security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

gpg: New options import-drop-uids and export-drop-uids.

Browse Source 
* g10/options.h (IMPORT_DROP_UIDS): New.
(EXPORT_DROP_UIDS): New.
* g10/import.c (parse_import_options): Add option "import-drop-uids".
(import_one): Don't bail out with that options and no uids found.
Also remove all uids.
(remove_all_uids): New.
* g10/export.c (parse_export_options): Add option "export-drop-uids".
(do_export_one_keyblock): Implement option.
--

These options are required for experiments with changes to the
keyserver infrastructure.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-10-02 11:02:08 +02:00
parent 50b02dba20
commit 8e83493dae
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 94 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/gpg.texi
View File

@ -2342,6 +2342,11 @@ opposite meaning. The options are:
on the keyring. This option is the same as running the @option{--edit-key} on the keyring. This option is the same as running the @option{--edit-key}
command "clean" after import. Defaults to no. command "clean" after import. Defaults to no.
@item import-drop-uids
Do not import any user ids or their binding signatures. This option
can be used to update only the subkeys or other non-user id related
information.
@item repair-keys. After import, fix various problems with the @item repair-keys. After import, fix various problems with the
keys. For example, this reorders signatures, and strips duplicate keys. For example, this reorders signatures, and strips duplicate
signatures. Defaults to yes. signatures. Defaults to yes.
@ -2506,6 +2511,11 @@ opposite meaning. The options are:
running the @option{--edit-key} command "minimize" before export except running the @option{--edit-key} command "minimize" before export except
that the local copy of the key is not modified. Defaults to no. that the local copy of the key is not modified. Defaults to no.
@item export-drop-uids
Do no export any user id or attribute packets or their associates
signatures. Note that due to missing user ids the resulting output is
not strictly RFC-4880 compliant.
@item export-pka @item export-pka
Instead of outputting the key material output PKA records suitable Instead of outputting the key material output PKA records suitable
to put into DNS zone files. An ORIGIN line is printed before each to put into DNS zone files. An ORIGIN line is printed before each

29
g10/export.c
View File

@ -97,7 +97,7 @@ cleanup_export_globals (void)
} }
/* Option parser for export options. See parse_options fro /* Option parser for export options. See parse_options for
details. */ details. */
int int
parse_export_options(char *str,unsigned int *options,int noisy) parse_export_options(char *str,unsigned int *options,int noisy)
@ -114,6 +114,8 @@ parse_export_options(char *str,unsigned int *options,int noisy)
N_("remove unusable parts from key during export")}, N_("remove unusable parts from key during export")},
{"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL, {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN,NULL,
N_("remove as much as possible from key during export")}, N_("remove as much as possible from key during export")},
{"export-drop-uids", EXPORT_DROP_UIDS, NULL,
N_("Do not export user id or attribute packets")},
{"export-pka", EXPORT_PKA_FORMAT, NULL, NULL }, {"export-pka", EXPORT_PKA_FORMAT, NULL, NULL },
{"export-dane", EXPORT_DANE_FORMAT, NULL, NULL }, {"export-dane", EXPORT_DANE_FORMAT, NULL, NULL },
@ -136,14 +138,20 @@ parse_export_options(char *str,unsigned int *options,int noisy)
int rc; int rc;
rc = parse_options (str, options, export_opts, noisy); rc = parse_options (str, options, export_opts, noisy);
if (rc && (*options & EXPORT_BACKUP)) if (!rc)
return 0;
/* Alter other options we want or don't want for restore. */
if ((*options & EXPORT_BACKUP))
{ {
/* Alter other options we want or don't want for restore. */
*options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES *options |= (EXPORT_LOCAL_SIGS | EXPORT_ATTRIBUTES
| EXPORT_SENSITIVE_REVKEYS); | EXPORT_SENSITIVE_REVKEYS);
*options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL *options &= ~(EXPORT_CLEAN | EXPORT_MINIMAL
| EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT); | EXPORT_PKA_FORMAT | EXPORT_DANE_FORMAT);
} }
/* Dropping uids also means to drop attributes. */
if ((*options & EXPORT_DROP_UIDS))
*options &= ~(EXPORT_ATTRIBUTES);
return rc; return rc;
} }
@ -1575,7 +1583,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
if (node->pkt->pkttype == PKT_COMMENT) if (node->pkt->pkttype == PKT_COMMENT)
continue; continue;
/* Skip ring trust packets - they should not ne here anyway. */ /* Skip ring trust packets - they should not be here anyway. */
if (node->pkt->pkttype == PKT_RING_TRUST) if (node->pkt->pkttype == PKT_RING_TRUST)
continue; continue;
@ -1650,6 +1658,19 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
} }
} }
/* Don't export user ids (and attributes)? This is not RFC-4880
* compliant but we allow it anyway. */
if ((options & EXPORT_DROP_UIDS)
&& node->pkt->pkttype == PKT_USER_ID)
{
/* Skip until we get to something that is not a user id (or
* attrib) or a signature on it. */
while (kbctx->next && kbctx->next->pkt->pkttype == PKT_SIGNATURE)
kbctx = kbctx->next;
continue;
}
/* Don't export attribs? */ /* Don't export attribs? */
if (!(options & EXPORT_ATTRIBUTES) if (!(options & EXPORT_ATTRIBUTES)
&& node->pkt->pkttype == PKT_USER_ID && node->pkt->pkttype == PKT_USER_ID

