[git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-373-gb6786cc
by Werner Koch
cvs at cvs.gnupg.org
Thu Mar 27 17:41:09 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via b6786cc3ec0bb582323adf94c2ee624bcfbeb466 (commit)
via 4f50ec98ddd57253cae66e2321f0cc98ee189a09 (commit)
via 5c2a50cdc90e85b1fc380851ccfbe9186969b658 (commit)
from fc3e70c11342267c1062e4244955d19ecd72e0f6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b6786cc3ec0bb582323adf94c2ee624bcfbeb466
Author: Werner Koch <wk at gnupg.org>
Date: Thu Mar 27 16:33:40 2014 +0100
gpg: Add commands --quick-sign-key and --quick-lsign-key.
* g10/gpg.c (main): Add commands --quick-sign-key and
--quick-lsign-key.
* g10/keyedit.c (sign_uids): Add args FP and QUICK.
(keyedit_quick_sign): New.
(show_key_with_all_names): Add arg NOWARN.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 91186f2..607a611 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
+ at ifset gpgtwoone
+ at item --quick-sign-key @code{fpr} [@code{names}]
+ at itemx --quick-lsign-key @code{name}
+ at opindex quick-sign-key
+ at opindex quick-lsign-key
+Directly sign a key from the passphrase without any further user
+interaction. The @code{fpr} must be the verified primary fingerprint
+of a key in the local keyring. If no @code{names} are given, all
+useful user ids are signed; with given [@code{names}] only useful user
+ids matching one of theses names are signed. The command
+ at option{--quick-lsign-key} marks the signatures as non-exportable.
+
+This command uses reasonable defaults and thus does not provide the
+full flexibility of the "sign" subcommand from @option{--edit-key}.
+Its intended use to help unattended signing using a list of verified
+fingerprints.
+ at end ifset
+
@ifclear gpgone
@item --passwd @var{user_id}
@opindex passwd
diff --git a/g10/gpg.c b/g10/gpg.c
index 7529e81..daae3d3 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1,6 +1,7 @@
/* gpg.c - The GnuPG utility (main for gpg)
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
* 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2014 Werner Koch
*
* This file is part of GnuPG.
*
@@ -111,6 +112,8 @@ enum cmd_and_opt_values
aSignSym,
aSignKey,
aLSignKey,
+ aQuickSignKey,
+ aQuickLSignKey,
aListConfig,
aGPGConfList,
aGPGConfTest,
@@ -408,6 +411,10 @@ static ARGPARSE_OPTS opts[] = {
N_("remove keys from the public keyring")),
ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
N_("remove keys from the secret keyring")),
+ ARGPARSE_c (aQuickSignKey, "quick-sign-key" ,
+ N_("quickly sign a key")),
+ ARGPARSE_c (aQuickLSignKey, "quick-lsign-key",
+ N_("quickly sign a key locally")),
ARGPARSE_c (aSignKey, "sign-key" ,N_("sign a key")),
ARGPARSE_c (aLSignKey, "lsign-key" ,N_("sign a key locally")),
ARGPARSE_c (aEditKey, "edit-key" ,N_("sign or edit a key")),
@@ -2264,6 +2271,8 @@ main (int argc, char **argv)
case aDeArmor:
case aEnArmor:
case aSign:
+ case aQuickSignKey:
+ case aQuickLSignKey:
case aSignKey:
case aLSignKey:
case aStore:
@@ -3735,6 +3744,22 @@ main (int argc, char **argv)
}
break;
+ case aQuickSignKey:
+ case aQuickLSignKey:
+ {
+ const char *fpr;
+
+ if (argc < 1)
+ wrong_args ("--quick-[l]sign-key fingerprint [userids]");
+ fpr = *argv++; argc--;
+ sl = NULL;
+ for( ; argc; argc--, argv++)
+ append_to_strlist2 (&sl, *argv, utf8_strings);
+ keyedit_quick_sign (ctrl, fpr, sl, locusr, (cmd == aQuickLSignKey));
+ free_strlist (sl);
+ }
+ break;
+
case aSignKey:
if( argc != 1 )
wrong_args(_("--sign-key user-id"));
diff --git a/g10/keyedit.c b/g10/keyedit.c
index b7f7ad6..c4d7ca8 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -56,7 +56,8 @@ static void show_names (estream_t fp, KBNODE keyblock, PKT_public_key * pk,
static void show_key_with_all_names (estream_t fp,
KBNODE keyblock, int only_marked,
int with_revoker, int with_fpr,
- int with_subkeys, int with_prefs);
+ int with_subkeys, int with_prefs,
+ int nowarn);
static void show_key_and_fingerprint (KBNODE keyblock);
static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name);
static void menu_deluid (KBNODE pub_keyblock);
@@ -499,13 +500,16 @@ trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp)
/*
- * Loop over all LOCUSR and and sign the uids after asking.
- * If no user id is marked, all user ids will be signed;
- * if some user_ids are marked those will be signed.
+ * Loop over all LOCUSR and and sign the uids after asking. If no
+ * user id is marked, all user ids will be signed; if some user_ids
+ * are marked only those will be signed. If QUICK is true the
+ * function won't ask the user and use sensible defaults.
*/
static int
-sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
- int local, int nonrevocable, int trust, int interactive)
+sign_uids (estream_t fp,
+ kbnode_t keyblock, strlist_t locusr, int *ret_modified,
+ int local, int nonrevocable, int trust, int interactive,
+ int quick)
{
int rc = 0;
SK_LIST sk_list = NULL;
@@ -518,13 +522,15 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
/* Are there any non-v3 sigs on this key already? */
if (PGP2)
- for (node = keyblock; node; node = node->next)
- if (node->pkt->pkttype == PKT_SIGNATURE &&
- node->pkt->pkt.signature->version > 3)
- {
- all_v3 = 0;
- break;
- }
+ {
+ for (node = keyblock; node; node = node->next)
+ if (node->pkt->pkttype == PKT_SIGNATURE &&
+ node->pkt->pkt.signature->version > 3)
+ {
+ all_v3 = 0;
+ break;
+ }
+ }
/* Build a list of all signators.
