static int pgp_key_is_valid (pgp_key_t k)
{
pgp_key_t pk = pgp_principal_key (k);
if (k->flags & KEYFLAG_CANTUSE)
return 0;
if (pk->flags & KEYFLAG_CANTUSE)
return 0;
return 1;
}
pgp_key_t pgp_getkeybystr (char *p, short abilities, pgp_ring_t keyring)
{
LIST *hints = NULL;
pgp_key_t keys;
pgp_key_t matches = NULL;
pgp_key_t *last = &matches;
pgp_key_t k, kn;
pgp_uid_t *a;
short match;
size_t l;
const char *ps, *pl, *pfcopy, *phint;
if ((l = mutt_strlen (p)) && p[l-1] == '!')
p[l-1] = 0;
mutt_message (_("Looking for keys matching \"%s\"..."), p);
pfcopy = crypt_get_fingerprint_or_id (p, &phint, &pl, &ps);
hints = pgp_add_string_to_hints (hints, phint);
keys = pgp_get_candidates (keyring, hints);
mutt_free_list (&hints);
if (!keys)
goto out;
for (k = keys; k; k = kn)
{
kn = k->next;
if (abilities && !(k->flags & abilities))
continue;
/* This shouldn't happen, but keys without any addresses aren't selectable
* in pgp_select_key().
*/
if (!k->address)
continue;
match = 0;
dprint (5, (debugfile, "pgp_getkeybystr: matching \"%s\" against key %s:\n",
p, pgp_long_keyid (k)));
if (!*p ||
(pfcopy && mutt_strcasecmp (pfcopy, k->fingerprint) == 0) ||
(pl && mutt_strcasecmp (pl, pgp_long_keyid (k)) == 0) ||
(ps && mutt_strcasecmp (ps, pgp_short_keyid (k)) == 0))
{
dprint (5, (debugfile, "\t\tmatch.\n"));
match = 1;
}
else
{
for (a = k->address; a; a = a->next)
{
dprint (5, (debugfile, "pgp_getkeybystr: matching \"%s\" against key %s, \"%s\":\n",
p, pgp_long_keyid (k), NONULL (a->addr)));
if (mutt_stristr (a->addr, p))
{
dprint (5, (debugfile, "\t\tmatch.\n"));
match = 1;
break;
}
}
}
if (match)
{
*last = pgp_principal_key (k);
kn = pgp_remove_key (&keys, *last);
last = pgp_get_lastp (k);
}
}
pgp_free_key (&keys);
if (matches)
{
if ((k = pgp_select_key (matches, NULL, p)))
pgp_remove_key (&matches, k);
pgp_free_key (&matches);
FREE (&pfcopy);
if (l && !p[l-1])
p[l-1] = '!';
return k;
}
out:
FREE (&pfcopy);
if (l && !p[l-1])
p[l-1] = '!';
return NULL;
}
pgp_key_t pgp_getkeybyaddr (ADDRESS * a, short abilities, pgp_ring_t keyring,
int oppenc_mode)
{
ADDRESS *r, *p;
LIST *hints = NULL;
int multi = 0;
int match;
pgp_key_t keys, k, kn;
pgp_key_t the_strong_valid_key = NULL;
pgp_key_t a_valid_addrmatch_key = NULL;
pgp_key_t matches = NULL;
pgp_key_t *last = &matches;
pgp_uid_t *q;
if (a && a->mailbox)
hints = pgp_add_string_to_hints (hints, a->mailbox);
if (a && a->personal)
hints = pgp_add_string_to_hints (hints, a->personal);
if (! oppenc_mode )
mutt_message (_("Looking for keys matching \"%s\"..."), a->mailbox);
keys = pgp_get_candidates (keyring, hints);
mutt_free_list (&hints);
if (!keys)
return NULL;
dprint (5, (debugfile, "pgp_getkeybyaddr: looking for %s <%s>.",
a->personal, a->mailbox));
for (k = keys; k; k = kn)
{
kn = k->next;
dprint (5, (debugfile, " looking at key: %s\n",
pgp_keyid (k)));
if (abilities && !(k->flags & abilities))
{
dprint (5, (debugfile, " insufficient abilities: Has %x, want %x\n",
k->flags, abilities));
continue;
}
match = 0; /* any match */
