From 278f85d1bc6cd012b3b2e87536e50954b21d2d91 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 6 Dec 2022 09:23:16 +0100
Subject: wkd: Do not send/install/mirror expired user ids.

* tools/gpg-wks.h (struct uidinfo_list_s): Add fields expired and
revoked.
* tools/wks-util.c (append_to_uidinfo_list): Add args expired and
revoked.
(set_expired_revoked): New.
(wks_list_key): Set expired and revoked.
(wks_cmd_install_key): Skip expired uids.
* tools/gpg-wks-client.c (command_check): Print flags.
(command_send): Ignore expired keys.
(mirror_one_key): Ditto.

* g10/export.c (do_export_stream): Silence warning.
--

GnuPG-bug-id: 6292
---
 tools/gpg-wks-client.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'tools/gpg-wks-client.c')

diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index c3cb392c4..c603cc043 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -1115,6 +1115,9 @@ command_check (char *userid)
           log_info ("    created: %s\n", asctimestamp (sl->created));
           if (sl->mbox)
             log_info ("  addr-spec: %s\n", sl->mbox);
+          if (sl->expired || sl->revoked)
+            log_info ("    flags:%s%s\n",
+                      sl->expired? " expired":"", sl->revoked?" revoked":"");
         }
     }
   if (!found)
@@ -1153,6 +1156,7 @@ command_send (const char *fingerprint, const char *userid)
   uidinfo_list_t uidlist = NULL;
   uidinfo_list_t uid, thisuid;
   time_t thistime;
+  int any;
 
   if (classify_user_id (fingerprint, &desc, 1)
       || desc.mode != KEYDB_SEARCH_MODE_FPR)
@@ -1213,12 +1217,20 @@ command_send (const char *fingerprint, const char *userid)
     }
   thistime = 0;
   thisuid = NULL;
+  any = 0;
   for (uid = uidlist; uid; uid = uid->next)
     {
       if (!uid->mbox)
         continue; /* Should not happen anyway.  */
       if (policy->mailbox_only && ascii_strcasecmp (uid->uid, uid->mbox))
         continue; /* UID has more than just the mailbox.  */
+      if (uid->expired)
+        {
+          if (opt.verbose)
+            log_info ("ignoring expired user id '%s'\n", uid->uid);
+          continue;
+        }
+      any = 1;
       if (uid->created > thistime)
         {
           thistime = uid->created;
@@ -1227,6 +1239,14 @@ command_send (const char *fingerprint, const char *userid)
     }
   if (!thisuid)
     thisuid = uidlist;  /* This is the case for a missing timestamp.  */
+  if (!any)
+    {
+      log_error ("public key %s has no mail address '%s'\n",
+                 fingerprint, addrspec);
+      err = gpg_error (GPG_ERR_INV_USER_ID);
+      goto leave;
+    }
+
   if (opt.verbose)
     log_info ("submitting key with user id '%s'\n", thisuid->uid);
 
@@ -1968,6 +1988,8 @@ mirror_one_key (estream_t key)
     {
       if (!uid->mbox || (uid->flags & 1))
         continue; /* No mail box or already processed.  */
+      if (uid->expired)
+        continue;
       if (!domain_matches_mbox (domain, uid->mbox))
         continue; /* We don't want this one.  */
       if (is_in_blacklist (uid->mbox))
-- 
cgit v1.2.3