*
@@ -595,13 +601,13 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
if (uidnode->pkt->pkt.user_id->is_revoked)
{
- tty_printf (_("User ID \"%s\" is revoked."), user);
+ tty_fprintf (fp, _("User ID \"%s\" is revoked."), user);
if (selfsig)
- tty_printf ("\n");
- else if (opt.expert)
+ tty_fprintf (fp, "\n");
+ else if (opt.expert && !quick)
{
- tty_printf ("\n");
+ tty_fprintf (fp, "\n");
/* No, so remove the mark and continue */
if (!cpr_get_answer_is_yes ("sign_uid.revoke_okay",
_("Are you sure you "
@@ -618,18 +624,18 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
{
uidnode->flag &= ~NODFLG_MARK_A;
uidnode = NULL;
- tty_printf (_(" Unable to sign.\n"));
+ tty_fprintf (fp, _(" Unable to sign.\n"));
}
}
else if (uidnode->pkt->pkt.user_id->is_expired)
{
- tty_printf (_("User ID \"%s\" is expired."), user);
+ tty_fprintf (fp, _("User ID \"%s\" is expired."), user);
if (selfsig)
- tty_printf ("\n");
- else if (opt.expert)
+ tty_fprintf (fp, "\n");
+ else if (opt.expert && !quick)
{
- tty_printf ("\n");
+ tty_fprintf (fp, "\n");
/* No, so remove the mark and continue */
if (!cpr_get_answer_is_yes ("sign_uid.expire_okay",
_("Are you sure you "
@@ -646,17 +652,17 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
{
uidnode->flag &= ~NODFLG_MARK_A;
uidnode = NULL;
- tty_printf (_(" Unable to sign.\n"));
+ tty_fprintf (fp, _(" Unable to sign.\n"));
}
}
else if (!uidnode->pkt->pkt.user_id->created && !selfsig)
{
- tty_printf (_("User ID \"%s\" is not self-signed."),
- user);
+ tty_fprintf (fp, _("User ID \"%s\" is not self-signed."),
+ user);
- if (opt.expert)
+ if (opt.expert && !quick)
{
- tty_printf ("\n");
+ tty_fprintf (fp, "\n");
/* No, so remove the mark and continue */
if (!cpr_get_answer_is_yes ("sign_uid.nosig_okay",
_("Are you sure you "
@@ -673,13 +679,14 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
{
uidnode->flag &= ~NODFLG_MARK_A;
uidnode = NULL;
- tty_printf (_(" Unable to sign.\n"));
+ tty_fprintf (fp, _(" Unable to sign.\n"));
}
}
- if (uidnode && interactive && !yesreally)
+ if (uidnode && interactive && !yesreally && !quick)
{
- tty_printf (_("User ID \"%s\" is signable. "), user);
+ tty_fprintf (fp,
+ _("User ID \"%s\" is signable. "), user);
if (!cpr_get_answer_is_yes ("sign_uid.sign_okay",
_("Sign it? (y/N) ")))
{
@@ -704,10 +711,12 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
uidnode->pkt->pkt.user_id->len, 0);
/* It's a v3 self-sig. Make it into a v4 self-sig? */
- if (node->pkt->pkt.signature->version < 4 && selfsig)
+ if (node->pkt->pkt.signature->version < 4
+ && selfsig && !quick)
{
- tty_printf (_("The self-signature on \"%s\"\n"
- "is a PGP 2.x-style signature.\n"), user);
+ tty_fprintf (fp,
+ _("The self-signature on \"%s\"\n"
+ "is a PGP 2.x-style signature.\n"), user);
/* Note that the regular PGP2 warning below
still applies if there are no v4 sigs on
@@ -729,10 +738,10 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
/* Is the current signature expired? */
if (node->pkt->pkt.signature->flags.expired)
{
- tty_printf (_("Your current signature on \"%s\"\n"
- "has expired.\n"), user);
+ tty_fprintf (fp, _("Your current signature on \"%s\"\n"
+ "has expired.\n"), user);
- if (cpr_get_answer_is_yes
+ if (quick || cpr_get_answer_is_yes
("sign_uid.replace_expired_okay",
_("Do you want to issue a "
"new signature to replace "
@@ -755,10 +764,12 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
{
/* It's a local sig, and we want to make a
exportable sig. */
- tty_printf (_("Your current signature on \"%s\"\n"
- "is a local signature.\n"), user);
+ tty_fprintf (fp, _("Your current signature on \"%s\"\n"
+ "is a local signature.\n"), user);
- if (cpr_get_answer_is_yes
+ if (quick)
+ ;
+ else if (cpr_get_answer_is_yes
("sign_uid.local_promote_okay",
_("Do you want to promote "
"it to a full exportable " "signature? (y/N) ")))
@@ -779,14 +790,15 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
/* Fixme: see whether there is a revocation in which
* case we should allow to sign it again. */
if (!node->pkt->pkt.signature->flags.exportable && local)
- tty_printf
- (_("\"%s\" was already locally signed by key %s\n"),
+ tty_fprintf ( fp,
+ _("\"%s\" was already locally signed by key %s\n"),
user, keystr_from_pk (pk));
else
- tty_printf (_("\"%s\" was already signed by key %s\n"),
+ tty_fprintf (fp,
+ _("\"%s\" was already signed by key %s\n"),
user, keystr_from_pk (pk));
- if (opt.expert
+ if (opt.expert && !quick
&& cpr_get_answer_is_yes ("sign_uid.dupe_okay",
_("Do you want to sign it "
"again anyway? (y/N) ")))
@@ -810,15 +822,15 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
/* Check whether any uids are left for signing. */
if (!count_uids_with_flag (keyblock, NODFLG_MARK_A))
{
- tty_printf (_("Nothing to sign with key %s\n"),
+ tty_fprintf (fp, _("Nothing to sign with key %s\n"),
keystr_from_pk (pk));
continue;
}
/* Ask whether we really should sign these user id(s). */
- tty_printf ("\n");
- show_key_with_all_names (NULL, keyblock, 1, 0, 1, 0, 0);
- tty_printf ("\n");
+ tty_fprintf (fp, "\n");
+ show_key_with_all_names (fp, keyblock, 1, 0, 1, 0, 0, 0);
+ tty_fprintf (fp, "\n");
if (primary_pk->expiredate && !selfsig)
{
@@ -826,11 +838,11 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
if (primary_pk->expiredate <= now)
{
- tty_printf (_("This key has expired!"));
+ tty_fprintf (fp, _("This key has expired!"));
- if (opt.expert)
+ if (opt.expert && !quick)
{
- tty_printf (" ");
+ tty_fprintf (fp, " ");
if (!cpr_get_answer_is_yes ("sign_uid.expired_okay",
_("Are you sure you still "
"want to sign it? (y/N) ")))
@@ -838,16 +850,16 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
}
else
{
- tty_printf (_(" Unable to sign.\n"));
+ tty_fprintf (fp, _(" Unable to sign.\n"));
continue;
}
}
else
{
- tty_printf (_("This key is due to expire on %s.\n"),
- expirestr_from_pk (primary_pk));
+ tty_fprintf (fp, _("This key is due to expire on %s.\n"),
+ expirestr_from_pk (primary_pk));
- if (opt.ask_cert_expire)
+ if (opt.ask_cert_expire && !quick)
{
char *answer = cpr_get ("sign_uid.expire",
_("Do you want your signature to "
@@ -875,7 +887,7 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
the expiration of the pk */
if (!duration && !selfsig)
{
- if (opt.ask_cert_expire)
+ if (opt.ask_cert_expire && !quick)
duration = ask_expire_interval (1, opt.def_cert_expire);
else
duration = parse_expire_string (opt.def_cert_expire);
@@ -890,11 +902,11 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
if (PGP2 && all_v3 &&
(pk->version > 3 || force_v4) && primary_pk->version <= 3)
{
- tty_printf (_("You may not make an OpenPGP signature on a "
- "PGP 2.x key while in --pgp2 mode.\n"));
- tty_printf (_("This would make the key unusable in PGP 2.x.\n"));
+ tty_fprintf (fp, _("You may not make an OpenPGP signature on a "
+ "PGP 2.x key while in --pgp2 mode.\n"));
+ tty_fprintf (fp, _("This would make the key unusable in PGP 2.x.\n"));
- if (opt.expert)
+ if (opt.expert && !quick)
{
if (!cpr_get_answer_is_yes ("sign_uid.v4_on_v3_okay",
_("Are you sure you still "
@@ -911,26 +923,28 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
;
else
{
- if (opt.batch || !opt.ask_cert_level)
+ if (opt.batch || !opt.ask_cert_level || quick)
class = 0x10 + opt.def_cert_level;
else
{
char *answer;
- tty_printf (_("How carefully have you verified the key you are "
+ tty_fprintf (fp,
+ _("How carefully have you verified the key you are "
"about to sign actually belongs\nto the person "
"named above? If you don't know what to "
"answer, enter \"0\".\n"));
- tty_printf ("\n");
