- Added a drop-down item to allow removing unused keys, in the Network dialog.

- added key removal method in OpenPGP-SDK - improved FriendSelectionDialog/Widget to enable select all/none keys, and show non friend keys - added safe key removal method in PGPHandler. Removed keys from other locations will not cause errors. - added backup system to public keyring, impossibility to remove public parts of owned secret keys, etc. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6382 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-05-06 08:05:18 -04:00 · 2013-05-29 21:32:02 +00:00 · 2013-05-29 21:32:02 +00:00 · 0266329dc8
commit 0266329dc8
parent 02890c737a
17 changed files with 314 additions and 81 deletions
--- a/libretroshare/src/pgp/pgphandler.cc
+++ b/libretroshare/src/pgp/pgphandler.cc
@ -22,6 +22,7 @@ extern "C" {
 }
 #include "pgphandler.h"
 #include "retroshare/rsiface.h"		// For rsicontrol.
+#include "retroshare/rspeers.h"		// For rsicontrol.
 #include "util/rsdir.h"		
 #include "pgp/pgpkeyutil.h"

@ -823,6 +824,7 @@ void PGPHandler::addNewKeyToOPSKeyring(ops_keyring_t *kr,const ops_keydata_t& ke
 	memset(&kr->keys[kr->nkeys],0,sizeof(ops_keydata_t)) ;
 	ops_keydata_copy(&kr->keys[kr->nkeys],&key) ;
 	kr->nkeys++ ;
+	kr->nkeys_allocated = kr->nkeys ;
 }

 bool PGPHandler::LoadCertificateFromString(const std::string& pgp_cert,PGPIdType& id,std::string& error_string)
@ -1539,4 +1541,95 @@ void PGPHandler::mergeKeyringFromDisk(	ops_keyring_t *keyring,
 	ops_keyring_free(tmp_keyring) ;
 }

+bool PGPHandler::removeKeysFromPGPKeyring(const std::list<PGPIdType>& keys_to_remove,std::string& backup_file,uint32_t& error_code)
+{
+	// 1 - lock everything.
+	//
+	RsStackMutex mtx(pgphandlerMtx) ;				// lock access to PGP memory structures.
+	RsStackFileLock flck(_pgp_lock_filename) ;	// lock access to PGP directory.
+
+	error_code = PGP_KEYRING_REMOVAL_ERROR_NO_ERROR ;
+
+	for(std::list<PGPIdType>::const_iterator it(keys_to_remove.begin());it!=keys_to_remove.end();++it)
+		if(locked_getSecretKey(*it) != NULL)
+		{
+			std::cerr << "(EE) PGPHandler:: can't remove key " << (*it).toStdString() << " since its shared by a secret key! Operation cancelled." << std::endl;
+			error_code = PGP_KEYRING_REMOVAL_ERROR_CANT_REMOVE_SECRET_KEYS ;
+			return false ;
+		}
+
+	// 2 - sync everything.
+	//
+	locked_syncPublicKeyring() ;
+
+	// 3 - make a backup of the public keyring
+	//
+	char template_name[_pubring_path.length()+8] ;
+	sprintf(template_name,"%s.XXXXXX",_pubring_path.c_str()) ;
+	
+	if(mktemp(template_name) == NULL)
+	{
+		std::cerr << "PGPHandler::removeKeysFromPGPKeyring(): cannot create keyring backup file. Giving up." << std::endl;
+		error_code = PGP_KEYRING_REMOVAL_ERROR_CANNOT_CREATE_BACKUP ;
+		return false ;
+	}
+
+	if(!ops_write_keyring_to_file(_pubring,ops_false,template_name,ops_true)) 
+	{
+		std::cerr << "PGPHandler::removeKeysFromPGPKeyring(): cannot write keyring backup file. Giving up." << std::endl;
+		error_code = PGP_KEYRING_REMOVAL_ERROR_CANNOT_WRITE_BACKUP ;
+		return false ;
+	}
+	backup_file = std::string(template_name,_pubring_path.length()+7) ;
+
+	std::cerr << "Keyring was backed up to file " << backup_file << std::endl;
+
+	// Remove keys from the keyring, and update the keyring map.
+	//
+	for(std::list<PGPIdType>::const_iterator it(keys_to_remove.begin());it!=keys_to_remove.end();++it)
+	{
+		if(locked_getSecretKey(*it) != NULL)
+		{
+			std::cerr << "(EE) PGPHandler:: can't remove key " << (*it).toStdString() << " since its shared by a secret key!" << std::endl;
+			continue ;
+		}
+
+		std::map<std::string,PGPCertificateInfo>::iterator res = _public_keyring_map.find((*it).toStdString()) ;
+
+		if(res == _public_keyring_map.end())
+		{
+			std::cerr << "(EE) PGPHandler:: can't remove key " << (*it).toStdString() << " from keyring: key not found." << std::endl;
+			continue ;
+		}
+
+		// Move the last key to the freed place. This deletes the key in place.
+		//
+		ops_keyring_remove_key(_pubring,res->second._key_index) ;
+
+		// Erase the info from the keyring map.
+		//
+		_public_keyring_map.erase(res) ;
+	}
+
+	// now update all indices back
+	
+	int i=0 ;
+	const ops_keydata_t *keydata ;
+	while( (keydata = ops_keyring_get_key_by_index(_pubring,i)) != NULL )
+	{
+		PGPCertificateInfo& cert(_public_keyring_map[ PGPIdType(keydata->key_id).toStdString() ]) ;
+		cert._key_index = i ;
+		++i ;
+	}
+
+	// Everything went well, sync back the keyring on disk
+	
+	_pubring_changed = true ;
+	_trustdb_changed = true ;
+
+	locked_syncPublicKeyring() ;
+	locked_syncTrustDatabase() ;
+
+	return true ;
+}

