diff options
| author | David Shaw <[email protected]> | 2002-06-07 19:38:27 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-06-07 19:38:27 +0000 |
| commit | 92cefb688e868be5ce71f8a5093dfa8478253f61 (patch) | |
| tree | 4bedab5ca13a92468a651ff8e07153007ad7b99f | |
| parent | RISC OS specific changes (diff) | |
| download | gnupg-92cefb688e868be5ce71f8a5093dfa8478253f61.tar.gz gnupg-92cefb688e868be5ce71f8a5093dfa8478253f61.zip | |
* options.skel, options.h, main.h, keydb.h, pkclist.c (build_pk_list,
expand_groups), g10.c (main, add_group): Add new "group" command to allow
one name to expand into multiple keys. For simplicity, and to avoid
potential loops, we only expand once - you can't make an alias that points
to an alias.
* main.h, g10.c (main), keygen.c (build_personal_digest_list): Simplify
the default digest list - there is really no need for the other hashes
since they will never be used after SHA-1 in the list.
* options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import,
hkp_export, hkp_search), keyserver.c (parse_keyserver_options,
parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the
"x-broken-hkp" keyserver scheme into keyserver-option "broken-http-proxy".
Move honor_http_proxy into keyserver_options. Canonicalize the three
variations of "hkp", "x-hkp", and "x-broken-hkp" into "hkp".
| -rw-r--r-- | g10/ChangeLog | 21 | ||||
| -rw-r--r-- | g10/g10.c | 33 | ||||
| -rw-r--r-- | g10/hkp.c | 12 | ||||
| -rw-r--r-- | g10/keydb.h | 2 | ||||
| -rw-r--r-- | g10/keygen.c | 22 | ||||
| -rw-r--r-- | g10/keyserver.c | 34 | ||||
| -rw-r--r-- | g10/main.h | 7 | ||||
| -rw-r--r-- | g10/options.h | 5 | ||||
| -rw-r--r-- | g10/options.skel | 26 | ||||
| -rw-r--r-- | g10/pkclist.c | 43 |
10 files changed, 149 insertions, 56 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 9f8b00ef5..44ed5c4ca 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,24 @@ +2002-06-07 David Shaw <[email protected]> + + * options.skel, options.h, main.h, keydb.h, pkclist.c + (build_pk_list, expand_groups), g10.c (main, add_group): Add new + "group" command to allow one name to expand into multiple keys. + For simplicity, and to avoid potential loops, we only expand once + - you can't make an alias that points to an alias. + + * main.h, g10.c (main), keygen.c (build_personal_digest_list): + Simplify the default digest list - there is really no need for the + other hashes since they will never be used after SHA-1 in the + list. + + * options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import, + hkp_export, hkp_search), keyserver.c (parse_keyserver_options, + parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the + "x-broken-hkp" keyserver scheme into keyserver-option + "broken-http-proxy". Move honor_http_proxy into + keyserver_options. Canonicalize the three variations of "hkp", + "x-hkp", and "x-broken-hkp" into "hkp". + 2002-06-07 Stefan Bellon <[email protected]> * g10.c [__riscos__]: Added --attribute-file to do the same as @@ -294,6 +294,7 @@ enum cmd_and_opt_values { aNull = 0, oTTYtype, oLCctype, oLCmessages, + oGroup, aTest }; @@ -578,6 +579,7 @@ static ARGPARSE_OPTS opts[] = { { oTTYtype, "ttytype", 2, "@" }, { oLCctype, "lc-ctype", 2, "@" }, { oLCmessages, "lc-messages", 2, "@" }, + { oGroup, "group", 2, "@" }, {0} }; @@ -800,6 +802,32 @@ set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd ) } +static void add_group(char *string) +{ + char *name,*value; + struct groupitem *item; + STRLIST values=NULL; + + /* Break off the group name */ + name=strsep(&string," "); + if(string==NULL) + { + log_error(_("no values for group \"%s\"\n"),name); + return; + } + + /* Break apart the values */ + while((value=strsep(&string," ")) && *value!='\0') + add_to_strlist2(&values,value,utf8_strings); + + item=m_alloc(sizeof(struct groupitem)); + item->name=name; + item->values=values; + item->next=opt.grouplist; + + opt.grouplist=item; +} + int main( int argc, char **argv ) @@ -1342,7 +1370,7 @@ main( int argc, char **argv ) case oNoLiteral: opt.no_literal = 1; break; case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break; case oHonorHttpProxy: - opt.honor_http_proxy = 1; + opt.keyserver_options.honor_http_proxy = 1; log_info(_("WARNING: %s is a deprecated option.