aboutsummaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/Makefile.am2
-rw-r--r--tools/call-dirmngr.c46
-rw-r--r--tools/gpg-card.c6
-rw-r--r--tools/gpg-wks-client.c35
-rw-r--r--tools/gpg-wks.h3
-rw-r--r--tools/gpgtar-create.c5
-rw-r--r--tools/gpgtar-extract.c4
-rw-r--r--tools/gpgtar-list.c4
-rw-r--r--tools/wks-util.c84
9 files changed, 165 insertions, 24 deletions
diff --git a/tools/Makefile.am b/tools/Makefile.am
index a3fe6e31c..39374e42a 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -98,7 +98,7 @@ gpgconf_LDADD = $(common_libs) \
$(LIBINTL) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
$(LIBICONV) $(W32SOCKLIBS) \
$(gpgconf_rc_objs)
-gpgconf_LDFLAGS = $(extra_bin_ldflags)
+gpgconf_LDFLAGS =
gpgconf_w32_SOURCES = $(gpgconf_SOURCES)
gpgconf_w32_LDADD = $(gpgconf_LDADD)
diff --git a/tools/call-dirmngr.c b/tools/call-dirmngr.c
index 4eef9b264..c0ddcf568 100644
--- a/tools/call-dirmngr.c
+++ b/tools/call-dirmngr.c
@@ -124,10 +124,54 @@ wkd_get_status_cb (void *opaque, const char *line)
{
struct wkd_get_parm_s *parm = opaque;
gpg_error_t err = 0;
+ const char *s, *s2;
+ const char *warn = NULL;
+ int is_note = 0;
- (void)line;
(void)parm;
+ /* Note: The code below is mostly duplicated from g10/call-dirmngr.c */
+ if ((s = has_leading_keyword (line, "WARNING"))
+ || (is_note = !!(s = has_leading_keyword (line, "NOTE"))))
+ {
+ if ((s2 = has_leading_keyword (s, "wkd_cached_result")))
+ {
+ if (opt.verbose)
+ warn = _("WKD uses a cached result");
+ }
+ else if ((s2 = has_leading_keyword (s, "tor_not_running")))
+ warn = _("Tor is not running");
+ else if ((s2 = has_leading_keyword (s, "tor_config_problem")))
+ warn = _("Tor is not properly configured");
+ else if ((s2 = has_leading_keyword (s, "dns_config_problem")))
+ warn = _("DNS is not properly configured");
+ else if ((s2 = has_leading_keyword (s, "http_redirect")))
+ warn = _("unacceptable HTTP redirect from server");
+ else if ((s2 = has_leading_keyword (s, "http_redirect_cleanup")))
+ warn = _("unacceptable HTTP redirect from server was cleaned up");
+ else if ((s2 = has_leading_keyword (s, "tls_cert_error")))
+ warn = _("server uses an invalid certificate");
+ else
+ warn = NULL;
+
+ if (warn)
+ {
+ if (is_note)
+ log_info (_("Note: %s\n"), warn);
+ else
+ log_info (_("WARNING: %s\n"), warn);
+ if (s2 && opt.verbose)
+ {
+ while (*s2 && !spacep (s2))
+ s2++;
+ while (*s2 && spacep (s2))
+ s2++;
+ if (*s2)
+ log_info ("(%s)\n", s2);
+ }
+ }
+ }
+
return err;
}
diff --git a/tools/gpg-card.c b/tools/gpg-card.c
index 9af760d86..3034a14c5 100644
--- a/tools/gpg-card.c
+++ b/tools/gpg-card.c
@@ -1243,7 +1243,7 @@ cmd_list (card_info_t info, char *argstr)
if (!info->serialno || info->need_sn_cmd)
{
- /* This is probably the first call or was explictly requested.
+ /* This is probably the first call or was explicitly requested.
