[git] GPGME - branch, master, updated. gpgme-1.11.1-38-g7716685
by Werner Koch
cvs at cvs.gnupg.org
Mon May 28 10:23:49 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via 77166851f165b1220dcf0116bb61f81e58e4512f (commit)
via 0de991fee05a9733ac29b2fa35643fe4607e56cb (commit)
via 368f2d9db30df16328b34787419de99fe3e1e2f1 (commit)
from 7aa00917c7f13294584daba31a506730f0015ef5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 77166851f165b1220dcf0116bb61f81e58e4512f
Author: Werner Koch <wk at gnupg.org>
Date: Mon May 28 09:58:02 2018 +0200
json: Fix compiler warning.
* src/gpgme-json.c (op_version): Mark request as unused.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/gpgme-json.c b/src/gpgme-json.c
index d206f5f..56b4bc1 100644
--- a/src/gpgme-json.c
+++ b/src/gpgme-json.c
@@ -1821,6 +1821,8 @@ op_version (cjson_t request, cjson_t result)
gpgme_engine_info_t ei = NULL;
cjson_t infos = xjson_CreateArray ();
+ (void)request;
+
if (!cJSON_AddStringToObject (result, "gpgme", gpgme_check_version (NULL)))
{
cJSON_Delete (infos);
@@ -1845,6 +1847,8 @@ op_version (cjson_t request, cjson_t result)
return 0;
}
+
+
static const char hlp_keylist[] =
"op: \"keylist\"\n"
commit 0de991fee05a9733ac29b2fa35643fe4607e56cb
Author: Werner Koch <wk at gnupg.org>
Date: Mon May 28 09:56:49 2018 +0200
json: Do not allow to export or delete secret keys.
* src/gpgme-json.c (op_export, op_delete): Return GPG_ERR_FORBIDDEN if
"secret" is used.
--
This should not be possible from a browser and we need to make this
fully clear. Actually gpg-agent won't allow that anyway but having
this explicitly is better.
If that is ever needed a dedicated command line option may enable
this, for example when used by regular programs and not by the browser.
But that requires other changes as well.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/gpgme-json.c b/src/gpgme-json.c
index 4341546..d206f5f 100644
--- a/src/gpgme-json.c
+++ b/src/gpgme-json.c
@@ -2169,7 +2169,6 @@ static const char hlp_export[] =
"armor: Request output in armored format.\n"
"extern: Add EXPORT_MODE_EXTERN.\n"
"minimal: Add EXPORT_MODE_MINIMAL.\n"
- "secret: Add EXPORT_MODE_SECRET. (not implemented)\n"
"raw: Add EXPORT_MODE_RAW.\n"
"pkcs12: Add EXPORT_MODE_PKCS12.\n"
"\n"
@@ -2206,7 +2205,10 @@ op_export (cjson_t request, cjson_t result)
if ((err = get_boolean_flag (request, "secret", 0, &abool)))
goto leave;
if (abool)
- mode |= GPGME_EXPORT_MODE_SECRET;
+ {
+ err = gpg_error (GPG_ERR_FORBIDDEN);
+ goto leave;
+ }
if ((err = get_boolean_flag (request, "extern", 0, &abool)))
goto leave;
@@ -2270,9 +2272,6 @@ static const char hlp_delete[] =
"Optional parameters:\n"
"protocol: Either \"openpgp\" (default) or \"cms\".\n"
"\n"
- "Optional boolean flags (default is false):\n"
- "secret: Allow deletion of secret keys. (not implemented)\n"
- "\n"
"Response on success:\n"
"success: Boolean true.\n";
static gpg_error_t
@@ -2293,6 +2292,11 @@ op_delete (cjson_t request, cjson_t result)
if ((err = get_boolean_flag (request, "secret", 0, &secret)))
goto leave;
+ if (secret)
+ {
+ err = gpg_error (GPG_ERR_FORBIDDEN);
+ goto leave;
+ }
j_key = cJSON_GetObjectItem (request, "key");
if (!j_key)
@@ -2307,14 +2311,14 @@ op_delete (cjson_t request, cjson_t result)
}
/* Get the key */
- if ((err = gpgme_get_key (keylist_ctx, j_key->valuestring, &key, secret)))
+ if ((err = gpgme_get_key (keylist_ctx, j_key->valuestring, &key, 0)))
{
gpg_error_object (result, err, "Error fetching key for delete: %s",
gpg_strerror (err));
goto leave;
}
- err = gpgme_op_delete (ctx, key, secret);
+ err = gpgme_op_delete (ctx, key, 0);
if (err)
{
gpg_error_object (result, err, "Error deleting key: %s",
commit 368f2d9db30df16328b34787419de99fe3e1e2f1
Author: Werner Koch <wk at gnupg.org>
Date: Mon May 28 09:53:32 2018 +0200
json: Fix use of get_context.
* src/gpgme-json.c (create_onetime_context): New.
(release_onetime_context): New.
(op_sign): Use the new fucntions to create a separate context.
(op_encrypt): Use a separate context for key listings.
(create_keylist_patterns): Remove unneeded cast.