\n"), "--honor-http-proxy"); log_info(_("please use \"--keyserver-options %s\" instead\n"), @@ -1398,6 +1426,7 @@ main( int argc, char **argv ) case oTTYtype: opt.ttytype = pargs.r.ret_str; break; case oLCctype: opt.lc_ctype = pargs.r.ret_str; break; case oLCmessages: opt.lc_messages = pargs.r.ret_str; break; + case oGroup: add_group(pargs.r.ret_str); break; default : pargs.err = configfp? 1:2; break; } } @@ -1629,7 +1658,7 @@ main( int argc, char **argv ) /* We provide defaults for the personal digest list */ if(!pers_digest_list) - pers_digest_list=build_personal_digest_list(); + pers_digest_list="h2"; if(pers_cipher_list && keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM)) @@ -53,7 +53,7 @@ hkp_ask_import( KEYDB_SEARCH_DESC *desc, void *stats_handle) struct http_context hd; char *request; int rc; - unsigned int hflags = opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; + unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; u32 key[2]; if(desc->mode==KEYDB_SEARCH_MODE_FPR20) @@ -77,7 +77,7 @@ hkp_ask_import( KEYDB_SEARCH_DESC *desc, void *stats_handle) * binary mode ... how? */ - if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0) + if(opt.keyserver_options.broken_http_proxy) hflags |= HTTP_FLAG_NO_SHUTDOWN; sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=get&search=0x%08lX", @@ -113,7 +113,7 @@ hkp_export( STRLIST users ) struct http_context hd; char *request; unsigned int status; - unsigned int hflags = opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; + unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; iobuf_push_filter( temp, urlencode_filter, NULL ); @@ -131,7 +131,7 @@ hkp_export( STRLIST users ) request = m_alloc( strlen( opt.keyserver_host ) + 100 ); - if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0) + if(opt.keyserver_options.broken_http_proxy) hflags |= HTTP_FLAG_NO_SHUTDOWN; sprintf( request, "x-hkp://%s%s%s/pks/add", @@ -449,7 +449,7 @@ int hkp_search(STRLIST tokens) char *request; #endif struct http_context hd; - unsigned int hflags=opt.honor_http_proxy?HTTP_FLAG_TRY_PROXY:0; + unsigned int hflags=opt.keyserver_options.honor_http_proxy?HTTP_FLAG_TRY_PROXY:0; byte *line=NULL; /* Glue the tokens together to make a search string */ @@ -512,7 +512,7 @@ int hkp_search(STRLIST tokens) request=m_alloc(strlen(opt.keyserver_host) + 100 + strlen(searchurl)); - if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0) + if(opt.keyserver_options.broken_http_proxy) hflags |= HTTP_FLAG_NO_SHUTDOWN; sprintf(request,"x-hkp://%s%s%s/pks/lookup?op=index&search=%s", diff --git a/g10/keydb.h b/g10/keydb.h index dc7863a99..066cc5b8c 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -165,7 +165,7 @@ int keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr); void show_revocation_reason( PKT_public_key *pk, int mode ); int check_signatures_trust( PKT_signature *sig ); void release_pk_list( PK_LIST pk_list ); -int build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ); +int build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use ); int select_algo_from_prefs( PK_LIST pk_list, int preftype, void *hint ); int select_mdc_from_pklist (PK_LIST pk_list); diff --git a/g10/keygen.c b/g10/keygen.c index 9d04845b1..30a236539 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2417,25 +2417,3 @@ write_keyblock( IOBUF out, KBNODE node ) } return 0; } - -char * -build_personal_digest_list(void) -{ - int i,n=0; - static char pers_digest_list[(MAX_PREFS*5)+1]; - - /* The end result of this is to favor SHA-1 over everything, and put - MD5 at the very end of the list. */ - - /* Don't put in 100-110 automatically */ - for(i=2;i<100 && n<MAX_PREFS;i++) - { - if(check_digest_algo(i)==0) - { - sprintf(pers_digest_list+strlen(pers_digest_list),"H%d ",i); - n++; - } - } - - return pers_digest_list; -} diff --git a/g10/keyserver.c b/g10/keyserver.c index 716e974a2..8ee1996c6 