (0);
KsbaCert issuer_cert = NULL;
if ((opt.debug & 4096))
{
log_info ("WARNING: bypassing basic certificate checks\n");
return 0;
}
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
@ -532,8 +545,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
subject = ksba_cert_get_subject (cert, 0);
if (!issuer)
{
if (DBG_X509)
log_debug ("ERROR: issuer missing\n");
log_error ("no issuer found in certificate\n");
rc = GNUPG_Bad_Certificate;
goto leave;
}

1
sm/certlist.c
View File

@ -61,6 +61,7 @@ gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr)
rc = 0;
else if (!rc)
rc = GNUPG_Ambiguous_Name;
}
if (!rc)
rc = gpgsm_validate_path (cert);

16
sm/certpath.c
View File

@ -282,6 +282,13 @@ gpgsm_validate_path (KsbaCert cert)
KsbaCert subject_cert = NULL, issuer_cert = NULL;
time_t current_time = time (NULL);
if ((opt.debug & 4096))
{
log_info ("WARNING: bypassing path validation\n");
return 0;
}
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
@ -521,6 +528,12 @@ gpgsm_basic_cert_check (KsbaCert cert)
KEYDB_HANDLE kh = keydb_new (0);
KsbaCert issuer_cert = NULL;
if ((opt.debug & 4096))
{
log_info ("WARNING: bypassing basic certificate checks\n");
return 0;
}
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
@ -532,8 +545,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
subject = ksba_cert_get_subject (cert, 0);
if (!issuer)
{
if (DBG_X509)
log_debug ("ERROR: issuer missing\n");
log_error ("no issuer found in certificate\n");
rc = GNUPG_Bad_Certificate;
goto leave;
}

29
sm/encrypt.c
View File

@ -359,12 +359,18 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
DEK dek = NULL;
int recpno;
FILE *data_fp = NULL;
struct certlist_s help_recplist;
CERTLIST cl;
memset (&encparm, 0, sizeof encparm);
help_recplist.next = NULL;
help_recplist.cert = NULL;
if (!recplist)
{
log_error(_("no valid recipients given\n"));
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
rc = GNUPG_No_Public_Key;
goto leave;
}
kh = keydb_new (0);
if (!kh)
{
@ -373,21 +379,6 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
goto leave;
}
/* If no recipient list is given, use a default one */
/* FIXME: we shoudl not do this but return an error and a
STATUS_NO_RECP */
if (!recplist)
{
rc = gpgsm_get_default_cert (&help_recplist.cert);
if (rc)
{
log_error ("no default recipient found\n");
rc = seterr (General_Error);
goto leave;
}
recplist = &help_recplist;
}
data_fp = fdopen ( dup (data_fd), "rb");
if (!data_fp)
{
@ -554,7 +545,5 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
if (data_fp)
fclose (data_fp);
xfree (encparm.buffer);
if (help_recplist.cert)
ksba_cert_release (help_recplist.cert);
return rc;
}

12
sm/gpgsm.c
View File

@ -1007,9 +1007,15 @@ main ( int argc, char **argv)
{
int rc = gpgsm_add_to_certlist (sl->d, &recplist);
if (rc)
log_error (_("can't encrypt to `%s': %s\n"),
sl->d, gnupg_strerror (rc));
}
{
log_error (_("can't encrypt to `%s': %s\n"),
sl->d, gnupg_strerror (rc));
gpgsm_status2 (&ctrl, STATUS_INV_RECP,
rc == -1? "1":
rc == GNUPG_Ambiguous_Name? "2 ": "0 ",
sl->d, NULL);
}
}
if (log_get_errorcount(0))
gpgsm_exit(1); /* must stop for invalid recipients */

1
sm/gpgsm.h
View File

@ -135,6 +135,7 @@ void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
/*-- server.c --*/
void gpgsm_server (void);
void gpgsm_status (CTRL ctrl, int no, const char *text);
void gpgsm_status2 (CTRL ctrl, int no, ...);
/*-- fingerprint --*/
char *gpgsm_get_fingerprint (KsbaCert cert, int algo, char *array, int *r_len);

10
sm/import.c
View File

@ -75,8 +75,14 @@ gpgsm_import (CTRL ctrl, int in_fd)
}
if ( !gpgsm_basic_cert_check (cert) )
keydb_store_cert (cert);
{
if (!keydb_store_cert (cert))
{
if (opt.verbose)
log_info ("certificate imported\n");
}
}
leave:
ksba_cert_release (cert);
gpgsm_destroy_reader (b64reader);

37
sm/server.c
View File

@ -23,6 +23,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include <ctype.h>
#include <unistd.h>
@ -176,6 +177,11 @@ cmd_recipient (ASSUAN_CONTEXT ctx, char *line)
int rc;
rc = gpgsm_add_to_certlist (line, &ctrl->server_local->recplist);
if (rc)
gpgsm_status2 (ctrl, STATUS_INV_RECP,
rc == -1? "1":
rc == GNUPG_Ambiguous_Name? "2 ": "0 ",
line, NULL);
return map_to_assuan_status (rc);
}
@ -672,10 +678,14 @@ get_status_string ( int no )
}
void
gpgsm_status (CTRL ctrl, int no, const char *text)
gpgsm_status2 (CTRL ctrl, int no, ...)
{
va_list arg_ptr;
const char *text;
va_start (arg_ptr, no);
if (ctrl->no_server)
{
if (ctrl->status_fd == -1)
@ -699,7 +709,7 @@ gpgsm_status (CTRL ctrl, int no, const char *text)
fputs ("[GNUPG:] ", statusfp);
fputs (get_status_string (no), statusfp);
if (text)
while ( (text = va_arg (arg_ptr, const char*) ))
{
putc ( ' ', statusfp );
for (; *text; text++)
@ -718,11 +728,30 @@ gpgsm_status (CTRL ctrl, int no, const char *text)
else
{
ASSUAN_CONTEXT ctx = ctrl->server_local->assuan_ctx;
char buf[950], *p;
size_t n;
assuan_write_status (ctx, get_status_string (no), text);
p = buf;
n = 0;
while ( (text = va_arg (arg_ptr, const char *)) )
{
for ( ; *text && n < DIM (buf)-1; n++)
*p++ = *text++;
}
*p = 0;
assuan_write_status (ctx, get_status_string (no), buf);
}
va_end (arg_ptr);
}
void
gpgsm_status (CTRL ctrl, int no, const char *text)
{
gpgsm_status2 (ctrl, no, text, NULL);
}
#if 0
/*

17
sm/verify.c
View File

@ -201,12 +201,10 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (is_detached)
{
if (data_fd == -1)
{
log_error ("detached signature but no data given\n");
rc = GNUPG_Bad_Signature;
goto leave;
}
hash_data (data_fd, data_md);
log_info ("detached signature w/o data "
"- assuming certs-only\n");
else
hash_data (data_fd, data_md);
}
else
{
@ -259,6 +257,12 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
size_t msgdigestlen;
err = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
if (!signer && err == KSBA_No_Data && data_fd == -1 && is_detached)
{
log_info ("certs-only message accepted\n");
err = 0;
break;
}
if (err)
break;
log_debug ("signer %d - issuer: `%s'\n", signer, issuer? issuer:"[NONE]");
@ -424,3 +428,4 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
fclose (fp);
return rc;
}