for (q = k->address; q; q = q->next)
{
r = rfc822_parse_adrlist (NULL, NONULL (q->addr));
for (p = r; p; p = p->next)
{
int validity = pgp_id_matches_addr (a, p, q);
if (validity & PGP_KV_MATCH) /* something matches */
match = 1;
if ((validity & PGP_KV_VALID)
&& (validity & PGP_KV_ADDR))
{
if (validity & PGP_KV_STRONGID)
{
if (the_strong_valid_key && the_strong_valid_key != k)
multi = 1;
the_strong_valid_key = k;
}
else
{
a_valid_addrmatch_key = k;
}
}
}
rfc822_free_address (&r);
}
if (match)
{
*last = pgp_principal_key (k);
kn = pgp_remove_key (&keys, *last);
last = pgp_get_lastp (k);
}
}
pgp_free_key (&keys);
if (matches)
{
if (oppenc_mode)
{
if (the_strong_valid_key)
{
pgp_remove_key (&matches, the_strong_valid_key);
k = the_strong_valid_key;
}
else if (a_valid_addrmatch_key)
{
pgp_remove_key (&matches, a_valid_addrmatch_key);
k = a_valid_addrmatch_key;
}
else
k = NULL;
}
else if (the_strong_valid_key && !multi)
{
/*
* There was precisely one strong match on a valid ID.
*
* Proceed without asking the user.
*/
pgp_remove_key (&matches, the_strong_valid_key);
k = the_strong_valid_key;
}
else
{
/*
* Else: Ask the user.
*/
if ((k = pgp_select_key (matches, a, NULL)))
pgp_remove_key (&matches, k);
}
pgp_free_key (&matches);
return k;
}
return NULL;
}
BODY *pgp_make_key_attachment (char *tempf)
{
BODY *att;
char buff[LONG_STRING];
char tempfb[_POSIX_PATH_MAX], tmp[STRING];
FILE *tempfp;
FILE *devnull;
struct stat sb;
pid_t thepid;
pgp_key_t key;
unset_option (OPTPGPCHECKTRUST);
key = pgp_ask_for_key (_("Please enter the key ID: "), NULL, 0, PGP_PUBRING);
if (!key) return NULL;
snprintf (tmp, sizeof (tmp), "0x%s", pgp_fpr_or_lkeyid (pgp_principal_key (key)));
pgp_free_key (&key);
if (!tempf)
{
mutt_mktemp (tempfb, sizeof (tempfb));
tempf = tempfb;
}
if ((tempfp = safe_fopen (tempf, tempf == tempfb ? "w" : "a")) == NULL)
{
mutt_perror _("Can't create temporary file");
return NULL;
}
if ((devnull = fopen ("/dev/null", "w")) == NULL) /* __FOPEN_CHECKED__ */
{
mutt_perror _("Can't open /dev/null");
safe_fclose (&tempfp);
if (tempf == tempfb)
unlink (tempf);
return NULL;
}
mutt_message _("Invoking PGP...");
if ((thepid =
pgp_invoke_export (NULL, NULL, NULL, -1,
fileno (tempfp), fileno (devnull), tmp)) == -1)
{
mutt_perror _("Can't create filter");
unlink (tempf);
safe_fclose (&tempfp);
safe_fclose (&devnull);
return NULL;
}
mutt_wait_filter (thepid);
safe_fclose (&tempfp);
safe_fclose (&devnull);
att = mutt_new_body ();
att->filename = safe_strdup (tempf);
att->unlink = 1;
att->use_disp = 0;
att->type = TYPEAPPLICATION;
att->subtype = safe_strdup ("pgp-keys");
snprintf (buff, sizeof (buff), _("PGP Key %s."), tmp);
att->description = safe_strdup (buff);
mutt_update_encoding (att);
stat (tempf, &sb);
att->length = sb.st_size;
return att;
}
static pgp_key_t pgp_select_key (pgp_key_t keys,
ADDRESS * p, const char *s)
{
int keymax;
pgp_uid_t **KeyTable;
MUTTMENU *menu;
int i, done = 0;
char helpstr[LONG_STRING], buf[LONG_STRING], tmpbuf[STRING];
char cmd[LONG_STRING], tempfile[_POSIX_PATH_MAX];
