mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-06 12:33:23 +01:00
* keydb.h, getkey.c (key_byname): Flag to enable or disable including
disabled keys. Keys specified via keyid (i.e. 0x...) are always included. * getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these functions. * pkclist.c (build_pk_list): Do not include disabled keys for -r or the key prompt. Do include disabled keys for the default key and --encrypt-to. * trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled keys. * gpgv.c (is_disabled): Stub. * keygen.c (keygen_add_key_expire): Properly handle updating a key expiration to a no-expiration value. * keyedit.c (enable_disable_key): Comment. * import.c (import_one): When in interactive mode and --verbose, don't repeat some key information twice.
This commit is contained in:
parent
7282f79c2e
commit
f3f1015f6a
@ -1,3 +1,30 @@
|
|||||||
|
2002-12-26 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* keydb.h, getkey.c (key_byname): Flag to enable or disable
|
||||||
|
including disabled keys. Keys specified via keyid (i.e. 0x...)
|
||||||
|
are always included.
|
||||||
|
|
||||||
|
* getkey.c (get_pubkey_byname, get_seckey_byname2,
|
||||||
|
get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker):
|
||||||
|
Include disabled keys in these functions.
|
||||||
|
|
||||||
|
* pkclist.c (build_pk_list): Do not include disabled keys for -r
|
||||||
|
or the key prompt. Do include disabled keys for the default key
|
||||||
|
and --encrypt-to.
|
||||||
|
|
||||||
|
* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping
|
||||||
|
disabled keys.
|
||||||
|
|
||||||
|
* gpgv.c (is_disabled): Stub.
|
||||||
|
|
||||||
|
* keygen.c (keygen_add_key_expire): Properly handle updating a key
|
||||||
|
expiration to a no-expiration value.
|
||||||
|
|
||||||
|
* keyedit.c (enable_disable_key): Comment.
|
||||||
|
|
||||||
|
* import.c (import_one): When in interactive mode and --verbose,
|
||||||
|
don't repeat some key information twice.
|
||||||
|
|
||||||
2002-12-22 Timo Schulz <ts@winpt.org>
|
2002-12-22 Timo Schulz <ts@winpt.org>
|
||||||
|
|
||||||
* import.c (print_import_check): New.
|
* import.c (print_import_check): New.
|
||||||
|
23
g10/getkey.c
23
g10/getkey.c
@ -743,7 +743,8 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc)
|
|||||||
|
|
||||||
static int
|
static int
|
||||||
key_byname( GETKEY_CTX *retctx, STRLIST namelist,
|
key_byname( GETKEY_CTX *retctx, STRLIST namelist,
|
||||||
PKT_public_key *pk, PKT_secret_key *sk, int secmode,
|
PKT_public_key *pk, PKT_secret_key *sk,
|
||||||
|
int secmode, int include_disabled,
|
||||||
KBNODE *ret_kb, KEYDB_HANDLE *ret_kdbhd )
|
KBNODE *ret_kb, KEYDB_HANDLE *ret_kdbhd )
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
@ -776,6 +777,13 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
|
|||||||
m_free (ctx);
|
m_free (ctx);
|
||||||
return G10ERR_INV_USER_ID;
|
return G10ERR_INV_USER_ID;
|
||||||
}
|
}
|
||||||
|
if(!include_disabled
|
||||||
|
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_SHORT_KID
|
||||||
|
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_LONG_KID
|
||||||
|
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR16
|
||||||
|
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR20
|
||||||
|
&& ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR)
|
||||||
|
ctx->items[n].skipfnc=is_disabled;
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx->kr_handle = keydb_new (secmode);
|
ctx->kr_handle = keydb_new (secmode);
|
||||||
@ -826,13 +834,14 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist,
|
|||||||
int
|
int
|
||||||
get_pubkey_byname (PKT_public_key *pk,
|
get_pubkey_byname (PKT_public_key *pk,
|
||||||
const char *name, KBNODE *ret_keyblock,
|
const char *name, KBNODE *ret_keyblock,
|
||||||
KEYDB_HANDLE *ret_kdbhd )
|
KEYDB_HANDLE *ret_kdbhd, int include_disabled )
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
