From 9390fe676bbd619f37d147c86651f6f30a67fb9b Mon Sep 17 00:00:00 2001 From: David Shaw Date: Sat, 31 May 2003 04:06:06 +0000 Subject: [PATCH] * keylist.c (list_one): Don't show the keyring filename when in --with-colons mode. Actually translate "Keyring" string. * mainproc.c (proc_tree): We can't currently handle multiple signatures of different classes or digests (we'd pretty much have to run a different hash context for each), but if they are all the same, make an exception. This is Debian bug #194292. * sig-check.c (check_key_signature2): Make string translatable. * packet.h, getkey.c (fixup_uidnode): Mark real primary uids differently than assumed primaries. * keyedit.c (no_primary_warning): Use the differently marked primaries here in a new function to warn when an --edit-key command might rearrange the self-sig dates enough to change which uid is primary. (menu_expire, menu_set_preferences): Use no_primary_warning() here. * Makefile.am: Use @DLLIBS@ for -ldl. --- g10/ChangeLog | 24 ++++++++++++++++++++++++ g10/Makefile.am | 13 ++++--------- g10/getkey.c | 2 +- g10/keyedit.c | 38 ++++++++++++++++++++++++++++++++++++++ g10/keylist.c | 28 ++++++++++++++++------------ g10/mainproc.c | 29 ++++++++++++++++++++++++++++- g10/packet.h | 2 +- g10/sig-check.c | 5 +++-- 8 files changed, 115 insertions(+), 26 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 7f0ec9503..e37368c38 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,27 @@ +2003-05-30 David Shaw + + * keylist.c (list_one): Don't show the keyring filename when in + --with-colons mode. Actually translate "Keyring" string. + + * mainproc.c (proc_tree): We can't currently handle multiple + signatures of different classes or digests (we'd pretty much have + to run a different hash context for each), but if they are all the + same, make an exception. This is Debian bug #194292. + + * sig-check.c (check_key_signature2): Make string translatable. + + * packet.h, getkey.c (fixup_uidnode): Mark real primary uids + differently than assumed primaries. + + * keyedit.c (no_primary_warning): Use the differently marked + primaries here in a new function to warn when an --edit-key + command might rearrange the self-sig dates enough to change which + uid is primary. + (menu_expire, menu_set_preferences): Use no_primary_warning() + here. + + * Makefile.am: Use @DLLIBS@ for -ldl. + 2003-05-26 David Shaw * getkey.c (premerge_public_with_secret): Made "no secret subkey diff --git a/g10/Makefile.am b/g10/Makefile.am index c12ff46e2..a7e3117f8 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -19,7 +19,7 @@ ## Process this file with automake to produce Makefile.in -INCLUDES = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl +INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl EXTRA_DIST = options.skel # it seems that we can't use this with automake 1.5 #OMIT_DEPENDENCIES = zlib.h zconf.h @@ -27,7 +27,7 @@ libexecdir = @libexecdir@/@PACKAGE@ if ! HAVE_DOSISH_SYSTEM AM_CFLAGS = -DGNUPG_LIBEXECDIR="\"$(libexecdir)\"" endif -needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a @CAPLIBS@ +needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a #noinst_PROGRAMS = gpgd bin_PROGRAMS = gpg gpgv @@ -95,15 +95,10 @@ gpg_SOURCES = g10.c \ photoid.c photoid.h \ exec.c exec.h - - gpgv_SOURCES = gpgv.c \ $(common_source) \ verify.c - - - #gpgd_SOURCES = gpgd.c \ # ks-proto.h \ # ks-proto.c \ @@ -111,9 +106,9 @@ gpgv_SOURCES = gpgv.c \ # ks-db.h \ # $(common_source) -LDADD = $(needed_libs) @ZLIBS@ @INTLLIBS@ +LDADD = $(needed_libs) @INTLLIBS@ @CAPLIBS@ @ZLIBS@ # gpg gets LIBOBJS to add in mkdtemp if the platform doesn't have it -gpg_LDADD = @LIBOBJS@ $(LDADD) @EGDLIBS@ +gpg_LDADD = @LIBOBJS@ $(LDADD) @DLLIBS@ @EGDLIBS@ $(PROGRAMS): $(needed_libs) diff --git a/g10/getkey.c b/g10/getkey.c index 122d17f26..1944c2a8d 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1273,7 +1273,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated ) uid->is_primary = 0; p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL ); if ( p && *p ) - uid->is_primary = 1; + uid->is_primary = 2; /* We could also query this from the unhashed area if it is not in * the hased area and then later try to decide which is the better * there should be no security problem with this. diff --git a/g10/keyedit.c b/g10/keyedit.c index 017e53e0c..e1a0ab83a 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2194,6 +2194,40 @@ show_key_and_fingerprint( KBNODE keyblock ) } +/* Show a warning if no uids on the key have the primary uid flag + set. */ +static void +no_primary_warning(KBNODE keyblock, int uids) +{ + KBNODE node; + int select_all=1,have_uid=0,uid_count=0; + + if(uids) + select_all=!count_selected_uids(keyblock); + + /* TODO: if we ever start behaving differently with a primary or + non-primary attribute ID, we will need to check for attributes + here as well. */ + + for(node=keyblock; node; node = node->next) + { + if(node->pkt->pkttype==PKT_USER_ID + && node->pkt->pkt.user_id->attrib_data==NULL) + { + uid_count++; + + if((select_all || (node->flag & NODFLG_SELUID)) + && node->pkt->pkt.user_id->is_primary==2) + have_uid|=2; + else + have_uid|=1; + } + } + + if(uid_count>1 && have_uid&1 && !