1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-09 21:28:51 +01:00
Commit Graph

2315 Commits

Author SHA1 Message Date
David Shaw
0d7cae4663 * gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted
attributes.  This guarantees that if something goes wrong, we won't be
able to complete the transaction, thus leaving any key already existing on
the server intact.
2004-02-26 01:29:26 +00:00
David Shaw
a84fe549da * plaintext.c: Copyright.
* encode.c (encode_simple): Show cipher with --verbose.

* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level.  If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.

* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
2004-02-24 23:37:18 +00:00
Werner Koch
be94975af6 (lock_pool) [_AIX]: Also set errno. 2004-02-24 16:06:55 +00:00
David Shaw
17ce0c5267 * gpgkeys_ldap.c (delete_one_attr): Removed. (make_one_attr): Delete
functionality added.  Optional deduping functionality added (currently
only used for pgpSignerID). (build_attrs): Translate sig entries into
pgpSignerID.  Properly build the timestamp for pgpKeyCreateTime and
pgpKeyExpireTime.
2004-02-24 03:57:21 +00:00
David Shaw
643665c963 * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
--min-cert-check-level option to specify minimum cert check level.
Defaults to 2 (so 0x11 sigs are ignored).  0x10 sigs cannot be ignored.
2004-02-23 04:00:51 +00:00
David Shaw
07a10b451e * gpgkeys_ldap.c (delete_one_attr): New function to replace attributes
with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field.  Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.
2004-02-23 03:43:45 +00:00
David Shaw
d8590475fe * plaintext.c (handle_plaintext): Properly handle a --max-output of zero
(do not limit output at all).
2004-02-22 04:16:31 +00:00
David Shaw
3ddd4410ae * keyserver.c (keyserver_spawn): Use the full 64-bit keyid in the INFO
header lines, and include "sig:" records for the benefit of people who
store their keys in LDAP servers.  It makes it easy to do queries for
things like "all keys signed by Isabella".
2004-02-22 00:36:34 +00:00
David Shaw
3b9d7a6430 * gpgkeys_ldap.c (epoch2ldaptime): New. Converse of ldap2epochtime.
(make_one_attr): New. Build a modification list in memory to send to the
LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg.
(free_mod_values): New.  Unwinds a modification list.
(send_key_keyserver): Renamed from old send_key(). (send_key): New
function to send a key to a LDAP server. (main): Use send_key() for real
LDAP servers, send_key_keyserver() otherwise.
2004-02-22 00:08:53 +00:00
David Shaw
9afea90825 * util.h: Prototype for hextobyte(). 2004-02-21 22:13:39 +00:00
David Shaw
fcc02ac22a * miscutil.c (hextobyte): Moved here from g10/misc.c so I can use it in
the keyserver helpers.
2004-02-21 22:12:29 +00:00
David Shaw
93b5a811ef * main.h, misc.c (hextobyte): Removed. It's in libutil.a now. 2004-02-21 22:11:23 +00:00
David Shaw
34ccced8dc * keyserver.c (keyserver_export): Disallow user strings that aren't key
IDs. (keyserver_import): Clarify error message. (keyserver_spawn):
Properly handle 8 bit characters in user IDs in the info lines during
SEND.
2004-02-20 20:18:49 +00:00
David Shaw
9fe66c89d8 * configure.ac: Check for timegm(). Replacement functions for setenv()
and unsetenv().
2004-02-20 15:11:57 +00:00
David Shaw
a3ba17e09e * mkdtemp.c: New (moved from g10/), setenv.c: New, unsetenv.c: New.
* Makefile.am: Include @LIBOBJS@ for replacement functions.
2004-02-20 15:10:36 +00:00
David Shaw
e867829de7 * mkdtemp.c: Removed.
* Makefile.am: We get mkdtemp.c from libutil.a now, so don't link with
@LIBOBJS@.

* keyserver.c (keyserver_spawn): Pass the scheme to the keyserver helper.
2004-02-20 15:04:56 +00:00
David Shaw
925b982a0b * gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv.
(search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever
the server did give us. (find_basekeyspacedn): There is no guarantee that
namingContexts will be readable.

* Makefile.am: Link gpgkeys_ldap with libutil.a to get the replacement
functions (and eventually translations, etc).
2004-02-20 14:59:02 +00:00
David Shaw
7f148010ab * gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do not
correct for timezones. (main): Find the basekeyspacedn before we try to
start TLS, so we can give a better error message when a user tries to use
TLS with a LDAP keyserver.
2004-02-19 21:32:15 +00:00
David Shaw
06d21d80f6 * configure.ac: Check for ln -s and add GPGKEYS_LDAP conditional, both for
making gpgkeys_ldaps symlink to gpgkeys_ldap.
2004-02-19 20:10:38 +00:00
David Shaw
21301028c4 * Makefile.am: Add automake conditionals to symlink gpgkeys_ldaps to
gpgkeys_ldap when needed.

* gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections.
These are only useful and usable when talking to real LDAP keyservers.
Add new "tls" option to tune TLS use from off, to try quietly, to try
loudly, or to require TLS.
2004-02-19 20:09:12 +00:00
David Shaw
ce1e817dce * configure.ac: Simplify the LDAP checking code since OpenLDAP is far more
mature these days and dependencies are cleaner.  Add checks for
ldap_set_option and ldap_start_tls_s.
2004-02-19 16:34:32 +00:00
David Shaw
7e7364973d * gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out what
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP
keyserver.
2004-02-19 15:09:14 +00:00
David Shaw
6c13b96a1d * options.h, g10.c (main), plaintext.c (handle_plaintext): Add
--max-output option to help people deal with decompression bombs.
2004-02-18 23:09:27 +00:00
David Shaw
f3de3a5eb9 * gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER
is defined before we use it.

* gpgkeys_mailto.in: Fix VERSION number.
2004-02-18 23:05:47 +00:00
David Shaw
2ecb28c51b * build-packet.c (do_user_id): Do not force a header for attribute packets
as they require a new CTB, and we don't support forced headers for new
CTBs yet.
2004-02-15 15:54:02 +00:00
David Shaw
95d05215c3 * build-packet.c (write_header2): If a suggested header length is provided
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.

* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.

* misc.c (parse_options): Only provide args for the true (i.e. not
"no-xxx") form of options.
2004-02-15 00:04:32 +00:00
David Shaw
c9aa5000d7 * keyserver.c (argsep): Move to misc.c.
* main.h, misc.c (parse_options), export.c (parse_export_options),
import.c (parse_import_options), g10.c (main): Use it here to allow for
options with optional arguments.  Change all callers.
2004-02-14 05:03:45 +00:00
David Shaw
f407bb6a97 * import.c (check_prefs): Some language fixes. (sec_to_pub_keyblock,
import_secret_one): Without knowing the number of MPIs there are, we
cannot try and sk-to-pk-ize a key.
2004-02-14 01:54:12 +00:00
David Shaw
35482c5ee5 * gnupg.7: Clarify that 'gpgv' doesn't encrypt, and that's not a bug.
* samplekeys.asc: Update 99242560.

* gpg.sgml: Clarify -u/--local-user and --default-key.  Note what happens
if you run 'gpg' without any commands.  Document --multifile.  Document
list-option show-unusable-subkeys.
2004-02-12 20:46:18 +00:00
David Shaw
cefe95dc77 * import.c (check_prefs): New function to check preferences on a public
key to ensure that it does not advertise any that we cannot fulfill.  Use
the keyedit command list function to optionally rewrite the prefs.
(import_one, import_secret_one): Use it here when importing a public key
that we have the secret half of, or when importing a secret key that we
have the public half of.
2004-02-12 19:18:27 +00:00
David Shaw
76f579b233 * main.h, keyedit.c (keyedit_menu): Remove sign_mode and enhance the more
general command list functionality to replace it.

* g10.c (main): Use the general command functionality to implement
--sign-key, --lsign-key, --nrsign-key, and --nrlsign-key.
2004-02-12 18:32:09 +00:00
David Shaw
8765757006 * import.c (import_one): Do the revocation check even in the case when a
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty
obscure.
2004-02-12 16:31:07 +00:00
David Shaw
aa5f1940ff * options.h, g10.c (main), keylist.c (list_keyblock_print): Add
"show-unusable-subkeys" list-option to show revoked and/or expired
subkeys.
2004-02-11 13:46:23 +00:00
David Shaw
7198879ca8 * keyedit.c (keyedit_menu): Prompt for subkey removal for both secret and
public subkeys.

* keylist.c (list_keyblock_print), keyedit.c (show_key_with_all_names):
Show the revocation date of a key/subkey, and general formatting work.

* packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
merge_selfsigs): Keep track of the revocation date of a key.

* keydb.h, keyid.c (revokestr_from_pk): New function to print the
revocation date of a key.
2004-02-11 04:32:52 +00:00
David Shaw
9842d84da0 * keygen.c (keygen_set_std_prefs): Build the default preferences list at
runtime as it properly handles algorithms disabled at build or run time.

* getkey.c (merge_selfsigs_main): Properly handle expired user IDs when
the expired self-sig is not the only self-sig.