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -79,9 +79,9 @@ parse_keyserver_options(char *options) else if(ascii_strcasecmp(tok,"no-verbose")==0) opt.keyserver_options.verbose--; else if(ascii_strcasecmp(tok,"honor-http-proxy")==0) - opt.honor_http_proxy=1; + opt.keyserver_options.honor_http_proxy=1; else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0) - opt.honor_http_proxy=0; + opt.keyserver_options.honor_http_proxy=0; else if(ascii_strcasecmp(tok,"refresh-add-fake-v3-keyids")==0) opt.keyserver_options.refresh_add_fake_v3_keyids=1; else if(ascii_strcasecmp(tok,"no-refresh-add-fake-v3-keyids")==0) @@ -90,6 +90,10 @@ parse_keyserver_options(char *options) opt.keyserver_options.auto_key_retrieve=1; else if(ascii_strcasecmp(tok,"no-auto-key-retrieve")==0) opt.keyserver_options.auto_key_retrieve=0; + else if(ascii_strcasecmp(tok,"broken-http-proxy")==0) + opt.keyserver_options.broken_http_proxy=1; + else if(ascii_strcasecmp(tok,"no-broken-http-proxy")==0) + opt.keyserver_options.broken_http_proxy=0; else if(strlen(tok)>0) add_to_strlist(&opt.keyserver_options.other,tok); @@ -107,9 +111,25 @@ parse_keyserver_uri(char *uri) if(uri==NULL) { uri=opt.keyserver_scheme; - opt.keyserver_scheme="x-hkp"; + opt.keyserver_scheme="hkp"; } + if(ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0) + { + log_info(_("WARNING: %s is a deprecated option.\n"), + "x-broken-hkp"); + log_info(_("please use \"--keyserver-options %s\" instead\n"), + "broken-http-proxy"); + opt.keyserver_scheme="hkp"; + opt.keyserver_options.broken_http_proxy=1; + } + else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0) + { + /* Canonicalize this to "hkp" so it works with both the internal + and external keyserver interface. */ + opt.keyserver_scheme="hkp"; + } + /* Skip the "//", if any */ if(strlen(uri)>2 && uri[0]=='/' && uri[1]=='/') uri+=2; @@ -573,9 +593,7 @@ keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,int count) #ifndef USE_EXTERNAL_HKP /* Use the internal HKP code */ - if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0 || - ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0 || - ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0) + if(ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0) { void *stats_handle = import_new_stats_handle (); @@ -858,9 +876,7 @@ keyserver_refresh(STRLIST users) scheme, then enable fake v3 keyid generation. */ if(opt.keyserver_options.refresh_add_fake_v3_keyids && opt.keyserver_scheme && - (ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0 || - ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0 || - ascii_strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0 || + (ascii_strcasecmp(opt.keyserver_scheme,"hkp")==0 || ascii_strcasecmp(opt.keyserver_scheme,"mailto")==0)) fakev3=1; diff --git a/g10/main.h b/g10/main.h index 5c631e10e..aad27b8fd 100644 --- a/g10/main.h +++ b/g10/main.h @@ -36,6 +36,12 @@ typedef struct { cipher_filter_context_t cfx; } encrypt_filter_context_t; +struct groupitem +{ + char *name; + STRLIST values; + struct groupitem *next; +}; /*-- g10.c --*/ extern int g10_errors_seen; @@ -120,7 +126,6 @@ int keygen_add_std_prefs( PKT_signature *sig, void *opaque ); int keygen_upd_std_prefs( PKT_signature *sig, void *opaque ); int keygen_add_revkey(PKT_signature *sig, void *opaque); int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ); -char *build_personal_digest_list(void); /*-- openfile.c --*/ int overwrite_filep( const char *fname ); diff --git a/g10/options.h b/g10/options.h index 4278065e6..c4637b847 100644 --- a/g10/options.h +++ b/g10/options.h @@ -21,6 +21,7 @@ #define G10_OPTIONS_H #include <types.h> +#include "main.h" #include "packet.h" #undef ENABLE_COMMENT_PACKETS /* don't create comment packets */ @@ -122,6 +123,8 @@ struct { int keep_temp_files:1; int refresh_add_fake_v3_keyids:1; int auto_key_retrieve:1; + int honor_http_proxy:1; + int broken_http_proxy:1; STRLIST other; } keyserver_options; int exec_disable; @@ -145,7 +148,6 @@ struct { int allow_freeform_uid; int no_literal; ulong set_filesize; - int