--- a/libretroshare/src/pgp/pgphandler.h
+++ b/libretroshare/src/pgp/pgphandler.h
@ -101,6 +101,11 @@ class PGPHandler
 		void setAcceptConnexion(const PGPIdType&,bool) ;
 		void updateOwnSignatureFlag(const PGPIdType& ownId) ;

+		// Removes the given keys from the keyring. Also backup the keyring to a file which name is automatically generated
+		// and given pack for proper display.
+		//
+		bool removeKeysFromPGPKeyring(const std::list<PGPIdType>& key_ids,std::string& backup_file,uint32_t& error_code) ;
+
 		//bool isKeySupported(const PGPIdType& id) const ;

 		bool privateTrustCertificate(const PGPIdType& id,int valid_level) ;	
--- a/libretroshare/src/pqi/authgpg.cc
+++ b/libretroshare/src/pqi/authgpg.cc
@ -60,6 +60,16 @@ bool AuthGPG::decryptTextFromFile(std::string& text,const std::string& inputfile
 	return PGPHandler::decryptTextFromFile(mOwnGpgId,text,inputfile) ;
 }

+bool AuthGPG::removeKeysFromPGPKeyring(const std::list<std::string>& pgp_ids,std::string& backup_file,uint32_t& error_code) 
+{
+	std::list<PGPIdType> pids ;
+
+	for(std::list<std::string>::const_iterator it(pgp_ids.begin());it!=pgp_ids.end();++it)
+		pids.push_back(PGPIdType(*it)) ;
+
+	return PGPHandler::removeKeysFromPGPKeyring(pids,backup_file,error_code) ;
+}
+
 bool AuthGPG::encryptTextToFile(const std::string& text,const std::string& outfile)
 {
 	return PGPHandler::encryptTextToFile(mOwnGpgId,text,outfile) ;
--- a/libretroshare/src/pqi/authgpg.h
+++ b/libretroshare/src/pqi/authgpg.h
@ -173,6 +173,8 @@ class AuthGPG: public p3Config, public RsThread, public PGPHandler
 		virtual bool   importProfile(const std::string& filename,std::string& gpg_id,std::string& import_error) ;
 		virtual bool   exportProfile(const std::string& filename,const std::string& gpg_id) ;

