aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--g10/ChangeLog24
-rw-r--r--g10/keyedit.c29
-rw-r--r--g10/keygen.c1
-rw-r--r--g10/keylist.c3
-rw-r--r--g10/keyserver.c12
-rw-r--r--g10/photoid.c5
-rw-r--r--g10/pkclist.c34
-rw-r--r--g10/trustdb.c2
8 files changed, 82 insertions, 28 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 1e72d2a0d..c4ce2c5e5 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,27 @@
+2002-03-31 David Shaw <[email protected]>
+
+ * keylist.c (list_keyblock_colon): Fix ownertrust display with
+ --with-colons.
+
+ * keygen.c (generate_user_id), photoid.c (generate_photo_id):
+ Properly initialize the user ID refcount. A few more "y/n" ->
+ "y/N" in photoid.c.
+
+ * keyedit.c (ask_revoke_sig): Warn the user if they are about to
+ revoke an expired sig (not a problem, but they should know). Also
+ tweak a few prompts to change "y/n" to "y/N", which is how most
+ other prompts are written.
+
+ * keyserver.c (keyserver_search_prompt): Control-d escapes the
+ keyserver search prompt.
+
+ * pkclist.c (show_revocation_reason & callers): If a subkey is
+ considered revoked solely because the parent key is revoked, print
+ the revocation reason from the parent key.
+
+ * trustdb.c (get_validity): Allow revocation/expiration to apply
+ to a uid/key with no entry in the trustdb.
+
2002-03-29 David Shaw <[email protected]>
* keyserver.c (printunquoted): unquote backslashes from keyserver
diff --git a/g10/keyedit.c b/g10/keyedit.c
index bad55db57..491ef4e2b 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -355,7 +355,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
"exportable signature?\n"),
uidnode->pkt->pkt.user_id->name);
if(cpr_get_answer_is_yes("sign_uid.promote",
- "Promote? (y/n) "))
+ "Promote? (y/N) "))
{
/* Mark these for later deletion. We
don't want to delete them here, just in
@@ -406,7 +406,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
tty_printf(_(" Are you sure you still "
"want to sign it?\n"));
if(!cpr_get_answer_is_yes("sign_uid.okay",
- _("Really sign? ")))
+ _("Really sign? (y/N) ")))
continue;
}
else
@@ -419,7 +419,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
{
tty_printf(_("This key is due to expire on %s.\n"),
expirestr_from_pk(primary_pk));
- if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/n) ")))
+ /* Should this default to yes? -ds */
+ if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) ")))
{
/* This fixes the signature timestamp we're going
to make as now. This is so the expiration date
@@ -1591,7 +1592,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
"some versions of PGP.\n"));
if(!cpr_get_answer_is_yes("keyedit.multi_photo.okay",
_("Are you sure you still want "
- "to add it? (y/n) ")))
+ "to add it? (y/N) ")))
return 0;
else
break;
@@ -1618,7 +1619,7 @@ menu_adduid( KBNODE pub_keyblock, KBNODE sec_keyblock, int photo)
if(!cpr_get_answer_is_yes("keyedit.v3_photo.okay",
_("Are you sure you still want "
- "to add it? (y/n) ")))
+ "to add it? (y/N) ")))
return 0;
}
else
@@ -2317,6 +2318,7 @@ count_selected_keys( KBNODE keyblock )
static void
ask_revoke_sig( KBNODE keyblock, KBNODE node )
{
+ int doit=0;
PKT_signature *sig = node->pkt->pkt.signature;
KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
@@ -2336,8 +2338,19 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node )
tty_printf(_("\"\nlocally signed with your key %08lX at %s\n"),
(ulong)sig->keyid[1], datestr_from_sig(sig) );
- if( cpr_get_answer_is_yes("ask_revoke_sig.one",
- _("Create a revocation certificate for this signature? (y/N)")) ) {
+ if(sig->flags.expired)
+ {
+ tty_printf(_("This signature expired on %s.\n"),
+ expirestr_from_sig(sig));
+ /* Use a different question so we can have different help text */