- tty_printf (_(" (0) I will not answer.%s\n"),
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp, _(" (0) I will not answer.%s\n"),
opt.def_cert_level == 0 ? " (default)" : "");
- tty_printf (_(" (1) I have not checked at all.%s\n"),
+ tty_fprintf (fp, _(" (1) I have not checked at all.%s\n"),
opt.def_cert_level == 1 ? " (default)" : "");
- tty_printf (_(" (2) I have done casual checking.%s\n"),
+ tty_fprintf (fp, _(" (2) I have done casual checking.%s\n"),
opt.def_cert_level == 2 ? " (default)" : "");
- tty_printf (_(" (3) I have done very careful checking.%s\n"),
+ tty_fprintf (fp,
+ _(" (3) I have done very careful checking.%s\n"),
opt.def_cert_level == 3 ? " (default)" : "");
- tty_printf ("\n");
+ tty_fprintf (fp, "\n");
while (class == 0)
{
@@ -948,79 +962,85 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
else if (ascii_strcasecmp (answer, "3") == 0)
class = 0x13; /* Positive */
else
- tty_printf (_("Invalid selection.\n"));
+ tty_fprintf (fp, _("Invalid selection.\n"));
xfree (answer);
}
}
- if (trust)
+ if (trust && !quick)
trustsig_prompt (&trust_value, &trust_depth, &trust_regexp);
}
- p = get_user_id_native (sk_keyid);
- tty_printf (_("Are you sure that you want to sign this key with your\n"
- "key \"%s\" (%s)\n"), p, keystr_from_pk (pk));
- xfree (p);
+ if (!quick)
+ {
+ p = get_user_id_native (sk_keyid);
+ tty_fprintf (fp,
+ _("Are you sure that you want to sign this key with your\n"
+ "key \"%s\" (%s)\n"), p, keystr_from_pk (pk));
+ xfree (p);
+ }
if (selfsig)
{
- tty_printf ("\n");
- tty_printf (_("This will be a self-signature.\n"));
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp, _("This will be a self-signature.\n"));
if (local)
{
- tty_printf ("\n");
- tty_printf (_("WARNING: the signature will not be marked "
- "as non-exportable.\n"));
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp, _("WARNING: the signature will not be marked "
+ "as non-exportable.\n"));
}
if (nonrevocable)
{
- tty_printf ("\n");
- tty_printf (_("WARNING: the signature will not be marked "
- "as non-revocable.\n"));
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp, _("WARNING: the signature will not be marked "
+ "as non-revocable.\n"));
}
}
else
{
if (local)
{
- tty_printf ("\n");
- tty_printf
- (_("The signature will be marked as non-exportable.\n"));
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp,
+ _("The signature will be marked as non-exportable.\n"));
}
if (nonrevocable)
{
- tty_printf ("\n");
- tty_printf
- (_("The signature will be marked as non-revocable.\n"));
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp,
+ _("The signature will be marked as non-revocable.\n"));
}
switch (class)
{
case 0x11:
- tty_printf ("\n");
- tty_printf (_("I have not checked this key at all.\n"));
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp, _("I have not checked this key at all.\n"));
break;
case 0x12:
- tty_printf ("\n");
- tty_printf (_("I have checked this key casually.\n"));
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp, _("I have checked this key casually.\n"));
break;
case 0x13:
- tty_printf ("\n");
- tty_printf (_("I have checked this key very carefully.\n"));
+ tty_fprintf (fp, "\n");
+ tty_fprintf (fp, _("I have checked this key very carefully.\n"));
break;
}
}
- tty_printf ("\n");
+ tty_fprintf (fp, "\n");
if (opt.batch && opt.answer_yes)
;
+ else if (quick)
+ ;
else if (!cpr_get_answer_is_yes ("sign_uid.okay",
_("Really sign? (y/N) ")))
continue;
@@ -1093,7 +1113,7 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
delete_kbnode (node);
} /* End loop over signators. */
-leave:
+ leave:
release_sk_list (sk_list);
return rc;
}
@@ -1544,7 +1564,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
if (redisplay && !quiet)
{
- show_key_with_all_names (NULL, keyblock, 0, 1, 0, 1, 0);
+ show_key_with_all_names (NULL, keyblock, 0, 1, 0, 1, 0, 0);
tty_printf ("\n");
redisplay = 0;
}
@@ -1736,8 +1756,8 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break;
}
- sign_uids (keyblock, locusr, &modified,
- localsig, nonrevokesig, trustsig, interactive);
+ sign_uids (NULL, keyblock, locusr, &modified,
+ localsig, nonrevokesig, trustsig, interactive, 0);
}
break;
@@ -2083,7 +2103,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break;
}
- show_key_with_all_names (NULL, keyblock, 0, 0, 0, 1, 0);
+ show_key_with_all_names (NULL, keyblock, 0, 0, 0, 1, 0, 0);
tty_printf ("\n");
if (edit_ownertrust (find_kbnode (keyblock,
PKT_PUBLIC_KEY)->pkt->pkt.
@@ -2284,6 +2304,163 @@ leave:
}
+/* Unattended key signing function. If the key specifified by FPR is
+ availabale and FPR is the primary fingerprint all user ids of the
+ user ids of the key are signed using the default signing key. If
+ UIDS is an empty list all usable UIDs are signed, if it is not
+ empty, only those user ids matching one of the entries of the loist
+ are signed. With LOCAL being true kthe signatures are marked as
+ non-exportable. */
+void
+keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
+ strlist_t locusr, int local)
+{
+ gpg_error_t err;
+ kbnode_t keyblock = NULL;
+ KEYDB_HANDLE kdbhd = NULL;
+ int modified = 0;
+ KEYDB_SEARCH_DESC desc;
+ PKT_public_key *pk;
+ kbnode_t node;
+ strlist_t sl;
+ int any;
+
+#ifdef HAVE_W32_SYSTEM
+ /* See keyedit_menu for why we need this. */
+ check_trustdb_stale ();
+#endif
+
+ /* We require a fingerprint because only this uniquely identifies a
+ key and may thus be used to select a key for unattended key
+ signing. */
+ if (classify_user_id (fpr, &desc, 1)
+ || !(desc.mode == KEYDB_SEARCH_MODE_FPR
+ || desc.mode == KEYDB_SEARCH_MODE_FPR16
+ || desc.mode == KEYDB_SEARCH_MODE_FPR20))
+ {
+ log_error (_("\"%s\" is not a fingerprint\n"), fpr);
+ goto leave;
+ }
+ err = get_pubkey_byname (ctrl, NULL, NULL, fpr, &keyblock, &kdbhd, 1, 1);
+ if (err)
+ {
+ log_error (_("key \"%s\" not found: %s\n"), fpr, gpg_strerror (err));
+ goto leave;
+ }
+ if (fix_keyblock (keyblock))
+ modified++;
+ if (collapse_uids (&keyblock))
+ modified++;
+ reorder_keyblock (keyblock);
+
+ /* Check that the primary fingerprint has been given. */
+ {
+ byte fprbin[MAX_FINGERPRINT_LEN];
+ size_t fprlen;
+
+ fingerprint_from_pk (keyblock->pkt->pkt.public_key, fprbin, &fprlen);
+ if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR16
+ && !memcmp (fprbin, desc.u.fpr, 16))
+ ;
+ else if (fprlen == 16 && desc.mode == KEYDB_SEARCH_MODE_FPR
+ && !memcmp (fprbin, desc.u.fpr, 16)
+ && !desc.u.fpr[16]
+ && !desc.u.fpr[17]
+ && !desc.u.fpr[18]
+ && !desc.u.fpr[19])
+ ;
+ else if (fprlen == 20 && (desc.mode == KEYDB_SEARCH_MODE_FPR20
+ || desc.mode == KEYDB_SEARCH_MODE_FPR)
+ && !memcmp (fprbin, desc.u.fpr, 20))
+ ;
+ else
+ {
+ log_error (_("\"%s\" is not the primary fingerprint\n"), fpr);
+ goto leave;
+ }
+ }
+
+ /* If we modified the keyblock, make sure the flags are right. */
+ if (modified)
+ merge_keys_and_selfsig (keyblock);
+
+ /* Give some info in verbose. */
+ if (opt.verbose)
+ {
+ show_key_with_all_names (es_stdout, keyblock, 0,
+ 1/*with_revoker*/, 1/*with_fingerprint*/,
+ 0, 0, 1);
+ es_fflush (es_stdout);
+ }
+
+ pk = keyblock->pkt->pkt.public_key;
+ if (pk->flags.revoked)
+ {
+ if (!opt.verbose)
+ show_key_with_all_names (es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
+ log_error ("%s%s", _("Key is revoked."), _(" Unable to sign.\n"));
+ goto leave;
+ }
+
+ /* Set the flags according to the UIDS list. Fixme: We may want to
+ use classify_user_id along with dedicated compare functions so
+ that we match the same way as in the key lookup. */
+ any = 0;
