Skip to content

Commit

Permalink
Improve oppenc key matching.
Browse files Browse the repository at this point in the history 
For pgp classic, allow all usable address matches.  previously, only
strong address matches were used.

For gpgme, restrict the matches to just usable address matches.
Previously, personal field matches would be used.

Lastly, turn off prompts for smime matching.
  • Loading branch information
@kevin8t8
kevin8t8 committed Feb 8, 2015
1 parent 4e9cf84 commit 1e65e29
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 44 deletions.
68 changes: 42 additions & 26 deletions crypt-gpgme.c
View file
Expand Up @@ -4002,14 +4002,17 @@ static crypt_key_t *crypt_getkeybyaddr (ADDRESS * a, short abilities,

int weak = 0;
int invalid = 0;
int addr_match = 0;
int multi = 0;
int this_key_has_strong;
int this_key_has_addr_match;
int this_key_has_weak;
int this_key_has_invalid;
int match;

crypt_key_t *keys, *k;
crypt_key_t *the_valid_key = NULL;
crypt_key_t *the_strong_valid_key = NULL;
crypt_key_t *a_valid_addrmatch_key = NULL;
crypt_key_t *matches = NULL;
crypt_key_t **matches_endp = &matches;

Expand Down Expand Up @@ -4047,6 +4050,7 @@ static crypt_key_t *crypt_getkeybyaddr (ADDRESS * a, short abilities,
this_key_has_weak = 0; /* weak but valid match */
this_key_has_invalid = 0; /* invalid match */
this_key_has_strong = 0; /* strong and valid match */
this_key_has_addr_match = 0;
match = 0; /* any match */

r = rfc822_parse_adrlist (NULL, k->uid);
Expand All @@ -4055,40 +4059,50 @@ static crypt_key_t *crypt_getkeybyaddr (ADDRESS * a, short abilities,
int validity = crypt_id_matches_addr (a, p, k);

if (validity & CRYPT_KV_MATCH) /* something matches */
{
match = 1;

/* is this key a strong candidate? */
if ((validity & CRYPT_KV_VALID)
&& (validity & CRYPT_KV_STRONGID)
&& (validity & CRYPT_KV_ADDR))
if (validity & CRYPT_KV_VALID)
{
if (the_valid_key && the_valid_key != k)
multi = 1;
the_valid_key = k;
this_key_has_strong = 1;
if (validity & CRYPT_KV_ADDR)
{
if (validity & CRYPT_KV_STRONGID)
{
if (the_strong_valid_key
&& the_strong_valid_key->kobj != k->kobj)
multi = 1;
this_key_has_strong = 1;
}
else
this_key_has_addr_match = 1;
}
else
this_key_has_weak = 1;
}
else if ((validity & CRYPT_KV_MATCH)
&& !(validity & CRYPT_KV_VALID))
this_key_has_invalid = 1;
else if ((validity & CRYPT_KV_MATCH)
&& (!(validity & CRYPT_KV_STRONGID)
|| !(validity & CRYPT_KV_ADDR)))
this_key_has_weak = 1;
else
this_key_has_invalid = 1;
}
}
rfc822_free_address (&r);

if (match)
{
crypt_key_t *tmp;

if (!this_key_has_strong && this_key_has_invalid)
invalid = 1;
if (!this_key_has_strong && this_key_has_weak)
weak = 1;

*matches_endp = tmp = crypt_copy_key (k);
matches_endp = &tmp->next;
the_valid_key = tmp;

if (this_key_has_strong)
the_strong_valid_key = tmp;
else if (this_key_has_addr_match)
{
addr_match = 1;
a_valid_addrmatch_key = tmp;
}
else if (this_key_has_invalid)
invalid = 1;
else if (this_key_has_weak)
weak = 1;
}
}

