← Back to branch summary

~ubuntu-branches/ubuntu/hardy/gnupg/hardy-updates

« back to all changes in this revision

Viewing changes to g10/export.c

  • Committer: Bazaar Package Importer
  • Author(s): Martin Pitt
  • Date: 2005-12-16 16:57:39 UTC
  • mto: This revision was merged to the branch mainline in revision 4.
  • Revision ID: james.westby@ubuntu.com-20051216165739-v0m2d1you6hd8jho
Tags: upstream-1.4.2
ImportĀ upstreamĀ versionĀ 1.4.2

Show diffs side-by-side

added added

removed removed

Lines of Context:
g10/export.c
1
1
/* export.c
2
 
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
3
 
 *               2004 Free Software Foundation, Inc.
 
2
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
 
3
 *               2005 Free Software Foundation, Inc.
4
4
 *
5
5
 * This file is part of GnuPG.
6
6
 *
16
16
 *
17
17
 * You should have received a copy of the GNU General Public License
18
18
 * along with this program; if not, write to the Free Software
19
 
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
 
19
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
 
20
 * USA.
20
21
 */
21
22
 
22
23
#include <config.h>
34
35
#include "util.h"
35
36
#include "main.h"
36
37
#include "i18n.h"
 
38
#include "trustdb.h"
37
39
 
38
40
static int do_export( STRLIST users, int secret, unsigned int options );
39
41
static int do_export_stream( IOBUF out, STRLIST users, int secret,
48
50
      {"export-local-sigs",EXPORT_LOCAL_SIGS,NULL},
49
51
      {"export-attributes",EXPORT_ATTRIBUTES,NULL},
50
52
      {"export-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL},
51
 
      {"export-minimal",EXPORT_MINIMAL,NULL},
52
 
      {"export-unusable-sigs",EXPORT_UNUSABLE_SIGS,NULL},
 
53
      {"export-minimal",EXPORT_MINIMAL|EXPORT_CLEAN_SIGS|EXPORT_CLEAN_UIDS,NULL},
 
54
      {"export-clean",EXPORT_CLEAN_SIGS|EXPORT_CLEAN_UIDS,NULL},
 
55
      {"export-clean-sigs",EXPORT_CLEAN_SIGS,NULL},
 
56
      {"export-clean-uids",EXPORT_CLEAN_UIDS,NULL},
 
57
 
 
58
      {"export-reset-subkey-passwd", EXPORT_RESET_SUBKEY_PASSWD, NULL},
 
59
 
53
60
      /* Aliases for backward compatibility */
54
61
      {"include-local-sigs",EXPORT_LOCAL_SIGS,NULL},
55
62
      {"include-attributes",EXPORT_ATTRIBUTES,NULL},
56
63
      {"include-sensitive-revkeys",EXPORT_SENSITIVE_REVKEYS,NULL},
 
64
      /* dummy */
 
65
      {"export-unusable-sigs",0,NULL},
57
66
      {NULL,0,NULL}
58
67
      /* add tags for include revoked and disabled? */
59
68
    };
221
230
                         keystr(sk_keyid));
222
231
                continue;
223
232
              }
 
233
          }
 
234
        else
 
235
          {
 
236
            /* It's a public key export */
 
237
            if((options&EXPORT_MINIMAL)
 
238
               && (node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
 
239
              keyid_from_pk(node->pkt->pkt.public_key,keyid);
224
240
 
225
 
            if(options&EXPORT_MINIMAL)
226
 
              keyid_from_sk(sk,keyid);
 
241
            if(options&EXPORT_CLEAN_UIDS)
 
242
              clean_uids_from_key(keyblock,opt.verbose);
227
243
          }
228
 
        else if((options&EXPORT_MINIMAL)
229
 
                && (node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
230
 
          keyid_from_pk(node->pkt->pkt.public_key,keyid);
231
244
 
232
245
        /* and write it */
233
246
        for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) {
240
253
                  continue;
241
254
              }
242
255
 
243
 
            /* don't export any comment packets but those in the
244
 
             * secret keyring */
245
 
            if( !secret && node->pkt->pkttype == PKT_COMMENT )
246
 
                continue;
 
256
            /* We used to use comment packets, but not any longer.  In
 
257
               case we still have comments on a key, strip them here
 
258
               before we call build_packet(). */
 
259
            if( node->pkt->pkttype == PKT_COMMENT )
 