+ menu_select_uid (keyblock, 0); /* Better clear the flags first. */
+ for (sl=uids; sl; sl = sl->next)
+ {
+ for (node = keyblock; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+
+ if (!uid->attrib_data
+ && ascii_memistr (uid->name, uid->len, sl->d))
+ {
+ node->flag |= NODFLG_SELUID;
+ any = 1;
+ }
+ }
+ }
+ }
+
+ if (uids && !any)
+ {
+ if (!opt.verbose)
+ show_key_with_all_names (es_stdout, keyblock, 0, 0, 0, 0, 0, 1);
+ es_fflush (es_stdout);
+ log_error ("%s %s", _("No matching user IDs."), _("Nothing to sign.\n"));
+ goto leave;
+ }
+
+ /* Sign. */
+ sign_uids (es_stdout, keyblock, locusr, &modified, local, 0, 0, 0, 1);
+ es_fflush (es_stdout);
+
+ if (modified)
+ {
+ err = keydb_update_keyblock (kdbhd, keyblock);
+ if (err)
+ {
+ log_error (_("update failed: %s\n"), gpg_strerror (err));
+ goto leave;
+ }
+ }
+ else
+ log_info (_("Key not changed so no update needed.\n"));
+
+ if (update_trust)
+ revalidation_mark ();
+
+
+ leave:
+ release_kbnode (keyblock);
+ keydb_release (kdbhd);
+}
+
+
+
static void
tty_print_notations (int indent, PKT_signature * sig)
{
@@ -2705,7 +2882,8 @@ show_names (estream_t fp,
static void
show_key_with_all_names (estream_t fp,
KBNODE keyblock, int only_marked, int with_revoker,
- int with_fpr, int with_subkeys, int with_prefs)
+ int with_fpr, int with_subkeys, int with_prefs,
+ int nowarn)
{
KBNODE node;
int i;
@@ -2889,7 +3067,7 @@ show_key_with_all_names (estream_t fp,
show_names (fp,
keyblock, primary, only_marked ? NODFLG_MARK_A : 0, with_prefs);
- if (do_warn)
+ if (do_warn && !nowarn)
tty_fprintf (fp, _("Please note that the shown key validity"
" is not necessarily correct\n"
"unless you restart the program.\n"));
diff --git a/g10/main.h b/g10/main.h
index ad1a9f6..ce77a83 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -236,6 +236,8 @@ int delete_keys( strlist_t names, int secret, int allow_both );
void keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
strlist_t commands, int quiet, int seckey_check );
void keyedit_passwd (ctrl_t ctrl, const char *username);
+void keyedit_quick_sign (ctrl_t ctrl, const char *fpr,
+ strlist_t uids, strlist_t locusr, int local);
void show_basic_key_info (KBNODE keyblock);
/*-- keygen.c --*/
commit 4f50ec98ddd57253cae66e2321f0cc98ee189a09
Author: Werner Koch <wk at gnupg.org>
Date: Thu Mar 27 12:59:55 2014 +0100
Change some keyedit functions to allow printing to arbitrary streams.
* common/ttyio.c (tty_print_string): Add optional arg FP. Change all
callers.
(tty_print_utf8_string2): Ditto.
* g10/keyedit.c (show_prefs): Ditto.
(show_key_with_all_names_colon): Ditto.
(show_names): Ditto.
* g10/keylist.c (print_revokers): Ditto.
(print_fingerprint): Ditto.
diff --git a/common/ttyio.c b/common/ttyio.c
index 66ca984..dee11cb 100644
--- a/common/ttyio.c
+++ b/common/ttyio.c
@@ -310,53 +310,101 @@ tty_fprintf (estream_t fp, const char *fmt, ... )
/****************
- * Print a string, but filter all control characters out.
+ * Print a string, but filter all control characters out. If FP is
+ * not NULL print to that stream instead to the tty.
*/
void
-tty_print_string ( const byte *p, size_t n )
+tty_print_string (estream_t fp, const byte *p, size_t n )
{
- if (no_terminal)
+ if (no_terminal && !fp)
return;
- if( !initialized )
+ if( !initialized & !fp)
init_ttyfp();
#ifdef USE_W32_CONSOLE
/* not so effective, change it if you want */
- for( ; n; n--, p++ )
- if( iscntrl( *p ) ) {
- if( *p == '\n' )
- tty_printf("\\n");
- else if( !*p )
- tty_printf("\\0");
- else
- tty_printf("\\x%02x", *p);
- }
- else
- tty_printf("%c", *p);
+ if (fp)
+ {
+ for( ; n; n--, p++ )
+ {
+ if( iscntrl( *p ) )
+ {
+ if( *p == '\n' )
+ tty_fprintf (fp, "\\n");
+ else if( !*p )
+ tty_fprintf (fp, "\\0");
+ else
+ tty_fprintf (fp, "\\x%02x", *p);
+ }
+ else
+ tty_fprintf (fp, "%c", *p);
+ }
+ }
+ else
+ {
+ for( ; n; n--, p++ )
+ {
+ if( iscntrl( *p ) )
+ {
+ if( *p == '\n' )
+ tty_printf ("\\n");
+ else if( !*p )
+ tty_printf ("\\0");
+ else
+ tty_printf ("\\x%02x", *p);
+ }
+ else
+ tty_printf ("%c", *p);
+ }
+ }
#else
- for( ; n; n--, p++ )
- if( iscntrl( *p ) ) {
- putc('\\', ttyfp);
- if( *p == '\n' )
- putc('n', ttyfp);
- else if( !*p )
- putc('0', ttyfp);
- else
- fprintf(ttyfp, "x%02x", *p );
- }
- else
- putc(*p, ttyfp);
+ if (fp)
+ {
+ for( ; n; n--, p++ )
+ {
+ if (iscntrl (*p))
+ {
+ es_putc ('\\', fp);
+ if ( *p == '\n' )
+ es_putc ('n', fp);
+ else if ( !*p )
+ es_putc ('0', fp);
+ else
+ es_fprintf (fp, "x%02x", *p);
+ }
+ else
+ es_putc (*p, fp);
+ }
+ }
+ else
+ {
+ for (; n; n--, p++)
+ {
+ if (iscntrl (*p))
+ {
+ putc ('\\', ttyfp);
+ if ( *p == '\n' )
+ putc ('n', ttyfp);
+ else if ( !*p )
+ putc ('0', ttyfp);
+ else
+ fprintf (ttyfp, "x%02x", *p );
+ }
+ else
+ putc (*p, ttyfp);
+ }
+ }
#endif
}
void
-tty_print_utf8_string2( const byte *p, size_t n, size_t max_n )
+tty_print_utf8_string2 (estream_t fp, const byte *p, size_t n, size_t max_n)
{
size_t i;
char *buf;
- if (no_terminal)
+ if (no_terminal && !fp)
return;
/* we can handle plain ascii simpler, so check for it first */
@@ -370,21 +418,22 @@ tty_print_utf8_string2( const byte *p, size_t n, size_t max_n )
buf[max_n] = 0;
}
/*(utf8 conversion already does the control character quoting)*/
- tty_printf("%s", buf );
- xfree( buf );
+ tty_fprintf (fp, "%s", buf);
+ xfree (buf);
}
else {
if( max_n && (n > max_n) ) {
n = max_n;
}
- tty_print_string( p, n );
+ tty_print_string (fp, p, n );
}
}
+
void
tty_print_utf8_string( const byte *p, size_t n )
{
- tty_print_utf8_string2( p, n, 0 );
+ tty_print_utf8_string2 (NULL, p, n, 0);
}
diff --git a/common/ttyio.h b/common/ttyio.h
index 5c810b8..0a66d86 100644
--- a/common/ttyio.h
+++ b/common/ttyio.h
@@ -47,9 +47,10 @@ void tty_printf (const char *fmt, ... );
void tty_fprintf (estream_t fp, const char *fmt, ... );
char *tty_getf (const char *promptfmt, ... );
#endif
-void tty_print_string (const unsigned char *p, size_t n);
+void tty_print_string (estream_t fp, const unsigned char *p, size_t n);
void tty_print_utf8_string (const unsigned char *p, size_t n);
-void tty_print_utf8_string2 (const unsigned char *p, size_t n, size_t max_n);
+void tty_print_utf8_string2 (estream_t fp,
+ const unsigned char *p, size_t n, size_t max_n);
char *tty_get (const char *prompt);
char *tty_get_hidden (const char *prompt);
void tty_kill_prompt (void);
diff --git a/g10/card-util.c b/g10/card-util.c
index c043b3e..411a4d4 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -269,7 +269,7 @@ print_name (estream_t fp, const char *text, const char *name)
if (fp)
print_utf8_buffer2 (fp, name, strlen (name), '\n');
else
- tty_print_utf8_string2 (name, strlen (name), 0);
+ tty_print_utf8_string2 (NULL, name, strlen (name), 0);
}
else
tty_fprintf (fp, _("[not set]"));
@@ -302,7 +302,7 @@ print_isoname (estream_t fp, const char *text,
else if (fp)
print_utf8_buffer2 (fp, given, strlen (given), '\n');
else
- tty_print_utf8_string2 (given, strlen (given), 0);
+ tty_print_utf8_string2 (NULL, given, strlen (given), 0);
if (opt.with_colons)
es_putc (':', fp);
@@ -315,7 +315,7 @@ print_isoname (estream_t fp, const char *text,
else if (fp)
print_utf8_buffer2 (fp, buf, strlen (buf), '\n');
else
- tty_print_utf8_string2 (buf, strlen (buf), 0);
+ tty_print_utf8_string2 (NULL, buf, strlen (buf), 0);
xfree (buf);
}
else
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 47a2234..b7f7ad6 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1,6 +1,7 @@
/* keyedit.c - keyedit stuff
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2013, 2014 Werner Koch
*
* This file is part of GnuPG.