+ doit=cpr_get_answer_is_yes("ask_revoke_sig.expired",
+ _("Are you sure you still want to revoke it? (y/N) "));
+ }
+ else
+ doit=cpr_get_answer_is_yes("ask_revoke_sig.one",
+ _("Create a revocation certificate for this signature? (y/N) "));
+
+ if(doit) {
node->flag |= NODFLG_MARK_A;
unode->flag |= NODFLG_MARK_A;
}
@@ -2422,7 +2435,7 @@ menu_revsig( KBNODE keyblock )
return 0; /* none selected */
if( !cpr_get_answer_is_yes("ask_revoke_sig.okay",
- _("Really create the revocation certificates? (y/N)")) )
+ _("Really create the revocation certificates? (y/N) ")) )
return 0; /* forget it */
reason = ask_revocation_reason( 0, 1, 0 );
diff --git a/g10/keygen.c b/g10/keygen.c
index eb35b8eab..540857762 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1280,6 +1280,7 @@ generate_user_id()
uid = m_alloc_clear( sizeof *uid + n - 1 );
uid->len = n;
strcpy(uid->name, p);
+ uid->ref = 1;
return uid;
}
diff --git a/g10/keylist.c b/g10/keylist.c
index 4655e9adc..20fa7d8b8 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -561,8 +561,7 @@ list_keyblock_colon( KBNODE keyblock, int secret )
if( pk->local_id )
printf("%lu", pk->local_id );
putchar(':');
- if( pk->local_id && !opt.fast_list_mode
- && !opt.no_expensive_trust_checks )
+ if( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
putchar( get_ownertrust_info(pk) );
putchar(':');
}
diff --git a/g10/keyserver.c b/g10/keyserver.c
index d5a65526e..ed724c6ab 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -144,7 +144,8 @@ parse_keyserver_uri(char *uri)
return G10ERR_BAD_URI;
}
- /* (any path part of the URI is discarded for now) */
+ /* (any path part of the URI is discarded for now as no keyserver
+ uses it) */
if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
return G10ERR_BAD_URI;
@@ -152,7 +153,7 @@ parse_keyserver_uri(char *uri)
return 0;
}
-/* Unquote only the delimiter character and backslash */
+/* Unquote only the delimiter character and backslashes (\x5C) */
static void
printunquoted(char *string,char delim)
{
@@ -943,6 +944,13 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
{
answer=cpr_get_no_help("keysearch.prompt",
_("Enter number(s), N)ext, or Q)uit > "));
+ /* control-d */
+ if(answer[0]=='\x04')
+ {
+ printf("Q\n");
+ answer[0]='q';
+ }
+
if(answer[0]=='q' || answer[0]=='Q')
{
m_free(answer);
diff --git a/g10/photoid.c b/g10/photoid.c
index 526448bf2..02c87a090 100644
--- a/g10/photoid.c
+++ b/g10/photoid.c
@@ -90,7 +90,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
{
printf("This JPEG is really large (%d bytes) !\n",len);
if(!cpr_get_answer_is_yes("photoid.jpeg.size",
- _("Are you sure you want to use it (y/n)? ")))
+ _("Are you sure you want to use it (y/N)? ")))
{
iobuf_close(file);
continue;
@@ -118,7 +118,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
show_photo(uid->attribs,pk);
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
- _("Is this photo correct (y/n/q)? ")))
+ _("Is this photo correct (y/N/q)? ")))
{
case -1:
goto scram;
@@ -131,6 +131,7 @@ PKT_user_id *generate_photo_id(PKT_public_key *pk)
}
error=0;
+ uid->ref=1;
scram:
m_free(filename);
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 128ef5c65..120fb4865 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -96,18 +96,20 @@ do_show_revocation_reason( PKT_signature *sig )
}
}
+/* Mode 0: try and find the revocation based on the pk (i.e. check
+ subkeys, etc.) Mode 1: use only the revocation on the main pk */
static void
-show_revocation_reason( PKT_public_key *pk )
+show_revocation_reason( PKT_public_key *pk, int mode )
{
/* Hmmm, this is not so easy becuase we have to duplicate the code
* used in the trustbd to calculate the keyflags. We need to find
- * a clean way to check revocation certificates on keys and signatures.
