1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

Allow policy URLs with %-expandos in them. This allows policy URLs like

"http://notary.jabberwocky.com/keysign/%K" to create a per-signature
policy URL.  Use the new generic %-handler for the photo ID stuff as well.

Display policy URLs and notations during signature generation if
--show-policy-url/--show-notation is set.
This commit is contained in:
David Shaw 2002-02-05 00:04:24 +00:00
parent 02fe4b0185
commit 9057172a92
7 changed files with 179 additions and 100 deletions

View File

@ -1,3 +1,21 @@
2002-02-04 David Shaw <dshaw@jabberwocky.com>
* main.h, misc.c (pct_expando): New function to generalize
%-expando processing in any arbitrary string.
* photoid.c (show_photo): Call the new pct_expando function rather
than expand strings internally.
* sign.c (mk_notation_and_policy): Show policy URLs and notations
when making a signature if show-policy/show-notation is on.
%-expand policy URLs during generation. This lets the user have
policy URLs of the form "http://notary.jabberwocky.com/keysign/%K"
which will generate a per-signature policy URL.
* main.h, keylist.c (show_policy_url, show_notation): Add amount
to indent so the same function can be used in key listings as well
as during sig generation. Change all callers.
2002-02-04 David Shaw <dshaw@jabberwocky.com> 2002-02-04 David Shaw <dshaw@jabberwocky.com>
* keyserver.c, options.h (parse_keyserver_options, keyidlist): * keyserver.c, options.h (parse_keyserver_options, keyidlist):

View File

@ -148,10 +148,10 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
tty_printf("\n"); tty_printf("\n");
if(sig->flags.policy_url && opt.show_policy_url) if(sig->flags.policy_url && opt.show_policy_url)
show_policy_url(sig); show_policy_url(sig,3);
if(sig->flags.notation && opt.show_notation) if(sig->flags.notation && opt.show_notation)
show_notation(sig); show_notation(sig,3);
} }
return (sigrc == '!'); return (sigrc == '!');

View File

@ -65,7 +65,7 @@ secret_key_list( STRLIST list )
} }
void void
show_policy_url(PKT_signature *sig) show_policy_url(PKT_signature *sig,int indent)
{ {
const byte *p; const byte *p;
size_t len; size_t len;
@ -73,15 +73,20 @@ show_policy_url(PKT_signature *sig)
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len); p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len);
if(p) if(p)
{ {
int i;
for(i=0;i<indent;i++)
putchar(' ');
/* This isn't UTF8 as it is a URL(?) */ /* This isn't UTF8 as it is a URL(?) */
printf(" %s: ",_("Signature policy")); printf(_("Signature policy: "));
print_string(stdout,p,len,0); print_string(stdout,p,len,0);
printf("\n"); printf("\n");
} }
} }
void void
show_notation(PKT_signature *sig) show_notation(PKT_signature *sig,int indent)
{ {
const byte *p; const byte *p;
size_t len; size_t len;
@ -92,7 +97,8 @@ show_notation(PKT_signature *sig)
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq))) while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq)))
if(len>=8) if(len>=8)
{ {
int n1,n2; int n1,n2,i;
n1=(p[4]<<8)|p[5]; n1=(p[4]<<8)|p[5];
n2=(p[6]<<8)|p[7]; n2=(p[6]<<8)|p[7];
@ -102,8 +108,11 @@ show_notation(PKT_signature *sig)
return; return;
} }
for(i=0;i<indent;i++)
putchar(' ');
/* This is UTF8 */ /* This is UTF8 */
printf(" %s: ",_("Signature notation")); printf(_("Signature notation: "));
print_utf8_string(stdout,p+8,n1); print_utf8_string(stdout,p+8,n1);
printf("="); printf("=");
@ -472,10 +481,10 @@ list_keyblock_print ( KBNODE keyblock, int secret )
putchar('\n'); putchar('\n');
if(sig->flags.policy_url && opt.show_policy_url) if(sig->flags.policy_url && opt.show_policy_url)
show_policy_url(sig); show_policy_url(sig,3);
if(sig->flags.notation && opt.show_notation) if(sig->flags.notation && opt.show_notation)
show_notation(sig); show_notation(sig,3);
/* fixme: check or list other sigs here */ /* fixme: check or list other sigs here */
} }

