mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* verify.c (gpgsm_verify): Detect certs-only message.
This commit is contained in:
parent
c1791a8d15
commit
8337455483
18
sm/ChangeLog
18
sm/ChangeLog
@ -1,3 +1,21 @@
|
||||
2002-03-12 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* verify.c (gpgsm_verify): Detect certs-only message.
|
||||
|
||||
2002-03-11 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* import.c (gpgsm_import): Print a notice about imported certificates
|
||||
when in verbose mode.
|
||||
|
||||
* gpgsm.c (main): Print INV_RECP status.
|
||||
* server.c (cmd_recipient): Ditto.
|
||||
|
||||
* server.c (gpgsm_status2): New. Allows for a list of strings.
|
||||
(gpgsm_status): Divert to gpgsm_status2.
|
||||
|
||||
* encrypt.c (gpgsm_encrypt): Don't use a default key when no
|
||||
recipients are given. Print a NO_RECP status.
|
||||
|
||||
2002-03-06 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* server.c (cmd_listkeys, cmd_listsecretkeys): Divert to
|
||||
|
@ -574,8 +574,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
|
||||
log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
|
||||
else
|
||||
{
|
||||
keydb_store_cert (cert);
|
||||
log_error ("certificate stored\n");
|
||||
if (!keydb_store_cert (cert))
|
||||
log_error ("certificate imported\n");
|
||||
}
|
||||
|
||||
ksba_cert_release (cert);
|
||||
|
@ -282,6 +282,13 @@ gpgsm_validate_path (KsbaCert cert)
|
||||
KsbaCert subject_cert = NULL, issuer_cert = NULL;
|
||||
time_t current_time = time (NULL);
|
||||
|
||||
if ((opt.debug & 4096))
|
||||
{
|
||||
log_info ("WARNING: bypassing path validation\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
if (!kh)
|
||||
{
|
||||
log_error (_("failed to allocated keyDB handle\n"));
|
||||
@ -521,6 +528,12 @@ gpgsm_basic_cert_check (KsbaCert cert)
|
||||
KEYDB_HANDLE kh = keydb_new (0);
|
||||
KsbaCert issuer_cert = NULL;
|
||||
|
||||
if ((opt.debug & 4096))
|
||||
{
|
||||
log_info ("WARNING: bypassing basic certificate checks\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!kh)
|
||||
{
|
||||
log_error (_("failed to allocated keyDB handle\n"));
|
||||
@ -532,8 +545,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
|
||||
subject = ksba_cert_get_subject (cert, 0);
|
||||
if (!issuer)
|
||||
{
|
||||
if (DBG_X509)
|
||||
log_debug ("ERROR: issuer missing\n");
|
||||
log_error ("no issuer found in certificate\n");
|
||||
rc = GNUPG_Bad_Certificate;
|
||||
goto leave;
|
||||
}
|
||||
|
@ -61,6 +61,7 @@ gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr)
|
||||
rc = 0;
|
||||
else if (!rc)
|
||||
rc = GNUPG_Ambiguous_Name;
|
||||
|
||||
}
|
||||
if (!rc)
|
||||
rc = gpgsm_validate_path (cert);
|
||||
|
@ -282,6 +282,13 @@ gpgsm_validate_path (KsbaCert cert)
|
||||
KsbaCert subject_cert = NULL, issuer_cert = NULL;
|
||||
time_t current_time = time (NULL);
|
||||
|
||||
if ((opt.debug & 4096))
|
||||
{
|
||||
log_info ("WARNING: bypassing path validation\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
if (!kh)
|
||||
{
|
||||
log_error (_("failed to allocated keyDB handle\n"));
|
||||
@ -521,6 +528,12 @@ gpgsm_basic_cert_check (KsbaCert cert)
|
||||
KEYDB_HANDLE kh = keydb_new (0);
|
||||
KsbaCert issuer_cert = NULL;
|
||||
|
||||
if ((opt.debug & 4096))
|
||||
{
|
||||
log_info ("WARNING: bypassing basic certificate checks\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!kh)
|
||||
{
|
||||
log_error (_("failed to allocated keyDB handle\n"));
|
||||
@ -532,8 +545,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
|
||||
subject = ksba_cert_get_subject (cert, 0);
|
||||
if (!issuer)
|
||||
{
|
||||
if (DBG_X509)
|
||||
log_debug ("ERROR: issuer missing\n");