*
@@ -50,9 +51,10 @@
static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig,
int verbose);
-static void show_names (KBNODE keyblock, PKT_public_key * pk,
+static void show_names (estream_t fp, KBNODE keyblock, PKT_public_key * pk,
unsigned int flag, int with_prefs);
-static void show_key_with_all_names (KBNODE keyblock, int only_marked,
+static void show_key_with_all_names (estream_t fp,
+ KBNODE keyblock, int only_marked,
int with_revoker, int with_fpr,
int with_subkeys, int with_prefs);
static void show_key_and_fingerprint (KBNODE keyblock);
@@ -252,7 +254,7 @@ print_and_check_one_sig (KBNODE keyblock, KBNODE node,
{
size_t n;
char *p = get_user_id (sig->keyid, &n);
- tty_print_utf8_string2 (p, n,
+ tty_print_utf8_string2 (NULL, p, n,
opt.screen_columns - keystrlen () - 26 -
((opt.
list_options & LIST_SHOW_SIG_EXPIRE) ? 11
@@ -815,7 +817,7 @@ sign_uids (KBNODE keyblock, strlist_t locusr, int *ret_modified,
/* Ask whether we really should sign these user id(s). */
tty_printf ("\n");
- show_key_with_all_names (keyblock, 1, 0, 1, 0, 0);
+ show_key_with_all_names (NULL, keyblock, 1, 0, 1, 0, 0);
tty_printf ("\n");
if (primary_pk->expiredate && !selfsig)
@@ -1542,7 +1544,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
if (redisplay && !quiet)
{
- show_key_with_all_names (keyblock, 0, 1, 0, 1, 0);
+ show_key_with_all_names (NULL, keyblock, 0, 1, 0, 1, 0);
tty_printf ("\n");
redisplay = 0;
}
@@ -2081,7 +2083,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break;
}
- show_key_with_all_names (keyblock, 0, 0, 0, 1, 0);
+ show_key_with_all_names (NULL, keyblock, 0, 0, 0, 1, 0);
tty_printf ("\n");
if (edit_ownertrust (find_kbnode (keyblock,
PKT_PUBLIC_KEY)->pkt->pkt.
@@ -2100,7 +2102,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
{
int count = count_selected_uids (keyblock);
assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
- show_names (keyblock, keyblock->pkt->pkt.public_key,
+ show_names (NULL, keyblock, keyblock->pkt->pkt.public_key,
count ? NODFLG_SELUID : 0, 1);
}
break;
@@ -2109,7 +2111,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
{
int count = count_selected_uids (keyblock);
assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
- show_names (keyblock, keyblock->pkt->pkt.public_key,
+ show_names (NULL, keyblock, keyblock->pkt->pkt.public_key,
count ? NODFLG_SELUID : 0, 2);
}
break;
@@ -2482,13 +2484,16 @@ show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose)
opt.with_colons is used. It prints all available data in a easy to
parse format and does not translate utf8 */
static void
-show_key_with_all_names_colon (KBNODE keyblock)
+show_key_with_all_names_colon (estream_t fp, kbnode_t keyblock)
{
KBNODE node;
int i, j, ulti_hack = 0;
byte pk_version = 0;
PKT_public_key *primary = NULL;
+ if (!fp)
+ fp = es_stdout;
+
/* the keys */
for (node = keyblock; node; node = node->next)
{
@@ -2506,46 +2511,46 @@ show_key_with_all_names_colon (KBNODE keyblock)
keyid_from_pk (pk, keyid);
- fputs (node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub:" : "sub:",
- stdout);
+ es_fputs (node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub:" : "sub:",
+ fp);
if (!pk->flags.valid)
- putchar ('i');
+ es_putc ('i', fp);
else if (pk->flags.revoked)
- putchar ('r');
+ es_putc ('r', fp);
else if (pk->has_expired)
- putchar ('e');
+ es_putc ('e', fp);
else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks))
{
int trust = get_validity_info (pk, NULL);
if (trust == 'u')
ulti_hack = 1;
- putchar (trust);
+ es_putc (trust, fp);
}
- printf (":%u:%d:%08lX%08lX:%lu:%lu::",
- nbits_from_pk (pk),
- pk->pubkey_algo,
- (ulong) keyid[0], (ulong) keyid[1],
- (ulong) pk->timestamp, (ulong) pk->expiredate);
+ es_fprintf (fp, ":%u:%d:%08lX%08lX:%lu:%lu::",
+ nbits_from_pk (pk),
+ pk->pubkey_algo,
+ (ulong) keyid[0], (ulong) keyid[1],
+ (ulong) pk->timestamp, (ulong) pk->expiredate);
if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks))
- putchar (get_ownertrust_info (pk));
- putchar (':');
- putchar (':');
- putchar (':');
+ es_putc (get_ownertrust_info (pk), fp);
+ es_putc (':', fp);
+ es_putc (':', fp);
+ es_putc (':', fp);
/* Print capabilities. */
if ((pk->pubkey_usage & PUBKEY_USAGE_ENC))
- putchar ('e');
+ es_putc ('e', fp);
if ((pk->pubkey_usage & PUBKEY_USAGE_SIG))
- putchar ('s');
+ es_putc ('s', fp);
if ((pk->pubkey_usage & PUBKEY_USAGE_CERT))
- putchar ('c');
+ es_putc ('c', fp);
if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
- putchar ('a');
- putchar ('\n');
+ es_putc ('a', fp);
+ es_putc ('\n', fp);
- print_fingerprint (pk, 0);
- print_revokers (pk);
+ print_fingerprint (fp, pk, 0);
+ print_revokers (fp, pk);
}
}
@@ -2560,16 +2565,16 @@ show_key_with_all_names_colon (KBNODE keyblock)
++i;
if (uid->attrib_data)
- printf ("uat:");
+ es_fputs ("uat:", fp);
else
- printf ("uid:");
+ es_fputs ("uid:", fp);
if (uid->is_revoked)
- printf ("r::::::::");
+ es_fputs ("r::::::::", fp);
else if (uid->is_expired)
- printf ("e::::::::");
+ es_fputs ("e::::::::", fp);
else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
- printf ("::::::::");
+ es_fputs ("::::::::", fp);
else
{
int uid_validity;
@@ -2578,19 +2583,19 @@ show_key_with_all_names_colon (KBNODE keyblock)
uid_validity = get_validity_info (primary, uid);
else
uid_validity = 'u';
- printf ("%c::::::::", uid_validity);
+ es_fprintf (fp, "%c::::::::", uid_validity);
}
if (uid->attrib_data)
- printf ("%u %lu", uid->numattribs, uid->attrib_len);
+ es_fprintf (fp, "%u %lu", uid->numattribs, uid->attrib_len);
else
- es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL);
+ es_write_sanitized (fp, uid->name, uid->len, ":", NULL);
- putchar (':');
+ es_putc (':', fp);
/* signature class */
- putchar (':');
+ es_putc (':', fp);
/* capabilities */
- putchar (':');
+ es_putc (':', fp);
/* preferences */
if (pk_version > 3 || uid->selfsigversion > 3)
{
@@ -2599,38 +2604,41 @@ show_key_with_all_names_colon (KBNODE keyblock)
for (j = 0; prefs && prefs[j].type; j++)
{
if (j)
- putchar (' ');
- printf ("%c%d", prefs[j].type == PREFTYPE_SYM ? 'S' :
- prefs[j].type == PREFTYPE_HASH ? 'H' :
- prefs[j].type == PREFTYPE_ZIP ? 'Z' : '?',
- prefs[j].value);
+ es_putc (' ', fp);
+ es_fprintf (fp,
+ "%c%d", prefs[j].type == PREFTYPE_SYM ? 'S' :
+ prefs[j].type == PREFTYPE_HASH ? 'H' :
+ prefs[j].type == PREFTYPE_ZIP ? 'Z' : '?',
+ prefs[j].value);
}
if (uid->flags.mdc)
- printf (",mdc");
