From fd75f7daacd7636bc0c12e9705b2f91470bf3cd5 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Thu, 19 Dec 2002 04:47:12 +0000 Subject: [PATCH] * keydb.h, getkey.c (key_byname): Flag to enable or disable including disabled keys. Keys specified via keyid (i.e. 0x...) are always included. * getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these functions. * pkclist.c (build_pk_list): Do not include disabled keys for -r or the key prompt. Do include disabled keys for the default key and --encrypt-to. * trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled keys. * gpgv.c (is_disabled): Stub. --- g10/ChangeLog | 19 +++++++++++++++++++ g10/getkey.c | 23 ++++++++++++++++------- g10/gpgv.c | 7 +++++++ g10/keydb.h | 3 ++- g10/keyedit.c | 4 ++-- g10/pkclist.c | 10 ++++++---- g10/trustdb.c | 38 ++++++++++++++++++++++++++++++++++++++ g10/trustdb.h | 1 + 8 files changed, 91 insertions(+), 14 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 4e55c5742..04a33c35f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,22 @@ +2002-12-18 David Shaw + + * keydb.h, getkey.c (key_byname): Flag to enable or disable + including disabled keys. Keys specified via keyid (i.e. 0x...) + are always included. + + * getkey.c (get_pubkey_byname, get_seckey_byname2, + get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker): + Include disabled keys in these functions. + + * pkclist.c (build_pk_list): Do not include disabled keys for -r + or the key prompt. Do include disabled keys for the default key + and --encrypt-to. + + * trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping + disabled keys. + + * gpgv.c (is_disabled): Stub. + 2002-12-12 David Shaw * options.skel: Include the required '=' sign in the sample diff --git a/g10/getkey.c b/g10/getkey.c index 6b7d9a06c..b17f96946 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -744,7 +744,8 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc) static int key_byname( GETKEY_CTX *retctx, STRLIST namelist, - PKT_public_key *pk, PKT_secret_key *sk, int secmode, + PKT_public_key *pk, PKT_secret_key *sk, + int secmode, int include_disabled, KBNODE *ret_kb, KEYDB_HANDLE *ret_kdbhd ) { int rc = 0; @@ -777,6 +778,13 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist, m_free (ctx); return G10ERR_INV_USER_ID; } + if(!include_disabled + && ctx->items[n].mode!=KEYDB_SEARCH_MODE_SHORT_KID + && ctx->items[n].mode!=KEYDB_SEARCH_MODE_LONG_KID + && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR16 + && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR20 + && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR) + ctx->items[n].skipfnc=is_disabled; } ctx->kr_handle = keydb_new (secmode); @@ -827,13 +835,14 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist, int get_pubkey_byname (PKT_public_key *pk, const char *name, KBNODE *ret_keyblock, - KEYDB_HANDLE *ret_kdbhd ) + KEYDB_HANDLE *ret_kdbhd, int include_disabled ) { int rc; STRLIST namelist = NULL; add_to_strlist( &namelist, name ); - rc = key_byname( NULL, namelist, pk, NULL, 0, ret_keyblock, ret_kdbhd); + rc = key_byname( NULL, namelist, pk, NULL, 0, + include_disabled, ret_keyblock, ret_kdbhd); free_strlist( namelist ); return rc; } @@ -842,7 +851,7 @@ int get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk, STRLIST names, KBNODE *ret_keyblock ) { - return key_byname( retctx, names, pk, NULL, 0, ret_keyblock, NULL); + return key_byname( retctx, names, pk, NULL, 0, 1, ret_keyblock, NULL); } int @@ -1003,7 +1012,7 @@ get_seckey_byname2( GETKEY_CTX *retctx, if( !name && opt.def_secret_key && *opt.def_secret_key ) { add_to_strlist( &namelist, opt.def_secret_key ); - rc = key_byname( retctx, namelist, NULL, sk, 1, retblock, NULL ); + rc = key_byname( retctx, namelist, NULL, sk, 1, 1, retblock, NULL ); } else if( !name ) { /* use the first one as default key */ struct getkey_ctx_s ctx; @@ -1024,7 +1033,7 @@ get_seckey_byname2( GETKEY_CTX *retctx, } else { add_to_strlist( &namelist, name ); - rc = key_byname( retctx, namelist, NULL, sk, 1, retblock, NULL ); + rc = key_byname( retctx, namelist, NULL, sk, 1, 1, retblock, NULL ); } free_strlist( namelist ); @@ -1046,7 +1055,7 @@ int get_seckey_bynames( GETKEY_CTX *retctx, PKT_secret_key *sk, STRLIST names, KBNODE *ret_keyblock ) { - return key_byname( retctx, names, NULL, sk, 1, ret_keyblock, NULL ); + return key_byname( retctx, names, NULL, sk, 1, 1, ret_keyblock, NULL ); } diff --git a/g10/gpgv.c b/g10/gpgv.c index d8e49febf..6de5d7267 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -240,6 +240,13 @@ check_signatures_trust( PKT_signature *sig ) * We don't have the trustdb , so we have to provide some stub functions * instead */ + +int +is_disabled(void *dummy,u32 *keyid) +{ + return 0; +} + int get_validity_info (PKT_public_key *pk, const byte *namehash ) { diff --git a/g10/keydb.h b/g10/keydb.h index 9418b561d..76a96ed76 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -193,7 +193,8 @@ int get_pubkey( PKT_public_key *pk, u32 *keyid ); int get_pubkey_fast ( PKT_public_key *pk, u32 *keyid ); KBNODE get_pubkeyblock( u32 *keyid ); int get_pubkey_byname( PKT_public_key *pk, const char *name, - KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd); + KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd, + int include_disabled ); int get_pubkey_bynames( GETKEY_CTX *rx, PKT_public_key *pk, STRLIST names, KBNODE *ret_keyblock ); int get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock ); diff --git a/g10/keyedit.c b/g10/keyedit.c index 285fbb629..1d76e6f07 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -973,7 +973,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, } /* get the public key */ - rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd); + rc = get_pubkey_byname (NULL, username, &keyblock, &kdbhd, 1); if( rc ) goto leave; if( fix_keyblock( keyblock ) ) @@ -2343,7 +2343,7 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive ) if(answer[0]=='\0' || answer[0]=='\004') goto fail; - rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL); + rc=get_pubkey_byname(revoker_pk,answer,NULL,NULL,1); if(rc) { diff --git a/g10/pkclist.c b/g10/pkclist.c index 865160880..6385d3bf7 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -795,7 +795,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use ) else if( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) { pk = m_alloc_clear( sizeof *pk ); pk->req_usage = use; - if( (rc = get_pubkey_byname( pk, rov->d, NULL, NULL )) ) { + /* We can encrypt-to a disabled key */ + if( (rc = get_pubkey_byname( pk, rov->d, NULL, NULL, 1 )) ) { free_public_key( pk ); pk = NULL; log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) ); write_status_text_and_buffer (STATUS_INV_RECP, "0 ", @@ -865,7 +866,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use ) free_public_key( pk ); pk = m_alloc_clear( sizeof *pk ); pk->req_usage = use; - rc = get_pubkey_byname( pk, answer, NULL, NULL ); + rc = get_pubkey_byname( pk, answer, NULL, NULL, 0 ); if( rc ) tty_printf(_("No such user ID.\n")); else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) { @@ -938,7 +939,8 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use ) else if( !any_recipients && (def_rec = default_recipient()) ) { pk = m_alloc_clear( sizeof *pk ); pk->req_usage = use; - rc = get_pubkey_byname( pk, def_rec, NULL, NULL ); + /* The default recipient may be disabled */ + rc = get_pubkey_byname( pk, def_rec, NULL, NULL, 1 ); if( rc ) log_error(_("unknown default recipient `%s'\n"), def_rec ); else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) { @@ -971,7 +973,7 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use ) pk = m_alloc_clear( sizeof *pk ); pk->req_usage = use; - if( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL )) ) { + if( (rc = get_pubkey_byname( pk, remusr->d, NULL, NULL, 0 )) ) { free_public_key( pk ); pk = NULL; log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) ); write_status_text_and_buffer (STATUS_INV_RECP, "0 ", diff --git a/g10/trustdb.c b/g10/trustdb.c index fe2ad34e3..17eb65923 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -736,6 +736,44 @@ clear_validity (PKT_public_key *pk) ********* Query trustdb values ************** ***********************************************/ +/* Return true if key is disabled */ +int +is_disabled(void *dummy,u32 *keyid) +{ + int rc; + TRUSTREC trec; + int disabled=0; /* default to not disabled */ + PKT_public_key *pk=m_alloc_clear(sizeof(PKT_public_key)); + + init_trustdb (); + + /* Note that get_pubkey returns the main key if keyid points to a + subkey. That's a good thing here. */ + rc = get_pubkey(pk, keyid); + if(rc) + { + log_error("error checking disabled status of %08lX: %s\n", + (ulong)keyid[1],g10_errstr(rc)); + goto leave; + } + + rc = read_trust_record (pk, &trec); + if (rc && rc != -1) + { + tdbio_invalid (); + goto leave; + } + if (rc == -1) /* no record found, so assume not disabled */ + goto leave; + + if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) + disabled=1; + + leave: + free_public_key(pk); + return disabled; +} + /* * Return the validity information for PK. If the namehash is not * NULL, the validity of the corresponsing user ID is returned, diff --git a/g10/trustdb.h b/g10/trustdb.h index c94a2daa1..859e37255 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -49,6 +49,7 @@ int trust_letter( unsigned value ); void revalidation_mark (void); +int is_disabled(void *dummy,u32 *keyid); unsigned int get_validity (PKT_public_key *pk, const byte *namehash); int get_validity_info (PKT_public_key *pk, const byte *namehash);