* misc.c (compress_algo_to_string): Return NULL on failure like all of the
other xxxx_algo_to_string() functions.

* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.

* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked.  Requested by Matthew Wilcox.  Revoked overrides
expiration when both apply.

* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable.

* g10.c (rm_group): Properly ungroup from a list of groups.
2004-02-10 22:42:34 +00:00
David Shaw
74eadbf99b * clearsig.test, sigs.test: Properly detect RSA being missing, and use the
proper key for doing an RSA test.
2004-02-09 19:44:36 +00:00
David Shaw
bbd5cda569 * DETAILS: Details for --list-config.
* gpg.sgml: Document --ungroup and --list-config.
2004-01-30 19:03:22 +00:00
David Shaw
0030198cad * g10.c (main, rm_group): Add --ungroup command to remove a particular
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist. (main): Replace -z0 trick
for no compression.

* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.
2004-01-30 16:49:28 +00:00
David Shaw
654ba16db5 * getkey.c: Set MAX_PK_CACHE_ENTRIES and MAX_UID_CACHE_ENTRIES to
PK_UID_CACHE_SIZE (set in ./configure).

* getkey.c (get_pubkey): When reading key data into the cache, properly
handle keys that are partially (pk, no UIDs) cached already.  This is
Debian bug #176425 and #229549.

* compress.c (init_compress, push_compress_filter2): Do the right thing
(i.e. nothing) with compress algo 0.

* main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on
stdin.  This is bug #253.
2004-01-28 01:04:30 +00:00
David Shaw
45bbdcc57c * NEWS: Note --enable-key-cache, the OpenBSD/i386 and HPPA fixes, and
Elgamal removal.

* README, configure.ac: Add --enable-key-cache=SIZE configure option.
This sets the key/uid cache size.  Default is 4096.
2004-01-28 01:00:53 +00:00
David Shaw
385a19bd7b * mainproc.c (list_node): Show sigs with --verbose.
* options.h, g10.c (set_screen_dimensions): New function to look at
COLUMNS and LINES.

* keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c
(print_and_check_one_sig): Use new screen dimension variables.
2004-01-24 00:47:45 +00:00
David Shaw
f7447eabea * g10.c (list_config): New function to dump config options to stdout.
Currently requires --with-colons. (collapse_args): New function to turn
argc/argv into a single string. (main): Use it here to pass list_config()
more than one argument as a single string. (print_algo_numbers): Helper to
print algorithm number for --list-config "pubkey", "cipher",
"hash"/"digest", and "compress" config options.
2004-01-22 03:47:05 +00:00
David Shaw
cceda5c9d2 * packet.h, getkey.c (merge_selfsigs, merge_selfsigs_main), pkclist.c
(check_signatures_trust): Indicate who has revoked a key (the owner or a
designated revoker).  If a key was revoked by both, prefer the owner.
2004-01-22 01:08:58 +00:00
David Shaw
01d0c54f05 * keyedit.c (print_and_check_one_sig, keyedit_menu): Use the COLUMNS
environment variable (if any) to hint how wide the terminal is.  Disabled
on _WIN32.  Suggested by Janusz A. Urbanowicz.
2004-01-21 21:25:43 +00:00
David Shaw
97efb85f51 * keylist.c (set_attrib_fd): Open attribute fd in binary mode. This isn't
meaningful on POSIX systems, but the Mingw builds aren't exactly POSIX.
2004-01-21 04:35:32 +00:00
David Shaw
a18110a053 hppa1.1/udiv-qrnnd.S: Alignment fix from Lamont Jones for Debian. 2004-01-21 04:26:35 +00:00
David Shaw
c8ab1bd127 * trustdb.c (reset_trust_records): New, faster, implementation that
doesn't involve a keyring scan. (clear_validity): Removed.
2004-01-21 03:19:13 +00:00
David Shaw
0fb284ac24 * g10.c (main), keydb.h, keydb.c (keydb_rebuild_caches), keyring.h,
keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.

* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb.  Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.
2004-01-20 16:09:38 +00:00
David Shaw
9915f6ed78 * sig-check.c (check_key_signature2): Comments.
* keyring.c (keyring_rebuild_cache): Clear sig cache for any signatures
that we can no longer process (say, if the user removed support for a
necessary pubkey or digest algorithm).
2004-01-19 22:46:55 +00:00
David Shaw
1d12c12142 * misc.c (print_cipher_algo_note): May as well call Rijndael AES
at this point.

* keygen.c (do_create), misc.c (openpgp_pk_algo_usage): Remove the
last bits of Elgamal type 20 support.
2004-01-17 03:14:14 +00:00