+ es_fputs (",mdc", fp);
if (!uid->flags.ks_modify)
- printf (",no-ks-modify");
+ es_fputs (",no-ks-modify", fp);
}
- putchar (':');
+ es_putc (':', fp);
/* flags */
- printf ("%d,", i);
+ es_fprintf (fp, "%d,", i);
if (uid->is_primary)
- putchar ('p');
+ es_putc ('p', fp);
if (uid->is_revoked)
- putchar ('r');
+ es_putc ('r', fp);
if (uid->is_expired)
- putchar ('e');
+ es_putc ('e', fp);
if ((node->flag & NODFLG_SELUID))
- putchar ('s');
+ es_putc ('s', fp);
if ((node->flag & NODFLG_MARK_A))
- putchar ('m');
- putchar (':');
- putchar ('\n');
+ es_putc ('m', fp);
+ es_putc (':', fp);
+ es_putc ('\n', fp);
}
}
}
+
static void
-show_names (KBNODE keyblock, PKT_public_key * pk, unsigned int flag,
+show_names (estream_t fp,
+ KBNODE keyblock, PKT_public_key * pk, unsigned int flag,
int with_prefs)
{
KBNODE node;
@@ -2645,18 +2653,18 @@ show_names (KBNODE keyblock, PKT_public_key * pk, unsigned int flag,
if (!flag || (flag && (node->flag & flag)))
{
if (!(flag & NODFLG_MARK_A) && pk)
- tty_printf ("%s ", uid_trust_string_fixed (pk, uid));
+ tty_fprintf (fp, "%s ", uid_trust_string_fixed (pk, uid));
if (flag & NODFLG_MARK_A)
- tty_printf (" ");
+ tty_fprintf (fp, " ");
else if (node->flag & NODFLG_SELUID)
- tty_printf ("(%d)* ", i);
+ tty_fprintf (fp, "(%d)* ", i);
else if (uid->is_primary)
- tty_printf ("(%d). ", i);
+ tty_fprintf (fp, "(%d). ", i);
else
- tty_printf ("(%d) ", i);
- tty_print_utf8_string (uid->name, uid->len);
- tty_printf ("\n");
+ tty_fprintf (fp, "(%d) ", i);
+ tty_print_utf8_string2 (fp, uid->name, uid->len, 0);
+ tty_fprintf (fp, "\n");
if (with_prefs && pk)
{
if (pk->version > 3 || uid->selfsigversion > 3)
@@ -2679,8 +2687,8 @@ show_names (KBNODE keyblock, PKT_public_key * pk, unsigned int flag,
show_prefs (uid, selfsig, with_prefs == 2);
}
else
- tty_printf (_("There are no preferences on a"
- " PGP 2.x-style user ID.\n"));
+ tty_fprintf (fp, _("There are no preferences on a"
+ " PGP 2.x-style user ID.\n"));
}
}
}
@@ -2689,11 +2697,14 @@ show_names (KBNODE keyblock, PKT_public_key * pk, unsigned int flag,
/*
- * Display the key a the user ids, if only_marked is true, do only
- * so for user ids with mark A flag set and dont display the index number
+ * Display the key a the user ids, if only_marked is true, do only so
+ * for user ids with mark A flag set and do not display the index
+ * number. If FP is not NULL print to the given stream and not to the
+ * tty (ignored in with-colons mode).
*/
static void
-show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
+show_key_with_all_names (estream_t fp,
+ KBNODE keyblock, int only_marked, int with_revoker,
int with_fpr, int with_subkeys, int with_prefs)
{
KBNODE node;
@@ -2704,7 +2715,7 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
if (opt.with_colons)
{
- show_key_with_all_names_colon (keyblock);
+ show_key_with_all_names_colon (fp, keyblock);
return;
}
@@ -2716,7 +2727,8 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
&& !is_deleted_kbnode (node)))
{
PKT_public_key *pk = node->pkt->pkt.public_key;
- const char *otrust = "err", *trust = "err";
+ const char *otrust = "err";
+ const char *trust = "err";
if (node->pkt->pkttype == PKT_PUBLIC_KEY)
{
@@ -2741,7 +2753,8 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
if (pk->flags.revoked)
{
char *user = get_user_id_string_native (pk->revoked.keyid);
- tty_printf (_("The following key was revoked on"
+ tty_fprintf (fp,
+ _("The following key was revoked on"
" %s by %s key %s\n"),
revokestr_from_pk (pk),
gcry_pk_algo_name (pk->revoked.algo), user);
@@ -2764,22 +2777,23 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
MAX_FINGERPRINT_LEN, r_keyid);
user = get_user_id_string_native (r_keyid);
- tty_printf (_("This key may be revoked by %s key %s"),
- algo ? algo : "?", user);
+ tty_fprintf (fp,
+ _("This key may be revoked by %s key %s"),
+ algo ? algo : "?", user);
if (pk->revkey[i].class & 0x40)
{
- tty_printf (" ");
- tty_printf (_("(sensitive)"));
+ tty_fprintf (fp, " ");
+ tty_fprintf (fp, _("(sensitive)"));
}
- tty_printf ("\n");
+ tty_fprintf (fp, "\n");
xfree (user);
}
}
keyid_from_pk (pk, NULL);
- tty_printf ("%s%c %s/%s",
+ tty_fprintf (fp, "%s%c %s/%s",
node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" :
node->pkt->pkttype == PKT_PUBLIC_SUBKEY ? "sub" :
node->pkt->pkttype == PKT_SECRET_KEY ? "sec" : "ssb",
@@ -2788,28 +2802,28 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
keystr (pk->keyid));
if (opt.legacy_list_mode)
- tty_printf (" ");
+ tty_fprintf (fp, " ");
else
- tty_printf ("\n ");
+ tty_fprintf (fp, "\n ");
- tty_printf (_("created: %s"), datestr_from_pk (pk));
- tty_printf (" ");
+ tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk));
+ tty_fprintf (fp, " ");
if (pk->flags.revoked)
- tty_printf (_("revoked: %s"), revokestr_from_pk (pk));
+ tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk));
else if (pk->has_expired)
- tty_printf (_("expired: %s"), expirestr_from_pk (pk));
+ tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk));
else
- tty_printf (_("expires: %s"), expirestr_from_pk (pk));
- tty_printf (" ");
- tty_printf (_("usage: %s"), usagestr_from_pk (pk));
- tty_printf ("\n");
+ tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk));
+ tty_fprintf (fp, " ");
+ tty_fprintf (fp, _("usage: %s"), usagestr_from_pk (pk));
+ tty_fprintf (fp, "\n");
if (pk->seckey_info
&& pk->seckey_info->is_protected
&& pk->seckey_info->s2k.mode == 1002)
{
- tty_printf ("%*s%s", opt.legacy_list_mode? 21:5, "",
- _("card-no: "));
+ tty_fprintf (fp, "%*s%s", opt.legacy_list_mode? 21:5, "",
+ _("card-no: "));
if (pk->seckey_info->ivlen == 16
&& !memcmp (pk->seckey_info->iv,
"\xD2\x76\x00\x01\x24\x01", 6))
@@ -2818,17 +2832,17 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
for (i = 8; i < 14; i++)
{
if (i == 10)
- tty_printf (" ");
- tty_printf ("%02X", pk->seckey_info->iv[i]);
+ tty_fprintf (fp, " ");
+ tty_fprintf (fp, "%02X", pk->seckey_info->iv[i]);
}
}
else
{
/* Unknown card: Print all. */
for (i = 0; i < pk->seckey_info->ivlen; i++)
- tty_printf ("%02X", pk->seckey_info->iv[i]);
+ tty_fprintf (fp, "%02X", pk->seckey_info->iv[i]);
}
- tty_printf ("\n");
+ tty_fprintf (fp, "\n");
}
if (node->pkt->pkttype == PKT_PUBLIC_KEY
@@ -2836,9 +2850,9 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
{
if (opt.trust_model != TM_ALWAYS)
{
- tty_printf ("%*s",
- opt.legacy_list_mode?
