diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/import.c | 5 | ||||
| -rw-r--r-- | g10/key-check.c | 143 | ||||
| -rw-r--r-- | g10/keyedit.c | 100 | ||||
| -rw-r--r-- | g10/keygen.c | 3 | ||||
| -rw-r--r-- | g10/trust.c | 20 |
5 files changed, 178 insertions, 93 deletions
diff --git a/g10/import.c b/g10/import.c index 8dd6b501e..71e39557c 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1778,7 +1778,7 @@ import_one (ctrl_t ctrl, merge_keys_done = 1; /* Note that we do not want to show the validity because the key * has not yet imported. */ - list_keyblock_direct (ctrl, keyblock, 0, 0, + list_keyblock_direct (ctrl, keyblock, from_sk, 0, opt.fingerprint || opt.with_fingerprint, 1); es_fflush (es_stdout); } @@ -2532,7 +2532,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock, /* At least we cancel the secret key import when the public key import was skipped due to MERGE_ONLY option and a new key. */ - if (stats->skipped_new_keys <= nr_prev) + if (!(opt.dry_run || (options & IMPORT_DRY_RUN)) + && stats->skipped_new_keys <= nr_prev) { /* Read the keyblock again to get the effects of a merge. */ /* Fixme: we should do this based on the fingerprint or diff --git a/g10/key-check.c b/g10/key-check.c index d32067b99..86b1e769d 100644 --- a/g10/key-check.c +++ b/g10/key-check.c @@ -32,6 +32,27 @@ #include "key-check.h" + +/* Print PREFIX followed by TEXT. With mode > 0 use log_info, with + * mode < 0 use ttyio, else print to stdout. If TEXT is not NULL, it + * may be modified by this function. */ +static void +print_info (int mode, const char *prefix, char *text) +{ + char *p; + + if (!text) + text = ""; + else if ((p = strchr (text,'\n'))) + *p = 0; /* Strip LF. */ + + if (mode > 0) + log_info ("%s %s\n", prefix, text); + else + tty_fprintf (mode? NULL:es_stdout, "%s %s\n", prefix, text); +} + + /* Order two signatures. The actual ordering isn't important. Our * goal is to ensure that identical signatures occur together. */ static int @@ -100,7 +121,6 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, int only_selected, int only_selfsigs) { gpg_error_t err; - estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; PKT_public_key *pk; KBNODE n, n_next, *n_prevp, n2; char *pending_desc = NULL; @@ -476,8 +496,9 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, has_selfsig = 1; } - if ((n2 && n2 != last_printed_component) - || (! n2 && last_printed_component != current_component)) + if (DBG_PACKET + && ((n2 && n2 != last_printed_component) + || (! n2 && last_printed_component != current_component))) { int is_reordered = n2 && n2 != current_component; if (n2) @@ -489,36 +510,34 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, ; else if (last_printed_component->pkt->pkttype == PKT_USER_ID) { - tty_fprintf (fp, "uid "); - tty_print_utf8_string2 (fp, - last_printed_component - ->pkt->pkt.user_id->name, - last_printed_component - ->pkt->pkt.user_id->len, 0); + log_debug ("uid "); + print_utf8_buffer (log_get_stream (), + last_printed_component + ->pkt->pkt.user_id->name, + last_printed_component + ->pkt->pkt.user_id->len); + log_flush (); } else if (last_printed_component->pkt->pkttype == PKT_PUBLIC_KEY) - tty_fprintf (fp, "pub %s", - pk_keyid_str (last_printed_component + log_debug ("pub %s\n", + pk_keyid_str (last_printed_component ->pkt->pkt.public_key)); else - tty_fprintf (fp, "sub %s", - pk_keyid_str (last_printed_component - ->pkt->pkt.public_key)); + log_debug ("sub %s\n", + pk_keyid_str (last_printed_component + ->pkt->pkt.public_key)); if (modified) { if (is_reordered) - tty_fprintf (fp, _(" (reordered signatures follow)")); - if (mode > 0) - log_printf ("\n"); - else - tty_fprintf (fp, "\n"); + log_debug ("%s\n", _(" (reordered signatures follow)")); } } - if (modified) - keyedit_print_one_sig (ctrl, fp, rc, kb, n, NULL, NULL, NULL, + if (DBG_PACKET && modified) + keyedit_print_one_sig (ctrl, log_get_stream (), + rc, kb, n, NULL, NULL, NULL, has_selfsig, 