View File

@ -67,6 +67,7 @@ int openpgp_pk_algo_usage ( int algo );
int openpgp_md_test_algo( int algo ); int openpgp_md_test_algo( int algo );
int check_permissions(const char *path,int extension,int checkonly); int check_permissions(const char *path,int extension,int checkonly);
void idea_cipher_warn( int show ); void idea_cipher_warn( int show );
char *pct_expando(const char *string,PKT_public_key *pk);
/*-- helptext.c --*/ /*-- helptext.c --*/
void display_online_help( const char *keyword ); void display_online_help( const char *keyword );
@ -159,8 +160,8 @@ void release_revocation_reason_info( struct revocation_reason_info *reason );
void public_key_list( STRLIST list ); void public_key_list( STRLIST list );
void secret_key_list( STRLIST list ); void secret_key_list( STRLIST list );
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode); void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
void show_policy_url(PKT_signature *sig); void show_policy_url(PKT_signature *sig,int indent);
void show_notation(PKT_signature *sig); void show_notation(PKT_signature *sig,int indent);
/*-- verify.c --*/ /*-- verify.c --*/
void print_file_status( int status, const char *name, int what ); void print_file_status( int status, const char *name, int what );

View File

@ -438,3 +438,111 @@ idea_cipher_warn(int show)
warned=1; warned=1;
} }
} }
/* The largest string we have an expando for, times two. */
#define LARGEST_EXPANDO ((MAX_FINGERPRINT_LEN*2)*2)
/* Expand %-strings */
char *
pct_expando(const char *string,PKT_public_key *pk)
{
const char *ch=string;
int idx=0,maxlen;
u32 keyid[2]={0,0};
char *ret;
keyid_from_pk(pk,keyid);
maxlen=LARGEST_EXPANDO;
ret=m_alloc(maxlen+1); /* one more to leave room for the trailing \0 */
ret[0]='\0';
while(*ch!='\0')
{
/* 8192 is way bigger than we'll need here */
if(maxlen-idx<LARGEST_EXPANDO && maxlen<8192)
{
maxlen+=LARGEST_EXPANDO;
ret=m_realloc(ret,maxlen+1);
}
if(*ch=='%')
{
ch++;
switch(*ch)
{
case 'k': /* short key id */
if(idx+8>maxlen)
goto fail;
sprintf(&ret[idx],"%08lX",(ulong)keyid[1]);
idx+=8;
break;
case 'K': /* long key id */
if(idx+16>maxlen)
goto fail;
sprintf(&ret[idx],"%08lX%08lX",(ulong)keyid[0],(ulong)keyid[1]);
idx+=16;
break;
case 'f': /* fingerprint */
{
byte array[MAX_FINGERPRINT_LEN];
size_t len;
int i;
fingerprint_from_pk(pk,array,&len);
if(idx+(len*2)>maxlen)
goto fail;
for(i=0;i<len;i++)
{
sprintf(&ret[idx],"%02X",array[i]);
idx+=2;
}
}
break;
case '%':
if(idx+1>maxlen)
goto fail;
ret[idx++]='%';
ret[idx]='\0';
break;
/* Any unknown %-keys (like %i, %o, %I, and %O) are
passed through for later expansion. */
default:
if(idx+2>maxlen)
goto fail;
ret[idx++]='%';
ret[idx++]=*ch;
ret[idx]='\0';
break;
}
}
else
{
if(idx+1>maxlen)
goto fail;
ret[idx++]=*ch;
ret[idx]='\0';
}
ch++;
}
return ret;
fail:
m_free(ret);
return NULL;
}

