mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-25 15:27:03 +01:00
Allow policy URLs with %-expandos in them. This allows policy URLs like
"http://notary.jabberwocky.com/keysign/%K" to create a per-signature policy URL. Use the new generic %-handler for the photo ID stuff as well. Display policy URLs and notations during signature generation if --show-policy-url/--show-notation is set.
This commit is contained in:
parent
02fe4b0185
commit
9057172a92
@ -1,3 +1,21 @@
|
||||
2002-02-04 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* main.h, misc.c (pct_expando): New function to generalize
|
||||
%-expando processing in any arbitrary string.
|
||||
|
||||
* photoid.c (show_photo): Call the new pct_expando function rather
|
||||
than expand strings internally.
|
||||
|
||||
* sign.c (mk_notation_and_policy): Show policy URLs and notations
|
||||
when making a signature if show-policy/show-notation is on.
|
||||
%-expand policy URLs during generation. This lets the user have
|
||||
policy URLs of the form "http://notary.jabberwocky.com/keysign/%K"
|
||||
which will generate a per-signature policy URL.
|
||||
|
||||
* main.h, keylist.c (show_policy_url, show_notation): Add amount
|
||||
to indent so the same function can be used in key listings as well
|
||||
as during sig generation. Change all callers.
|
||||
|
||||
2002-02-04 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyserver.c, options.h (parse_keyserver_options, keyidlist):
|
||||
|
@ -148,10 +148,10 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node,
|
||||
tty_printf("\n");
|
||||
|
||||
if(sig->flags.policy_url && opt.show_policy_url)
|
||||
show_policy_url(sig);
|
||||
show_policy_url(sig,3);
|
||||
|
||||
if(sig->flags.notation && opt.show_notation)
|
||||
show_notation(sig);
|
||||
show_notation(sig,3);
|
||||
}
|
||||
|
||||
return (sigrc == '!');
|
||||
|
@ -65,7 +65,7 @@ secret_key_list( STRLIST list )
|
||||
}
|
||||
|
||||
void
|
||||
show_policy_url(PKT_signature *sig)
|
||||
show_policy_url(PKT_signature *sig,int indent)
|
||||
{
|
||||
const byte *p;
|
||||
size_t len;
|
||||
@ -73,15 +73,20 @@ show_policy_url(PKT_signature *sig)
|
||||
p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len);
|
||||
if(p)
|
||||
{
|
||||
int i;
|
||||
|
||||
for(i=0;i<indent;i++)
|
||||
putchar(' ');
|
||||
|
||||
/* This isn't UTF8 as it is a URL(?) */
|
||||
printf(" %s: ",_("Signature policy"));
|
||||
printf(_("Signature policy: "));
|
||||
print_string(stdout,p,len,0);
|
||||
printf("\n");
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
show_notation(PKT_signature *sig)
|
||||
show_notation(PKT_signature *sig,int indent)
|
||||
{
|
||||
const byte *p;
|
||||
size_t len;
|
||||
@ -92,7 +97,8 @@ show_notation(PKT_signature *sig)
|
||||
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq)))
|
||||
if(len>=8)
|
||||
{
|
||||
int n1,n2;
|
||||
int n1,n2,i;
|
||||
|
||||
n1=(p[4]<<8)|p[5];
|
||||
n2=(p[6]<<8)|p[7];
|
||||
|
||||
@ -102,8 +108,11 @@ show_notation(PKT_signature *sig)
|
||||
return;
|
||||
}
|
||||
|
||||
for(i=0;i<indent;i++)
|
||||
putchar(' ');
|
||||
|
||||
/* This is UTF8 */
|
||||
printf(" %s: ",_("Signature notation"));
|
||||
printf(_("Signature notation: "));