+		virtual bool   removeKeysFromPGPKeyring(const std::list<std::string>& pgp_ids,std::string& backup_file,uint32_t& error_code) ;
+
 		/*********************************************************************************/
 		/************************* STAGE 4 ***********************************************/
 		/*********************************************************************************/
--- a/libretroshare/src/retroshare/rspeers.h
+++ b/libretroshare/src/retroshare/rspeers.h
@ -104,6 +104,11 @@ const uint32_t CERTIFICATE_PARSING_ERROR_CHECKSUM_ERROR            = 0x16 ;
 const uint32_t CERTIFICATE_PARSING_ERROR_UNKNOWN_SECTION_PTAG      = 0x17 ;
 const uint32_t CERTIFICATE_PARSING_ERROR_MISSING_CHECKSUM          = 0x18 ;

+const uint32_t PGP_KEYRING_REMOVAL_ERROR_NO_ERROR                  = 0x20 ;
+const uint32_t PGP_KEYRING_REMOVAL_ERROR_CANT_REMOVE_SECRET_KEYS   = 0x21 ;
+const uint32_t PGP_KEYRING_REMOVAL_ERROR_CANNOT_CREATE_BACKUP      = 0x22 ;
+const uint32_t PGP_KEYRING_REMOVAL_ERROR_CANNOT_WRITE_BACKUP       = 0x23 ;
+
 /* LinkType Flags */

 // CONNECTION
@ -277,6 +282,9 @@ class RsPeers
 		virtual	bool removeFriend(const std::string &ssl_or_gpg_id)  			= 0;
 		virtual bool removeFriendLocation(const std::string &sslId) 			= 0;

+		/* keyring management */
+		virtual bool removeKeysFromPGPKeyring(const std::list<std::string>& pgp_ids,std::string& backup_file,uint32_t& error_code)=0 ;
+
 		/* Network Stuff */
 		virtual	bool connectAttempt(const std::string &ssl_id)			= 0;
 		virtual bool setLocation(const std::string &ssl_id, const std::string &location) = 0;//location is shown in the gui to differentiate ssl certs
--- a/libretroshare/src/rsserver/p3peers.cc
+++ b/libretroshare/src/rsserver/p3peers.cc
@ -619,10 +619,10 @@ bool 	p3Peers::addFriend(const std::string &ssl_id, const std::string &gpg_id,Se
 	return mPeerMgr->addFriend(ssl_id, gpg_id, RS_NET_MODE_UDP, RS_VIS_STATE_STD, now, perm_flags);
 }

-
-
-
-
+bool 	p3Peers::removeKeysFromPGPKeyring(const std::list<std::string>& pgp_ids,std::string& backup_file,uint32_t& error_code)
+{
+	return AuthGPG::getAuthGPG()->removeKeysFromPGPKeyring(pgp_ids,backup_file,error_code) ;
+}

 bool 	p3Peers::removeFriendLocation(const std::string &sslId)
 {
--- a/libretroshare/src/rsserver/p3peers.h
+++ b/libretroshare/src/rsserver/p3peers.h
@ -77,6 +77,9 @@ virtual	bool addFriend(const std::string &ssl_id, const std::string &gpg_id,Serv
 virtual	bool removeFriend(const std::string &ssl_or_gpgid);
 virtual bool removeFriendLocation(const std::string &sslId);

+		/* keyring management */
+		virtual bool removeKeysFromPGPKeyring(const std::list<std::string>& pgp_ids,std::string& backup_file,uint32_t& error_code);
+
 	/* Network Stuff */
 virtual	bool connectAttempt(const std::string &id);
 virtual bool setLocation(const std::string &ssl_id, const std::string &location);//location is shown in the gui to differentiate ssl certs