diff options
| -rw-r--r-- | g10/ChangeLog | 13 | ||||
| -rw-r--r-- | g10/build-packet.c | 4 | ||||
| -rw-r--r-- | g10/export.c | 79 | ||||
| -rw-r--r-- | g10/g10.c | 16 | ||||
| -rw-r--r-- | g10/hkp.c | 7 | ||||
| -rw-r--r-- | g10/keyserver.c | 10 | ||||
| -rw-r--r-- | g10/main.h | 13 | ||||
| -rw-r--r-- | g10/options.h | 2 |
8 files changed, 111 insertions, 33 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index cf664145c..af25eb9a3 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,18 @@ 2002-07-22 David Shaw <[email protected]> + * options.h, main.h, export.c (parse_export_options, + do_export_stream), g10.c (main): add new --export-options option. + Current flags are "include-non-rfc", "include-local-sigs", + "include-attributes", and "include-sensitive-revkeys". + + * options.h, hkp.c (hkp_export), keyserver.c + (parse_keyserver_options, keyserver_spawn): try passing unknown + keyserver options to export options, and if successful, use them + when doing a keyserver --send-key. + + * build-packet.c (build_sig_subpkt): We do not generate + SIGSUBPKT_PRIV_VERIFY_CACHE anymore. + * revoke.c (gen_desig_revoke): Lots more comments about including sensitive revkeys along with the revocation sig itself. diff --git a/g10/build-packet.c b/g10/build-packet.c index fd1540528..e7bc3f638 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -763,8 +763,10 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, nlen = 1; /* just a 1 byte length header */ switch( type ) { - case SIGSUBPKT_ISSUER: case SIGSUBPKT_PRIV_VERIFY_CACHE: /*(obsolete)*/ + BUG(); + break; + case SIGSUBPKT_ISSUER: hashed = 0; break; default: diff --git a/g10/export.c b/g10/export.c index 83e6b970e..853be3b96 100644 --- a/g10/export.c +++ b/g10/export.c @@ -34,21 +34,65 @@ #include "main.h" #include "i18n.h" -static int do_export( STRLIST users, int secret, int flags ); +static int do_export( STRLIST users, int secret, unsigned int options ); static int do_export_stream( IOBUF out, STRLIST users, - int secret, int flags, int *any ); + int secret, unsigned int options, int *any ); + +int +parse_export_options(char *str,unsigned int *options) +{ + char *tok; + int hit=0; + struct + { + char *name; + unsigned int bit; + } export_opts[]= + { + {"include-non-rfc",EXPORT_INCLUDE_NON_RFC}, + {"include-local-sigs",EXPORT_INCLUDE_LOCAL_SIGS}, + {"include-attributes",EXPORT_INCLUDE_ATTRIBUTES}, + {"include-sensitive-revkeys",EXPORT_INCLUDE_SENSITIVE_REVKEYS}, + {NULL,0} + /* add tags for include revoked and disabled? */ + }; + + while((tok=strsep(&str," ,"))) + { + int i,rev=0; + + if(ascii_memcasecmp("no-",tok,3)==0) + rev=1; + + for(i=0;export_opts[i].name;i++) + { + if(ascii_strcasecmp(export_opts[i].name,tok)==0) + { + if(rev) + *options&=~export_opts[i].bit; + else + *options|=export_opts[i].bit; + hit=1; + break; + } + } + + if(!hit && !export_opts[i].name) + return 0; + } + + return hit; +} /**************** * Export the public keys (to standard out or --output). * Depending on opt.armor the output is armored. - * flags has two bits: EXPORT_FLAG_ONLYRFC, so that only RFC2440 - * compatible keys are exported, and EXPORT_FLAG_SKIPATTRIBS to not - * export attribute packets (photo IDs). + * options are defined in main.h. * If USERS is NULL, the complete ring will be exported. */ int -export_pubkeys( STRLIST users, int flags ) +export_pubkeys( STRLIST users, unsigned int options ) { - return do_export( users, 0, flags ); + return do_export( users, 0, options ); } /**************** @@ -56,11 +100,11 @@ export_pubkeys( STRLIST users, int