mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
Allow policy URLs with %-expandos in them. This allows policy URLs like
"http://notary.jabberwocky.com/keysign/%K" to create a per-signature policy URL. Use the new generic %-handler for the photo ID stuff as well. Display policy URLs and notations during signature generation if --show-policy-url/--show-notation is set.
This commit is contained in:
parent
02fe4b0185
commit
9057172a92
@ -1,3 +1,21 @@
|
|||||||
|
2002-02-04 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* main.h, misc.c (pct_expando): New function to generalize
|
||||||
|
%-expando processing in any arbitrary string.
|
||||||
|
|
||||||
|
* photoid.c (show_photo): Call the new pct_expando function rather
|
||||||
|
than expand strings internally.
|
||||||
|
|
||||||
|
* sign.c (mk_notation_and_policy): Show policy URLs and notations
|
||||||
|
when making a signature if show-policy/show-notation is on.
|
||||||
|
%-expand policy URLs during generation. This lets the user have
|
||||||
|
policy URLs of the form "http://notary.jabberwocky.com/keysign/%K"
|
||||||
|
which will generate a per-signature policy URL.
|
||||||
|
|
||||||
|
* main.h, keylist.c (show_policy_url, show_notation): Add amount
|
||||||
|
to indent so the same function can be used in key listings as well
|
||||||
|
as during sig generation. Change all callers.
|
||||||
|
|
||||||
2002-02-04 David Shaw <dshaw@jabberwocky.com>
|
2002-02-04 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* keyserver.c, options.h (parse_keyserver_options, keyidlist):
|
* keyserver.c, options.h (parse_keyserver_options, keyidlist):
|
||||||
|
@ -148,10 +148,10 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
|
|||||||
tty_printf("\n");
|
tty_printf("\n");
|
||||||
|
|
||||||
if(sig->flags.policy_url && opt.show_policy_url)
|
if(sig->flags.policy_url && opt.show_policy_url)
|
||||||
show_policy_url(sig);
|
show_policy_url(sig,3);
|
||||||
|
|
||||||
if(sig->flags.notation && opt.show_notation)
|
if(sig->flags.notation && opt.show_notation)
|
||||||
show_notation(sig);
|
show_notation(sig,3);
|
||||||
}
|
}
|
||||||
|
|
||||||
return (sigrc == '!');
|
return (sigrc == '!');
|
||||||
|
@ -65,7 +65,7 @@ secret_key_list( STRLIST list )
|
|||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
show_policy_url(PKT_signature *sig)
|
show_policy_url(PKT_signature *sig,int indent)
|
||||||
{
|
{
|
||||||
const byte *p;
|
const byte *p;
|
||||||
size_t len;
|
size_t len;
|
||||||
@ -73,15 +73,20 @@ show_policy_url(PKT_signature *sig)
|
|||||||
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len);
|
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len);
|
||||||
if(p)
|
if(p)
|
||||||
{
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
for(i=0;i<indent;i++)
|
||||||
|
putchar(' ');
|
||||||
|
|
||||||
/* This isn't UTF8 as it is a URL(?) */
|
/* This isn't UTF8 as it is a URL(?) */
|
||||||
printf(" %s: ",_("Signature policy"));
|
printf(_("Signature policy: "));
|
||||||
print_string(stdout,p,len,0);
|
print_string(stdout,p,len,0);
|
||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
show_notation(PKT_signature *sig)
|
show_notation(PKT_signature *sig,int indent)
|
||||||
{
|
{
|
||||||
const byte *p;
|
const byte *p;
|
||||||
size_t len;
|
size_t len;
|
||||||
@ -92,7 +97,8 @@ show_notation(PKT_signature *sig)
|
|||||||
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq)))
|
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq)))
|
||||||
if(len>=8)
|
if(len>=8)
|
||||||
{
|
{
|
||||||
int n1,n2;
|
int n1,n2,i;
|
||||||
|
|
||||||
n1=(p[4]<<8)|p[5];
|
n1=(p[4]<<8)|p[5];
|
||||||
n2=(p[6]<<8)|p[7];
|
n2=(p[6]<<8)|p[7];
|
||||||
|
|
||||||
@ -102,8 +108,11 @@ show_notation(PKT_signature *sig)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for(i=0;i<indent;i++)
|
||||||
|
putchar(' ');
|
||||||
|
|
||||||
/* This is UTF8 */
|
/* This is UTF8 */
|
||||||
printf(" %s: ",_("Signature notation"));
|
printf(_("Signature notation: "));
|
||||||
print_utf8_string(stdout,p+8,n1);
|
print_utf8_string(stdout,p+8,n1);
|
||||||
printf("=");
|
printf("=");
|
||||||
|
|
||||||
