diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 9 | ||||
| -rw-r--r-- | g10/export.c | 52 | ||||
| -rw-r--r-- | g10/keyserver.c | 12 | ||||
| -rw-r--r-- | g10/main.h | 1 | ||||
| -rw-r--r-- | g10/misc.c | 33 | ||||
| -rw-r--r-- | g10/options.h | 1 |
6 files changed, 102 insertions, 6 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 36c2bccd2..241a04115 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +2005-07-19 Werner Koch <[email protected]> + + * export.c (parse_export_options): New option + export-reset-subkey-passwd. + (do_export_stream): Implement it. + + * misc.c (get_libexecdir): New. + * keyserver.c (keyserver_spawn): Use it + 2005-07-18 Werner Koch <[email protected]> * tdbio.c (open_db): Check for EROFS. Suggested by Bryce Nichols. diff --git a/g10/export.c b/g10/export.c index 4eba4ee20..3a6ebb505 100644 --- a/g10/export.c +++ b/g10/export.c @@ -54,6 +54,9 @@ parse_export_options(char *str,unsigned int *options,int noisy) {"export-clean",EXPORT_CLEAN_SIGS|EXPORT_CLEAN_UIDS,NULL}, {"export-clean-sigs",EXPORT_CLEAN_SIGS,NULL}, {"export-clean-uids",EXPORT_CLEAN_UIDS,NULL}, + + {"export-reset-subkey-passwd", EXPORT_RESET_SUBKEY_PASSWD, NULL}, + /* Aliases for backward compatibility */ {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL}, {"include-attributes",EXPORT_ATTRIBUTES,NULL}, @@ -382,7 +385,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY ) { - /* we don't want to export the secret parts of the + /* We don't want to export the secret parts of the * primary key, this is done by using GNU protection mode 1001 */ int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode; @@ -390,6 +393,53 @@ do_export_stream( IOBUF out, STRLIST users, int secret, rc = build_packet( out, node->pkt ); node->pkt->pkt.secret_key->protect.s2k.mode = save_mode; } + else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY + && (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD)) + { + /* If the subkey is protected reset the passphrase to + export an unprotected subkey. This feature is + useful in cases of a subkey copied to an unattended + machine where a passphrase is not required. */ + PKT_secret_key *sk_save, *sk; + + sk_save = node->pkt->pkt.secret_key; + sk = copy_secret_key (NULL, sk_save); + node->pkt->pkt.secret_key = sk; + + log_info ("about to export an unprotected subkey\n"); + switch (is_secret_key_protected (sk)) + { + case -1: + rc = G10ERR_PUBKEY_ALGO; + break; + case 0: + break; + default: + if (sk->protect.s2k.mode == 1001) + ; /* No secret parts. */ + else if( sk->protect.s2k.mode == 1002 ) + ; /* Card key stub. */ + else + { + rc = check_secret_key( sk, 0 ); + } + break; + } + if (rc) + { + node->pkt->pkt.secret_key = sk_save; + free_secret_key (sk); + /* FIXME: Make translatable after releasing 1.4.2 */ + log_error ("failed to unprotect the subkey: %s\n", + g10_errstr (rc)); + goto leave; + } + + rc = build_packet (out, node->pkt); + + node->pkt->pkt.secret_key = sk_save; + free_secret_key (sk); + } else { /* Warn the user if the secret key or any of the secret diff --git a/g10/keyserver.c b/g10/keyserver.c index e98802528..39911acc9 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -865,6 +865,7 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc, struct parse_options *kopts; struct exec_info *spawn; const char *scheme; + const char *libexecdir = get_libexecdir (); assert(keyserver); @@ -886,7 +887,7 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc, Unix-like systems (since we're going to give a full path to gpgkeys_foo), but on W32 it prevents loading any DLLs from directories in %PATH%. */ - set_exec_path(GNUPG_LIBEXECDIR); + set_exec_path(libexecdir); #else if(opt.exec_path_set) { @@ -900,9 +901,9 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc, #endif { /* Specify a full path to gpgkeys_foo. */ - command=m_alloc(strlen(GNUPG_LIBEXECDIR)+strlen(DIRSEP_S)+ + command=m_alloc(strlen(libexecdir)+strlen(DIRSEP_S)+ strlen(GPGKEYS_PREFIX)+strlen(scheme)+1); - strcpy(command,GNUPG_LIBEXECDIR); + strcpy(command,libexecdir); strcat(command,DIRSEP_S); } @@ -1324,8 +1325,9 @@ keyserver_spawn(int action,STRLIST list,KEYDB_SEARCH_DESC *desc, } fail: - m_free(line); - m_free(searchstr); + xfree(line); + xfree(searchstr); + *prog=exec_finish(spawn); diff --git a/g10/main.h b/g10/main.h index 5024e5d01..8ffefbb5b 100644 --- a/g10/main.h +++ b/g10/main.h @@ -126,6 +126,7 @@ int parse_options(char *str,unsigned int *options, struct parse_options *opts,int noisy); char *unescape_percent_string (const unsigned char *s); char *default_homedir (void); +const char *get_libexecdir (void); /*-- helptext.c --*/ diff --git a/g10/misc.c b/g10/misc.c index 70667cf7e..0bf71c264 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1146,3 +1146,36 @@ default_homedir (void) return dir; } + + +/* Return the name of the libexec directory. The name is allocated in + a static area on the first use. This function won't fail. */ +const char * +get_libexecdir (void) +{ +#ifdef HAVE_W32_SYSTEM + static int got_dir; + static char *dir; + + if (!got_dir) + { + dir = read_w32_registry_string ("HKEY_LOCAL_MACHINE", + "Software\\GNU\\GnuPG", + "Install Directory"); + if (dir && !*dir) + { + /* To avoid problems with using an empty dir we don't allow + for that. */ + free (dir); + dir = NULL; + } + got_dir = 1; + } + + if (dir) + return dir; + /* Fallback to the hardwired value. */ +#endif /*HAVE_W32_SYSTEM*/ + + return GNUPG_LIBEXECDIR; +} diff --git a/g10/options.h b/g10/options.h index 0ced05932..05741a937 100644 --- a/g10/options.h +++ b/g10/options.h @@ -261,6 +261,7 @@ struct { #define EXPORT_MINIMAL (1<<3) #define EXPORT_CLEAN_SIGS (1<<4) #define EXPORT_CLEAN_UIDS (1<<5) +#define EXPORT_RESET_SUBKEY_PASSWD (1<<6) #define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_POLICY_URLS (1<<1) |