From e825aea2ba3529c333d7ec2c76e63998cb83d999 Mon Sep 17 00:00:00 2001
From: Stephan Mueller <smueller@chronox.de>
Date: Tue, 19 Feb 2019 08:14:41 +0100
Subject: [PATCH] gpg: expand GPG groups when resolving a key

* g10/expand-group.c: New
* g10/pkclist.c: Extract expand_group and expand_id into expand-group.c.
* g10/keydb.h: Add prototypes of expand_id and expand_group.
* g10/getkey.c: Use expand_group before resolving key references.
* g10/Makefile.am: Compile expand-group.c.
--

When searching a key by its name, try to expand the provided name in
case it is a GPG group reference. This GPG group resolution is performed
before the individual keys are verified.

This allows key listing using a GPG group reference. In particular, this
modification fixes the encryption to group support in KDE's Kmail which
is broken since version 18.04.

Signed-off-by: Stephan Mueller <stephan.mueller@atsec.com>

- Changed new filename to use a dash instead of an underscore.
- Indendation changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/Makefile.am    |  1 +
 g10/expand-group.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++
 g10/getkey.c       | 26 +++++++++++++++--
 g10/keydb.h        |  2 ++
 g10/pkclist.c      | 49 -------------------------------
 5 files changed, 99 insertions(+), 52 deletions(-)
 create mode 100644 g10/expand-group.c

diff --git a/g10/Makefile.am b/g10/Makefile.am
index 884b4749b..ba297cfc9 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -99,6 +99,7 @@ common_source =  \
 	      filter.h		\
 	      free-packet.c	\
 	      getkey.c		\
+	      expand-group.c	\
 	      keydb.c keydb.h    \
 	      keyring.c keyring.h \
 	      seskey.c		\
diff --git a/g10/expand-group.c b/g10/expand-group.c
new file mode 100644
index 000000000..e09a4fff6
--- /dev/null
+++ b/g10/expand-group.c
@@ -0,0 +1,73 @@
+/* expand-group.c - expand GPG group definitions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ *               2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "keydb.h"
+
+int
+expand_id (const char *id, strlist_t *into, unsigned int flags)
+{
+  struct groupitem *groups;
+  int count=0;
+
+  for (groups = opt.grouplist; groups; groups=groups->next)
+    {
+      /* need strcasecmp() here, as this should be localized */
+      if (strcasecmp (groups->name,id) == 0)
+	 {
+	   strlist_t each,sl;
+
+	   /* This maintains the current utf8-ness */
+	   for (each = groups->values; each; each=each->next)
+	     {
+	       sl = add_to_strlist (into, each->d);
+	       sl->flags = flags;
+	       count++;
+	     }
+
+	   break;
+	 }
+    }
+
+  return count;
+}
+
+/* For simplicity, and to avoid potential loops, we only expand once -
+ * you can't make an alias that points to an alias.  */
+strlist_t
+expand_group (strlist_t input)
+{
+  strlist_t output = NULL;
+  strlist_t sl, rover;
+
+  for (rover = input; rover; rover = rover->next)
+    if (!(rover->flags & PK_LIST_FROM_FILE)
+        && !expand_id (rover->d, &output, rover->flags))
+      {
+	 /* Didn't find any groups, so use the existing string */
+	 sl = add_to_strlist (&output, rover->d);
+	 sl->flags = rover->flags;
+      }
+
+  return output;
+}
diff --git a/g10/getkey.c b/g10/getkey.c
index 55cb6d090..2bf42a677 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -729,7 +729,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
 {
   int rc = 0;
   int n;
-  strlist_t r;
+  strlist_t r, namelist_expanded = NULL, link = NULL;
   GETKEY_CTX ctx;
   KBNODE help_kb = NULL;
   KBNODE found_key = NULL;
@@ -758,6 +758,19 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
     }
   else
     {
+      namelist_expanded = expand_group (namelist);
+
+      /* Chain namelist and namelist_expanded */
+      for (r = namelist; r; r = r->next)
+        {
+	  if (!r->next)
+	    {
+	      r->next = namelist_expanded;
+	      link = r;
+	      break;
+	    }
+	 }
+
       /* Build the search context.  */
       for (n = 0, r = namelist; r; r = r->next)
 	n++;
@@ -779,7 +792,8 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
 	  if (err)
 	    {
 	      xfree (ctx);
-	      return gpg_err_code (err); /* FIXME: remove gpg_err_code.  */
+	      rc = gpg_err_code (err); /* FIXME: remove gpg_err_code.  */
+	      goto leave;
 	    }
 	  if (!include_unusable
 	      && ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID
@@ -798,7 +812,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
     {
       rc = gpg_error_from_syserror ();
       getkey_end (ctrl, ctx);
-      return rc;
+      goto leave;
     }
 
   if (!ret_kb)
@@ -829,6 +843,12 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
       getkey_end (ctrl, ctx);
     }
 
+leave:
+  if (namelist_expanded)
+    free_strlist(namelist_expanded);
+  /* Un-chain namelist and namelist_expanded */
+  if (link)
+    link->next = NULL;
   return rc;
 }
 
diff --git a/g10/keydb.h b/g10/keydb.h
index 72ba98d04..6fbc432fd 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -261,6 +261,8 @@ void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode );
 int  check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
 
 void release_pk_list (PK_LIST pk_list);
+int expand_id (const char *id, strlist_t *into, unsigned int flags);
+strlist_t expand_group (strlist_t input);
 int  build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);
 gpg_error_t find_and_check_key (ctrl_t ctrl,
                                 const char *name, unsigned int use,
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 36ec4757e..996b3ba6e 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -759,55 +759,6 @@ default_recipient (ctrl_t ctrl)
 }
 
 
-static int
-expand_id(const char *id,strlist_t *into,unsigned int flags)
-{
-  struct groupitem *groups;
-  int count=0;
-
-  for(groups=opt.grouplist;groups;groups=groups->next)
-    {
-      /* need strcasecmp() here, as this should be localized */
-      if(strcasecmp(groups->name,id)==0)
-	{
-	  strlist_t each,sl;
-
-	  /* this maintains the current utf8-ness */
-	  for(each=groups->values;each;each=each->next)
-	    {
-	      sl=add_to_strlist(into,each->d);
-	      sl->flags=flags;
-	      count++;
-	    }
-
-	  break;
-	}
-    }
-
-  return count;
-}
-
-/* For simplicity, and to avoid potential loops, we only expand once -
- * you can't make an alias that points to an alias.  */
-static strlist_t
-expand_group (strlist_t input)
-{
-  strlist_t output = NULL;
-  strlist_t sl, rover;
-
-  for (rover = input; rover; rover = rover->next)
-    if (!(rover->flags & PK_LIST_FROM_FILE)
-        && !expand_id(rover->d,&output,rover->flags))
-      {
-	/* Didn't find any groups, so use the existing string */
-	sl=add_to_strlist(&output,rover->d);
-	sl->flags=rover->flags;
-      }
-
-  return output;
-}
-
-
 /* Helper for build_pk_list to find and check one key.  This helper is
  * also used directly in server mode by the RECIPIENTS command.  On
  * success the new key is added to PK_LIST_ADDR.  NAME is the user id