flags ) * been exported */ int -export_pubkeys_stream( IOBUF out, STRLIST users, int flags ) +export_pubkeys_stream( IOBUF out, STRLIST users, unsigned int options ) { int any, rc; - rc = do_export_stream( out, users, 0, flags, &any ); + rc = do_export_stream( out, users, 0, options, &any ); if( !rc && !any ) rc = -1; return rc; @@ -79,7 +123,7 @@ export_secsubkeys( STRLIST users ) } static int -do_export( STRLIST users, int secret, int flags ) +do_export( STRLIST users, int secret, unsigned int options ) { IOBUF out = NULL; int any, rc; @@ -99,7 +143,7 @@ do_export( STRLIST users, int secret, int flags ) } if( opt.compress_keys && opt.compress ) iobuf_push_filter( out, compress_filter, &zfx ); - rc = do_export_stream( out, users, secret, flags, &any ); + rc = do_export_stream( out, users, secret, options, &any ); if( rc || !any ) iobuf_cancel(out); @@ -110,7 +154,8 @@ do_export( STRLIST users, int secret, int flags ) static int -do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any ) +do_export_stream( IOBUF out, STRLIST users, int secret, + unsigned int options, int *any ) { int rc = 0; PACKET pkt; @@ -167,7 +212,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any ) } /* do not export keys which are incompatible with rfc2440 */ - if( (flags&EXPORT_FLAG_ONLYRFC) && + if( !(options&EXPORT_INCLUDE_NON_RFC) && (node = find_kbnode( keyblock, PKT_PUBLIC_KEY )) ) { PKT_public_key *pk = node->pkt->pkt.public_key; if( pk->version == 3 && pk->pubkey_algo > 3 ) { @@ -213,14 +258,16 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any ) if( node->pkt->pkttype == PKT_SIGNATURE ) { /* do not export packets which are marked as not exportable */ - if( !node->pkt->pkt.signature->flags.exportable ) + if( !(options&EXPORT_INCLUDE_LOCAL_SIGS) && + !node->pkt->pkt.signature->flags.exportable ) continue; /* not exportable */ /* do not export packets with a "sensitive" revocation key. This will need revisiting when we start supporting creating revocation keys and not just reading them. */ - if( node->pkt->pkt.signature->revkey ) { + if( !(options&EXPORT_INCLUDE_SENSITIVE_REVKEYS) && + node->pkt->pkt.signature->revkey ) { int i; for(i=0;i<node->pkt->pkt.signature->numrevkeys;i++) @@ -234,7 +281,7 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int flags, int *any ) } /* Don't export attribs? */ - if( (flags&EXPORT_FLAG_SKIPATTRIBS) && + if( !(options&EXPORT_INCLUDE_ATTRIBUTES) && node->pkt->pkttype == PKT_USER_ID && node->pkt->pkt.user_id->attrib_data ) { /* Skip until we get to something that is not an attrib @@ -237,6 +237,7 @@ enum cmd_and_opt_values { aNull = 0, oLockNever, oKeyServer, oKeyServerOptions, + oExportOptions, oTempDir, oExecPath, oEncryptTo, @@ -409,6 +410,7 @@ static ARGPARSE_OPTS opts[] = { { oDefaultKey, "default-key" ,2, N_("|NAME|use NAME as default secret key")}, { oKeyServer, "keyserver",2, N_("|HOST|use this keyserver to lookup keys")}, { oKeyServerOptions, "keyserver-options",2,"@"}, + { oExportOptions, "export-options",2,"@"}, { oCharset, "charset" , 2, N_("|NAME|set terminal charset to NAME") }, { oOptions, "options" , 2, N_("read options from file")}, @@ -902,6 +904,8 @@ main( int argc, char **argv ) opt.pgp2_workarounds = 1; opt.force_v3_sigs = 1; opt.escape_from = 1; + opt.export_options=EXPORT_DEFAULT; + opt.keyserver_options.export_options=EXPORT_DEFAULT; opt.keyserver_options.include_subkeys=1; opt.keyserver_options.include_attributes=1; #if defined (__MINGW32__) || defined (__CYGWIN32__) @@ -1331,6 +1335,16 @@ main( int argc, char **argv ) case oKeyServerOptions: parse_keyserver_options(pargs.r.ret_str); break; + case oExportOptions: + if(!parse_export_options(pargs.r.ret_str,&opt.export_options)) + { + if(configname) + log_error(_("%s:%d: invalid export options\n"), + configname,configlineno); + else + log_error(_("invalid export options\n")); + } + break; case oTempDir: opt.temp_dir=pargs.r.ret_str; break; case oExecPath: #ifndef FIXED_EXEC_PATH @@ -2009,7 +2023,7 @@ main( int argc, char **argv ) else if( cmd == aRecvKeys ) keyserver_import( sl ); else - export_pubkeys( sl, (cmd == aExport)?EXPORT_FLAG_ONLYRFC:0 ); + export_pubkeys( sl, opt.export_options ); free_strlist(sl); break; @@ -114,7 +114,6 @@ hkp_export( STRLIST users ) IOBUF temp = iobuf_temp(); struct http_context hd; char *request; - int attribs=EXPORT_FLAG_ONLYRFC; unsigned int status; unsigned int hflags = opt.keyserver_options.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; @@ -124,10 +123,8 @@ hkp_export( STRLIST users ) afx.what = 1; iobuf_push_filter( temp, armor_filter, &afx ); - if(!opt.keyserver_options.include_attributes) - attribs|=EXPORT_FLAG_SKIPATTRIBS; - - rc = export_pubkeys_stream( temp, users, attribs ); + rc = export_pubkeys_stream( temp, users, + opt.keyserver_options.export_options ); if( rc == -1 ) { iobuf_close(temp); return 0; diff --git a/g10/keyserver.c b/g10/keyserver.c index e2477c61d..eddd2cf7c 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -110,7 +110,8 @@ parse_keyserver_options(char *options) else if(ascii_strcasecmp(tok,"no-use-temp-files")==0) opt.keyserver_options.use_temp_files=0; #endif - else if(strlen(tok)>0) + else if(!parse_export_options(tok, + &opt.keyserver_options.export_options)) add_to_strlist(&opt.keyserver_options.other,tok); } } @@ -451,10 +452,6 @@ keyserver_spawn(int action,STRLIST list, { armor_filter_context_t afx; IOBUF buffer=iobuf_temp(); - int attribs=EXPORT_FLAG_ONLYRFC; - - if(!opt.keyserver_options.include_attributes) - attribs|=EXPORT_FLAG_SKIPATTRIBS; temp=NULL; add_to_strlist(&temp,key->d); @@ -463,7 +460,8 @@ keyserver_spawn(int action,STRLIST list, afx.what=1; iobuf_push_filter(buffer,armor_filter,&afx); - if(export_pubkeys_stream(buffer,temp,attribs)==-1) + if(export_pubkeys_stream(buffer,temp, + opt.keyserver_options.export_options)==-1) iobuf_close(buffer); else { diff --git a/g10/main.h b/g10/main.h index ec0efd3c8..4d705b093 100644 --- a/g10/main.h +++ b/g10/main.h @@ -159,10 +159,15 @@ void import_print_stats (void *hd); int collapse_uids( KBNODE *keyblock ); /*-- export.c --*/ -#define EXPORT_FLAG_ONLYRFC 1 -#define EXPORT_FLAG_SKIPATTRIBS 2 -int export_pubkeys( STRLIST users, int flags ); -int export_pubkeys_stream( IOBUF out, STRLIST users, int flags ); +#define EXPORT_INCLUDE_NON_RFC 1 +#define EXPORT_INCLUDE_LOCAL_SIGS 2 +#define EXPORT_INCLUDE_ATTRIBUTES 4 +#define EXPORT_INCLUDE_SENSITIVE_REVKEYS 8 +#define EXPORT_DEFAULT (1|4) + +int parse_export_options(char *str,unsigned int *options); +int export_pubkeys( STRLIST users, unsigned int options ); +int export_pubkeys_stream( IOBUF out, STRLIST users, unsigned int options ); int export_seckeys( STRLIST users ); int export_secsubkeys( STRLIST users ); diff --git a/g10/options.h b/g10/options.h index eb4dd1b8b..69b4bc4c3 100644 --- a/g10/options.h +++ b/g10/options.h @@ -129,9 +129,11 @@ struct { int keep_temp_files; int fake_v3_keyids; int auto_key_retrieve; + unsigned int export_options; STRLIST other; } keyserver_options; int exec_disable; + unsigned int export_options; char *def_preference_list; prefitem_t *personal_cipher_prefs, *personal_digest_prefs, |