FILE *fp, *devnull;
pid_t thepid;
pgp_key_t kp;
pgp_uid_t *a;
int (*f) (const void *, const void *);
int unusable = 0;
keymax = 0;
KeyTable = NULL;
for (i = 0, kp = keys; kp; kp = kp->next)
{
if (!option (OPTPGPSHOWUNUSABLE) && (kp->flags & KEYFLAG_CANTUSE))
{
unusable = 1;
continue;
}
for (a = kp->address; a; a = a->next)
{
if (!option (OPTPGPSHOWUNUSABLE) && (a->flags & KEYFLAG_CANTUSE))
{
unusable = 1;
continue;
}
if (i == keymax)
{
keymax += 5;
safe_realloc (&KeyTable, sizeof (pgp_uid_t *) * keymax);
}
KeyTable[i++] = a;
}
}
if (!i && unusable)
{
mutt_error _("All matching keys are expired, revoked, or disabled.");
mutt_sleep (1);
return NULL;
}
switch (PgpSortKeys & SORT_MASK)
{
case SORT_DATE:
f = pgp_compare_date;
break;
case SORT_KEYID:
f = pgp_compare_keyid;
break;
case SORT_ADDRESS:
f = pgp_compare_address;
break;
case SORT_TRUST:
default:
f = pgp_compare_trust;
break;
}
qsort (KeyTable, i, sizeof (pgp_uid_t *), f);
helpstr[0] = 0;
mutt_make_help (buf, sizeof (buf), _("Exit "), MENU_PGP, OP_EXIT);
strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
mutt_make_help (buf, sizeof (buf), _("Select "), MENU_PGP,
OP_GENERIC_SELECT_ENTRY);
strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
mutt_make_help (buf, sizeof (buf), _("Check key "), MENU_PGP, OP_VERIFY_KEY);
strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
mutt_make_help (buf, sizeof (buf), _("Help"), MENU_PGP, OP_HELP);
strcat (helpstr, buf); /* __STRCAT_CHECKED__ */
menu = mutt_new_menu (MENU_PGP);
menu->max = i;
menu->make_entry = pgp_entry;
menu->help = helpstr;
menu->data = KeyTable;
if (p)
snprintf (buf, sizeof (buf), _("PGP keys matching <%s>."), p->mailbox);
else
snprintf (buf, sizeof (buf), _("PGP keys matching \"%s\"."), s);
menu->title = buf;
kp = NULL;
mutt_clear_error ();
while (!done)
{
switch (mutt_menuLoop (menu))
{
case OP_VERIFY_KEY:
mutt_mktemp (tempfile, sizeof (tempfile));
if ((devnull = fopen ("/dev/null", "w")) == NULL) /* __FOPEN_CHECKED__ */
{
mutt_perror _("Can't open /dev/null");
break;
}
if ((fp = safe_fopen (tempfile, "w")) == NULL)
{
safe_fclose (&devnull);
mutt_perror _("Can't create temporary file");
break;
}
mutt_message _("Invoking PGP...");
snprintf (tmpbuf, sizeof (tmpbuf), "0x%s",
pgp_fpr_or_lkeyid (pgp_principal_key (KeyTable[menu->current]->parent)));
if ((thepid = pgp_invoke_verify_key (NULL, NULL, NULL, -1,
fileno (fp), fileno (devnull), tmpbuf)) == -1)
{
mutt_perror _("Can't create filter");
unlink (tempfile);
safe_fclose (&fp);
safe_fclose (&devnull);
}
mutt_wait_filter (thepid);
safe_fclose (&fp);
safe_fclose (&devnull);
mutt_clear_error ();
snprintf (cmd, sizeof (cmd), _("Key ID: 0x%s"),
pgp_keyid (pgp_principal_key (KeyTable[menu->current]->parent)));
mutt_do_pager (cmd, tempfile, 0, NULL);
menu->redraw = REDRAW_FULL;
break;
case OP_VIEW_ID:
mutt_message ("%s", NONULL (KeyTable[menu->current]->addr));
break;
case OP_GENERIC_SELECT_ENTRY:
/* XXX make error reporting more verbose */
if (option (OPTPGPCHECKTRUST))