STRLIST namelist = NULL;
|
STRLIST namelist = NULL;
|
||||||
|
|
||||||
add_to_strlist( &namelist, name );
|
add_to_strlist( &namelist, name );
|
||||||
rc = key_byname( NULL, namelist, pk, NULL, 0, ret_keyblock, ret_kdbhd);
|
rc = key_byname( NULL, namelist, pk, NULL, 0,
|
||||||
|
include_disabled, ret_keyblock, ret_kdbhd);
|
||||||
free_strlist( namelist );
|
free_strlist( namelist );
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
@ -841,7 +850,7 @@ int
|
|||||||
get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk,
|
get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk,
|
||||||
STRLIST names, KBNODE *ret_keyblock )
|
STRLIST names, KBNODE *ret_keyblock )
|
||||||
{
|
{
|
||||||
return key_byname( retctx, names, pk, NULL, 0, ret_keyblock, NULL);
|
return key_byname( retctx, names, pk, NULL, 0, 1, ret_keyblock, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -998,7 +1007,7 @@ get_seckey_byname2( GETKEY_CTX *retctx,
|
|||||||
|
|
||||||
if( !name && opt.def_secret_key && *opt.def_secret_key ) {
|
if( !name && opt.def_secret_key && *opt.def_secret_key ) {
|
||||||
add_to_strlist( &namelist, opt.def_secret_key );
|
add_to_strlist( &namelist, opt.def_secret_key );
|
||||||
rc = key_byname( retctx, namelist, NULL, sk, 1, retblock, NULL );
|
rc = key_byname( retctx, namelist, NULL, sk, 1, 1, retblock, NULL );
|
||||||
}
|
}
|
||||||
else if( !name ) { /* use the first one as default key */
|
else if( !name ) { /* use the first one as default key */
|
||||||
struct getkey_ctx_s ctx;
|
struct getkey_ctx_s ctx;
|
||||||
@ -1019,7 +1028,7 @@ get_seckey_byname2( GETKEY_CTX *retctx,
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
add_to_strlist( &namelist, name );
|
add_to_strlist( &namelist, name );
|
||||||
rc = key_byname( retctx, namelist, NULL, sk, 1, retblock, NULL );
|
rc = key_byname( retctx, namelist, NULL, sk, 1, 1, retblock, NULL );
|
||||||
}
|
}
|
||||||
|
|
||||||
free_strlist( namelist );
|
free_strlist( namelist );
|
||||||
@ -1041,7 +1050,7 @@ int
|
|||||||
get_seckey_bynames( GETKEY_CTX *retctx, PKT_secret_key *sk,
|
get_seckey_bynames( GETKEY_CTX *retctx, PKT_secret_key *sk,
|
||||||
STRLIST names, KBNODE *ret_keyblock )
|
STRLIST names, KBNODE *ret_keyblock )
|
||||||
{
|
{
|
||||||
return key_byname( retctx, names, NULL, sk, 1, ret_keyblock, NULL );
|
return key_byname( retctx, names, NULL, sk, 1, 1, ret_keyblock, NULL );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -231,6 +231,13 @@ check_signatures_trust( PKT_signature *sig )
|
|||||||
* We don't have the trustdb , so we have to provide some stub functions
|
* We don't have the trustdb , so we have to provide some stub functions
|
||||||
* instead
|
* instead
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
int
|
||||||
|
is_disabled(void *dummy,u32 *keyid)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
get_validity_info (PKT_public_key *pk, const byte *namehash )
|
get_validity_info (PKT_public_key *pk, const byte *namehash )
|
||||||
{
|
{
|
||||||
|
@ -614,7 +614,7 @@ import_one( const char *fname, KBNODE keyblock,
|
|||||||
log_info(_("NOTE: Elgamal primary key detected - "
|
log_info(_("NOTE: Elgamal primary key detected - "
|
||||||
"this may take some time to import\n"));
|
"this may take some time to import\n"));
|
||||||
|
|
||||||
if( opt.verbose ) {
|
if( opt.verbose && !opt.interactive ) {
|
||||||
log_info( "pub %4u%c/%08lX %s ",
|
log_info( "pub %4u%c/%08lX %s ",
|
||||||
nbits_from_pk( pk ),
|
nbits_from_pk( pk ),
|
||||||
pubkey_letter( pk->pubkey_algo ),
|
pubkey_letter( pk->pubkey_algo ),
|
||||||
|
@ -198,7 +198,8 @@ int get_pubkey( PKT_public_key *pk, u32 *keyid );
|
|||||||
int get_pubkey_fast ( PKT_public_key *pk, u32 *keyid );
|
int get_pubkey_fast ( PKT_public_key *pk, u32 *keyid );
|
||||||
KBNODE get_pubkeyblock( u32 *keyid );
|
KBNODE get_pubkeyblock( u32 *keyid );
|
||||||
int get_pubkey_byname( PKT_public_key *pk, const char *name,