|
||||
print_utf8_string(stdout,p+8,n1);
|
||||
printf("=");
|
||||
|
||||
@ -472,10 +481,10 @@ list_keyblock_print ( KBNODE keyblock, int secret )
|
||||
putchar('\n');
|
||||
|
||||
if(sig->flags.policy_url && opt.show_policy_url)
|
||||
show_policy_url(sig);
|
||||
show_policy_url(sig,3);
|
||||
|
||||
if(sig->flags.notation && opt.show_notation)
|
||||
show_notation(sig);
|
||||
show_notation(sig,3);
|
||||
|
||||
/* fixme: check or list other sigs here */
|
||||
}
|
||||
|
@ -67,6 +67,7 @@ int openpgp_pk_algo_usage ( int algo );
|
||||
int openpgp_md_test_algo( int algo );
|
||||
int check_permissions(const char *path,int extension,int checkonly);
|
||||
void idea_cipher_warn( int show );
|
||||
char *pct_expando(const char *string,PKT_public_key *pk);
|
||||
|
||||
/*-- helptext.c --*/
|
||||
void display_online_help( const char *keyword );
|
||||
@ -159,8 +160,8 @@ void release_revocation_reason_info( struct revocation_reason_info *reason );
|
||||
void public_key_list( STRLIST list );
|
||||
void secret_key_list( STRLIST list );
|
||||
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
|
||||
void show_policy_url(PKT_signature *sig);
|
||||
void show_notation(PKT_signature *sig);
|
||||
void show_policy_url(PKT_signature *sig,int indent);
|
||||
void show_notation(PKT_signature *sig,int indent);
|
||||
|
||||
/*-- verify.c --*/
|
||||
void print_file_status( int status, const char *name, int what );
|
||||
|
108
g10/misc.c
108
g10/misc.c
@ -438,3 +438,111 @@ idea_cipher_warn(int show)
|
||||
warned=1;
|
||||
}
|
||||
}
|
||||
|
||||
/* The largest string we have an expando for, times two. */
|
||||
#define LARGEST_EXPANDO ((MAX_FINGERPRINT_LEN*2)*2)
|
||||
|
||||
/* Expand %-strings */
|
||||
char *
|
||||
pct_expando(const char *string,PKT_public_key *pk)
|
||||
{
|
||||
const char *ch=string;
|
||||
int idx=0,maxlen;
|
||||
u32 keyid[2]={0,0};
|
||||
char *ret;
|
||||
|
||||
keyid_from_pk(pk,keyid);
|
||||
|
||||
maxlen=LARGEST_EXPANDO;
|
||||
ret=m_alloc(maxlen+1); /* one more to leave room for the trailing \0 */
|
||||
|
||||
ret[0]='\0';
|
||||
|
||||
while(*ch!='\0')
|
||||
{
|
||||
/* 8192 is way bigger than we'll need here */
|
||||
if(maxlen-idx<LARGEST_EXPANDO && maxlen<8192)
|
||||
{
|
||||
maxlen+=LARGEST_EXPANDO;
|
||||
ret=m_realloc(ret,maxlen+1);
|
||||
}
|
||||
|
||||
if(*ch=='%')
|
||||
{
|
||||
ch++;
|
||||
|
||||
switch(*ch)
|
||||
{
|
||||
case 'k': /* short key id */
|
||||
if(idx+8>maxlen)
|
||||
goto fail;
|
||||
|
||||
sprintf(&ret[idx],"%08lX",(ulong)keyid[1]);
|
||||
idx+=8;
|
||||
break;
|
||||
|
||||
case 'K': /* long key id */
|
||||
if(idx+16>maxlen)
|
||||
goto fail;
|
||||
|
||||
sprintf(&ret[idx],"%08lX%08lX",(ulong)keyid[0],(ulong)keyid[1]);
|
||||
idx+=16;
|
||||
break;
|
||||
|
||||
case 'f': /* fingerprint */
|
||||
{
|
||||
byte array[MAX_FINGERPRINT_LEN];
|
||||
size_t len;
|
||||
int i;
|
||||
|
||||
fingerprint_from_pk(pk,array,&len);
|
||||
|
||||
if(idx+(len*2)>maxlen)
|
||||
goto fail;
|
||||
|
||||
for(i=0;i<len;i++)
|
||||
{
|
||||
sprintf(&ret[idx],"%02X",array[i]);
|
||||
idx+=2;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case '%':
|
||||
if(idx+1>maxlen)
|
||||
goto fail;
|
||||
|