if (!pgp_key_is_valid (KeyTable[menu->current]->parent))
{
mutt_error _("This key can't be used: expired/disabled/revoked.");
break;
}
if (option (OPTPGPCHECKTRUST) &&
(!pgp_id_is_valid (KeyTable[menu->current])
|| !pgp_id_is_strong (KeyTable[menu->current])))
{
char *s = "";
char buff[LONG_STRING];
if (KeyTable[menu->current]->flags & KEYFLAG_CANTUSE)
s = N_("ID is expired/disabled/revoked.");
else switch (KeyTable[menu->current]->trust & 0x03)
{
case 0:
s = N_("ID has undefined validity.");
break;
case 1:
s = N_("ID is not valid.");
break;
case 2:
s = N_("ID is only marginally valid.");
break;
}
snprintf (buff, sizeof (buff), _("%s Do you really want to use the key?"),
_(s));
if (mutt_yesorno (buff, M_NO) != M_YES)
{
mutt_clear_error ();
break;
}
}
# if 0
kp = pgp_principal_key (KeyTable[menu->current]->parent);
# else
kp = KeyTable[menu->current]->parent;
# endif
done = 1;
break;
case OP_EXIT:
kp = NULL;
done = 1;
break;
}
}
mutt_menuDestroy (&menu);
FREE (&KeyTable);
set_option (OPTNEEDREDRAW);
return (kp);
}
static const char *pgp_entry_fmt (char *dest,
size_t destlen,
size_t col,
char op,
const char *src,
const char *prefix,
const char *ifstring,
const char *elsestring,
unsigned long data,
format_flag flags)
{
char fmt[16];
pgp_entry_t *entry;
pgp_uid_t *uid;
pgp_key_t key, pkey;
int kflags = 0;
int optional = (flags & M_FORMAT_OPTIONAL);
entry = (pgp_entry_t *) data;
uid = entry->uid;
key = uid->parent;
pkey = pgp_principal_key (key);
if (isupper ((unsigned char) op))
key = pkey;
kflags = key->flags | (pkey->flags & KEYFLAG_RESTRICTIONS)
| uid->flags;
switch (ascii_tolower (op))
{
case '[':
{
const char *cp;
char buf2[SHORT_STRING], *p;
int do_locales;
struct tm *tm;
size_t len;
p = dest;
cp = src;
if (*cp == '!')
{
do_locales = 0;
cp++;
}
else
do_locales = 1;
len = destlen - 1;
while (len > 0 && *cp != ']')
{
if (*cp == '%')
{
cp++;
if (len >= 2)
{
*p++ = '%';
*p++ = *cp;
len -= 2;
}
else
break; /* not enough space */
cp++;
}
else
{
*p++ = *cp++;
len--;
}
}
*p = 0;
if (do_locales && Locale)
setlocale (LC_TIME, Locale);
tm = localtime (&key->gen_time);
strftime (buf2, sizeof (buf2), dest, tm);
if (do_locales)
setlocale (LC_TIME, "C");
snprintf (fmt, sizeof (fmt), "%%%ss", prefix);
snprintf (dest, destlen, fmt, buf2);
if (len > 0)
src = cp + 1;
}
break;
case 'n':
if (!optional)
{
snprintf (fmt, sizeof (fmt), "%%%sd", prefix);
snprintf (dest, destlen, fmt, entry->num);
}
break;
case 'k':
if (!optional)
{
snprintf (fmt, sizeof (fmt), "%%%ss", prefix);
snprintf (dest, destlen, fmt, _pgp_keyid (key));
}
break;
case 'u':
if (!optional)
{
snprintf (fmt, sizeof (fmt), "%%%ss", prefix);
snprintf (dest, destlen, fmt, NONULL (uid->addr));
}
break;
case 'a':
if (!optional)
{
snprintf (fmt, sizeof (fmt), "%%%ss", prefix);
snprintf (dest, destlen, fmt, key->algorithm);
}
break;
case 'l':
if (!optional)
{
snprintf (fmt, sizeof (fmt), "%%%sd", prefix);
snprintf (dest, destlen, fmt, key->keylen);
}
break;
case 'f':
if (!optional)
{
snprintf (fmt, sizeof (fmt), "%%%sc", prefix);
