[git] GnuPG - branch, master, updated. gnupg-2.1.15-174-gcbf2ac6
by Werner Koch
cvs at cvs.gnupg.org
Wed Sep 28 15:39:09 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via cbf2ac66692daa7a324108724698d60d6c7e473f (commit)
via 80393661bdfa7ae0288644513575e8a5d708b084 (commit)
via c9237bf2ba2c49588576dcece756ebf5fe89aada (commit)
via 829949f3823c2306022928ce782f9c9d9c5f1cc8 (commit)
from 20a16833ee2bb05f735377f705899302bcf2b4d3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cbf2ac66692daa7a324108724698d60d6c7e473f
Author: Werner Koch <wk at gnupg.org>
Date: Wed Sep 28 15:35:31 2016 +0200
gpg: Improve WKD by importing only the requested UID.
* g10/keyserver.c: Include mbox-util.h.
(keyserver_import_wkd): Do not use the global import options but
employ an import filter.
--
We also make sure that an mbox has been passed to keyserver_import_wkd
so it may also be called with a complete user id (which is currently
not the case).
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 2e2d6a4..4239469 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -41,6 +41,7 @@
#include "keyserver-internal.h"
#include "util.h"
#include "membuf.h"
+#include "mbox-util.h"
#include "call-dirmngr.h"
#ifdef HAVE_W32_SYSTEM
@@ -2011,29 +2012,55 @@ keyserver_import_wkd (ctrl_t ctrl, const char *name,
unsigned char **fpr, size_t *fpr_len)
{
gpg_error_t err;
+ char *mbox;
estream_t key;
- err = gpg_dirmngr_wkd_get (ctrl, name, &key);
+ /* We want to work on the mbox. That is what dirmngr will do anyway
+ * and we need the mbox for the import filter anyway. */
+ mbox = mailbox_from_userid (name);
+ if (!mbox)
+ {
+ err = gpg_error_from_syserror ();
+ if (gpg_err_code (err) == GPG_ERR_EINVAL)
+ err = gpg_error (GPG_ERR_INV_USER_ID);
+ return err;
+ }
+
+ err = gpg_dirmngr_wkd_get (ctrl, mbox, &key);
if (err)
;
else if (key)
{
int armor_status = opt.no_armor;
+ import_filter_t save_filt;
/* Keys returned via WKD are in binary format. */
opt.no_armor = 1;
+ save_filt = save_and_clear_import_filter ();
+ if (!save_filt)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ char *filtstr = es_bsprintf ("keep-uid=mbox = %s", mbox);
+ err = filtstr? 0 : gpg_error_from_syserror ();
+ if (!err)
+ err = parse_and_set_import_filter (filtstr);
+ xfree (filtstr);
+ if (!err)
+ err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
+ IMPORT_NO_SECKEY,
+ NULL, NULL);
- err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len,
- (opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY),
- NULL, NULL);
+ }
+ restore_import_filter (save_filt);
opt.no_armor = armor_status;
es_fclose (key);
key = NULL;
}
+ xfree (mbox);
return err;
}
commit 80393661bdfa7ae0288644513575e8a5d708b084
Author: Werner Koch <wk at gnupg.org>
Date: Wed Sep 28 15:32:04 2016 +0200
gpg: Reject import if an import filter removed all user ids.
* g10/import.c (any_uid_left): New.
(import_one): Check that a UID is left.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/import.c b/g10/import.c
index 25ce74e..8d06457 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -115,6 +115,7 @@ static int import_revoke_cert (kbnode_t node, struct import_stats_s *stats);
static int chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self);
static int delete_inv_parts (kbnode_t keyblock,
u32 *keyid, unsigned int options);
+static int any_uid_left (kbnode_t keyblock);
static int merge_blocks (kbnode_t keyblock_orig,
kbnode_t keyblock, u32 *keyid,
int *n_uids, int *n_sigs, int *n_subk );
@@ -1344,6 +1345,7 @@ import_one (ctrl_t ctrl,
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0;
+ int any_filter = 0;
/* Get the key and print some info about it. */
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
@@ -1455,13 +1457,25 @@ import_one (ctrl_t ctrl,
{
apply_keep_uid_filter (keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
+ any_filter = 1;
}
if (import_filter.drop_sig)
{
apply_drop_sig_filter (keyblock, import_filter.drop_sig);
commit_kbnode (&keyblock);
+ any_filter = 1;
}
+ /* If we ran any filter we need to check that at least one user id
+ * is left in the keyring. Note that we do not use log_error in
+ * this case. */
+ if (any_filter && !any_uid_left (keyblock))
+ {
+ if (!opt.quiet )
+ log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
+ stats->no_user_id++;
+ return 0;
+ }
/* Show the key in the form it is merged or inserted. We skip this
* if "import-export" is also active without --armor or the output
@@ -2743,6 +2757,19 @@ delete_inv_parts (kbnode_t keyblock, u32 *keyid, unsigned int options)
return nvalid;
}
+/* This function returns true if any UID is left in the keyring. */
+static int
+any_uid_left (kbnode_t keyblock)
+{
+ kbnode_t node;
+
+ for (node=keyblock->next; node; node = node->next)
+ if (node->pkt->pkttype == PKT_USER_ID)
+ return 1;
+ return 0;
+}
+
+
/****************
* It may happen that the imported keyblock has duplicated user IDs.
commit c9237bf2ba2c49588576dcece756ebf5fe89aada
Author: Werner Koch <wk at gnupg.org>
Date: Wed Sep 28 13:39:09 2016 +0200
gpg: Make import filter data object more flexible.
* g10/main.h (import_filter_t): New.
* g10/import.c (struct import_filter_s): Declare struct.