||||
ret[idx++]='%';
|
||||
ret[idx]='\0';
|
||||
break;
|
||||
|
||||
/* Any unknown %-keys (like %i, %o, %I, and %O) are
|
||||
passed through for later expansion. */
|
||||
default:
|
||||
if(idx+2>maxlen)
|
||||
goto fail;
|
||||
|
||||
ret[idx++]='%';
|
||||
ret[idx++]=*ch;
|
||||
ret[idx]='\0';
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if(idx+1>maxlen)
|
||||
goto fail;
|
||||
|
||||
ret[idx++]=*ch;
|
||||
ret[idx]='\0';
|
||||
}
|
||||
|
||||
ch++;
|
||||
}
|
||||
|
||||
return ret;
|
||||
|
||||
fail:
|
||||
m_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -32,9 +32,9 @@
|
||||
#include "iobuf.h"
|
||||
#include "memory.h"
|
||||
#include "options.h"
|
||||
#include "main.h"
|
||||
#include "photoid.h"
|
||||
|
||||
#define PHOTO_COMMAND_MAXLEN 1024
|
||||
#define DEFAULT_PHOTO_COMMAND "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
|
||||
|
||||
/* Generate a new photo id packet, or return NULL if canceled */
|
||||
@ -148,92 +148,15 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
|
||||
|
||||
void show_photo(const struct user_attribute *attr,PKT_public_key *pk)
|
||||
{
|
||||
const char *ch;
|
||||
char command[PHOTO_COMMAND_MAXLEN]={'\0'};
|
||||
int size=0;
|
||||
u32 keyid[2]={0,0};
|
||||
char *command;
|
||||
struct exec_info *spawn;
|
||||
|
||||
keyid_from_pk(pk,keyid);
|
||||
|
||||
ch=opt.photo_viewer?opt.photo_viewer:DEFAULT_PHOTO_COMMAND;
|
||||
|
||||
/* %-expandos */
|
||||
|
||||
/* make command grow */
|
||||
command=
|
||||
pct_expando(opt.photo_viewer?opt.photo_viewer:DEFAULT_PHOTO_COMMAND,pk);
|
||||
|
||||
while(*ch!='\0')
|
||||
{
|
||||
if(*ch=='%')
|
||||
{
|
||||
ch++;
|
||||
|
||||
switch(*ch)
|
||||
{
|
||||
case 'k': /* short key id */
|
||||
if(size+8>PHOTO_COMMAND_MAXLEN-1)
|
||||
goto fail;
|
||||
|
||||
sprintf(&command[size],"%08lX",(ulong)keyid[1]);
|
||||
size+=8;
|
||||
break;
|
||||
|
||||
case 'K': /* long key id */
|
||||
if(size+16>PHOTO_COMMAND_MAXLEN-1)
|
||||
goto fail;
|
||||
|
||||
sprintf(&command[size],"%08lX%08lX",
|
||||
(ulong)keyid[0],(ulong)keyid[1]);
|
||||
size+=16;
|
||||
break;
|
||||
|
||||
case 'f': /* fingerprint */
|
||||
{
|
||||
byte array[MAX_FINGERPRINT_LEN];
|
||||
size_t len;
|
||||
int i;
|
||||
|
||||
fingerprint_from_pk(pk,array,&len);
|
||||
|
||||
if(size+(len*2)>PHOTO_COMMAND_MAXLEN-1)
|
||||
goto fail;
|
||||
|
||||
for(i=0;i<len;i++)
|
||||
{
|
||||
sprintf(&command[size],"%02X",array[i]);
|
||||
size+=2;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case '%':
|
||||
size++;
|
||||
if(size>PHOTO_COMMAND_MAXLEN-1)
|
||||
goto fail;
|
||||
|
||||
strcat(command,"%");
|
||||
break;
|
||||
|
||||
default:
|
||||
if(size+2>PHOTO_COMMAND_MAXLEN-1)
|
||||
goto fail;
|
||||
|
||||
command[size++]='%';
|
||||
command[size++]=*ch;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
command[size++]=*ch;
|
||||
if(size>PHOTO_COMMAND_MAXLEN-1)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
ch++;
|
||||
}
|
||||
|
||||
command[PHOTO_COMMAND_MAXLEN-1]='\0';
|
||||
if(!command)
|
||||
goto fail;
|
||||
|
||||
if(exec_write(&spawn,NULL,command,1,1)!=0)
|
||||
goto fail;
|
||||
|
32
g10/sign.c
32
g10/sign.c
@ -56,9 +56,10 @@
|
||||
* NAME=VALUE format.
