diff options
| -rw-r--r-- | g10/ChangeLog | 13 | ||||
| -rw-r--r-- | g10/delkey.c | 31 | ||||
| -rw-r--r-- | g10/import.c | 54 |
3 files changed, 62 insertions, 36 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 61e2020f9..b8d3232bb 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -11,6 +11,19 @@ (keydb_search_first, keydb_search_next, keydb_search_kid) (keydb_search_fpr): Ditto. +2011-04-29 Marcus Brinkmann <[email protected]> + + * import.c (import_secret_one): Leave all checks to import_one. + Cancel secret key import if public key was skipped due to + merge-only request. Fix import status for non-new secret key + import by checking stat counter. + +2011-04-29 Marcus Brinkmann <[email protected]> + + * delkey.c (do_delete_key): Access public keyblock even for secret + key operations. But deleting secret key is not supported yet, so + give an error. Limit secret-key-exists error case to public keys. + 2011-04-28 Werner Koch <[email protected]> * ecdh.c (pk_ecdh_encrypt_with_shared_point): Remove memory leak diff --git a/g10/delkey.c b/g10/delkey.c index 3b47c4049..950af0ee0 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -83,7 +83,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) } /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY ); + node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); if( !node ) { log_error("Oops; key not found anymore!\n"); rc = G10ERR_GENERAL; @@ -93,7 +93,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) pk = node->pkt->pkt.public_key; keyid_from_pk( pk, keyid ); - if (!force) + if (!secret && !force) { if (have_secret_key_with_kid (keyid)) { @@ -146,20 +146,29 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) if( okay ) { - rc = keydb_delete_keyblock (hd); - if (rc) { + if (secret) + { + log_error (_("deleting secret key not implemented\n")); + rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /* FIXME */ + goto leave; + } + else + { + rc = keydb_delete_keyblock (hd); + if (rc) { log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) ); goto leave; + } } - /* Note that the ownertrust being cleared will trigger a - revalidation_mark(). This makes sense - only deleting keys - that have ownertrust set should trigger this. */ + /* Note that the ownertrust being cleared will trigger a + revalidation_mark(). This makes sense - only deleting keys + that have ownertrust set should trigger this. */ - if (!secret && pk && clear_ownertrusts (pk)) { - if (opt.verbose) - log_info (_("ownertrust information cleared\n")); - } + if (!secret && pk && clear_ownertrusts (pk)) { + if (opt.verbose) + log_info (_("ownertrust information cleared\n")); + } } leave: diff --git a/g10/import.c b/g10/import.c index 39968ff6f..05dfd1daa 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1521,6 +1521,8 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, KBNODE node, uidnode; u32 keyid[2]; int rc = 0; + int nr_prev; + kbnode_t pub_keyblock; /* Get the key and print some info about it */ node = find_kbnode (keyblock, PKT_SECRET_KEY); @@ -1581,24 +1583,30 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, clear_kbnode_flags (keyblock); - if (!(options&IMPORT_MERGE_ONLY) || !have_secret_key_with_kid (keyid) ) - { - /* We don't have this key, insert as a new key. */ - kbnode_t pub_keyblock; + nr_prev = stats->skipped_new_keys; - /* Make a public key out of this. */ - pub_keyblock = sec_to_pub_keyblock (keyblock); - if (!pub_keyblock) - log_error ("key %s: failed to create public key from secret key\n", + /* Make a public key out of the key. */ + pub_keyblock = sec_to_pub_keyblock (keyblock); + if (!pub_keyblock) + log_error ("key %s: failed to create public key from secret key\n", keystr_from_pk (pk)); - else - { - import_one (ctrl, fname, pub_keyblock, stats, - NULL, NULL, opt.import_options, 1); - /* Fixme: We should check for an invalid keyblock and - cancel the secret key import in this case. */ - release_kbnode (pub_keyblock); - + else + { + /* Note that this outputs an IMPORT_OK status message for the + public key block, and below we will output another one for + the secret keys. FIXME? */ + import_one (ctrl, fname, pub_keyblock, stats, + NULL, NULL, opt.import_options, 1); + + /* Fixme: We should check for an invalid keyblock and + cancel the secret key import in this case. */ + release_kbnode (pub_keyblock); + + /* At least we cancel the secret key import when the public key + import was skipped due to MERGE_ONLY option and a new + key. */ + if (stats->skipped_new_keys <= nr_prev) + { /* Read the keyblock again to get the effects of a merge. */ /* Fixme: we should do this based on the fingerprint or even better let import_one return the merged @@ -1609,27 +1617,23 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock, keystr_from_pk (pk)); else { + nr_prev = stats->secret_imported; if (!transfer_secret_keys (ctrl, stats, keyblock)) { + int status = 16; if (!opt.quiet) log_info (_("key %s: secret key imported\n"), keystr_from_pk (pk)); + if (stats->secret_imported > nr_prev) + status |= 1; if (is_status_enabled ()) - print_import_ok (pk, 1|16); + print_import_ok (pk, status); check_prefs (ctrl, node); } release_kbnode (node); } } } - else - { - /* We don't want to merge the secret keys. */ - log_error (_("key %s: secret key part already available\n"), - keystr_from_pk (pk)); - if (is_status_enabled ()) - print_import_ok (pk, 16); - } return rc; } |