catchsignals();
dbctx = config.dbinit(config.backend, false);
- count = cleankeys(keys);
+ count = cleankeys(&keys, config.clean_policies);
logthing(LOGTHING_INFO, "%d keys cleaned.",
count);
/**
* cleankeys - Apply all available cleaning options on a list of keys.
- * @keys: The list of keys to clean.
+ * @policies: The cleaning policies to apply.
*
- * Applies all the cleaning options we can (eg duplicate key ids) to a
- * list of keys. Returns 0 if no changes were made, otherwise the number
- * of keys cleaned.
+ * Applies the requested cleaning policies to a list of keys. These are
+ * specified from the ONAK_CLEAN_* set of flags, or ONAK_CLEAN_ALL to
+ * apply all available cleaning options. Returns 0 if no changes were
+ * made, otherwise the number of keys cleaned. Note that some options
+ * may result in keys being removed entirely from the list.
*/
-int cleankeys(struct openpgp_publickey *keys)
+int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
{
+ struct openpgp_publickey *curkey;
int changed = 0, count;
- while (keys != NULL) {
- count = dedupuids(keys);
- count += dedupsubkeys(keys);
- if (config.check_sighash) {
- count += clean_key_sighashes(keys);
+ if (keys == NULL)
+ return 0;
+
+ curkey = *keys;
+ while (curkey != NULL) {
+ count = dedupuids(curkey);
+ count += dedupsubkeys(curkey);
+ if (policies & ONAK_CLEAN_CHECK_SIGHASH) {
+ count += clean_key_sighashes(curkey);
}
if (count > 0) {
changed++;
}
- keys = keys->next;
+ curkey = curkey->next;
}
return changed;
#include "keystructs.h"
+#define ONAK_CLEAN_CHECK_SIGHASH (1 << 0)
+#define ONAK_CLEAN_ALL (uint64_t) -1
+
/**
* cleankeys - Apply all available cleaning options on a list of keys.
* @publickey: The list of keys to clean.
+ * @policies: The cleaning policies to apply.
*
- * Applies all the cleaning options we can (eg duplicate key ids) to a
- * list of keys. Returns 0 if no changes were made, otherwise the number
- * of keys cleaned.
+ * Applies the requested cleaning policies to a list of keys. These are
+ * specified from the ONAK_CLEAN_* set of flags, or ONAK_CLEAN_ALL to
+ * apply all available cleaning options. Returns 0 if no changes were
+ * made, otherwise the number of keys cleaned. Note that some options
+ * may result in keys being removed entirely from the list.
*/
-int cleankeys(struct openpgp_publickey *keys);
+int cleankeys(struct openpgp_publickey **keys, uint64_t policies);
#endif
(struct onak_dbctx *) privctx->backends->object;
struct openpgp_publickey *curkey;
- cleankeys(publickey);
+ cleankeys(&publickey, config.clean_policies);
/*
* If we walked the stack at all, store the key in the first
* backend if configured to do so. It's not an update as we
result,
search);
puts("<pre>");
- cleankeys(publickey);
+ cleankeys(&publickey, config.clean_policies);
flatten_publickey(publickey,
&packets,
&list_end);
#include <string.h>
#include <strings.h>
+#include "cleankey.h"
#include "ll.h"
#include "log.h"
#include "onak-conf.h"
.dbinit = DBINIT,
- .check_sighash = true,
+ .clean_policies = ONAK_CLEAN_CHECK_SIGHASH,
.bin_dir = NULL,
.mail_dir = NULL,
} else if (!strncmp("sock_dir ", line, 9)) {
config.sock_dir = strdup(&line[9]);
} else if (!strncmp("check_sighash ", line, 9)) {
- config.check_sighash = parsebool(&line[9],
- config.check_sighash);
+ if (parsebool(&line[9], config.clean_policies &
+ ONAK_CLEAN_CHECK_SIGHASH)) {
+ config.clean_policies |=
+ ONAK_CLEAN_CHECK_SIGHASH;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_CHECK_SIGHASH;
+ }
} else {
return false;
}
strdup(value));
/* [verification] section */
} else if (MATCH("verification", "check_sighash")) {
- config.check_sighash = parsebool(value,
- config.check_sighash);
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_CHECK_SIGHASH)) {
+ config.clean_policies |=
+ ONAK_CLEAN_CHECK_SIGHASH;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_CHECK_SIGHASH;
+ }
} else {
return false;
}
fprintf(conffile, "\n");
fprintf(conffile, "[verification]\n");
- WRITE_BOOL(config.check_sighash, "check_sighash");
+ WRITE_BOOL(config.clean_policies & ONAK_CLEAN_CHECK_SIGHASH,
+ "check_sighash");
fprintf(conffile, "\n");
fprintf(conffile, "[mail]\n");
#define __ONAK_CONF_H_
#include <stdbool.h>
+#include <stdint.h>
#include "ll.h"
/** Pointer to the initialisation function for our loaded DB backend */
struct onak_dbctx *(*dbinit)(struct onak_db_config *, bool);
- /** Should we verify signature hashes match? */
- bool check_sighash;
+ /** What policies should we use for cleaning keys? */
+ uint64_t clean_policies;
/*
* Options used by the email handling script.
logthing(LOGTHING_INFO, "Finished reading %d keys.",
result);
- result = cleankeys(keys);
+ result = cleankeys(&keys, config.clean_policies);
logthing(LOGTHING_INFO, "%d keys cleaned.",
result);
result);
if (keys != NULL) {
- result = cleankeys(keys);
+ result = cleankeys(&keys,
+ config.clean_policies);
logthing(LOGTHING_INFO, "%d keys cleaned.",
result);
dbctx->starttrans(dbctx);
if (dbctx->fetch_key_id(dbctx, keyid, &keys, true)) {
dbctx->delete_key(dbctx, keyid, true);
- cleankeys(keys);
+ cleankeys(&keys, config.clean_policies);
dbctx->store_key(dbctx, keys, true, false);
} else {
puts("Key not found");
parse_keys( packets, &keys );
free_packet_list(packets);
packets = NULL;
- cleankeys( keys );
+ cleankeys(&keys, ONAK_CLEAN_ALL);
/* Iterate over the keys... */
for( key = keys; key; key = key->next ) {
uint64_t keyid;
projects / onak.git / commitdiff