(import_keep_uid, import_drop_sig): Replace by ...
(import_filter): new. Adjust all users.
(cleanup_import_globals): Move code to ...
(release_import_filter): new.
(save_and_clear_import_filter): New.
(restore_import_filter): New.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/import.c b/g10/import.c
index 6a0dcde..25ce74e 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -76,16 +76,22 @@ struct import_stats_s
#define NODE_FLAG_A 8
-/* Global variables to store selector created from
+/* A an object and a global instance to store selectors created from
* --import-filter keep-uid=EXPR.
* --import-filter drop-sig=EXPR.
*
* FIXME: We should put this into the CTRL object but that requires a
- * lot more changes right now.
+ * lot more changes right now. For now we use save and restore
+ * fucntion to temporary change them.
*/
-static recsel_expr_t import_keep_uid;
-static recsel_expr_t import_drop_sig;
-
+/* Definition of the import filters. */
+struct import_filter_s
+{
+ recsel_expr_t keep_uid;
+ recsel_expr_t drop_sig;
+};
+/* The current instance. */
+struct import_filter_s import_filter;
static int import (ctrl_t ctrl,
@@ -120,12 +126,18 @@ static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs);
static void
+release_import_filter (import_filter_t filt)
+{
+ recsel_release (filt->keep_uid);
+ filt->keep_uid = NULL;
+ recsel_release (filt->drop_sig);
+ filt->drop_sig = NULL;
+}
+
+static void
cleanup_import_globals (void)
{
- recsel_release (import_keep_uid);
- import_keep_uid = NULL;
- recsel_release (import_drop_sig);
- import_drop_sig = NULL;
+ release_import_filter (&import_filter);
}
@@ -201,9 +213,9 @@ parse_and_set_import_filter (const char *string)
register_mem_cleanup_func (cleanup_import_globals);
if (!strncmp (string, "keep-uid=", 9))
- err = recsel_parse_expr (&import_keep_uid, string+9);
+ err = recsel_parse_expr (&import_filter.keep_uid, string+9);
else if (!strncmp (string, "drop-sig=", 9))
- err = recsel_parse_expr (&import_drop_sig, string+9);
+ err = recsel_parse_expr (&import_filter.drop_sig, string+9);
else
err = gpg_error (GPG_ERR_INV_NAME);
@@ -211,6 +223,36 @@ parse_and_set_import_filter (const char *string)
}
+/* Save the current import filters, return them, and clear the current
+ * filters. Returns NULL on error and sets ERRNO. */
+import_filter_t
+save_and_clear_import_filter (void)
+{
+ import_filter_t filt;
+
+ filt = xtrycalloc (1, sizeof *filt);
+ if (!filt)
+ return NULL;
+ *filt = import_filter;
+ memset (&import_filter, 0, sizeof import_filter);
+
+ return filt;
+}
+
+
+/* Release the current import filters and restore them from NEWFILT.
+ * Ownership of NEWFILT is moved to this function. */
+void
+restore_import_filter (import_filter_t filt)
+{
+ if (filt)
+ {
+ release_import_filter (&import_filter);
+ import_filter = *filt;
+ xfree (filt);
+ }
+}
+
import_stats_t
import_new_stats_handle (void)
@@ -1409,14 +1451,14 @@ import_one (ctrl_t ctrl,
commit_kbnode (&keyblock);
/* Apply import filter. */
- if (import_keep_uid)
+ if (import_filter.keep_uid)
{
- apply_keep_uid_filter (keyblock, import_keep_uid);
+ apply_keep_uid_filter (keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
}
- if (import_drop_sig)
+ if (import_filter.drop_sig)
{
- apply_drop_sig_filter (keyblock, import_drop_sig);
+ apply_drop_sig_filter (keyblock, import_filter.drop_sig);
commit_kbnode (&keyblock);
}
diff --git a/g10/main.h b/g10/main.h
index b1563d2..c2c92d0 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -348,10 +348,16 @@ gcry_mpi_t encode_md_value (PKT_public_key *pk,
/*-- import.c --*/
struct import_stats_s;
typedef struct import_stats_s *import_stats_t;
+struct import_filter_s;
+typedef struct import_filter_s *import_filter_t;
typedef gpg_error_t (*import_screener_t)(kbnode_t keyblock, void *arg);
int parse_import_options(char *str,unsigned int *options,int noisy);
+
gpg_error_t parse_and_set_import_filter (const char *string);
+import_filter_t save_and_clear_import_filter (void);
+void restore_import_filter (import_filter_t filt);
+
gpg_error_t read_key_from_file (ctrl_t ctrl, const char *fname,
kbnode_t *r_keyblock);
void import_keys (ctrl_t ctrl, char **fnames, int nnames,
commit 829949f3823c2306022928ce782f9c9d9c5f1cc8
Author: Werner Koch <wk at gnupg.org>
Date: Wed Sep 28 13:36:28 2016 +0200
gpg: Make sure that internal key import is done with a binary stream.
* g10/import.c (import_keys_internal): Open stream in binary mode.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/import.c b/g10/import.c
index f32a3da..6a0dcde 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -465,7 +465,7 @@ import_keys_es_stream (ctrl_t ctrl, estream_t fp,
int rc;
iobuf_t inp;
- inp = iobuf_esopen (fp, "r", 1);
+ inp = iobuf_esopen (fp, "rb", 1);
if (!inp)
{
rc = gpg_error_from_syserror ();
-----------------------------------------------------------------------
Summary of changes:
g10/import.c | 101 +++++++++++++++++++++++++++++++++++++++++++++++---------
g10/keyserver.c | 37 ++++++++++++++++++---
g10/main.h | 6 ++++
3 files changed, 123 insertions(+), 21 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list