@ -472,10 +481,10 @@ list_keyblock_print ( KBNODE keyblock, int secret )
|
|||||||
putchar('\n');
|
putchar('\n');
|
||||||
|
|
||||||
if(sig->flags.policy_url && opt.show_policy_url)
|
if(sig->flags.policy_url && opt.show_policy_url)
|
||||||
show_policy_url(sig);
|
show_policy_url(sig,3);
|
||||||
|
|
||||||
if(sig->flags.notation && opt.show_notation)
|
if(sig->flags.notation && opt.show_notation)
|
||||||
show_notation(sig);
|
show_notation(sig,3);
|
||||||
|
|
||||||
/* fixme: check or list other sigs here */
|
/* fixme: check or list other sigs here */
|
||||||
}
|
}
|
||||||
|
@ -67,6 +67,7 @@ int openpgp_pk_algo_usage ( int algo );
|
|||||||
int openpgp_md_test_algo( int algo );
|
int openpgp_md_test_algo( int algo );
|
||||||
int check_permissions(const char *path,int extension,int checkonly);
|
int check_permissions(const char *path,int extension,int checkonly);
|
||||||
void idea_cipher_warn( int show );
|
void idea_cipher_warn( int show );
|
||||||
|
char *pct_expando(const char *string,PKT_public_key *pk);
|
||||||
|
|
||||||
/*-- helptext.c --*/
|
/*-- helptext.c --*/
|
||||||
void display_online_help( const char *keyword );
|
void display_online_help( const char *keyword );
|
||||||
@ -159,8 +160,8 @@ void release_revocation_reason_info( struct revocation_reason_info *reason );
|
|||||||
void public_key_list( STRLIST list );
|
void public_key_list( STRLIST list );
|
||||||
void secret_key_list( STRLIST list );
|
void secret_key_list( STRLIST list );
|
||||||
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
|
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
|
||||||
void show_policy_url(PKT_signature *sig);
|
void show_policy_url(PKT_signature *sig,int indent);
|
||||||
void show_notation(PKT_signature *sig);
|
void show_notation(PKT_signature *sig,int indent);
|
||||||
|
|
||||||
/*-- verify.c --*/
|
/*-- verify.c --*/
|
||||||
void print_file_status( int status, const char *name, int what );
|
void print_file_status( int status, const char *name, int what );
|
||||||
|
108
g10/misc.c
108
g10/misc.c
@ -438,3 +438,111 @@ idea_cipher_warn(int show)
|
|||||||
warned=1;
|
warned=1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* The largest string we have an expando for, times two. */
|
||||||
|
#define LARGEST_EXPANDO ((MAX_FINGERPRINT_LEN*2)*2)
|
||||||
|
|
||||||
|
/* Expand %-strings */
|
||||||
|
char *
|
||||||
|
pct_expando(const char *string,PKT_public_key *pk)
|
||||||
|
{
|
||||||
|
const char *ch=string;
|
||||||
|
int idx=0,maxlen;
|
||||||
|
u32 keyid[2]={0,0};
|
||||||
|
char *ret;
|
||||||
|
|
||||||
|
keyid_from_pk(pk,keyid);
|
||||||
|
|
||||||
|
maxlen=LARGEST_EXPANDO;
|
||||||
|
ret=m_alloc(maxlen+1); /* one more to leave room for the trailing \0 */
|
||||||
|
|
||||||
|
ret[0]='\0';
|
||||||
|
|
||||||
|
while(*ch!='\0')
|
||||||
|
{
|
||||||
|
/* 8192 is way bigger than we'll need here */
|
||||||
|
if(maxlen-idx<LARGEST_EXPANDO && maxlen<8192)
|
||||||
|
{
|
||||||
|
maxlen+=LARGEST_EXPANDO;
|
||||||
|
ret=m_realloc(ret,maxlen+1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(*ch=='%')
|
||||||
|
{
|
||||||
|
ch++;
|
||||||
|
|
||||||
|
switch(*ch)
|
||||||
|
{
|
||||||
|
case 'k': /* short key id */
|
||||||
|
if(idx+8>maxlen)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
sprintf(&ret[idx],"%08lX",(ulong)keyid[1]);
|
||||||
|
idx+=8;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'K': /* long key id */
|
||||||
|
if(idx+16>maxlen)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
sprintf(&ret[idx],"%08lX%08lX",(ulong)keyid[0],(ulong)keyid[1]);
|
||||||
|
idx+=16;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'f': /* fingerprint */
|
||||||
|
{
|
||||||
|
byte array[MAX_FINGERPRINT_LEN];
|
||||||
|
size_t len;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
fingerprint_from_pk(pk,array,&len);
|
||||||
|
|
||||||
|
if(idx+(len*2)>maxlen)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
for(i=0;i<len;i++)
|
||||||
|
{
|
||||||
|
sprintf(&ret[idx],"%02X",array[i]);
|
||||||
|
idx+=2;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
|
case '%':
|
||||||
|
if(idx+1>maxlen)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