- * And there should be no duplicate code. Because we enter this function
- * only when the trustdb toldus, taht we have a revoked key, we could
- * simplylook for a revocation cert and display this one, when there is
- * only one. Let's try to do this until we have a better solution.
- */
+ * a clean way to check revocation certificates on keys and
+ * signatures. And there should be no duplicate code. Because we
+ * enter this function only when the trustdb told us that we have
+ * a revoked key, we could simply look for a revocation cert and
+ * display this one, when there is only one. Let's try to do this
+ * until we have a better solution. */
KBNODE node, keyblock = NULL;
byte fingerprint[MAX_FINGERPRINT_LEN];
size_t fingerlen;
@@ -122,9 +124,10 @@ show_revocation_reason( PKT_public_key *pk )
}
for( node=keyblock; node; node = node->next ) {
- if( ( node->pkt->pkttype == PKT_PUBLIC_KEY
+ if( (mode && node->pkt->pkttype == PKT_PUBLIC_KEY) ||
+ ( ( node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
- && !cmp_public_keys( node->pkt->pkt.public_key, pk ) )
+ && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) )
break;
}
if( !node ) {
@@ -141,9 +144,14 @@ show_revocation_reason( PKT_public_key *pk )
|| node->pkt->pkt.signature->sig_class == 0x28 ) ) {
/* FIXME: we should check the signature here */
do_show_revocation_reason ( node->pkt->pkt.signature );
+ break;
}
}
+ /* We didn't find it, so check if the whole key is revoked */
+ if(!node && !mode)
+ show_revocation_reason(pk,1);
+
release_kbnode( keyblock );
}
@@ -390,7 +398,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
log_info(_("key %08lX: key has been revoked!\n"),
(ulong)keyid_from_pk( pk, NULL) );
- show_revocation_reason( pk );
+ show_revocation_reason( pk, 0 );
if( opt.batch )
return 0; /* no */
@@ -402,7 +410,7 @@ do_we_trust( PKT_public_key *pk, unsigned int *trustlevel )
if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
log_info(_("key %08lX: subkey has been revoked!\n"),
(ulong)keyid_from_pk( pk, NULL) );
- show_revocation_reason( pk );
+ show_revocation_reason( pk, 0 );
if( opt.batch )
return 0;
@@ -553,13 +561,13 @@ check_signatures_trust( PKT_signature *sig )
write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This key has been revoked by its owner!\n"));
log_info(_(" This could mean that the signature is forgery.\n"));
- show_revocation_reason( pk );
+ show_revocation_reason( pk, 0 );
}
else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
{
write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
- show_revocation_reason( pk );
+ show_revocation_reason( pk, 0 );
}
if ((trustlevel & TRUST_FLAG_DISABLED))
diff --git a/g10/trustdb.c b/g10/trustdb.c
index ab5d1a488..df49231d1 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -759,6 +759,7 @@ get_validity (PKT_public_key *pk, const byte *namehash)
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
validity |= TRUST_FLAG_DISABLED;
+ leave:
/* set some flags direct from the key */
if (main_pk->is_revoked)
validity |= TRUST_FLAG_REVOKED;
@@ -769,7 +770,6 @@ get_validity (PKT_public_key *pk, const byte *namehash)
if (main_pk->has_expired || pk->has_expired)
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
- leave:
if (main_pk != pk)
free_public_key (main_pk);
return validity;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 10:52:57 +0000