* We need to send a SERIALNO command to scdaemon so that our
* session knows all cards. */
err = scd_serialno (NULL, NULL);
@@ -2740,7 +2740,7 @@ cmd_passwd (card_info_t info, char *argstr)
"in non-interactive and without a PINREF a default value is\n"
"used for these cards. The option --reset is used with TCOS\n"
"cards to reset the PIN using the PUK or vice versa; --nullpin\n"
- "is used for these cards to set the intial PIN.",
+ "is used for these cards to set the initial PIN.",
0);
if (opt.interactive || opt.verbose)
@@ -2939,7 +2939,7 @@ cmd_passwd (card_info_t info, char *argstr)
else if (!ascii_strcasecmp (pinref, "OPENPGP.3"))
log_info ("Admin PIN changed.\n");
else if (reset_mode)
- log_info ("PIN resetted.\n");
+ log_info ("PIN reset.\n");
else
log_info ("PIN changed.\n");
diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index c3cb392c4..521222631 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -1115,6 +1115,9 @@ command_check (char *userid)
log_info (" created: %s\n", asctimestamp (sl->created));
if (sl->mbox)
log_info (" addr-spec: %s\n", sl->mbox);
+ if (sl->expired || sl->revoked)
+ log_info (" flags:%s%s\n",
+ sl->expired? " expired":"", sl->revoked?" revoked":"");
}
}
if (!found)
@@ -1123,6 +1126,19 @@ command_check (char *userid)
addrspec);
err = gpg_error (GPG_ERR_CERT_REVOKED);
}
+ else if (opt.output)
+ {
+ /* Save to file. */
+ const char *fname = opt.output;
+
+ if (*fname == '-' && !fname[1])
+ fname = NULL;
+ es_rewind (key);
+ err = wks_write_to_file (key, fname);
+ if (err)
+ log_error ("writing key to '%s' failed: %s\n",
+ fname? fname : "[stdout]", gpg_strerror (err));
+ }
leave:
xfree (fpr);
@@ -1153,6 +1169,7 @@ command_send (const char *fingerprint, const char *userid)
uidinfo_list_t uidlist = NULL;
uidinfo_list_t uid, thisuid;
time_t thistime;
+ int any;
if (classify_user_id (fingerprint, &desc, 1)
|| desc.mode != KEYDB_SEARCH_MODE_FPR)
@@ -1213,12 +1230,20 @@ command_send (const char *fingerprint, const char *userid)
}
thistime = 0;
thisuid = NULL;
+ any = 0;
for (uid = uidlist; uid; uid = uid->next)
{
if (!uid->mbox)
continue; /* Should not happen anyway. */
if (policy->mailbox_only && ascii_strcasecmp (uid->uid, uid->mbox))
continue; /* UID has more than just the mailbox. */
+ if (uid->expired)
+ {
+ if (opt.verbose)
+ log_info ("ignoring expired user id '%s'\n", uid->uid);
+ continue;
+ }
+ any = 1;
if (uid->created > thistime)
{
thistime = uid->created;
@@ -1227,6 +1252,14 @@ command_send (const char *fingerprint, const char *userid)
}
if (!thisuid)
thisuid = uidlist; /* This is the case for a missing timestamp. */
+ if (!any)
+ {
+ log_error ("public key %s has no mail address '%s'\n",
+ fingerprint, addrspec);
+ err = gpg_error (GPG_ERR_INV_USER_ID);
+ goto leave;
+ }
+
if (opt.verbose)
log_info ("submitting key with user id '%s'\n", thisuid->uid);
@@ -1968,6 +2001,8 @@ mirror_one_key (estream_t key)
{
if (!uid->mbox || (uid->flags & 1))
continue; /* No mail box or already processed. */
+ if (uid->expired)
+ continue;
if (!domain_matches_mbox (domain, uid->mbox))
continue; /* We don't want this one. */
if (is_in_blacklist (uid->mbox))
diff --git a/tools/gpg-wks.h b/tools/gpg-wks.h
index 59a0aca74..93039c1e8 100644
--- a/tools/gpg-wks.h
+++ b/tools/gpg-wks.h
@@ -81,6 +81,8 @@ struct uidinfo_list_s
time_t created; /* Time the userid was created. */
char *mbox; /* NULL or the malloced mailbox from UID. */
unsigned int flags; /* These flags are cleared on creation. */
+ unsigned int expired:1;
+ unsigned int revoked:1;
char uid[1];
};
typedef struct uidinfo_list_s *uidinfo_list_t;
@@ -104,6 +106,7 @@ gpg_error_t wks_send_mime (mime_maker_t mime);
gpg_error_t wks_parse_policy (policy_flags_t flags, estream_t stream,
int ignore_unknown);
void wks_free_policy (policy_flags_t policy);
+gpg_error_t wks_write_to_file (estream_t src, const char *fname);
gpg_error_t wks_fname_from_userid (const char *userid, int hash_only,
char **r_fname, char **r_addrspec);
diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c