ret[idx++]='%';
|
||||||
|
ret[idx]='\0';
|
||||||
|
break;
|
||||||
|
|
||||||
|
/* Any unknown %-keys (like %i, %o, %I, and %O) are
|
||||||
|
passed through for later expansion. */
|
||||||
|
default:
|
||||||
|
if(idx+2>maxlen)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
ret[idx++]='%';
|
||||||
|
ret[idx++]=*ch;
|
||||||
|
ret[idx]='\0';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if(idx+1>maxlen)
|
||||||
|
goto fail;
|
||||||
|
|
||||||
|
ret[idx++]=*ch;
|
||||||
|
ret[idx]='\0';
|
||||||
|
}
|
||||||
|
|
||||||
|
ch++;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
|
||||||
|
fail:
|
||||||
|
m_free(ret);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
@ -32,9 +32,9 @@
|
|||||||
#include "iobuf.h"
|
#include "iobuf.h"
|
||||||
#include "memory.h"
|
#include "memory.h"
|
||||||
#include "options.h"
|
#include "options.h"
|
||||||
|
#include "main.h"
|
||||||
#include "photoid.h"
|
#include "photoid.h"
|
||||||
|
|
||||||
#define PHOTO_COMMAND_MAXLEN 1024
|
|
||||||
#define DEFAULT_PHOTO_COMMAND "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
|
#define DEFAULT_PHOTO_COMMAND "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
|
||||||
|
|
||||||
/* Generate a new photo id packet, or return NULL if canceled */
|
/* Generate a new photo id packet, or return NULL if canceled */
|
||||||
@ -148,92 +148,15 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
|
|||||||
|
|
||||||
void show_photo(const struct user_attribute *attr,PKT_public_key *pk)
|
void show_photo(const struct user_attribute *attr,PKT_public_key *pk)
|
||||||
{
|
{
|
||||||
const char *ch;
|
char *command;
|
||||||
char command[PHOTO_COMMAND_MAXLEN]={'\0'};
|
|
||||||
int size=0;
|
|
||||||
u32 keyid[2]={0,0};
|
|
||||||
struct exec_info *spawn;
|
struct exec_info *spawn;
|
||||||
|
|
||||||
keyid_from_pk(pk,keyid);
|
|
||||||
|
|
||||||
ch=opt.photo_viewer?opt.photo_viewer:DEFAULT_PHOTO_COMMAND;
|
|
||||||
|
|
||||||
/* %-expandos */
|
|
||||||
|
|
||||||
/* make command grow */
|
/* make command grow */
|
||||||
|
command=
|
||||||
|
pct_expando(opt.photo_viewer?opt.photo_viewer:DEFAULT_PHOTO_COMMAND,pk);
|
||||||
|
|
||||||
while(*ch!='\0')
|
if(!command)
|
||||||
{
|
goto fail;
|
||||||
if(*ch=='%')
|
|
||||||
{
|
|
||||||
ch++;
|
|
||||||
|
|
||||||
switch(*ch)
|
|
||||||
{
|
|
||||||
case 'k': /* short key id */
|
|
||||||
if(size+8>PHOTO_COMMAND_MAXLEN-1)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
sprintf(&command[size],"%08lX",(ulong)keyid[1]);
|
|
||||||
size+=8;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'K': /* long key id */
|
|
||||||
if(size+16>PHOTO_COMMAND_MAXLEN-1)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
sprintf(&command[size],"%08lX%08lX",
|
|
||||||
(ulong)keyid[0],(ulong)keyid[1]);
|
|
||||||
size+=16;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'f': /* fingerprint */
|
|
||||||
{
|
|
||||||
byte array[MAX_FINGERPRINT_LEN];
|
|
||||||
size_t len;
|
|
||||||
int i;
|
|
||||||
|
|
||||||
fingerprint_from_pk(pk,array,&len);
|
|
||||||
|
|
||||||
if(size+(len*2)>PHOTO_COMMAND_MAXLEN-1)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
for(i=0;i<len;i++)
|
|
||||||
{
|
|
||||||
sprintf(&command[size],"%02X",array[i]);
|
|
||||||
size+=2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
case '%':
|
|
||||||
size++;
|
|
||||||
if(size>PHOTO_COMMAND_MAXLEN-1)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
strcat(command,"%");
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
if(size+2>PHOTO_COMMAND_MAXLEN-1)
|
|
||||||
goto fail;
|
|
||||||
|
|
||||||
command[size++]='%';
|
|
||||||
command[size++]=*ch;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
command[size++]=*ch;
|
|
||||||
if(size>PHOTO_COMMAND_MAXLEN-1)
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
ch++;
|
|
||||||
}
|
|
||||||
|
|
||||||
command[PHOTO_COMMAND_MAXLEN-1]='\0';
|
|
||||||
|
|
||||||
if(exec_write(&spawn,NULL,command,1,1)!=0)
|
if(exec_write(&spawn,NULL,command,1,1)!=0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
32
g10/sign.c
32
g10/sign.c
@ -56,9 +56,10 @@
|
|||||||
* NAME=VALUE format.