- ((int) keystrlen () + 13):5, "");
+ tty_fprintf (fp, "%*s",
+ opt.legacy_list_mode?
+ ((int) keystrlen () + 13):5, "");
/* Ownertrust is only meaningful for the PGP or
classic trust models */
if (opt.trust_model == TM_PGP
@@ -2847,37 +2861,38 @@ show_key_with_all_names (KBNODE keyblock, int only_marked, int with_revoker,
int width = 14 - strlen (otrust);
if (width <= 0)
width = 1;
- tty_printf (_("trust: %s"), otrust);
- tty_printf ("%*s", width, "");
+ tty_fprintf (fp, _("trust: %s"), otrust);
+ tty_fprintf (fp, "%*s", width, "");
}
- tty_printf (_("validity: %s"), trust);
- tty_printf ("\n");
+ tty_fprintf (fp, _("validity: %s"), trust);
+ tty_fprintf (fp, "\n");
}
if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& (get_ownertrust (pk) & TRUST_FLAG_DISABLED))
{
- tty_printf ("*** ");
- tty_printf (_("This key has been disabled"));
- tty_printf ("\n");
+ tty_fprintf (fp, "*** ");
+ tty_fprintf (fp, _("This key has been disabled"));
+ tty_fprintf (fp, "\n");
}
}
if ((node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_SECRET_KEY) && with_fpr)
{
- print_fingerprint (pk, 2);
- tty_printf ("\n");
+ print_fingerprint (fp, pk, 2);
+ tty_fprintf (fp, "\n");
}
}
}
- show_names (keyblock, primary, only_marked ? NODFLG_MARK_A : 0, with_prefs);
+ show_names (fp,
+ keyblock, primary, only_marked ? NODFLG_MARK_A : 0, with_prefs);
if (do_warn)
- tty_printf (_("Please note that the shown key validity"
- " is not necessarily correct\n"
- "unless you restart the program.\n"));
+ tty_fprintf (fp, _("Please note that the shown key validity"
+ " is not necessarily correct\n"
+ "unless you restart the program.\n"));
}
@@ -2912,7 +2927,7 @@ show_basic_key_info (KBNODE keyblock)
tty_printf (" ");
tty_printf (_("expires: %s"), expirestr_from_pk (pk));
tty_printf ("\n");
- print_fingerprint (pk, 3);
+ print_fingerprint (NULL, pk, 3);
tty_printf ("\n");
}
}
@@ -2962,7 +2977,7 @@ show_key_and_fingerprint (KBNODE keyblock)
}
tty_printf ("\n");
if (pk)
- print_fingerprint (pk, 2);
+ print_fingerprint (NULL, pk, 2);
}
@@ -3438,7 +3453,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
}
print_pubkey_info (NULL, revoker_pk);
- print_fingerprint (revoker_pk, 2);
+ print_fingerprint (NULL, revoker_pk, 2);
tty_printf ("\n");
tty_printf (_("WARNING: appointing a key as a designated revoker "
diff --git a/g10/keylist.c b/g10/keylist.c
index 6e5ebda..71f72e2 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -866,7 +866,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
es_fprintf (es_stdout, "\n");
if (fpr)
- print_fingerprint (pk, 0);
+ print_fingerprint (NULL, pk, 0);
if (opt.with_keygrip && hexgrip)
es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
@@ -991,7 +991,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
es_putc ('\n', es_stdout);
if (fpr > 1)
{
- print_fingerprint (pk2, 0);
+ print_fingerprint (NULL, pk2, 0);
if (serialno)
print_card_serialno (serialno);
}
@@ -1112,7 +1112,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
}
void
-print_revokers (PKT_public_key * pk)
+print_revokers (estream_t fp, PKT_public_key * pk)
{
/* print the revoker record */
if (!pk->revkey && pk->numrevkeys)
@@ -1125,12 +1125,13 @@ print_revokers (PKT_public_key * pk)
{
byte *p;
- es_fprintf (es_stdout, "rvk:::%d::::::", pk->revkey[i].algid);
+ es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid);
p = pk->revkey[i].fpr;
for (j = 0; j < 20; j++, p++)
- es_fprintf (es_stdout, "%02X", *p);
- es_fprintf (es_stdout, ":%02x%s:\n", pk->revkey[i].class,
- (pk->revkey[i].class & 0x40) ? "s" : "");
+ es_fprintf (fp, "%02X", *p);
+ es_fprintf (fp, ":%02x%s:\n",
+ pk->revkey[i].class,
+ (pk->revkey[i].class & 0x40) ? "s" : "");
}
}
}
@@ -1227,9 +1228,9 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
es_putc (':', es_stdout); /* End of field 17. */
es_putc ('\n', es_stdout);
- print_revokers (pk);
+ print_revokers (es_stdout, pk);
if (fpr)
- print_fingerprint (pk, 0);
+ print_fingerprint (NULL, pk, 0);
if (opt.with_key_data || opt.with_keygrip)
{
if (hexgrip)
@@ -1353,7 +1354,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
es_putc (':', es_stdout); /* End of field 17. */
es_putc ('\n', es_stdout);
if (fpr > 1)
- print_fingerprint (pk2, 0);
+ print_fingerprint (NULL, pk2, 0);
if (opt.with_key_data || opt.with_keygrip)
{
if (hexgrip)
@@ -1553,10 +1554,12 @@ list_keyblock (KBNODE keyblock, int secret, int fpr, void *opaque)
* 3: direct use of tty but only primary key.
*
* Modes 1 and 2 will try and print both subkey and primary key
- * fingerprints. A MODE with bit 7 set is used internally.
+ * fingerprints. A MODE with bit 7 set is used internally. If
+ * OVERRIDE_FP is not NULL that stream will be used in 0 instead
+ * of es_stdout or instead of the TTY in modes 2 and 3.
