diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/cpr.c | 13 | ||||
| -rw-r--r-- | g10/export.c | 11 | ||||
| -rw-r--r-- | g10/gpg.c | 4 | ||||
| -rw-r--r-- | g10/keygen.c | 10 | ||||
| -rw-r--r-- | g10/keyserver-internal.h | 4 | ||||
| -rw-r--r-- | g10/keyserver.c | 58 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/options.h | 5 |
8 files changed, 95 insertions, 12 deletions
@@ -280,6 +280,19 @@ write_status_printf (int no, const char *format, ...) g10_exit (0); } +/* Write a WARNING status line using a full gpg-error error value. */ +void +write_status_warning (const char *where, gpg_error_t err) +{ + if (!statusfp || !status_currently_allowed (STATUS_WARNING)) + return; /* Not enabled or allowed. */ + + es_fprintf (statusfp, "[GNUPG:] %s %s %u\n", + get_status_string (STATUS_WARNING), where, err); + if (es_fflush (statusfp) && opt.exit_on_status_write_error) + g10_exit (0); +} + /* Write an ERROR status line using a full gpg-error error value. */ void diff --git a/g10/export.c b/g10/export.c index ffc37297c..5dcb9c665 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1403,7 +1403,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) /* Print an "EXPORTED" status line. PK is the primary public key. */ -static void +void print_status_exported (PKT_public_key *pk) { char *hexfpr; @@ -2018,7 +2018,8 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) { stats->exported++; - print_status_exported (node->pkt->pkt.public_key); + if (!(options & EXPORT_NO_STATUS)) + print_status_exported (node->pkt->pkt.public_key); } } else if (!err) @@ -2054,7 +2055,8 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, if (node->pkt->pkttype == PKT_PUBLIC_KEY) { stats->exported++; - print_status_exported (node->pkt->pkt.public_key); + if (!(options & EXPORT_NO_STATUS)) + print_status_exported (node->pkt->pkt.public_key); } } } @@ -2088,7 +2090,8 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) { stats->exported++; - print_status_exported (node->pkt->pkt.public_key); + if (!(options & EXPORT_NO_STATUS)) + print_status_exported (node->pkt->pkt.public_key); } } @@ -379,6 +379,7 @@ enum cmd_and_opt_values oNoAutoKeyRetrieve, oAutoKeyImport, oNoAutoKeyImport, + oAutoKeyUpload, oUseAgent, oNoUseAgent, oGpgAgentInfo, @@ -808,6 +809,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_n (oNoAutoKeyImport, "no-auto-key-import", "@"), ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"), ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"), + ARGPARSE_s_n (oAutoKeyUpload, "auto-key-upload", "@"), ARGPARSE_s_n (oIncludeKeyBlock, "include-key-block", N_("include the public key in signatures")), ARGPARSE_s_n (oNoIncludeKeyBlock, "no-include-key-block", "@"), @@ -3606,6 +3608,8 @@ main (int argc, char **argv) opt.keyserver_options.options &= ~KEYSERVER_AUTO_KEY_RETRIEVE; break; + case oAutoKeyUpload: opt.flags.auto_key_upload = 1; break; + case oShowOnlySessionKey: opt.show_only_session_key = 1; /* fallthru */ diff --git a/g10/keygen.c b/g10/keygen.c index 79f4e503b..1f4388f39 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -6745,6 +6745,16 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, es_fflush (es_stdout); if (any_adsk) log_info (_("Note: The key has been created with one or more ADSK!\n")); + + if (opt.flags.auto_key_upload) + { + unsigned int saved_options = opt.keyserver_options.options; + + opt.keyserver_options.options |= KEYSERVER_LDAP_ONLY; + opt.keyserver_options.options |= KEYSERVER_WARN_ONLY; + keyserver_export_pubkey (ctrl, pk, 1/*Assume new key*/); + opt.keyserver_options.options = saved_options; + } } release_kbnode (pub_root); diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h index 9506fd015..83d36b6bb 100644 --- a/g10/keyserver-internal.h +++ b/g10/keyserver-internal.h @@ -38,7 +38,11 @@ struct keyserver_spec *parse_keyserver_uri (const char *string, int require_scheme); struct keyserver_spec *parse_preferred_keyserver(PKT_signature *sig); int keyserver_any_configured (ctrl_t ctrl); + gpg_error_t keyserver_export (ctrl_t ctrl, strlist_t users, int assume_new_key); +gpg_error_t keyserver_export_pubkey (ctrl_t ctrl, PKT_public_key *pk, + int assume_new_key); + gpg_error_t keyserver_import (ctrl_t ctrl, strlist_t users, unsigned int flags); int keyserver_import_fpr (ctrl_t ctrl, const byte *fprint,size_t fprint_len, struct keyserver_spec *keyserver, diff --git a/g10/keyserver.c b/g10/keyserver.c index bdfbde5c3..99a5e350a 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -829,6 +829,27 @@ keyserver_export (ctrl_t ctrl, strlist_t users, int assume_new_key) } +/* Send the public key specified by PK to the configured keyserver. + * If ASSUME_NEW_KEY is true the KEYSERVER_UPDATE_BEFORE_SEND option + * will be ignored. */ +gpg_error_t +keyserver_export_pubkey (ctrl_t ctrl, PKT_public_key *pk, int assume_new_key) +{ + gpg_error_t err; + strlist_t keyspec = NULL; + char fpr[2*MAX_FINGERPRINT_LEN+1]; + + hexfingerprint (pk, fpr, sizeof fpr); + add_to_strlist (&keyspec, fpr); + err = keyserver_put (ctrl, keyspec, assume_new_key); + free_strlist (keyspec); + + return err; +} + + + + /* Structure to convey the arg to keyserver_retrieval_screener. */ struct ks_retrieval_screener_arg_s { @@ -1608,13 +1629,15 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, /* Send all keys specified by KEYSPECS to the configured keyserver. * If ASSUME_NEW_KEY is true the KEYSERVER_UPDATE_BEFORE_SEND option - * will be ignored. */ + * will be ignored. */ static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs, int assume_new_key) { gpg_error_t err; strlist_t kspec; char *ksurl; + int warn_only = !!