0, only_selfsigs); } @@ -624,32 +643,62 @@ key_check_all_keysigs (ctrl_t ctrl, int mode, kbnode_t kb, } } - if (dups || missing_issuer || bad_signature || reordered) - tty_fprintf (fp, _("key %s:\n"), pk_keyid_str (pk)); - - if (dups) - tty_fprintf (fp, - ngettext ("%d duplicate signature removed\n", - "%d duplicate signatures removed\n", dups), dups); - if (missing_issuer) - tty_fprintf (fp, - ngettext ("%d signature not checked due to a missing key\n", - "%d signatures not checked due to missing keys\n", - missing_issuer), missing_issuer); - if (bad_signature) - tty_fprintf (fp, - ngettext ("%d bad signature\n", - "%d bad signatures\n", - bad_signature), bad_signature); - if (reordered) - tty_fprintf (fp, - ngettext ("%d signature reordered\n", - "%d signatures reordered\n", - reordered), reordered); - - if (only_selfsigs && (bad_signature || reordered)) - tty_fprintf (fp, _("Warning: errors found and only checked self-signatures," - " run '%s' to check all signatures.\n"), "check"); + if (!opt.quiet) + { + char prefix[100]; + char *p; + + /* To avoid string changes in 2.2 we strip the LF here. */ + snprintf (prefix, sizeof prefix, _("key %s:\n"), pk_keyid_str (pk)); + p = strrchr (prefix, '\n'); + if (p) + *p = 0; + + if (dups) + { + p = xtryasprintf + (ngettext ("%d duplicate signature removed\n", + "%d duplicate signatures removed\n", dups), dups); + print_info (mode, prefix, p); + xfree (p); + } + + if (missing_issuer) + { + p = xtryasprintf + (ngettext ("%d signature not checked due to a missing key\n", + "%d signatures not checked due to missing keys\n", + missing_issuer), missing_issuer); + print_info (mode, prefix, p); + xfree (p); + } + if (bad_signature) + { + p = xtryasprintf (ngettext ("%d bad signature\n", + "%d bad signatures\n", + bad_signature), bad_signature); + print_info (mode, prefix, p); + xfree (p); + } + + if (reordered) + { + p = xtryasprintf (ngettext ("%d signature reordered\n", + "%d signatures reordered\n", + reordered), reordered); + print_info (mode, prefix, p); + xfree (p); + } + + if (only_selfsigs && (bad_signature || reordered)) + { + p = xtryasprintf + (_("Warning: errors found and only checked self-signatures," + " run '%s' to check all signatures.\n"), "check"); + print_info (mode, prefix, p); + xfree (p); + } + } return modified; } diff --git a/g10/keyedit.c b/g10/keyedit.c index 38cdbce3a..4acb2de5f 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1223,10 +1223,8 @@ parse_sign_type (const char *str, int *localsig, int *nonrevokesig, /* Need an SK for this command */ #define KEYEDIT_NEED_SK 1 -/* Cannot be viewing the SK for this command */ -#define KEYEDIT_NOT_SK 2 -/* Must be viewing the SK for this command */ -#define KEYEDIT_ONLY_SK 4 +/* Need an SUB KEY for this command */ +#define KEYEDIT_NEED_SUBSK 2 /* Match the tail of the string */ #define KEYEDIT_TAIL_MATCH 8 @@ -1268,12 +1266,12 @@ static struct { "key", cmdSELKEY, 0, N_("select subkey N")}, { "check", cmdCHECK, 0, N_("check signatures")}, { "c", cmdCHECK, 0, NULL}, - { "change-usage", cmdCHANGEUSAGE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "cross-certify", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "backsign", cmdBACKSIGN, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "sign", cmdSIGN, KEYEDIT_NOT_SK | KEYEDIT_TAIL_MATCH, + { "change-usage", cmdCHANGEUSAGE, KEYEDIT_NEED_SK, NULL}, + { "cross-certify", cmdBACKSIGN, KEYEDIT_NEED_SK, NULL}, + { "backsign", cmdBACKSIGN, KEYEDIT_NEED_SK, NULL}, + { "sign", cmdSIGN, KEYEDIT_TAIL_MATCH, N_("sign selected user IDs [* see below for related commands]")}, - { "s", cmdSIGN, KEYEDIT_NOT_SK, NULL}, + { "s", cmdSIGN, 0, NULL}, /* "lsign" and friends will never match since "sign" comes first and it is a tail match. They are just here so they show up in the help menu. */ @@ -1282,62 +1280,62 @@ static struct { "nrsign", cmdNOP, 0, N_("sign selected user IDs with a non-revocable signature")}, { "debug", cmdDEBUG, 