security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

gpg: expand GPG groups when resolving a key

Browse Source 
* g10/expand-group.c: New
* g10/pkclist.c: Extract expand_group and expand_id into expand-group.c.
* g10/keydb.h: Add prototypes of expand_id and expand_group.
* g10/getkey.c: Use expand_group before resolving key references.
* g10/Makefile.am: Compile expand-group.c.
--

When searching a key by its name, try to expand the provided name in
case it is a GPG group reference. This GPG group resolution is performed
before the individual keys are verified.

This allows key listing using a GPG group reference. In particular, this
modification fixes the encryption to group support in KDE's Kmail which
is broken since version 18.04.

Signed-off-by: Stephan Mueller <stephan.mueller@atsec.com>

- Changed new filename to use a dash instead of an underscore.
- Indendation changes.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Stephan Mueller 2019-02-19 08:14:41 +01:00 committed by Werner Koch
parent d9c4c3776b
commit e825aea2ba
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 99 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
g10/Makefile.am
View File

@ -99,6 +99,7 @@ common_source = \
filter.h \ filter.h \
free-packet.c \ free-packet.c \
getkey.c \ getkey.c \
expand-group.c \
keydb.c keydb.h \ keydb.c keydb.h \
keyring.c keyring.h \ keyring.c keyring.h \
seskey.c \ seskey.c \

73
g10/expand-group.c Normal file
View File

@ -0,0 +1,73 @@
/* expand-group.c - expand GPG group definitions
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008, 2009, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#include <config.h>
#include "gpg.h"
#include "options.h"
#include "keydb.h"
int
expand_id (const char *id, strlist_t *into, unsigned int flags)
{
struct groupitem *groups;
int count=0;
for (groups = opt.grouplist; groups; groups=groups->next)
{
/* need strcasecmp() here, as this should be localized */
if (strcasecmp (groups->name,id) == 0)
{
strlist_t each,sl;
/* This maintains the current utf8-ness */
for (each = groups->values; each; each=each->next)
{
sl = add_to_strlist (into, each->d);
sl->flags = flags;
count++;
}
break;
}
}
return count;
}
/* For simplicity, and to avoid potential loops, we only expand once -
* you can't make an alias that points to an alias. */
strlist_t
expand_group (strlist_t input)
{
strlist_t output = NULL;
strlist_t sl, rover;
for (rover = input; rover; rover = rover->next)
if (!(rover->flags & PK_LIST_FROM_FILE)
&& !expand_id (rover->d, &output, rover->flags))
{
/* Didn't find any groups, so use the existing string */
sl = add_to_strlist (&output, rover->d);
sl->flags = rover->flags;
}
return output;
}

26
g10/getkey.c
View File

@ -729,7 +729,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
{ {
int rc = 0; int rc = 0;
int n; int n;
strlist_t r; strlist_t r, namelist_expanded = NULL, link = NULL;
GETKEY_CTX ctx; GETKEY_CTX ctx;
KBNODE help_kb = NULL; KBNODE help_kb = NULL;
KBNODE found_key = NULL; KBNODE found_key = NULL;
@ -758,6 +758,19 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
} }
else else
{ {
namelist_expanded = expand_group (namelist);
/* Chain namelist and namelist_expanded */
for (r = namelist; r; r = r->next)
{
if (!r->next)
{
r->next = namelist_expanded;
link = r;
break;
}
}
/* Build the search context. */ /* Build the search context. */
for (n = 0, r = namelist; r; r = r->next) for (n = 0, r = namelist; r; r = r->next)
n++; n++;
@ -779,7 +792,8 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
if (err) if (err)
{ {
xfree (ctx); xfree (ctx);
return gpg_err_code (err); /* FIXME: remove gpg_err_code. */ rc = gpg_err_code (err); /* FIXME: remove gpg_err_code. */
goto leave;
} }
if (!include_unusable if (!include_unusable
&& ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID && ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID
@ -798,7 +812,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
{ {
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();
getkey_end (ctrl, ctx); getkey_end (ctrl, ctx);
return rc; goto leave;
} }
if (!ret_kb) if (!ret_kb)
@ -829,6 +843,12 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
getkey_end (ctrl, ctx); getkey_end (ctrl, ctx);
} }
leave:
if (namelist_expanded)
free_strlist(namelist_expanded);
/* Un-chain namelist and namelist_expanded */
if (link)
link->next = NULL;
return rc; return rc;
} }

2
g10/keydb.h
View File

@ -261,6 +261,8 @@ void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode );
int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig); int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
void release_pk_list (PK_LIST pk_list); void release_pk_list (PK_LIST pk_list);
int expand_id (const char *id, strlist_t *into, unsigned int flags);
strlist_t expand_group (strlist_t input);
int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list); int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);
gpg_error_t find_and_check_key (ctrl_t ctrl, gpg_error_t find_and_check_key (ctrl_t ctrl,
const char *name, unsigned int use, const char *name, unsigned int use,

49
g10/pkclist.c
View File

@ -759,55 +759,6 @@ default_recipient (ctrl_t ctrl)
} }
static int
expand_id(const char *id,strlist_t *into,unsigned int flags)
{
struct groupitem *groups;
int count=0;
for(groups=opt.grouplist;groups;groups=groups->next)
{
/* need strcasecmp() here, as this should be localized */
if(strcasecmp(groups->name,id)==0)
{
strlist_t each,sl;
/* this maintains the current utf8-ness */
for(each=groups->values;each;each=each->next)
{
sl=add_to_strlist(into,each->d);
sl->flags=flags;
count++;
}
break;
}
}
return count;
}
/* For simplicity, and to avoid potential loops, we only expand once -
* you can't make an alias that points to an alias. */
static strlist_t
expand_group (strlist_t input)
{
strlist_t output = NULL;
strlist_t sl, rover;
for (rover = input; rover; rover = rover->next)
if (!(rover->flags & PK_LIST_FROM_FILE)
&& !expand_id(rover->d,&output,rover->flags))
{
/* Didn't find any groups, so use the existing string */
sl=add_to_strlist(&output,rover->d);
sl->flags=rover->flags;
}
return output;
}
/* Helper for build_pk_list to find and check one key. This helper is /* Helper for build_pk_list to find and check one key. This helper is
* also used directly in server mode by the RECIPIENTS command. On * also used directly in server mode by the RECIPIENTS command. On
* success the new key is added to PK_LIST_ADDR. NAME is the user id * success the new key is added to PK_LIST_ADDR. NAME is the user id