(opt.keyserver_options.options & KEYSERVER_WARN_ONLY); + int loglvl = warn_only? GPGRT_LOGLVL_INFO : GPGRT_LOGLVL_ERROR; if (!keyspecs) return 0; /* Return success if the list is empty. */ @@ -1622,10 +1645,21 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs, int assume_new_key) /* Get the name of the used keyservers. */ if (gpg_dirmngr_ks_list (ctrl, &ksurl)) { - log_error (_("no keyserver known\n")); + gpgrt_log (loglvl, _("no keyserver known\n")); return gpg_error (GPG_ERR_NO_KEYSERVER); } + /* Check the LDAP only flag */ + if ((opt.keyserver_options.options & KEYSERVER_LDAP_ONLY) + && !(ksurl && (!strncmp (ksurl, "ldap:", 5) + || !strncmp (ksurl, "ldaps:", 6)))) + { + if (opt.verbose) + log_info (_("upload skipped due to non-LDAP keyserver\n")); + err = 0; + goto leave; + } + /* If the option is active, we first try to import the keys given by * fingerprint from the keyserver. For example, if some PKI server * has signed a key and the user has not yet imported that updated @@ -1656,11 +1690,13 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs, int assume_new_key) kbnode_t keyblock; err = export_pubkey_buffer (ctrl, kspec->d, - opt.keyserver_options.export_options, + (opt.keyserver_options.export_options + | EXPORT_NO_STATUS), NULL, 0, NULL, &keyblock, &data, &datalen); if (err) - log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err)); + gpgrt_log (loglvl, _("skipped \"%s\": %s\n"), + kspec->d, gpg_strerror (err)); else { if (!opt.quiet) @@ -1669,18 +1705,24 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs, int assume_new_key) ksurl?ksurl:"[?]"); err = gpg_dirmngr_ks_put (ctrl, data, datalen, keyblock); - release_kbnode (keyblock); xfree (data); if (err) { - write_status_error ("keyserver_send", err); - log_error (_("keyserver send failed: %s\n"), gpg_strerror (err)); + if (warn_only) + write_status_warning ("keyserver_send", err); + else + write_status_error ("keyserver_send", err); + gpgrt_log (loglvl, _("keyserver send failed: %s\n"), + gpg_strerror (err)); } + else /* On success print a status line. */ + print_status_exported (keyblock->pkt->pkt.public_key); + release_kbnode (keyblock); } } + leave: xfree (ksurl); - return err; } diff --git a/g10/main.h b/g10/main.h index 5d96b5e27..ab01091d0 100644 --- a/g10/main.h +++ b/g10/main.h @@ -202,6 +202,7 @@ unsigned int ecdsa_qbits_from_Q (unsigned int qbits); void set_status_fd ( int fd ); int is_status_enabled ( void ); void write_status ( int no ); +void write_status_warning (const char *where, gpg_error_t err); void write_status_error (const char *where, gpg_error_t err); void write_status_errcode (const char *where, int errcode); void write_status_failure (const char *where, gpg_error_t err); @@ -419,6 +420,7 @@ typedef struct export_stats_s *export_stats_t; export_stats_t export_new_stats (void); void export_release_stats (export_stats_t stats); void export_print_stats (export_stats_t stats); +void print_status_exported (PKT_public_key *pk); int parse_export_options(char *str,unsigned int *options,int noisy); gpg_error_t parse_and_set_export_filter (const char *string); diff --git a/g10/options.h b/g10/options.h index c7f21086c..5512ecb11 100644 --- a/g10/options.h +++ b/g10/options.h @@ -286,6 +286,8 @@ struct unsigned int disable_signer_uid:1; unsigned int include_key_block:1; unsigned int auto_key_import:1; + /* Option to upload new or modified keys to an LDAP server. */ + unsigned int auto_key_upload:1; /* Flag to enable experimental features from RFC4880bis. */ unsigned int rfc4880bis:1; /* Hack: --output is not given but OUTFILE was temporary set to "-". */ @@ -445,6 +447,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define EXPORT_REVOCS (1<<11) #define EXPORT_MODE1003 (1<<12) #define EXPORT_REALCLEAN (1<<13) +#define EXPORT_NO_STATUS (1<<20) /*Do not emit status lines.*/ #define LIST_SHOW_PHOTOS (1<<0) #define LIST_SHOW_POLICY_URLS (1<<1) @@ -487,6 +490,8 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3) #define KEYSERVER_HONOR_KEYSERVER_URL (1<<4) #define KEYSERVER_UPDATE_BEFORE_SEND (1<<5) +#define KEYSERVER_LDAP_ONLY (1<<6) /* Use only LDAP servers. */ +#define KEYSERVER_WARN_ONLY (1<<7) /* no error - just warn. */ #endif /*G10_OPTIONS_H*/ |