Expand All @@ -4098,12 +4112,14 @@ static crypt_key_t *crypt_getkeybyaddr (ADDRESS * a, short abilities,
{
if (auto_mode)
{
if (the_valid_key)
k = crypt_copy_key (the_valid_key);
if (the_strong_valid_key)
k = crypt_copy_key (the_strong_valid_key);
else if (a_valid_addrmatch_key)
k = crypt_copy_key (a_valid_addrmatch_key);
else
k = NULL;
}
else if (the_valid_key && !multi && !weak
else if (the_strong_valid_key && !multi && !weak && !addr_match
&& !(invalid && option (OPTPGPSHOWUNUSABLE)))
{
/*
Expand All @@ -4113,7 +4129,7 @@ static crypt_key_t *crypt_getkeybyaddr (ADDRESS * a, short abilities,
*
* Proceed without asking the user.
*/
k = crypt_copy_key (the_valid_key);
k = crypt_copy_key (the_strong_valid_key);
}
else
{
Expand Down
44 changes: 27 additions & 17 deletions pgpkey.c
View file
Expand Up @@ -822,7 +822,8 @@ pgp_key_t pgp_getkeybyaddr (ADDRESS * a, short abilities, pgp_ring_t keyring,
int match;

pgp_key_t keys, k, kn;
pgp_key_t the_valid_key = NULL;
pgp_key_t the_strong_valid_key = NULL;
pgp_key_t a_valid_addrmatch_key = NULL;
pgp_key_t matches = NULL;
pgp_key_t *last = &matches;
pgp_uid_t *q;
Expand Down Expand Up @@ -872,14 +873,20 @@ pgp_key_t pgp_getkeybyaddr (ADDRESS * a, short abilities, pgp_ring_t keyring,
if (validity & PGP_KV_MATCH) /* something matches */
match = 1;

/* is this key a strong candidate? */
if ((validity & PGP_KV_VALID) && (validity & PGP_KV_STRONGID)
&& (validity & PGP_KV_ADDR))
{
if (the_valid_key && the_valid_key != k)
multi = 1;
the_valid_key = k;
}
if ((validity & PGP_KV_VALID)
&& (validity & PGP_KV_ADDR))
{
if (validity & PGP_KV_STRONGID)
{
if (the_strong_valid_key && the_strong_valid_key != k)
multi = 1;
the_strong_valid_key = k;
}
else
{
a_valid_addrmatch_key = k;
}
}
}

rfc822_free_address (&r);
Expand All @@ -899,25 +906,28 @@ pgp_key_t pgp_getkeybyaddr (ADDRESS * a, short abilities, pgp_ring_t keyring,
{
if (auto_mode)
{
if (the_valid_key)
if (the_strong_valid_key)
{
pgp_remove_key (&matches, the_valid_key);
k = the_valid_key;
pgp_remove_key (&matches, the_strong_valid_key);
k = the_strong_valid_key;
}
else
else if (a_valid_addrmatch_key)
{
k = NULL;
pgp_remove_key (&matches, a_valid_addrmatch_key);
k = a_valid_addrmatch_key;
}
else
k = NULL;
}
else if (the_valid_key && !multi)
else if (the_strong_valid_key && !multi)
{
/*
* There was precisely one strong match on a valid ID.
*
* Proceed without asking the user.
*/
pgp_remove_key (&matches, the_valid_key);
k = the_valid_key;
pgp_remove_key (&matches, the_strong_valid_key);
k = the_strong_valid_key;
}
else
{
Expand Down
2 changes: 1 addition & 1 deletion smime.c
View file
Expand Up @@ -746,7 +746,7 @@ char *smime_findKeys (ADDRESS *adrlist, int auto_mode)

q = p;

keyID = smime_get_field_from_db (q->mailbox, NULL, 1, 1);
keyID = smime_get_field_from_db (q->mailbox, NULL, 1, !auto_mode);
if ((keyID == NULL) && (! auto_mode))
{
snprintf(buf, sizeof(buf),
Expand Down

0 comments on commit 1e65e29

Please sign in to comment.