260
              continue;
247
261
 
248
262
            /* make sure that ring_trust packets never get exported */
249
263
            if (node->pkt->pkttype == PKT_RING_TRUST)
313
327
                  continue;
314
328
              }
315
329
 
316
 
            if( node->pkt->pkttype == PKT_SIGNATURE )
 
330
            if(node->pkt->pkttype==PKT_USER_ID)
 
331
              {
 
332
                /* Run clean_sigs_from_uid against each uid if
 
333
                   export-clean-sigs is on. */
 
334
                if(options&EXPORT_CLEAN_SIGS)
 
335
                  clean_sigs_from_uid(keyblock,node,opt.verbose);
 
336
              }
 
337
            else if(node->pkt->pkttype==PKT_SIGNATURE)
317
338
              {
318
339
                /* If we have export-minimal turned on, do not include
319
340
                   any signature that isn't a selfsig.  Note that this
325
346
                       || node->pkt->pkt.signature->keyid[1]!=keyid[1]))
326
347
                  continue;
327
348
 
328
 
                /* We do basically the same thing for
329
 
                   export-unusable-sigs.  It only applies to expired
330
 
                   uid sigs that aren't selfsigs. */
331
 
                if(!(options&EXPORT_UNUSABLE_SIGS)
332
 
                   && IS_UID_SIG(node->pkt->pkt.signature)
333
 
                   && node->pkt->pkt.signature->flags.expired
334
 
                   && (node->pkt->pkt.signature->keyid[0]!=keyid[0]
335
 
                       || node->pkt->pkt.signature->keyid[1]!=keyid[1]))
336
 
                  continue;
337
 
 
338
 
                /* do not export packets which are marked as not exportable */
 
349
                /* do not export packets which are marked as not
 
350
                   exportable */
339
351
                if(!(options&EXPORT_LOCAL_SIGS)
340
352
                   && !node->pkt->pkt.signature->flags.exportable)
341
353
                  continue; /* not exportable */
373
385
 
374
386
            if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY )
375
387
              {
376
 
                /* we don't want to export the secret parts of the
 
388
                /* We don't want to export the secret parts of the
377
389
                 * primary key, this is done by using GNU protection mode 1001
378
390
                 */
379
391
                int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode;
381
393
                rc = build_packet( out, node->pkt );
382
394
                node->pkt->pkt.secret_key->protect.s2k.mode = save_mode;
383
395
              }
 
396
            else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY
 
397
                     && (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD))
 
398
              {
 
399
                /* If the subkey is protected reset the passphrase to
 
400
                   export an unprotected subkey.  This feature is
 
401
                   useful in cases of a subkey copied to an unattended
 
402
                   machine where a passphrase is not required. */
 
403
                PKT_secret_key *sk_save, *sk;
 
404
 
 
405
                sk_save = node->pkt->pkt.secret_key;
 
406
                sk = copy_secret_key (NULL, sk_save);
 
407
                node->pkt->pkt.secret_key = sk;
 
408
 
 
409
                log_info ("about to export an unprotected subkey\n");
 
410
                switch (is_secret_key_protected (sk))
 
411
                  {
 
412
                  case -1:
 
413
                    rc = G10ERR_PUBKEY_ALGO;
 
414
                    break;
 
415
                  case 0:
 
416
                    break;
 
417
                  default:
 
418
                    if (sk->protect.s2k.mode == 1001)
 
419
                      ; /* No secret parts. */
 
420
                    else if( sk->protect.s2k.mode == 1002 ) 
 
421
                      ; /* Card key stub. */
 
422
                    else 
 
423
                      {
 
424
                        rc = check_secret_key( sk, 0 );
 
425
                      }
 
426
                    break;
 
427
                  }
 
428
                if (rc)
 
429
                  {
 
430
                    node->pkt->pkt.secret_key = sk_save;
 
431
                    free_secret_key (sk);
 
432
                    /* FIXME: Make translatable after releasing 1.4.2 */
 
433
                    log_error ("failed to unprotect the subkey: %s\n",
 
434
                               g10_errstr (rc));
 
435
                    goto leave;
 
436
                  }
 
437
 
 
438
                rc = build_packet (out, node->pkt);
 
439
 
 
440
                node->pkt->pkt.secret_key = sk_save;
 
441
                free_secret_key (sk);
 
442
              }
384
443
            else
385
444
              {
386
445
                /* Warn the user if the secret key or any of the secret