|
int get_pubkey_byname( PKT_public_key *pk, const char *name,
|
||||||
KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd);
|
KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd,
|
||||||
|
int include_disabled );
|
||||||
int get_pubkey_bynames( GETKEY_CTX *rx, PKT_public_key *pk,
|
int get_pubkey_bynames( GETKEY_CTX *rx, PKT_public_key *pk,
|
||||||
STRLIST names, KBNODE *ret_keyblock );
|
STRLIST names, KBNODE *ret_keyblock );
|
||||||
int get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock );
|
int get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock );
|
||||||
|
@ -1105,7 +1105,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* get the public key */
|
/* get the public key */
|
||||||
rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd);
|
rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd, 1);
|
||||||
if( rc )
|
if( rc )
|
||||||
goto leave;
|
goto leave;
|
||||||
if( fix_keyblock( keyblock ) )
|
if( fix_keyblock( keyblock ) )
|
||||||
@ -2478,7 +2478,7 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
|
|||||||
if(answer[0]=='\0' || answer[0]=='\004')
|
if(answer[0]=='\0' || answer[0]=='\004')
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL);
|
rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1);
|
||||||
|
|
||||||
if(rc)
|
if(rc)
|
||||||
{
|
{
|
||||||
@ -3376,7 +3376,10 @@ menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock )
|
|||||||
return changed;
|
return changed;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Note that update_ownertrust is going to mark the trustdb dirty when
|
||||||
|
enabling or disabling a key. This is arguably sub-optimal as
|
||||||
|
disabled keys are still counted in the web of trust, but perhaps
|
||||||
|
not worth adding extra complexity to change. -ds */
|
||||||
static int
|
static int
|
||||||
enable_disable_key( KBNODE keyblock, int disable )
|
enable_disable_key( KBNODE keyblock, int disable )
|
||||||
{
|
{
|
||||||
|
@ -163,6 +163,12 @@ keygen_add_key_expire( PKT_signature *sig, void *opaque )
|
|||||||
buf[3] = u & 0xff;
|
buf[3] = u & 0xff;
|
||||||
build_sig_subpkt( sig, SIGSUBPKT_KEY_EXPIRE, buf, 4 );
|
build_sig_subpkt( sig, SIGSUBPKT_KEY_EXPIRE, buf, 4 );
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Make sure we don't leave a key expiration subpacket lying
|
||||||
|
around */
|
||||||
|
delete_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE);
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -826,7 +826,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
else if( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) {
|
else if( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) {
|
||||||
pk = m_alloc_clear( sizeof *pk );
|
pk = m_alloc_clear( sizeof *pk );
|
||||||
pk->req_usage = use;
|
pk->req_usage = use;
|
||||||
if( (rc = get_pubkey_byname( pk, rov->d, NULL, NULL )) ) {
|
/* We can encrypt-to a disabled key */
|
||||||
|
if( (rc = get_pubkey_byname( pk, rov->d, NULL, NULL, 1 )) ) {
|
||||||
free_public_key( pk ); pk = NULL;
|
free_public_key( pk ); pk = NULL;
|
||||||
log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
|
log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
|
||||||
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
|
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
|
||||||
@ -908,7 +909,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
free_public_key( pk );
|
free_public_key( pk );
|
||||||
pk = m_alloc_clear( sizeof *pk );
|
pk = m_alloc_clear( sizeof *pk );
|
||||||
pk->req_usage = use;
|
pk->req_usage = use;
|
||||||
rc = get_pubkey_byname( pk, answer, NULL, NULL );
|
rc = get_pubkey_byname( pk, answer, NULL, NULL, 0 );
|
||||||
if( rc )
|
if( rc )
|
||||||
tty_printf(_("No such user ID.\n"));
|
tty_printf(_("No such user ID.\n"));
|
||||||
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) {
|
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) {