*/
void
-print_fingerprint (PKT_public_key *pk, int mode)
+print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
{
byte array[MAX_FINGERPRINT_LEN], *p;
size_t i, n;
@@ -1581,7 +1584,7 @@ print_fingerprint (PKT_public_key *pk, int mode)
{
PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
get_pubkey (primary_pk, pk->main_keyid);
- print_fingerprint (primary_pk, mode | 0x80);
+ print_fingerprint (override_fp, primary_pk, (mode | 0x80));
free_public_key (primary_pk);
}
@@ -1595,7 +1598,7 @@ print_fingerprint (PKT_public_key *pk, int mode)
}
else if (mode == 2)
{
- fp = NULL; /* Use tty. */
+ fp = override_fp; /* Use tty or given stream. */
if (primary)
/* TRANSLATORS: this should fit into 24 bytes to that the
* fingerprint data is properly aligned with the user ID */
@@ -1605,12 +1608,12 @@ print_fingerprint (PKT_public_key *pk, int mode)
}
else if (mode == 3)
{
- fp = NULL; /* Use tty. */
+ fp = override_fp; /* Use tty or given stream. */
text = _(" Key fingerprint =");
}
else
{
- fp = es_stdout;
+ fp = override_fp? override_fp : es_stdout;
text = _(" Key fingerprint =");
}
diff --git a/g10/main.h b/g10/main.h
index 28115ca..ad1a9f6 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -325,8 +325,8 @@ void secret_key_list (ctrl_t ctrl, strlist_t list );
void print_subpackets_colon(PKT_signature *sig);
void reorder_keyblock (KBNODE keyblock);
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
-void print_fingerprint (PKT_public_key *pk, int mode);
-void print_revokers(PKT_public_key *pk);
+void print_fingerprint (estream_t fp, PKT_public_key *pk, int mode);
+void print_revokers (estream_t fp, PKT_public_key *pk);
void show_policy_url(PKT_signature *sig,int indent,int mode);
void show_keyserver_url(PKT_signature *sig,int indent,int mode);
void show_notation(PKT_signature *sig,int indent,int mode,int which);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 6bd475b..f830eee 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -953,7 +953,7 @@ list_node( CTX c, KBNODE node )
if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
putchar('\n'); any=1;
if( opt.fingerprint )
- print_fingerprint (pk, 0);
+ print_fingerprint (NULL, pk, 0);
printf("rtv:1:%u:\n",
node->next->pkt->pkt.ring_trust->trustval );
}
@@ -991,7 +991,7 @@ list_node( CTX c, KBNODE node )
putchar(':');
putchar('\n');
if( opt.fingerprint && !any )
- print_fingerprint ( pk, 0 );
+ print_fingerprint (NULL, pk, 0 );
if( opt.with_colons
&& node->next
&& node->next->pkt->pkttype == PKT_RING_TRUST ) {
@@ -1030,7 +1030,7 @@ list_node( CTX c, KBNODE node )
if( !any )
putchar('\n');
if( !mainkey && opt.fingerprint > 1 )
- print_fingerprint( pk, 0 );
+ print_fingerprint (NULL, pk, 0);
}
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
diff --git a/g10/pkclist.c b/g10/pkclist.c
index a6d687a..49cd309 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -258,7 +258,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
tty_printf(_(" aka \"%s\"\n"),p);
}
- print_fingerprint (pk, 2);
+ print_fingerprint (NULL, pk, 2);
tty_printf("\n");
release_kbnode (keyblock);
}
@@ -470,7 +470,7 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
if( !opt.batch && !rc )
{
print_pubkey_info(NULL,pk);
- print_fingerprint (pk, 2);
+ print_fingerprint (NULL, pk, 2);
tty_printf("\n");
tty_printf(
@@ -529,7 +529,7 @@ check_signatures_trust( PKT_signature *sig )
if( !opt.quiet )
log_info(_("WARNING: Using untrusted key!\n"));
if (opt.with_fingerprint)
- print_fingerprint (pk, 1);
+ print_fingerprint (NULL, pk, 1);
goto leave;
}
@@ -617,7 +617,7 @@ check_signatures_trust( PKT_signature *sig )
{
case TRUST_EXPIRED:
log_info(_("Note: This key has expired!\n"));
- print_fingerprint (pk, 1);
+ print_fingerprint (NULL, pk, 1);
break;
default:
@@ -631,7 +631,7 @@ check_signatures_trust( PKT_signature *sig )
" a trusted signature!\n"));
log_info(_(" There is no indication that the "
"signature belongs to the owner.\n" ));
- print_fingerprint (pk, 1);
+ print_fingerprint (NULL, pk, 1);
break;
case TRUST_NEVER:
@@ -640,7 +640,7 @@ check_signatures_trust( PKT_signature *sig )
log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n"));
if (opt.with_fingerprint)
- print_fingerprint (pk, 1);
+ print_fingerprint (NULL, pk, 1);
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
break;
@@ -650,19 +650,19 @@ check_signatures_trust( PKT_signature *sig )
" sufficiently trusted signatures!\n"));
log_info(_(" It is not certain that the"
" signature belongs to the owner.\n" ));
- print_fingerprint (pk, 1);
+ print_fingerprint (NULL, pk, 1);
break;
case TRUST_FULLY:
write_status( STATUS_TRUST_FULLY );
if (opt.with_fingerprint)
- print_fingerprint (pk, 1);
+ print_fingerprint (NULL, pk, 1);
break;
case TRUST_ULTIMATE:
write_status( STATUS_TRUST_ULTIMATE );
if (opt.with_fingerprint)
- print_fingerprint (pk, 1);
+ print_fingerprint (NULL, pk, 1);
break;
}
commit 5c2a50cdc90e85b1fc380851ccfbe9186969b658
Author: Werner Koch <wk at gnupg.org>
Date: Sun Mar 23 13:42:53 2014 +0100
agent: Replace es_mopen by es_fopenmem for ssh.
* agent/command-ssh.c (ssh_read_key_public_from_blob): Use
es_fopenmem.
(ssh_handler_request_identities): Ditto.
(ssh_request_process): Ditto.
--
es_fopenmem is easier to understand than the more general function
es_mopen. Thus we better use the former for clarity.
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 5d7186f..04fe049 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -2368,13 +2368,11 @@ ssh_read_key_public_from_blob (unsigned char *blob, size_t blob_size,
gcry_sexp_t *key_public,
ssh_key_type_spec_t *key_spec)
{
- estream_t blob_stream;
gpg_error_t err;
+ estream_t blob_stream;
- err = 0;
- /* FIXME: Use fopenmem_init */
- blob_stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
- if (! blob_stream)
+ blob_stream = es_fopenmem (0, "r+b");
+ if (!blob_stream)
{
err = gpg_error_from_syserror ();
goto out;
@@ -2391,10 +2389,7 @@ ssh_read_key_public_from_blob (unsigned char *blob, size_t blob_size,
err = ssh_receive_key (blob_stream, key_public, 0, 0, key_spec);
out:
-
- if (blob_stream)
- es_fclose (blob_stream);
-
+ es_fclose (blob_stream);
return err;
}
@@ -2619,7 +2614,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
key_counter = 0;
err = 0;
- key_blobs = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+b");
+ key_blobs = es_fopenmem (0, "r+b");
if (! key_blobs)
{
err = gpg_error_from_syserror ();
@@ -3447,21 +3442,16 @@ static int
ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
{
ssh_request_spec_t *spec;
- estream_t response;
- estream_t request;
+ estream_t response = NULL;
+ estream_t request = NULL;
unsigned char request_type;
gpg_error_t err;
- int send_err;
+ int send_err = 0;
int ret;
- unsigned char *request_data;
+ unsigned char *request_data = NULL;
u32 request_data_size;
u32 response_size;
- request_data = NULL;
- response = NULL;
- request = NULL;
- send_err = 0;
-
/* Create memory streams for request/response data. The entire
request will be stored in secure memory, since it might contain
secret key material. The response does not have to be stored in
@@ -3500,9 +3490,9 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
}
if (spec->secret_input)
- request = es_mopen (NULL, 0, 0, 1, realloc_secure, gcry_free, "r+");
+ request = es_mopen (NULL, 0, 0, 1, realloc_secure, gcry_free, "r+b");
else
- request = es_mopen (NULL, 0, 0, 1, gcry_realloc, gcry_free, "r+");
+ request = es_mopen (NULL, 0, 0, 1, gcry_realloc, gcry_free, "r+b");
if (! request)
{
err = gpg_error_from_syserror ();
@@ -3519,7 +3509,7 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
goto out;
es_rewind (request);
- response = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
+ response = es_fopenmem (0, "r+b");
if (! response)
{
err = gpg_error_from_syserror ();
@@ -3595,11 +3585,9 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
leave:
- if (request)
- es_fclose (request);
- if (response)
- es_fclose (response);
- xfree (request_data); /* FIXME? */
+ es_fclose (request);
+ es_fclose (response);
+ xfree (request_data);
return !!err;
}
-----------------------------------------------------------------------
Summary of changes:
agent/command-ssh.c | 42 ++--
common/ttyio.c | 115 +++++++---
common/ttyio.h | 5 +-
doc/gpg.texi | 18 ++
g10/card-util.c | 6 +-
g10/gpg.c | 25 +++
g10/keyedit.c | 619 +++++++++++++++++++++++++++++++++------------------
g10/keylist.c | 35 +--
g10/main.h | 6 +-
g10/mainproc.c | 6 +-
g10/pkclist.c | 18 +-
11 files changed, 587 insertions(+), 308 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list