View File

@ -32,9 +32,9 @@
#include "iobuf.h" #include "iobuf.h"
#include "memory.h" #include "memory.h"
#include "options.h" #include "options.h"
#include "main.h"
#include "photoid.h" #include "photoid.h"
#define PHOTO_COMMAND_MAXLEN 1024
#define DEFAULT_PHOTO_COMMAND "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin" #define DEFAULT_PHOTO_COMMAND "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
/* Generate a new photo id packet, or return NULL if canceled */ /* Generate a new photo id packet, or return NULL if canceled */
@ -148,92 +148,15 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
void show_photo(const struct user_attribute *attr,PKT_public_key *pk) void show_photo(const struct user_attribute *attr,PKT_public_key *pk)
{ {
const char *ch; char *command;
char command[PHOTO_COMMAND_MAXLEN]={'\0'};
int size=0;
u32 keyid[2]={0,0};
struct exec_info *spawn; struct exec_info *spawn;
keyid_from_pk(pk,keyid);
ch=opt.photo_viewer?opt.photo_viewer:DEFAULT_PHOTO_COMMAND;
/* %-expandos */
/* make command grow */ /* make command grow */
command=
pct_expando(opt.photo_viewer?opt.photo_viewer:DEFAULT_PHOTO_COMMAND,pk);
while(*ch!='\0') if(!command)
{ goto fail;
if(*ch=='%')
{
ch++;
switch(*ch)
{
case 'k': /* short key id */
if(size+8>PHOTO_COMMAND_MAXLEN-1)
goto fail;
sprintf(&command[size],"%08lX",(ulong)keyid[1]);
size+=8;
break;
case 'K': /* long key id */
if(size+16>PHOTO_COMMAND_MAXLEN-1)
goto fail;
sprintf(&command[size],"%08lX%08lX",
(ulong)keyid[0],(ulong)keyid[1]);
size+=16;
break;
case 'f': /* fingerprint */
{
byte array[MAX_FINGERPRINT_LEN];
size_t len;
int i;
fingerprint_from_pk(pk,array,&len);
if(size+(len*2)>PHOTO_COMMAND_MAXLEN-1)
goto fail;
for(i=0;i<len;i++)
{
sprintf(&command[size],"%02X",array[i]);
size+=2;
}
}
break;
case '%':
size++;
if(size>PHOTO_COMMAND_MAXLEN-1)
goto fail;
strcat(command,"%");
break;
default:
if(size+2>PHOTO_COMMAND_MAXLEN-1)
goto fail;
command[size++]='%';
command[size++]=*ch;
break;
}
}
else
{
command[size++]=*ch;
if(size>PHOTO_COMMAND_MAXLEN-1)
goto fail;
}
ch++;
}
command[PHOTO_COMMAND_MAXLEN-1]='\0';
if(exec_write(&spawn,NULL,command,1,1)!=0) if(exec_write(&spawn,NULL,command,1,1)!=0)
goto fail; goto fail;

View File

@ -56,9 +56,10 @@
* NAME=VALUE format. * NAME=VALUE format.
*/ */
static void static void
mk_notation_and_policy( PKT_signature *sig ) mk_notation_and_policy( PKT_signature *sig, PKT_public_key *pk )
{ {
const char *string, *s=NULL; const char *string;
char *s=NULL;
byte *buf; byte *buf;
unsigned n1, n2; unsigned n1, n2;
@ -88,6 +89,9 @@ mk_notation_and_policy( PKT_signature *sig )
build_sig_subpkt( sig, SIGSUBPKT_NOTATION build_sig_subpkt( sig, SIGSUBPKT_NOTATION
| ((nd->flags & 1)? SIGSUBPKT_FLAG_CRITICAL:0), | ((nd->flags & 1)? SIGSUBPKT_FLAG_CRITICAL:0),
buf, 8+n1+n2 ); buf, 8+n1+n2 );
if(opt.show_notation)
show_notation(sig,0);
} }
} }
@ -97,14 +101,25 @@ mk_notation_and_policy( PKT_signature *sig )
if(sig->version<4) if(sig->version<4)
log_info("can't put a policy URL into v3 signatures\n"); log_info("can't put a policy URL into v3 signatures\n");
else else
s=opt.sig_policy_url; s=m_strdup(opt.sig_policy_url);
} }
else if( !(sig->sig_class==0 || sig->sig_class==1) && opt.cert_policy_url ) else if( !(sig->sig_class==0 || sig->sig_class==1) && opt.cert_policy_url )
{ {
if(sig->version<4) if(sig->version<4)
log_info("can't put a policy URL into v3 key signatures\n"); log_info("can't put a policy URL into v3 key signatures\n");
else else
s=opt.cert_policy_url; if(pk)
{
s=pct_expando(opt.cert_policy_url,pk);
if(!s)
{
log_error(_("WARNING: unable to %%-expand policy url "
"(too large). Using unexpanded.\n"));
s=m_strdup(opt.cert_policy_url);
}
}
else
s=m_strdup(opt.cert_policy_url);
} }
if( s ) { if( s ) {
@ -113,7 +128,12 @@ mk_notation_and_policy( PKT_signature *sig )
s+1, strlen(s+1) ); s+1, strlen(s+1) );
else else
build_sig_subpkt( sig, SIGSUBPKT_POLICY, s, strlen(s) ); build_sig_subpkt( sig, SIGSUBPKT_POLICY, s, strlen(s) );
if(opt.show_policy_url)
show_policy_url(sig,0);
} }
m_free(s);
} }
@ -499,7 +519,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
if (sig->version >= 4) if (sig->version >= 4)
build_sig_subpkt_from_sig (sig); build_sig_subpkt_from_sig (sig);
mk_notation_and_policy (sig); mk_notation_and_policy (sig, NULL);
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
md_final (md); md_final (md);
@ -1115,7 +1135,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
rc = (*mksubpkt)( sig, opaque ); rc = (*mksubpkt)( sig, opaque );
if( !rc ) { if( !rc ) {
mk_notation_and_policy( sig ); mk_notation_and_policy( sig, pk );
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
md_final(md); md_final(md);