--
get_context retruns a static per-process context and can thus not be
used as a separate context. Use dedicated fucntions for this.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/src/gpgme-json.c b/src/gpgme-json.c
index 7a1484e..4341546 100644
--- a/src/gpgme-json.c
+++ b/src/gpgme-json.c
@@ -584,7 +584,6 @@ get_context (gpgme_protocol_t proto)
}
-
/* Free context object retrieved by get_context. */
static void
release_context (gpgme_ctx_t ctx)
@@ -594,6 +593,23 @@ release_context (gpgme_ctx_t ctx)
}
+/* Create an addition context for short operations. */
+static gpgme_ctx_t
+create_onetime_context (gpgme_protocol_t proto)
+{
+ return _create_new_context (proto);
+
+}
+
+
+/* Release a one-time context. */
+static void
+release_onetime_context (gpgme_ctx_t ctx)
+{
+ return gpgme_release (ctx);
+
+}
+
/* Given a Base-64 encoded string object in JSON return a gpgme data
* object at R_DATA. */
@@ -681,7 +697,7 @@ create_keylist_patterns (cjson_t request, const char *name)
if (*p == '\n')
cnt++;
- ret = (char **) xmalloc (cnt * sizeof (char *));
+ ret = xmalloc (cnt * sizeof *ret);
for (p = keystring, tmp = keystring; *p; p++)
{
@@ -985,6 +1001,7 @@ key_to_json (gpgme_key_t key)
return result;
}
+
/* Create a signature json object */
static cjson_t
signature_to_json (gpgme_signature_t sig)
@@ -1007,6 +1024,7 @@ signature_to_json (gpgme_signature_t sig)
return result;
}
+
/* Create a JSON object from a gpgme_verify result */
static cjson_t
verify_result_to_json (gpgme_verify_result_t verify_result)
@@ -1026,6 +1044,7 @@ verify_result_to_json (gpgme_verify_result_t verify_result)
return response;
}
+
/* Create a JSON object from an engine_info */
static cjson_t
engine_info_to_json (gpgme_engine_info_t info)
@@ -1042,6 +1061,8 @@ engine_info_to_json (gpgme_engine_info_t info)
"default");
return result;
}
+
+
/* Create a JSON object from an import_status */
static cjson_t
import_status_to_json (gpgme_import_status_t sts)
@@ -1093,6 +1114,7 @@ import_result_to_json (gpgme_import_result_t imp)
return result;
}
+
/* Create a gpgme_data from json string data named "name"
* in the request. Takes the base64 option into account.
*
@@ -1144,6 +1166,7 @@ get_string_data (cjson_t request, cjson_t result, const char *name,
return 0;
}
+
/*
* Implementation of the commands.
@@ -1286,6 +1309,8 @@ op_encrypt (cjson_t request, cjson_t result)
gpgme_data_t output = NULL;
int abool;
gpgme_encrypt_flags_t encrypt_flags = 0;
+ gpgme_ctx_t keylist_ctx = NULL;
+ gpgme_key_t key = NULL;
if ((err = get_protocol (request, &protocol)))
goto leave;
@@ -1339,9 +1364,7 @@ op_encrypt (cjson_t request, cjson_t result)
signing_patterns = create_keylist_patterns (request, "signing_keys");
if (signing_patterns)
{
- gpgme_ctx_t keylist_ctx = get_context (protocol);
- gpgme_key_t key;
-
+ keylist_ctx = create_onetime_context (protocol);
gpgme_set_keylist_mode (keylist_ctx, GPGME_KEYLIST_MODE_LOCAL);
err = gpgme_op_keylist_ext_start (keylist_ctx,
@@ -1362,8 +1385,10 @@ op_encrypt (cjson_t request, cjson_t result)
goto leave;
}
gpgme_key_unref (key);
+ key = NULL;
}
- release_context (keylist_ctx);
+ release_onetime_context (keylist_ctx);
+ keylist_ctx = NULL;
}
if ((err = get_string_data (request, result, "data", &input)))
@@ -1412,6 +1437,9 @@ op_encrypt (cjson_t request, cjson_t result)
leave:
xfree_array (signing_patterns);
xfree (keystring);
+ release_onetime_context (keylist_ctx);
+ gpgme_key_unref (key);
+ gpgme_signers_clear (ctx);
release_context (ctx);
gpgme_data_release (input);
gpgme_data_release (output);
@@ -1601,9 +1629,7 @@ op_sign (cjson_t request, cjson_t result)
}
/* Do a keylisting and add the keys */
- if ((err = gpgme_new (&keylist_ctx)))
- goto leave;
- gpgme_set_protocol (keylist_ctx, protocol);
+ keylist_ctx = create_onetime_context (protocol);
gpgme_set_keylist_mode (keylist_ctx, GPGME_KEYLIST_MODE_LOCAL);
err = gpgme_op_keylist_ext_start (keylist_ctx,
@@ -1623,10 +1649,11 @@ op_sign (cjson_t request, cjson_t result)
goto leave;
}
gpgme_key_unref (key);
+ key = NULL;
}
if ((err = get_string_data (request, result, "data", &input)))
- goto leave;
+ goto leave;
/* Create an output data object. */
err = gpgme_data_new (&output);
@@ -1656,12 +1683,16 @@ op_sign (cjson_t request, cjson_t result)
leave:
xfree_array (patterns);
+ gpgme_signers_clear (ctx);
+ gpgme_key_unref (key);
+ release_onetime_context (keylist_ctx);
release_context (ctx);
- release_context (keylist_ctx);
gpgme_data_release (input);
gpgme_data_release (output);
return err;
}
+
+
static const char hlp_verify[] =
"op: \"verify\"\n"
@@ -1769,6 +1800,8 @@ op_verify (cjson_t request, cjson_t result)
gpgme_data_release (signature);
return err;
}
+
+
static const char hlp_version[] =
"op: \"version\"\n"
@@ -2045,6 +2078,8 @@ op_keylist (cjson_t request, cjson_t result)
}
return err;
}
+
+
static const char hlp_import[] =
"op: \"import\"\n"
@@ -2296,6 +2331,8 @@ leave:
return err;
}
+
+
static const char hlp_getmore[] =
"op: \"getmore\"\n"
-----------------------------------------------------------------------
Summary of changes:
src/gpgme-json.c | 81 +++++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 63 insertions(+), 18 deletions(-)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
More information about the Gnupg-commits
mailing list