g10/delkey.c

   1 /* delkey.c - delete keys
   2  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004,
   3  *               2005, 2006 Free Software Foundation, Inc.
   4  *
   5  * This file is part of GnuPG.
   6  *
   7  * GnuPG is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License as published by
   9  * the Free Software Foundation; either version 2 of the License, or
  10  * (at your option) any later version.
  11  *
  12  * GnuPG is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU General Public License
  18  * along with this program; if not, write to the Free Software
  19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  20  * USA.
  21  */
  22
  23 #include <config.h>
  24 #include <stdio.h>
  25 #include <stdlib.h>
  26 #include <string.h>
  27 #include <errno.h>
  28 #include <assert.h>
  29 #include <ctype.h>
  30
  31 #include "gpg.h"
  32 #include "options.h"
  33 #include "packet.h"
  34 #include "errors.h"
  35 #include "iobuf.h"
  36 #include "keydb.h"
  37 #include "util.h"
  38 #include "main.h"
  39 #include "trustdb.h"
  40 #include "filter.h"
  41 #include "ttyio.h"
  42 #include "status.h"
  43 #include "i18n.h"
  44
  45
  46 /****************
  47  * Delete a public or secret key from a keyring.
  48  * r_sec_avail will be set if a secret key is available and the public
  49  * key can't be deleted for that reason.
  50  */
  51 static int
  52 do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
  53 {
  54     int rc = 0;
  55     KBNODE keyblock = NULL;
  56     KBNODE node;
  57     KEYDB_HANDLE hd = keydb_new (secret);
  58     PKT_public_key *pk = NULL;
  59     PKT_secret_key *sk = NULL;
  60     u32 keyid[2];
  61     int okay=0;
  62     int yes;
  63     KEYDB_SEARCH_DESC desc;
  64     int exactmatch;
  65
  66     *r_sec_avail = 0;
  67
  68     /* search the userid */
  69     classify_user_id (username, &desc);
  70     exactmatch = (desc.mode == KEYDB_SEARCH_MODE_FPR
  71                   || desc.mode == KEYDB_SEARCH_MODE_FPR16
  72                   || desc.mode == KEYDB_SEARCH_MODE_FPR20);
  73     rc = desc.mode? keydb_search (hd, &desc, 1):G10ERR_INV_USER_ID;
  74     if (rc) {
  75         log_error (_("key \"%s\" not found: %s\n"), username, g10_errstr (rc));
  76         write_status_text( STATUS_DELETE_PROBLEM, "1" );
  77         goto leave;
  78     }
  79
  80     /* read the keyblock */
  81     rc = keydb_get_keyblock (hd, &keyblock );
  82     if (rc) {
  83         log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) );
  84         goto leave;
  85     }
  86
  87     /* get the keyid from the keyblock */
  88     node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY );
  89     if( !node ) {
  90         log_error("Oops; key not found anymore!\n");
  91         rc = G10ERR_GENERAL;
  92         goto leave;
  93     }
  94
  95     if( secret )
  96       {
  97         sk = node->pkt->pkt.secret_key;
  98         keyid_from_sk( sk, keyid );
  99       }
 100     else
 101       {
 102         /* public */
 103         pk = node->pkt->pkt.public_key;
 104         keyid_from_pk( pk, keyid );
 105
 106         if(!force)
 107           {
 108             rc = seckey_available( keyid );
 109             if( !rc )
 110               {
 111                 *r_sec_avail = 1;
 112                 rc = -1;
 113                 goto leave;
 114               }
 115             else if( rc != G10ERR_NO_SECKEY )
 116               log_error("%s: get secret key: %s\n", username, g10_errstr(rc) );
 117             else
 118               rc = 0;
 119           }
 120       }
 121
 122     if( rc )
 123         rc = 0;
 124     else if (opt.batch && exactmatch)
 125         okay++;
 126     else if( opt.batch && secret )
 127       {
 128         log_error(_("can't do this in batch mode\n"));
 129         log_info (_("(unless you specify the key by fingerprint)\n"));
 130       }
 131     else if( opt.batch && opt.answer_yes )
 132         okay++;
 133     else if( opt.batch )
 134       {
 135         log_error(_("can't do this in batch mode without \"--yes\"\n"));
 136         log_info (_("(unless you specify the key by fingerprint)\n"));
 137       }
 138     else {
 139         if( secret )
 140             print_seckey_info( sk );
 141         else
 142             print_pubkey_info(NULL, pk );
 143         tty_printf( "\n" );
 144
 145         yes = cpr_get_answer_is_yes( secret? "delete_key.secret.okay"
 146                                            : "delete_key.okay",
 147                               _("Delete this key from the keyring? (y/N) "));
 148         if( !cpr_enabled() && secret && yes ) {
 149             /* I think it is not required to check a passphrase; if
 150              * the user is so stupid as to let others access his secret keyring
 151              * (and has no backup) - it is up him to read some very
 152              * basic texts about security.
 153              */
 154             yes = cpr_get_answer_is_yes("delete_key.secret.okay",
 155                          _("This is a secret key! - really delete? (y/N) "));
 156         }
 157         if( yes )
 158             okay++;
 159     }
 160
 161
 162     if( okay ) {
 163         rc = keydb_delete_keyblock (hd);
 164         if (rc) {
 165             log_error (_("deleting keyblock failed: %s\n"), g10_errstr(rc) );
 166             goto leave;
 167         }
 168
 169         /* Note that the ownertrust being cleared will trigger a
 170            revalidation_mark().  This makes sense - only deleting keys
 171            that have ownertrust set should trigger this. */
 172
 173         if (!secret && pk && clear_ownertrusts (pk)) {
 174           if (opt.verbose)
 175             log_info (_("ownertrust information cleared\n"));
 176         }
 177     }
 178
 179   leave:
 180     keydb_release (hd);
 181     release_kbnode (keyblock);
 182     return rc;
 183 }
 184
 185 /****************
 186  * Delete a public or secret key from a keyring.
 187  */
 188 int
 189 delete_keys( STRLIST names, int secret, int allow_both )
 190 {
 191     int rc, avail, force=(!allow_both && !secret && opt.expert);
 192
 193     /* Force allows us to delete a public key even if a secret key
 194        exists. */
 195
 196     for(;names;names=names->next) {
 197        rc = do_delete_key (names->d, secret, force, &avail );
 198        if ( rc && avail ) {
 199          if ( allow_both ) {
 200            rc = do_delete_key (names->d, 1, 0, &avail );
 201            if ( !rc )
 202              rc = do_delete_key (names->d, 0, 0, &avail );
 203          }
 204          else {
 205            log_error(_(
 206               "there is a secret key for public key \"%s\"!\n"),names->d);
 207            log_info(_(
 208               "use option \"--delete-secret-keys\" to delete it first.\n"));
 209            write_status_text( STATUS_DELETE_PROBLEM, "2" );
 210            return rc;
 211          }
 212        }
 213
 214        if(rc) {
 215          log_error("%s: delete key failed: %s\n", names->d, g10_errstr(rc) );
 216          return rc;
 217        }
 218     }
 219
 220     return 0;
 221 }