[PATCH GnuPG v2] gpg: expand GPG groups when resolving a key
Stephan Mueller
smueller at chronox.de
Tue Feb 19 08:14:41 CET 2019
Hi,
Changes v2: Traverse namelist and namelist_expanded
---8<---
* g10/expand_group.c: New
* g10/pkclist.c: Extract expand_group and expand_id into expand_group.c
* g10/keydb.h: Add prototypes of expand_id and expand_group
* g10/getkey.c: Use expand_group before resolving key references
* g10/Makefile.am: Compile expand_group.c
--
When searching a key by its name, try to expand the provided name in
case it is a GPG group reference. This GPG group resolution is performed
before the individual keys are verified.
This allows key listing using a GPG group reference. In particular, this
modification fixes the encryption to group support in KDE's Kmail which
is broken since version 18.04.
Signed-off-by: Stephan Mueller <stephan.mueller at atsec.com>
---
g10/Makefile.am | 1 +
g10/expand_group.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++
g10/getkey.c | 26 +++++++++++++++--
g10/keydb.h | 2 ++
g10/pkclist.c | 49 -------------------------------
5 files changed, 99 insertions(+), 52 deletions(-)
create mode 100644 g10/expand_group.c
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 3b4464364..63a42aba5 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -99,6 +99,7 @@ common_source = \
filter.h \
free-packet.c \
getkey.c \
+ expand_group.c \
keydb.c keydb.h \
keyring.c keyring.h \
seskey.c \
diff --git a/g10/expand_group.c b/g10/expand_group.c
new file mode 100644
index 000000000..310daa944
--- /dev/null
+++ b/g10/expand_group.c
@@ -0,0 +1,73 @@
+/* expand_group.c - expand GPG group definitions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include "gpg.h"
+#include "options.h"
+#include "keydb.h"
+
+int
+expand_id(const char *id,strlist_t *into,unsigned int flags)
+{
+ struct groupitem *groups;
+ int count=0;
+
+ for(groups=opt.grouplist;groups;groups=groups->next)
+ {
+ /* need strcasecmp() here, as this should be localized */
+ if(strcasecmp(groups->name,id)==0)
+ {
+ strlist_t each,sl;
+
+ /* this maintains the current utf8-ness */
+ for(each=groups->values;each;each=each->next)
+ {
+ sl=add_to_strlist(into,each->d);
+ sl->flags=flags;
+ count++;
+ }
+
+ break;
+ }
+ }
+
+ return count;
+}
+
+/* For simplicity, and to avoid potential loops, we only expand once -
+ * you can't make an alias that points to an alias. */
+strlist_t
+expand_group (strlist_t input)
+{
+ strlist_t output = NULL;
+ strlist_t sl, rover;
+
+ for (rover = input; rover; rover = rover->next)
+ if (!(rover->flags & PK_LIST_FROM_FILE)
+ && !expand_id(rover->d,&output,rover->flags))
+ {
+ /* Didn't find any groups, so use the existing string */
+ sl=add_to_strlist(&output,rover->d);
+ sl->flags=rover->flags;
+ }
+
+ return output;
+}
diff --git a/g10/getkey.c b/g10/getkey.c
index 08e17e930..84528cdca 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1098,7 +1098,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t
namelist,
{
int rc = 0;
int n;
- strlist_t r;
+ strlist_t r, namelist_expanded = NULL, link = NULL;
GETKEY_CTX ctx;
KBNODE help_kb = NULL;
KBNODE found_key = NULL;
@@ -1127,6 +1127,19 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t
namelist,
}
else
{
+ namelist_expanded = expand_group (namelist);
+
+ /* Chain namelist and namelist_expanded */
+ for (r = namelist; r; r = r->next)
+ {
+ if (!r->next)
+ {
+ r->next = namelist_expanded;
+ link = r;
+ break;
+ }
+ }
+
/* Build the search context. */
for (n = 0, r = namelist; r; r = r->next)
n++;
@@ -1148,7 +1161,8 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t
namelist,
if (err)
{
xfree (ctx);
- return gpg_err_code (err); /* FIXME: remove gpg_err_code. */
+ rc = gpg_err_code (err); /* FIXME: remove gpg_err_code. */
+ goto out;
}
if (!include_unusable
&& ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID
@@ -1169,7 +1183,7 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t
namelist,
{
rc = gpg_error_from_syserror ();
getkey_end (ctrl, ctx);
- return rc;
+ goto out;
}
if (!ret_kb)
@@ -1200,6 +1214,12 @@ key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t
namelist,
getkey_end (ctrl, ctx);
}
+out:
+ if (namelist_expanded)
+ free_strlist(namelist_expanded);
+ /* Un-chain namelist and namelist_expanded */
+ if (link)
+ link->next = NULL;
return rc;
}
diff --git a/g10/keydb.h b/g10/keydb.h
index 9748e571e..14cf04ff3 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -254,6 +254,8 @@ void show_revocation_reason (ctrl_t ctrl, PKT_public_key
*pk, int mode );
int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
void release_pk_list (PK_LIST pk_list);
+int expand_id(const char *id,strlist_t *into,unsigned int flags);
+strlist_t expand_group (strlist_t input);
int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);
gpg_error_t find_and_check_key (ctrl_t ctrl,
const char *name, unsigned int use,
diff --git a/g10/pkclist.c b/g10/pkclist.c
index e7484432a..8b49a31d3 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -759,55 +759,6 @@ default_recipient (ctrl_t ctrl)
}
-static int
-expand_id(const char *id,strlist_t *into,unsigned int flags)
-{
- struct groupitem *groups;
- int count=0;
-
- for(groups=opt.grouplist;groups;groups=groups->next)
- {
- /* need strcasecmp() here, as this should be localized */
- if(strcasecmp(groups->name,id)==0)
- {
- strlist_t each,sl;
-
- /* this maintains the current utf8-ness */
- for(each=groups->values;each;each=each->next)
- {
- sl=add_to_strlist(into,each->d);
- sl->flags=flags;
- count++;
- }
-
- break;
- }
- }
-
- return count;
-}
-
-/* For simplicity, and to avoid potential loops, we only expand once -
- * you can't make an alias that points to an alias. */
-static strlist_t
-expand_group (strlist_t input)
-{
- strlist_t output = NULL;
- strlist_t sl, rover;
-
- for (rover = input; rover; rover = rover->next)
- if (!(rover->flags & PK_LIST_FROM_FILE)
- && !expand_id(rover->d,&output,rover->flags))
- {
- /* Didn't find any groups, so use the existing string */
- sl=add_to_strlist(&output,rover->d);
- sl->flags=rover->flags;
- }
-
- return output;
-}
-
-
/* Helper for build_pk_list to find and check one key. This helper is
* also used directly in server mode by the RECIPIENTS command. On
* success the new key is added to PK_LIST_ADDR. NAME is the user id
--
2.20.1
More information about the Gnupg-devel
mailing list