index c933deefe..ebcfc5229 100644
--- a/tools/gpgtar-create.c
+++ b/tools/gpgtar-create.c
@@ -1141,6 +1141,7 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names,
{
strlist_t arg;
ccparray_t ccp;
+ int except[2] = { -1, -1 };
const char **argv;
/* '--encrypt' may be combined with '--symmetric', but 'encrypt'
@@ -1164,6 +1165,7 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names,
snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
ccparray_put (&ccp, tmpbuf);
+ except[0] = opt.status_fd;
}
ccparray_put (&ccp, "--output");
@@ -1196,7 +1198,8 @@ gpgtar_create (char **inpattern, const char *files_from, int null_names,
}
err = gnupg_process_spawn (opt.gpg_program, argv,
- GNUPG_PROCESS_STDIN_PIPE, NULL, NULL, &proc);
+ GNUPG_PROCESS_STDIN_PIPE,
+ gnupg_spawn_helper, except, &proc);
xfree (argv);
if (err)
goto leave;
diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c
index 49e836d0f..9d5abd33d 100644
--- a/tools/gpgtar-extract.c
+++ b/tools/gpgtar-extract.c
@@ -369,6 +369,7 @@ gpgtar_extract (const char *filename, int decrypt)
{
strlist_t arg;
ccparray_t ccp;
+ int except[2] = { -1, -1 };
const char **argv;
ccparray_init (&ccp, 0);
@@ -382,6 +383,7 @@ gpgtar_extract (const char *filename, int decrypt)
snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
ccparray_put (&ccp, tmpbuf);
+ except[0] = opt.status_fd;
}
if (opt.with_log)
{
@@ -411,7 +413,7 @@ gpgtar_extract (const char *filename, int decrypt)
err = gnupg_process_spawn (opt.gpg_program, argv,
((filename ? GNUPG_PROCESS_STDIN_NULL : 0)
| GNUPG_PROCESS_STDOUT_PIPE),
- NULL, NULL, &proc);
+ gnupg_spawn_helper, except, &proc);
xfree (argv);
if (err)
goto leave;
diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c
index f773e9d10..6d824d35c 100644
--- a/tools/gpgtar-list.c
+++ b/tools/gpgtar-list.c
@@ -468,6 +468,7 @@ gpgtar_list (const char *filename, int decrypt)
{
strlist_t arg;
ccparray_t ccp;
+ int except[2] = { -1, -1 };
const char **argv;
ccparray_init (&ccp, 0);
@@ -481,6 +482,7 @@ gpgtar_list (const char *filename, int decrypt)
snprintf (tmpbuf, sizeof tmpbuf, "--status-fd=%d", opt.status_fd);
ccparray_put (&ccp, tmpbuf);
+ except[0] = opt.status_fd;
}
ccparray_put (&ccp, "--output");
ccparray_put (&ccp, "-");
@@ -504,7 +506,7 @@ gpgtar_list (const char *filename, int decrypt)
err = gnupg_process_spawn (opt.gpg_program, argv,
((filename ? GNUPG_PROCESS_STDIN_NULL : 0)
| GNUPG_PROCESS_STDOUT_PIPE),
- NULL, NULL, &proc);
+ gnupg_spawn_helper, except, &proc);
xfree (argv);
if (err)
goto leave;
diff --git a/tools/wks-util.c b/tools/wks-util.c
index 1472f7035..0aeb94b1d 100644
--- a/tools/wks-util.c
+++ b/tools/wks-util.c
@@ -101,7 +101,8 @@ wks_write_status (int no, const char *format, ...)
* updated. C-style escaping is removed from UID. On error ERRNO is
* set and NULL returned. */
static uidinfo_list_t
-append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created)
+append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created,
+ int expired, int revoked)
{
uidinfo_list_t r, sl;
char *plainuid;
@@ -121,6 +122,8 @@ append_to_uidinfo_list (uidinfo_list_t *list, const char *uid, time_t created)
sl->created = created;
sl->flags = 0;
sl->mbox = mailbox_from_userid (plainuid, 0);
+ sl->expired = !!expired;
+ sl->revoked = !!revoked;
sl->next = NULL;
if (!*list)
*list = sl;
@@ -296,6 +299,22 @@ key_status_cb (void *opaque, const char *keyword, char *args)
}
+/* Parse field 1 and set revoked and expired on return. */
+static void
+set_expired_revoked (const char *string, int *expired, int *revoked)
+{
+ *expired = *revoked = 0;
+ /* Look at letters and stop at the first digit. */
+ for ( ;*string && !digitp (string); string++)
+ {
+ if (*string == 'e')
+ *expired = 1;
+ else if (*string == 'r')
+ *revoked = 1;
+ }
+}
+
+
/* Run gpg on KEY and store the primary fingerprint at R_FPR and the
* list of mailboxes at R_MBOXES. Returns 0 on success; on error NULL
* is stored at R_FPR and R_MBOXES and an error code is returned.