|
||||
log_error ("no issuer found in certificate\n");
|
||||
rc = GNUPG_Bad_Certificate;
|
||||
goto leave;
|
||||
}
|
||||
|
29
sm/encrypt.c
29
sm/encrypt.c
@ -359,12 +359,18 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
||||
DEK dek = NULL;
|
||||
int recpno;
|
||||
FILE *data_fp = NULL;
|
||||
struct certlist_s help_recplist;
|
||||
CERTLIST cl;
|
||||
|
||||
memset (&encparm, 0, sizeof encparm);
|
||||
help_recplist.next = NULL;
|
||||
help_recplist.cert = NULL;
|
||||
|
||||
if (!recplist)
|
||||
{
|
||||
log_error(_("no valid recipients given\n"));
|
||||
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
|
||||
rc = GNUPG_No_Public_Key;
|
||||
goto leave;
|
||||
}
|
||||
|
||||
kh = keydb_new (0);
|
||||
if (!kh)
|
||||
{
|
||||
@ -373,21 +379,6 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* If no recipient list is given, use a default one */
|
||||
/* FIXME: we shoudl not do this but return an error and a
|
||||
STATUS_NO_RECP */
|
||||
if (!recplist)
|
||||
{
|
||||
rc = gpgsm_get_default_cert (&help_recplist.cert);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("no default recipient found\n");
|
||||
rc = seterr (General_Error);
|
||||
goto leave;
|
||||
}
|
||||
recplist = &help_recplist;
|
||||
}
|
||||
|
||||
data_fp = fdopen ( dup (data_fd), "rb");
|
||||
if (!data_fp)
|
||||
{
|
||||
@ -554,7 +545,5 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
|
||||
if (data_fp)
|
||||
fclose (data_fp);
|
||||
xfree (encparm.buffer);
|
||||
if (help_recplist.cert)
|
||||
ksba_cert_release (help_recplist.cert);
|
||||
return rc;
|
||||
}
|
||||
|
12
sm/gpgsm.c
12
sm/gpgsm.c
@ -1007,9 +1007,15 @@ main ( int argc, char **argv)
|
||||
{
|
||||
int rc = gpgsm_add_to_certlist (sl->d, &recplist);
|
||||
if (rc)
|
||||
log_error (_("can't encrypt to `%s': %s\n"),
|
||||
sl->d, gnupg_strerror (rc));
|
||||
}
|
||||
{
|
||||
log_error (_("can't encrypt to `%s': %s\n"),
|
||||
sl->d, gnupg_strerror (rc));
|
||||
gpgsm_status2 (&ctrl, STATUS_INV_RECP,
|
||||
rc == -1? "1":
|
||||
rc == GNUPG_Ambiguous_Name? "2 ": "0 ",
|
||||
sl->d, NULL);
|
||||
}
|
||||
}
|
||||
if (log_get_errorcount(0))
|
||||
gpgsm_exit(1); /* must stop for invalid recipients */
|
||||
|
||||
|
@ -135,6 +135,7 @@ void gpgsm_init_default_ctrl (struct server_control_s *ctrl);
|
||||
/*-- server.c --*/
|
||||
void gpgsm_server (void);
|
||||
void gpgsm_status (CTRL ctrl, int no, const char *text);
|
||||
void gpgsm_status2 (CTRL ctrl, int no, ...);
|
||||
|
||||
/*-- fingerprint --*/
|
||||
char *gpgsm_get_fingerprint (KsbaCert cert, int algo, char *array, int *r_len);
|
||||
|
@ -75,7 +75,13 @@ gpgsm_import (CTRL ctrl, int in_fd)
|
||||
}
|
||||
|
||||
if ( !gpgsm_basic_cert_check (cert) )
|
||||
keydb_store_cert (cert);
|
||||
{
|
||||
if (!keydb_store_cert (cert))
|
||||
{
|
||||
if (opt.verbose)
|
||||
log_info ("certificate imported\n");
|
||||
}
|
||||
}
|
||||
|
||||
leave:
|
||||
ksba_cert_release (cert);
|
||||
|
37
sm/server.c
37
sm/server.c
@ -23,6 +23,7 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <ctype.h>
|
||||
#include <unistd.h>
|
||||
|
||||
@ -176,6 +177,11 @@ cmd_recipient (ASSUAN_CONTEXT ctx, char *line)
|
||||
int rc;
|
||||
|
||||
rc = gpgsm_add_to_certlist (line, &ctrl->server_local->recplist);
|
||||
if (rc)
|
||||
gpgsm_status2 (ctrl, STATUS_INV_RECP,
|
||||
rc == -1? "1":
|
||||
rc == GNUPG_Ambiguous_Name? "2 ": "0 ",
|
||||
line, NULL);
|
||||
|
||||
return map_to_assuan_status (rc);
|
||||
}
|
||||
@ -672,10 +678,14 @@ get_status_string ( int no )
|
||||
}
|
||||
|
||||
|
||||
|
||||
void
|
||||
gpgsm_status (CTRL ctrl, int no, const char *text)
|
||||
gpgsm_status2 (CTRL ctrl, int no, ...)