honor_http_proxy; int fast_list_mode; int fixed_list_mode; int ignore_time_conflict; @@ -165,6 +167,7 @@ struct { int preserve_permissions; int no_homedir_creation; int show_keyring; + struct groupitem *grouplist; } opt; diff --git a/g10/options.skel b/g10/options.skel index 7d16914fa..93bcfcd57 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -59,12 +59,13 @@ $Id$ # as default character set. #charset utf-8 - -# You may define aliases like this: -# alias mynames -u 0x12345678 -u 0x456789ab -z 9 -# everytime you use --mynames, it will be expanded to the options -# in the above defintion. The name of the alias may not be abbreviated. -# NOTE: This is not yet implemented +# Group names may be defined like this: +# group mynames paige 0x12345678 joe patti +# +# Any time "mynames" is a receipient (-r or --recipient), it will be +# expanded to the names "paige", "joe", and "patti", and the key ID +# "0x12345678". Note there is only one level of expansion - you +# cannot make an group that points to another group. # lock the file only once for the lifetime of a process. # if you do not define this, the lock will be obtained and released @@ -97,11 +98,10 @@ lock-once # through the usual method: # x-hkp://keyserver.example.net:22742 # -# If you have problems connecting to a HKP server through a buggy -# http proxy, you can use this: -# x-broken-hkp://keyserver.example.net -# But first you should make sure that you have read the man page regarding -# proxies (honor-http-proxy) +# If you have problems connecting to a HKP server through a buggy http +# proxy, you can use keyserver option broken-http-proxy (see below), +# but first you should make sure that you have read the man page +# regarding proxies (keyserver option honor-http-proxy) # # Most users just set the name and type of their preferred keyserver. # Most servers do synchronize with each other and DNS round-robin may @@ -130,9 +130,11 @@ lock-once # keep-temp-files = do not delete temporary files after using them # (really only useful for debugging) # -# honor-http-proxy = if the keyserver uses http, honor the http_proxy +# honor-http-proxy = if the keyserver uses HTTP, honor the http_proxy # environment variable # +# broken-http-proxy = try to work around a buggy HTTP proxy +# # auto-key-retrieve = automatically fetch keys as needed from the # keyserver when verifying signatures or when importing # keys that have been revoked by a revocation key that diff --git a/g10/pkclist.c b/g10/pkclist.c index 5acd26c20..a5dfa23bc 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -690,17 +690,54 @@ default_recipient(void) return p; } +/* For simplicity, and to avoid potential loops, we only expand once - + you can't make an alias that points to an alias. */ +static STRLIST +expand_groups(STRLIST input) +{ + STRLIST output=NULL,rover; + struct groupitem *groups; + + for(rover=input;rover;rover=rover->next) + { + for(groups=opt.grouplist;groups;groups=groups->next) + { + /* need strcasecmp() here, as this should be localized */ + if(strcasecmp(groups->name,rover->d)==0) + { + STRLIST each; + + /* maintain current utf8-ness */ + for(each=groups->values;each;each=each->next) + add_to_strlist(&output,each->d); + + break; + } + } + + /* Didn't find any groups, so use the existing string */ + if(!groups) + add_to_strlist(&output,rover->d); + } + + return output; +} int -build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) +build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use ) { PK_LIST pk_list = NULL; PKT_public_key *pk=NULL; int rc=0; int any_recipients=0; - STRLIST rov; + STRLIST rov,remusr; char *def_rec = NULL; + if(opt.grouplist) + remusr=expand_groups(rcpts); + else + remusr=rcpts; + /* check whether there are any recipients in the list and build the * list of the encrypt-to ones (we always trust them) */ for( rov = remusr; rov; rov = rov->next ) { @@ -949,6 +986,8 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) release_pk_list( pk_list ); else *ret_pk_list = pk_list; + if(opt.grouplist) + free_strlist(remusr); return rc; } |