snprintf (dest, destlen, fmt, pgp_flags (kflags));
}
else if (!(kflags & (KEYFLAG_RESTRICTIONS)))
optional = 0;
break;
case 'c':
if (!optional)
{
snprintf (fmt, sizeof (fmt), "%%%ss", prefix);
snprintf (dest, destlen, fmt, pgp_key_abilities (kflags));
}
else if (!(kflags & (KEYFLAG_ABILITIES)))
optional = 0;
break;
case 't':
if (!optional)
{
snprintf (fmt, sizeof (fmt), "%%%sc", prefix);
snprintf (dest, destlen, fmt, trust_flags[uid->trust & 0x03]);
}
else if (!(uid->trust & 0x03))
/* undefined trust */
optional = 0;
break;
default:
*dest = '\0';
}
if (optional)
mutt_FormatString (dest, destlen, col, ifstring, mutt_attach_fmt, data, 0);
else if (flags & M_FORMAT_OPTIONAL)
mutt_FormatString (dest, destlen, col, elsestring, mutt_attach_fmt, data, 0);
return (src);
}
pgp_key_t pgp_getkeybystr (char *p, short abilities, pgp_ring_t keyring)
{
LIST *hints = NULL;
pgp_key_t keys;
pgp_key_t matches = NULL;
pgp_key_t *last = &matches;
pgp_key_t k, kn;
pgp_uid_t *a;
short match;
size_t l;
const char *ps, *pl;
if ((l = mutt_strlen (p)) && p[l-1] == '!')
p[l-1] = 0;
mutt_message (_("Looking for keys matching \"%s\"..."), p);
hints = pgp_add_string_to_hints (hints, p);
keys = pgp_get_candidates (keyring, hints);
mutt_free_list (&hints);
if (!keys)
goto out;
/* User input may be short or long key ID, independent of OPTPGPLONGIDS.
* pgp_key_t->keyid should always contain a long key ID without 0x.
* Strip leading "0x" before loops so it doesn't have to be done over and
* over again, and prepare pl and ps to simplify logic in the loop's inner
* condition.
*/
pl = (!mutt_strncasecmp (p, "0x", 2) ? p + 2 : p);
ps = (mutt_strlen (pl) == 16 ? pl + 8 : pl);
for (k = keys; k; k = kn)
{
kn = k->next;
if (abilities && !(k->flags & abilities))
continue;
/* This shouldn't happen, but keys without any addresses aren't selectable
* in pgp_select_key().
*/
if (!k->address)
continue;
match = 0;
dprint (5, (debugfile, "pgp_getkeybystr: matching \"%s\" against key %s:\n",
p, pgp_long_keyid (k)));
/* If ps != pl it means a long ID (or name of 16 characters) was given, do
* not attempt to match short IDs then. Also, it is unnecessary to try to
* match pl against long IDs if ps == pl as pl could not be a long ID. */
if (!*p ||
(ps != pl && mutt_strcasecmp (pl, pgp_long_keyid (k)) == 0) ||
(ps == pl && mutt_strcasecmp (ps, pgp_short_keyid (k)) == 0))
{
dprint (5, (debugfile, "\t\tmatch.\n"));
match = 1;
}
else
{
for (a = k->address; a; a = a->next)
{
dprint (5, (debugfile, "pgp_getkeybystr: matching \"%s\" against key %s, \"%s\":\n",
p, pgp_long_keyid (k), NONULL (a->addr)));
if (mutt_stristr (a->addr, p))
{
dprint (5, (debugfile, "\t\tmatch.\n"));
match = 1;
break;
}
}
}
if (match)
{
*last = pgp_principal_key (k);
kn = pgp_remove_key (&keys, *last);
last = pgp_get_lastp (k);
}
}
pgp_free_key (&keys);
if (matches)
{
if ((k = pgp_select_key (matches, NULL, p)))
pgp_remove_key (&matches, k);
pgp_free_key (&matches);
if (l && !p[l-1])
p[l-1] = '!';
return k;
}
out:
if (l && !p[l-1])
p[l-1] = '!';
return NULL;
}