0, NULL}, - { "adduid", cmdADDUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a user ID")}, - { "addphoto", cmdADDPHOTO, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "adduid", cmdADDUID, KEYEDIT_NEED_SK, N_("add a user ID")}, + { "addphoto", cmdADDPHOTO, KEYEDIT_NEED_SK, N_("add a photo ID")}, - { "deluid", cmdDELUID, KEYEDIT_NOT_SK, N_("delete selected user IDs")}, + { "deluid", cmdDELUID, 0, N_("delete selected user IDs")}, /* delphoto is really deluid in disguise */ - { "delphoto", cmdDELUID, KEYEDIT_NOT_SK, NULL}, - { "addkey", cmdADDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("add a subkey")}, + { "delphoto", cmdDELUID, 0, NULL}, + { "addkey", cmdADDKEY, KEYEDIT_NEED_SK, N_("add a subkey")}, #ifdef ENABLE_CARD_SUPPORT - { "addcardkey", cmdADDCARDKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "addcardkey", cmdADDCARDKEY, KEYEDIT_NEED_SK, N_("add a key to a smartcard")}, - { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK, + { "keytocard", cmdKEYTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("move a key to a smartcard")}, - { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_ONLY_SK, + { "bkuptocard", cmdBKUPTOCARD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("move a backup key to a smartcard")}, #endif /*ENABLE_CARD_SUPPORT */ - { "delkey", cmdDELKEY, KEYEDIT_NOT_SK, N_("delete selected subkeys")}, - { "addrevoker", cmdADDREVOKER, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "delkey", cmdDELKEY, 0, N_("delete selected subkeys")}, + { "addrevoker", cmdADDREVOKER, KEYEDIT_NEED_SK, N_("add a revocation key")}, - { "delsig", cmdDELSIG, KEYEDIT_NOT_SK, + { "delsig", cmdDELSIG, 0, N_("delete signatures from the selected user IDs")}, - { "expire", cmdEXPIRE, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "expire", cmdEXPIRE, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("change the expiration date for the key or selected subkeys")}, - { "primary", cmdPRIMARY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "primary", cmdPRIMARY, KEYEDIT_NEED_SK, N_("flag the selected user ID as primary")}, { "toggle", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, /* Dummy command. */ { "t", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, - { "pref", cmdPREF, KEYEDIT_NOT_SK, N_("list preferences (expert)")}, - { "showpref", cmdSHOWPREF, KEYEDIT_NOT_SK, N_("list preferences (verbose)")}, - { "setpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "pref", cmdPREF, 0, N_("list preferences (expert)")}, + { "showpref", cmdSHOWPREF, 0, N_("list preferences (verbose)")}, + { "setpref", cmdSETPREF, KEYEDIT_NEED_SK, N_("set preference list for the selected user IDs")}, - { "updpref", cmdSETPREF, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "keyserver", cmdPREFKS, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "updpref", cmdSETPREF, KEYEDIT_NEED_SK, NULL}, + { "keyserver", cmdPREFKS, KEYEDIT_NEED_SK, N_("set the preferred keyserver URL for the selected user IDs")}, - { "notation", cmdNOTATION, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "notation", cmdNOTATION, KEYEDIT_NEED_SK, N_("set a notation for the selected user IDs")}, - { "passwd", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "passwd", cmdPASSWD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, N_("change the passphrase")}, - { "password", cmdPASSWD, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, + { "password", cmdPASSWD, KEYEDIT_NEED_SK | KEYEDIT_NEED_SUBSK, NULL}, #ifndef NO_TRUST_MODELS - { "trust", cmdTRUST, KEYEDIT_NOT_SK, N_("change the ownertrust")}, + { "trust", cmdTRUST, 0, N_("change the ownertrust")}, #endif /*!NO_TRUST_MODELS*/ - { "revsig", cmdREVSIG, KEYEDIT_NOT_SK, + { "revsig", cmdREVSIG, 0, N_("revoke signatures on the selected user IDs")}, - { "revuid", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "revuid", cmdREVUID, KEYEDIT_NEED_SK, N_("revoke selected user