|
||||
*/
|
||||
static void
|
||||
mk_notation_and_policy( PKT_signature *sig )
|
||||
mk_notation_and_policy( PKT_signature *sig, PKT_public_key *pk )
|
||||
{
|
||||
const char *string, *s=NULL;
|
||||
const char *string;
|
||||
char *s=NULL;
|
||||
byte *buf;
|
||||
unsigned n1, n2;
|
||||
|
||||
@ -88,6 +89,9 @@ mk_notation_and_policy( PKT_signature *sig )
|
||||
build_sig_subpkt( sig, SIGSUBPKT_NOTATION
|
||||
| ((nd->flags & 1)? SIGSUBPKT_FLAG_CRITICAL:0),
|
||||
buf, 8+n1+n2 );
|
||||
|
||||
if(opt.show_notation)
|
||||
show_notation(sig,0);
|
||||
}
|
||||
}
|
||||
|
||||
@ -97,14 +101,25 @@ mk_notation_and_policy( PKT_signature *sig )
|
||||
if(sig->version<4)
|
||||
log_info("can't put a policy URL into v3 signatures\n");
|
||||
else
|
||||
s=opt.sig_policy_url;
|
||||
s=m_strdup(opt.sig_policy_url);
|
||||
}
|
||||
else if( !(sig->sig_class==0 || sig->sig_class==1) && opt.cert_policy_url )
|
||||
{
|
||||
if(sig->version<4)
|
||||
log_info("can't put a policy URL into v3 key signatures\n");
|
||||
else
|
||||
s=opt.cert_policy_url;
|
||||
if(pk)
|
||||
{
|
||||
s=pct_expando(opt.cert_policy_url,pk);
|
||||
if(!s)
|
||||
{
|
||||
log_error(_("WARNING: unable to %%-expand policy url "
|
||||
"(too large). Using unexpanded.\n"));
|
||||
s=m_strdup(opt.cert_policy_url);
|
||||
}
|
||||
}
|
||||
else
|
||||
s=m_strdup(opt.cert_policy_url);
|
||||
}
|
||||
|
||||
if( s ) {
|
||||
@ -113,7 +128,12 @@ mk_notation_and_policy( PKT_signature *sig )
|
||||
s+1, strlen(s+1) );
|
||||
else
|
||||
build_sig_subpkt( sig, SIGSUBPKT_POLICY, s, strlen(s) );
|
||||
|
||||
if(opt.show_policy_url)
|
||||
show_policy_url(sig,0);
|
||||
}
|
||||
|
||||
m_free(s);
|
||||
}
|
||||
|
||||
|
||||
@ -499,7 +519,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
|
||||
|
||||
if (sig->version >= 4)
|
||||
build_sig_subpkt_from_sig (sig);
|
||||
mk_notation_and_policy (sig);
|
||||
mk_notation_and_policy (sig, NULL);
|
||||
|
||||
hash_sigversion_to_magic (md, sig);
|
||||
md_final (md);
|
||||
@ -1115,7 +1135,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
|
||||
rc = (*mksubpkt)( sig, opaque );
|
||||
|
||||
if( !rc ) {
|
||||
mk_notation_and_policy( sig );
|
||||
mk_notation_and_policy( sig, pk );
|
||||
hash_sigversion_to_magic (md, sig);
|
||||
md_final(md);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user