60
g10/import.c
View File

@ -121,6 +121,7 @@ static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock, static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock,
u32 *keyid, unsigned int options); u32 *keyid, unsigned int options);
static int any_uid_left (kbnode_t keyblock); static int any_uid_left (kbnode_t keyblock);
static int remove_all_uids (kbnode_t *keyblock);
static int merge_blocks (ctrl_t ctrl, unsigned int options, static int merge_blocks (ctrl_t ctrl, unsigned int options,
kbnode_t keyblock_orig, kbnode_t keyblock_orig,
kbnode_t keyblock, u32 *keyid, kbnode_t keyblock, u32 *keyid,
@ -181,6 +182,9 @@ parse_import_options(char *str,unsigned int *options,int noisy)
{"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL, {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL,
N_("remove as much as possible from key after import")}, N_("remove as much as possible from key after import")},
{"import-drop-uids", IMPORT_DROP_UIDS, NULL,
N_("Do not import user id or attribute packets")},
{"import-export", IMPORT_EXPORT, NULL, {"import-export", IMPORT_EXPORT, NULL,
N_("run import filters and export key immediately")}, N_("run import filters and export key immediately")},
@ -1728,7 +1732,9 @@ import_one (ctrl_t ctrl,
} }
if (!uidnode ) /* Unless import-drop-uids has been requested we don't allow import
* of a key without UIDs. */
if (!uidnode && !(options & IMPORT_DROP_UIDS))
{ {
if (!silent) if (!silent)
log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
@ -1755,7 +1761,11 @@ import_one (ctrl_t ctrl,
return 0; return 0;
} }
collapse_uids(&keyblock); /* Remove or collapse the user ids. */
if ((options & IMPORT_DROP_UIDS))
remove_all_uids (&keyblock);
else
collapse_uids (&keyblock);
/* Clean the key that we're about to import, to cut down on things /* Clean the key that we're about to import, to cut down on things
that we have to clean later. This has no practical impact on the that we have to clean later. This has no practical impact on the
@ -1802,7 +1812,10 @@ import_one (ctrl_t ctrl,
} }
} }
if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) /* Delete invalid parts and without the drop otions bail out if
* there are no user ids. */
if (!delete_inv_parts (ctrl, keyblock, keyid, options)
&& !(options & IMPORT_DROP_UIDS) )
{ {
if (!silent) if (!silent)
{ {
@ -3417,14 +3430,51 @@ any_uid_left (kbnode_t keyblock)
/**************** /* Delete all user ids from KEYBLOCK.
* Returns: True if the keyblock has changed. */
static int
remove_all_uids (kbnode_t *keyblock)
{
kbnode_t node;
int any = 0;
for (node = *keyblock; node; node = node->next)
{
if (is_deleted_kbnode (node))
continue;
if (node->pkt->pkttype != PKT_USER_ID)
continue;
/* We are at the first user id. Delete everything up to the
* first subkey. */
for (; node; node = node->next)
{
if (is_deleted_kbnode (node))
continue;
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY)
break;
delete_kbnode (node);
any = 1;
}
break; /* All done. */
}
commit_kbnode (keyblock);
return any;
}
/*
* It may happen that the imported keyblock has duplicated user IDs. * It may happen that the imported keyblock has duplicated user IDs.
* We check this here and collapse those user IDs together with their * We check this here and collapse those user IDs together with their
* sigs into one. * sigs into one.
* Returns: True if the keyblock has changed. * Returns: True if the keyblock has changed.
*/ */
int int
collapse_uids( kbnode_t *keyblock ) collapse_uids (kbnode_t *keyblock)
{ {
kbnode_t uid1; kbnode_t uid1;
int any=0; int any=0;

2
g10/misc.c
View File

@ -1521,6 +1521,8 @@ optlen(const char *s)
return strlen(s); return strlen(s);
} }
/* Note: This function returns true on success. */
int int
parse_options(char *str,unsigned int *options, parse_options(char *str,unsigned int *options,
struct parse_options *opts,int noisy) struct parse_options *opts,int noisy)

2
g10/options.h
View File

@ -360,6 +360,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define IMPORT_RESTORE (1<<10) #define IMPORT_RESTORE (1<<10)
#define IMPORT_REPAIR_KEYS (1<<11) #define IMPORT_REPAIR_KEYS (1<<11)
#define IMPORT_DRY_RUN (1<<12) #define IMPORT_DRY_RUN (1<<12)
#define IMPORT_DROP_UIDS (1<<13)
#define EXPORT_LOCAL_SIGS (1<<0) #define EXPORT_LOCAL_SIGS (1<<0)
#define EXPORT_ATTRIBUTES (1<<1) #define EXPORT_ATTRIBUTES (1<<1)
@ -370,6 +371,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define EXPORT_PKA_FORMAT (1<<6) #define EXPORT_PKA_FORMAT (1<<6)
#define EXPORT_DANE_FORMAT (1<<7) #define EXPORT_DANE_FORMAT (1<<7)
#define EXPORT_BACKUP (1<<10) #define EXPORT_BACKUP (1<<10)
#define EXPORT_DROP_UIDS (1<<13)
#define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_PHOTOS (1<<0)
#define LIST_SHOW_POLICY_URLS (1<<1) #define LIST_SHOW_POLICY_URLS (1<<1)