IDs")}, - { "revphoto", cmdREVUID, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, NULL}, - { "revkey", cmdREVKEY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, + { "revphoto", cmdREVUID, KEYEDIT_NEED_SK, NULL}, + { "revkey", cmdREVKEY, KEYEDIT_NEED_SK, N_("revoke key or selected subkeys")}, #ifndef NO_TRUST_MODELS - { "enable", cmdENABLEKEY, KEYEDIT_NOT_SK, N_("enable key")}, - { "disable", cmdDISABLEKEY, KEYEDIT_NOT_SK, N_("disable key")}, + { "enable", cmdENABLEKEY, 0, N_("enable key")}, + { "disable", cmdDISABLEKEY, 0, N_("disable key")}, #endif /*!NO_TRUST_MODELS*/ { "showphoto", cmdSHOWPHOTO, 0, N_("show selected photo IDs")}, - { "clean", cmdCLEAN, KEYEDIT_NOT_SK, + { "clean", cmdCLEAN, 0, N_("compact unusable user IDs and remove unusable signatures from key")}, - { "minimize", cmdMINIMIZE, KEYEDIT_NOT_SK, + { "minimize", cmdMINIMIZE, 0, N_("compact unusable user IDs and remove all signatures from key")}, { NULL, cmdNONE, 0, NULL} @@ -1406,6 +1404,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, KBNODE keyblock = NULL; KEYDB_HANDLE kdbhd = NULL; int have_seckey = 0; + int have_anyseckey = 0; char *answer = NULL; int redisplay = 1; int modified = 0; @@ -1448,9 +1447,18 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, /* See whether we have a matching secret key. */ if (seckey_check) { - have_seckey = !agent_probe_any_secret_key (ctrl, keyblock); + have_anyseckey = !agent_probe_any_secret_key (ctrl, keyblock); + if (have_anyseckey + && !agent_probe_secret_key (ctrl, keyblock->pkt->pkt.public_key)) + { + /* The primary key is also available. */ + have_seckey = 1; + } + if (have_seckey && !quiet) - tty_printf (_("Secret key is available.\n")); + tty_printf (_("Secret key is available.\n")); + else if (have_anyseckey && !quiet) + tty_printf (_("Secret subkeys are available.\n")); } /* Main command loop. */ @@ -1548,12 +1556,14 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, else if (!ascii_strcasecmp (answer, cmds[i].name)) break; } - if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey) + if ((cmds[i].flags & (KEYEDIT_NEED_SK|KEYEDIT_NEED_SUBSK)) + && !(((cmds[i].flags & KEYEDIT_NEED_SK) && have_seckey) + || ((cmds[i].flags & KEYEDIT_NEED_SUBSK) && have_anyseckey))) { tty_printf (_("Need the secret key to do this.\n")); cmd = cmdNOP; } - else + else cmd = cmds[i].id; } @@ -1563,7 +1573,9 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, case cmdHELP: for (i = 0; cmds[i].name; i++) { - if ((cmds[i].flags & KEYEDIT_NEED_SK) && !have_seckey) + if ((cmds[i].flags & (KEYEDIT_NEED_SK|KEYEDIT_NEED_SUBSK)) + && !(((cmds[i].flags & KEYEDIT_NEED_SK) && have_seckey) + ||((cmds[i].flags&KEYEDIT_NEED_SUBSK)&&have_anyseckey))) ; /* Skip those item if we do not have the secret key. */ else if (cmds[i].desc) tty_printf ("%-11s %s\n", cmds[i].name, _(cmds[i].desc)); diff --git a/g10/keygen.c b/g10/keygen.c index e959ee901..1dddfeeda 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -5050,6 +5050,9 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/, &cache_nonce, &passwd_nonce); xfree (desc); + if (gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED + && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT) + err = 0; /* Very likely that the key is on a card. */ if (err) goto leave; } diff --git a/g10/trust.c b/g10/trust.c index ee6078b5a..6d4f0e74b 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -66,6 +66,26 @@ register_trusted_key (const char *string) #ifdef NO_TRUST_MODELS (void)string; #else + + /* Some users have conf files with entries like + * trusted-key 0x1234567812345678 # foo + * That is obviously wrong. Before fixing bug#1206 trailing garbage + * on a key specification if was ignored. We detect the above use case + * here and cut off the junk-looking-like-a comment. */ + if (strchr (string, '#')) + { + char *buf; + + buf = xtrystrdup (string); + if (buf) + { + *strchr (buf, '#') = 0; + tdb_register_trusted_key (buf); + xfree (buf); + return; + } + } + tdb_register_trusted_key (string); #endif } |