|
||||
{
|
||||
va_list arg_ptr;
|
||||
const char *text;
|
||||
|
||||
va_start (arg_ptr, no);
|
||||
|
||||
if (ctrl->no_server)
|
||||
{
|
||||
if (ctrl->status_fd == -1)
|
||||
@ -699,7 +709,7 @@ gpgsm_status (CTRL ctrl, int no, const char *text)
|
||||
fputs ("[GNUPG:] ", statusfp);
|
||||
fputs (get_status_string (no), statusfp);
|
||||
|
||||
if (text)
|
||||
while ( (text = va_arg (arg_ptr, const char*) ))
|
||||
{
|
||||
putc ( ' ', statusfp );
|
||||
for (; *text; text++)
|
||||
@ -718,11 +728,30 @@ gpgsm_status (CTRL ctrl, int no, const char *text)
|
||||
else
|
||||
{
|
||||
ASSUAN_CONTEXT ctx = ctrl->server_local->assuan_ctx;
|
||||
char buf[950], *p;
|
||||
size_t n;
|
||||
|
||||
assuan_write_status (ctx, get_status_string (no), text);
|
||||
p = buf;
|
||||
n = 0;
|
||||
while ( (text = va_arg (arg_ptr, const char *)) )
|
||||
{
|
||||
for ( ; *text && n < DIM (buf)-1; n++)
|
||||
*p++ = *text++;
|
||||
}
|
||||
*p = 0;
|
||||
assuan_write_status (ctx, get_status_string (no), buf);
|
||||
}
|
||||
|
||||
va_end (arg_ptr);
|
||||
}
|
||||
|
||||
void
|
||||
gpgsm_status (CTRL ctrl, int no, const char *text)
|
||||
{
|
||||
gpgsm_status2 (ctrl, no, text, NULL);
|
||||
}
|
||||
|
||||
|
||||
|
||||
#if 0
|
||||
/*
|
||||
|
17
sm/verify.c
17
sm/verify.c
@ -201,12 +201,10 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
if (is_detached)
|
||||
{
|
||||
if (data_fd == -1)
|
||||
{
|
||||
log_error ("detached signature but no data given\n");
|
||||
rc = GNUPG_Bad_Signature;
|
||||
goto leave;
|
||||
}
|
||||
hash_data (data_fd, data_md);
|
||||
log_info ("detached signature w/o data "
|
||||
"- assuming certs-only\n");
|
||||
else
|
||||
hash_data (data_fd, data_md);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -259,6 +257,12 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
size_t msgdigestlen;
|
||||
|
||||
err = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
|
||||
if (!signer && err == KSBA_No_Data && data_fd == -1 && is_detached)
|
||||
{
|
||||
log_info ("certs-only message accepted\n");
|
||||
err = 0;
|
||||
break;
|
||||
}
|
||||
if (err)
|
||||
break;
|
||||
log_debug ("signer %d - issuer: `%s'\n", signer, issuer? issuer:"[NONE]");
|
||||
@ -424,3 +428,4 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
fclose (fp);
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user