@@ -316,6 +335,7 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
int lnr;
char *fpr = NULL;
uidinfo_list_t mboxes = NULL;
+ int expired, revoked;
if (r_fpr)
*r_fpr = NULL;
@@ -364,6 +384,7 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
es_rewind (listing);
lnr = 0;
+ expired = revoked = 0;
maxlen = 2048; /* Set limit. */
while ((len = es_read_line (listing, &line, &length_of_line, &maxlen)) > 0)
{
@@ -408,12 +429,20 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
err = gpg_error (GPG_ERR_INV_ENGINE);
goto leave;
}
- if (lnr > 1 && !strcmp (fields[0], "pub"))
+ if (!strcmp (fields[0], "pub"))
{
- /* More than one public key. */
- err = gpg_error (GPG_ERR_TOO_MANY);
- goto leave;
+ if (lnr > 1)
+ {
+ /* More than one public key. */
+ err = gpg_error (GPG_ERR_TOO_MANY);
+ goto leave;
+ }
+ if (nfields > 1)
+ set_expired_revoked (fields[1], &expired, &revoked);
+ else
+ expired = revoked = 0;
}
+
if (!strcmp (fields[0], "sub") || !strcmp (fields[0], "ssb"))
break; /* We can stop parsing here. */
@@ -428,8 +457,13 @@ wks_list_key (estream_t key, char **r_fpr, uidinfo_list_t *r_mboxes)
}
else if (!strcmp (fields[0], "uid") && nfields > 9)
{
+ int uidexpired, uidrevoked;
+
+ set_expired_revoked (fields[1], &uidexpired, &uidrevoked);
if (!append_to_uidinfo_list (&mboxes, fields[9],
- parse_timestamp (fields[5], NULL)))
+ parse_timestamp (fields[5], NULL),
+ expired || uidexpired,
+ revoked || uidrevoked))
{
err = gpg_error_from_syserror ();
goto leave;
@@ -858,18 +892,27 @@ wks_free_policy (policy_flags_t policy)
}
-/* Write the content of SRC to the new file FNAME. */
-static gpg_error_t
-write_to_file (estream_t src, const char *fname)
+/* Write the content of SRC to the new file FNAME. If FNAME is NULL
+ * SRC is written to stdout. */
+gpg_error_t
+wks_write_to_file (estream_t src, const char *fname)
{
gpg_error_t err;
estream_t dst;
char buffer[4096];
size_t nread, written;
- dst = es_fopen (fname, "wb");
- if (!dst)
- return gpg_error_from_syserror ();
+ if (!fname)
+ {
+ dst = es_stdout;
+ es_set_binary (es_stdout);
+ }
+ else
+ {
+ dst = es_fopen (fname, "wb");
+ if (!dst)
+ return gpg_error_from_syserror ();
+ }
do
{
@@ -884,12 +927,15 @@ write_to_file (estream_t src, const char *fname)
if (!es_feof (src) || es_ferror (src) || es_ferror (dst))
{
err = gpg_error_from_syserror ();
- es_fclose (dst);
- gnupg_remove (fname);
+ if (dst != es_stdout)
+ {
+ es_fclose (dst);
+ gnupg_remove (fname);
+ }
return err;
}
- if (es_fclose (dst))
+ if (dst != es_stdout && es_fclose (dst))
{
err = gpg_error_from_syserror ();
log_error ("error closing '%s': %s\n", fname, gpg_strerror (err));
@@ -1191,7 +1237,7 @@ wks_install_key_core (estream_t key, const char *addrspec)
goto leave;
/* Publish. */
- err = write_to_file (key, huname);
+ err = wks_write_to_file (key, huname);
if (err)
{
log_error ("copying key to '%s' failed: %s\n", huname,gpg_strerror (err));
@@ -1279,6 +1325,12 @@ wks_cmd_install_key (const char *fname, const char *userid)
continue; /* Should not happen anyway. */
if (ascii_strcasecmp (uid->mbox, addrspec))
continue; /* Not the requested addrspec. */
+ if (uid->expired)
+ {
+ if (opt.verbose)
+ log_info ("ignoring expired user id '%s'\n", uid->uid);
+ continue;
+ }
any = 1;
if (uid->created > thistime)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-27 10:59:01 +0000