[PATCH GnuPG v2] gpg: expand GPG groups when resolving a key

Stephan Mueller smueller at chronox.de
Tue Feb 19 08:14:41 CET 2019


Hi,

Changes v2: Traverse namelist and namelist_expanded

---8<---

* g10/expand_group.c: New
* g10/pkclist.c: Extract expand_group and expand_id into expand_group.c
* g10/keydb.h: Add prototypes of expand_id and expand_group
* g10/getkey.c: Use expand_group before resolving key references
* g10/Makefile.am: Compile expand_group.c
--

When searching a key by its name, try to expand the provided name in
case it is a GPG group reference. This GPG group resolution is performed
before the individual keys are verified.

This allows key listing using a GPG group reference. In particular, this
modification fixes the encryption to group support in KDE's Kmail which
is broken since version 18.04.

Signed-off-by: Stephan Mueller <stephan.mueller at atsec.com>
---
 g10/Makefile.am    |  1 +
 g10/expand_group.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++
 g10/getkey.c       | 26 +++++++++++++++--
 g10/keydb.h        |  2 ++
 g10/pkclist.c      | 49 -------------------------------
 5 files changed, 99 insertions(+), 52 deletions(-)
 create mode 100644 g10/expand_group.c

diff --git a/g10/Makefile.am b/g10/Makefile.am
index 3b4464364..63a42aba5 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -99,6 +99,7 @@ common_source =  \
 	      filter.h		\
 	      free-packet.c	\
 	      getkey.c		\
+	      expand_group.c	\
 	      keydb.c keydb.h    \
 	      keyring.c keyring.h \
 	      seskey.c		\
diff --git a/g10/expand_group.c b/g10/expand_group.c
new file mode 100644
index 000000000..310daa944
--- /dev/null
+++ b/g10/expand_group.c
@@ -0,0 +1,73 @@
+/* expand_group.c - expand GPG group definitions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ *               2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "keydb.h"
+
+int
+expand_id(const char *id,strlist_t *into,unsigned int flags)
+{
+  struct groupitem *groups;
+  int count=0;
+
+  for(groups=opt.grouplist;groups;groups=groups->next)
+    {
+      /* need strcasecmp() here, as this should be localized */
+      if(strcasecmp(groups->name,id)==0)
+	{
+	  strlist_t each,sl;
+
+	  /* this maintains the current utf8-ness */
+	  for(each=groups->values;each;each=each->next)
+	    {
+	      sl=add_to_strlist(into,each->d);
+	      sl->flags=flags;
+	      count++;
+	    }
+
+	  break;
+	}
+    }
+
+  return count;
+}
+
+/* For simplicity, and to avoid potential loops, we only expand once -
+ * you can't make an alias that points to an alias.  */
+strlist_t
+expand_group (strlist_t input)
+{
+  strlist_t output = NULL;
+  strlist_t sl, rover;
+
+  for (rover = input; rover; rover = rover->next)
+    if (!(rover->flags & PK_LIST_FROM_FILE)
+        && !expand_id(rover->d,&output,rover->flags))
+      {
+	/* Didn't find any groups, so use the existing string */
+	sl=add_to_strlist(&output,rover->d);
+	sl->flags=rover->flags;
+      }
+
+  return output;
+}
diff --git a/g10/getkey.c b/g10/getkey.c
index 08e17e930..84528cdca 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1098,7 +1098,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t 
namelist,
 {
   int rc = 0;
   int n;
-  strlist_t r;
+  strlist_t r, namelist_expanded = NULL, link = NULL;
   GETKEY_CTX ctx;
   KBNODE help_kb = NULL;
   KBNODE found_key = NULL;
@@ -1127,6 +1127,19 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t 
namelist,
     }
   else
     {
+      namelist_expanded = expand_group (namelist);
+
+      /* Chain namelist and namelist_expanded */
+      for (r = namelist; r; r = r->next)
+        {
+	  if (!r->next)
+	    {
+	      r->next = namelist_expanded;
+	      link = r;
+	      break;
+	    }
+	 }
+
       /* Build the search context.  */
       for (n = 0, r = namelist; r; r = r->next)
 	n++;
@@ -1148,7 +1161,8 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t 
namelist,
 	  if (err)
 	    {
 	      xfree (ctx);
-	      return gpg_err_code (err); /* FIXME: remove gpg_err_code.  */
+	      rc = gpg_err_code (err); /* FIXME: remove gpg_err_code.  */
+	      goto out;
 	    }
 	  if (!include_unusable
 	      && ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID
@@ -1169,7 +1183,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t 
namelist,
     {
       rc = gpg_error_from_syserror ();
       getkey_end (ctrl, ctx);
-      return rc;
+      goto out;
     }
 
   if (!ret_kb)
@@ -1200,6 +1214,12 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t 
namelist,
       getkey_end (ctrl, ctx);
     }
 
+out:
+  if (namelist_expanded)
+    free_strlist(namelist_expanded);
+  /* Un-chain namelist and namelist_expanded */
+  if (link)
+    link->next = NULL;
   return rc;
 }
 
diff --git a/g10/keydb.h b/g10/keydb.h
index 9748e571e..14cf04ff3 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -254,6 +254,8 @@ void show_revocation_reason (ctrl_t ctrl, PKT_public_key 
*pk, int mode );
 int  check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
 
 void release_pk_list (PK_LIST pk_list);
+int expand_id(const char *id,strlist_t *into,unsigned int flags);
+strlist_t expand_group (strlist_t input);
 int  build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);
 gpg_error_t find_and_check_key (ctrl_t ctrl,
                                 const char *name, unsigned int use,
diff --git a/g10/pkclist.c b/g10/pkclist.c
index e7484432a..8b49a31d3 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -759,55 +759,6 @@ default_recipient (ctrl_t ctrl)
 }
 
 
-static int
-expand_id(const char *id,strlist_t *into,unsigned int flags)
-{
-  struct groupitem *groups;
-  int count=0;
-
-  for(groups=opt.grouplist;groups;groups=groups->next)
-    {
-      /* need strcasecmp() here, as this should be localized */
-      if(strcasecmp(groups->name,id)==0)
-	{
-	  strlist_t each,sl;
-
-	  /* this maintains the current utf8-ness */
-	  for(each=groups->values;each;each=each->next)
-	    {
-	      sl=add_to_strlist(into,each->d);
-	      sl->flags=flags;
-	      count++;
-	    }
-
-	  break;
-	}
-    }
-
-  return count;
-}
-
-/* For simplicity, and to avoid potential loops, we only expand once -
- * you can't make an alias that points to an alias.  */
-static strlist_t
-expand_group (strlist_t input)
-{
-  strlist_t output = NULL;
-  strlist_t sl, rover;
-
-  for (rover = input; rover; rover = rover->next)
-    if (!(rover->flags & PK_LIST_FROM_FILE)
-        && !expand_id(rover->d,&output,rover->flags))
-      {
-	/* Didn't find any groups, so use the existing string */
-	sl=add_to_strlist(&output,rover->d);
-	sl->flags=rover->flags;
-      }
-
-  return output;
-}
-
-
 /* Helper for build_pk_list to find and check one key.  This helper is
  * also used directly in server mode by the RECIPIENTS command.  On
  * success the new key is added to PK_LIST_ADDR.  NAME is the user id
-- 
2.20.1







More information about the Gnupg-devel mailing list