(have_uid&2)) + log_info(_("WARNING: no user ID has been marked as primary. This command " + "may\n cause a different user ID to become the assumed primary.\n")); +} /**************** * Ask for a new user id, do the selfsignature and put it into @@ -2721,6 +2755,8 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ) mainkey=1; } + no_primary_warning(pub_keyblock,0); + expiredate = ask_expiredate(); node = find_kbnode( sec_keyblock, PKT_SECRET_KEY ); sk = copy_secret_key( NULL, node->pkt->pkt.secret_key); @@ -2970,6 +3006,8 @@ menu_set_preferences (KBNODE pub_keyblock, KBNODE sec_keyblock ) int selected, select_all; int modified = 0; + no_primary_warning(pub_keyblock,1); + select_all = !count_selected_uids (pub_keyblock); node = find_kbnode( sec_keyblock, PKT_SECRET_KEY ); diff --git a/g10/keylist.c b/g10/keylist.c index f2c387b02..68d725753 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -230,16 +230,20 @@ list_all( int secret ) log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); goto leave; } - resname = keydb_get_resource_name (hd); - if (lastresname != resname ) { - int i; + if(!opt.with_colons) + { + resname = keydb_get_resource_name (hd); + if (lastresname != resname ) + { + int i; - printf("%s\n", resname ); - for(i=strlen(resname); i; i-- ) - putchar('-'); - putchar('\n'); - lastresname = resname; - } + printf("%s\n", resname ); + for(i=strlen(resname); i; i-- ) + putchar('-'); + putchar('\n'); + lastresname = resname; + } + } merge_keys_and_selfsig( keyblock ); list_keyblock( keyblock, secret, opt.fingerprint, opt.check_sigs?&stats:NULL); @@ -265,7 +269,7 @@ list_one( STRLIST names, int secret ) KBNODE keyblock = NULL; GETKEY_CTX ctx; const char *resname; - char *keyring_str = N_("Keyring"); + char *keyring_str = _("Keyring"); int i; struct sig_stats stats; @@ -288,7 +292,7 @@ list_one( STRLIST names, int secret ) return; } do { - if (opt.show_keyring) { + if (opt.show_keyring && !opt.with_colons) { resname = keydb_get_resource_name (get_ctx_handle(ctx)); printf("%s: %s\n", keyring_str, resname); for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- ) @@ -308,7 +312,7 @@ list_one( STRLIST names, int secret ) return; } do { - if (opt.show_keyring) { + if (opt.show_keyring && !opt.with_colons) { resname = keydb_get_resource_name (get_ctx_handle(ctx)); printf("%s: %s\n", keyring_str, resname); for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- ) diff --git a/g10/mainproc.c b/g10/mainproc.c index a801f5ea9..b1158a5b0 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1625,6 +1625,30 @@ proc_tree( CTX c, KBNODE node ) } else if( node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; + int multiple_ok=1; + + n1=find_next_kbnode(node, PKT_SIGNATURE); + if(n1) + { + byte class=sig->sig_class; + byte hash=sig->digest_algo; + + for(; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE))) + { + /* We can't currently handle multiple signatures of + different classes or digests (we'd pretty much have + to run a different hash context for each), but if + they are all the same, make an exception. */ + if(n1->pkt->pkt.signature->sig_class!=class + || n1->pkt->pkt.signature->digest_algo!=hash) + { + multiple_ok=0; + log_info(_("WARNING: multiple signatures detected. " + "Only the first will be checked.\n")); + break; + } + } + } if( sig->sig_class != 0x00 && sig->sig_class != 0x01 ) log_info(_("standalone signature of class 0x%02x\n"), @@ -1686,8 +1710,11 @@ proc_tree( CTX c, KBNODE node ) else if (!opt.quiet) log_info(_("old style (PGP 2.x) signature\n")); - for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) ) + if(multiple_ok) + for( n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )) ) check_sig_and_print( c, n1 ); + else + check_sig_and_print( c, node ); } else { dump_kbnode (c->list); diff --git a/g10/packet.h b/g10/packet.h index 290afac68..c391c53a4 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -173,7 +173,7 @@ typedef struct { u32 help_key_expire; int help_full_count; int help_marginal_count; - int is_primary; + int is_primary; /* 2 if set via the primary flag, 1 if calculated */ int is_revoked; int is_expired; u32 expiredate; /* expires at this date or 0 if not at all */ diff --git a/g10/sig-check.c b/g10/sig-check.c index 107cac5bb..c99187928 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -575,8 +575,9 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, } else { if (opt.verbose) - log_info ("key %08lX: no subkey for subkey binding packet\n", - (ulong)keyid_from_pk (pk, NULL)); + log_info(_("key %08lX: no subkey for subkey " + "binding signature\n"), + (ulong)keyid_from_pk (pk, NULL)); rc = G10ERR_SIG_CLASS; } }