|
* NAME=VALUE format.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
mk_notation_and_policy( PKT_signature *sig )
|
mk_notation_and_policy( PKT_signature *sig, PKT_public_key *pk )
|
||||||
{
|
{
|
||||||
const char *string, *s=NULL;
|
const char *string;
|
||||||
|
char *s=NULL;
|
||||||
byte *buf;
|
byte *buf;
|
||||||
unsigned n1, n2;
|
unsigned n1, n2;
|
||||||
|
|
||||||
@ -88,6 +89,9 @@ mk_notation_and_policy( PKT_signature *sig )
|
|||||||
build_sig_subpkt( sig, SIGSUBPKT_NOTATION
|
build_sig_subpkt( sig, SIGSUBPKT_NOTATION
|
||||||
| ((nd->flags & 1)? SIGSUBPKT_FLAG_CRITICAL:0),
|
| ((nd->flags & 1)? SIGSUBPKT_FLAG_CRITICAL:0),
|
||||||
buf, 8+n1+n2 );
|
buf, 8+n1+n2 );
|
||||||
|
|
||||||
|
if(opt.show_notation)
|
||||||
|
show_notation(sig,0);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -97,14 +101,25 @@ mk_notation_and_policy( PKT_signature *sig )
|
|||||||
if(sig->version<4)
|
if(sig->version<4)
|
||||||
log_info("can't put a policy URL into v3 signatures\n");
|
log_info("can't put a policy URL into v3 signatures\n");
|
||||||
else
|
else
|
||||||
s=opt.sig_policy_url;
|
s=m_strdup(opt.sig_policy_url);
|
||||||
}
|
}
|
||||||
else if( !(sig->sig_class==0 || sig->sig_class==1) && opt.cert_policy_url )
|
else if( !(sig->sig_class==0 || sig->sig_class==1) && opt.cert_policy_url )
|
||||||
{
|
{
|
||||||
if(sig->version<4)
|
if(sig->version<4)
|
||||||
log_info("can't put a policy URL into v3 key signatures\n");
|
log_info("can't put a policy URL into v3 key signatures\n");
|
||||||
else
|
else
|
||||||
s=opt.cert_policy_url;
|
if(pk)
|
||||||
|
{
|
||||||
|
s=pct_expando(opt.cert_policy_url,pk);
|
||||||
|
if(!s)
|
||||||
|
{
|
||||||
|
log_error(_("WARNING: unable to %%-expand policy url "
|
||||||
|
"(too large). Using unexpanded.\n"));
|
||||||
|
s=m_strdup(opt.cert_policy_url);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
s=m_strdup(opt.cert_policy_url);
|
||||||
}
|
}
|
||||||
|
|
||||||
if( s ) {
|
if( s ) {
|
||||||
@ -113,7 +128,12 @@ mk_notation_and_policy( PKT_signature *sig )
|
|||||||
s+1, strlen(s+1) );
|
s+1, strlen(s+1) );
|
||||||
else
|
else
|
||||||
build_sig_subpkt( sig, SIGSUBPKT_POLICY, s, strlen(s) );
|
build_sig_subpkt( sig, SIGSUBPKT_POLICY, s, strlen(s) );
|
||||||
|
|
||||||
|
if(opt.show_policy_url)
|
||||||
|
show_policy_url(sig,0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
m_free(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -499,7 +519,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
|
|||||||
|
|
||||||
if (sig->version >= 4)
|
if (sig->version >= 4)
|
||||||
build_sig_subpkt_from_sig (sig);
|
build_sig_subpkt_from_sig (sig);
|
||||||
mk_notation_and_policy (sig);
|
mk_notation_and_policy (sig, NULL);
|
||||||
|
|
||||||
hash_sigversion_to_magic (md, sig);
|
hash_sigversion_to_magic (md, sig);
|
||||||
md_final (md);
|
md_final (md);
|
||||||
@ -1115,7 +1135,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
|
|||||||
rc = (*mksubpkt)( sig, opaque );
|
rc = (*mksubpkt)( sig, opaque );
|
||||||
|
|
||||||
if( !rc ) {
|
if( !rc ) {
|
||||||
mk_notation_and_policy( sig );
|
mk_notation_and_policy( sig, pk );
|
||||||
hash_sigversion_to_magic (md, sig);
|
hash_sigversion_to_magic (md, sig);
|
||||||
md_final(md);
|
md_final(md);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user