|
||||||
@ -981,7 +982,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
else if( !any_recipients && (def_rec = default_recipient()) ) {
|
else if( !any_recipients && (def_rec = default_recipient()) ) {
|
||||||
pk = m_alloc_clear( sizeof *pk );
|
pk = m_alloc_clear( sizeof *pk );
|
||||||
pk->req_usage = use;
|
pk->req_usage = use;
|
||||||
rc = get_pubkey_byname( pk, def_rec, NULL, NULL );
|
/* The default recipient may be disabled */
|
||||||
|
rc = get_pubkey_byname( pk, def_rec, NULL, NULL, 1 );
|
||||||
if( rc )
|
if( rc )
|
||||||
log_error(_("unknown default recipient `%s'\n"), def_rec );
|
log_error(_("unknown default recipient `%s'\n"), def_rec );
|
||||||
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) {
|
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) {
|
||||||
@ -1014,7 +1016,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
|
|||||||
|
|
||||||
pk = m_alloc_clear( sizeof *pk );
|
pk = m_alloc_clear( sizeof *pk );
|
||||||
pk->req_usage = use;
|
pk->req_usage = use;
|
||||||
if( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL )) ) {
|
if( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL, 0 )) ) {
|
||||||
free_public_key( pk ); pk = NULL;
|
free_public_key( pk ); pk = NULL;
|
||||||
log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
|
log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
|
||||||
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
|
write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
|
||||||
|
@ -893,6 +893,44 @@ clear_validity (PKT_public_key *pk)
|
|||||||
********* Query trustdb values **************
|
********* Query trustdb values **************
|
||||||
***********************************************/
|
***********************************************/
|
||||||
|
|
||||||
|
/* Return true if key is disabled */
|
||||||
|
int
|
||||||
|
is_disabled(void *dummy,u32 *keyid)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
TRUSTREC trec;
|
||||||
|
int disabled=0; /* default to not disabled */
|
||||||
|
PKT_public_key *pk=m_alloc_clear(sizeof(PKT_public_key));
|
||||||
|
|
||||||
|
init_trustdb ();
|
||||||
|
|
||||||
|
/* Note that get_pubkey returns the main key if keyid points to a
|
||||||
|
subkey. That's a good thing here. */
|
||||||
|
rc = get_pubkey(pk, keyid);
|
||||||
|
if(rc)
|
||||||
|
{
|
||||||
|
log_error("error checking disabled status of %08lX: %s\n",
|
||||||
|
(ulong)keyid[1],g10_errstr(rc));
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
|
||||||
|
rc = read_trust_record (pk, &trec);
|
||||||
|
if (rc && rc != -1)
|
||||||
|
{
|
||||||
|
tdbio_invalid ();
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
if (rc == -1) /* no record found, so assume not disabled */
|
||||||
|
goto leave;
|
||||||
|
|
||||||
|
if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
|
||||||
|
disabled=1;
|
||||||
|
|
||||||
|
leave:
|
||||||
|
free_public_key(pk);
|
||||||
|
return disabled;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Return the validity information for PK. If the namehash is not
|
* Return the validity information for PK. If the namehash is not
|
||||||
* NULL, the validity of the corresponsing user ID is returned,
|
* NULL, the validity of the corresponsing user ID is returned,
|
||||||
|
@ -51,6 +51,7 @@ const char *trust_string (unsigned int value);
|
|||||||
void revalidation_mark (void);
|
void revalidation_mark (void);
|
||||||
int trustdb_pending_check(void);
|
int trustdb_pending_check(void);
|
||||||
|
|
||||||
|
int is_disabled(void *dummy,u32 *keyid);
|
||||||
unsigned int get_validity (PKT_public_key *pk, const byte *namehash);
|
unsigned int get_validity (PKT_public_key *pk, const byte *namehash);
|
||||||
int get_validity_info (PKT_public_key *pk, const byte *namehash);
|
int get_validity_info (PKT_public_key *pk, const byte *namehash);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user