# # # patch "cmd_list.cc" # from [70ac171467d7e2101c55b8c0df2eb600c0284b71] # to [59417255e305cd2b1f0544de3bba1a5aa9d3c968] # # patch "cmd_ws_commit.cc" # from [18ec9d2fbd1998a82889f68d174858bafc4d0e2e] # to [cb6a8f8657cfaa261104e6ede8964bdac1bc81bf] # # patch "database.cc" # from [39bf72e754eb8c4881cbadab65fa3535fa774627] # to [9401ad58aa4fc4edcebf33d88177daef72f04ecf] # # patch "network/netsync_session.cc" # from [d7af9e2a685303483690bfa2459f6a6a2faf49f4] # to [20bcba345142191e3471abada8ba2a81c1683459] # # patch "network/session.cc" # from [892325de67eb44acf6b992f20f0e607ed61dc2cb] # to [1ad93d8c4273899545b5404882126281cfcd4096] # # patch "project.cc" # from [36af81e92ec20535f5c3eb627c324786824602b7] # to [d4ffa2e0e05b52b00d9ef13e683e48bfd38ae049] # # patch "project.hh" # from [7cf24214e3b5069f0b67b297fea0ca466d298a7b] # to [8cd66a0e25896e1f9da6b6357f900ce1aa11ee6b] # # patch "tests/policy-keys/__driver__.lua" # from [401015ad52a460797d46c6920e2066ce9d13c68a] # to [27a354f55f6c5889ff759bdb0b938caa08876343] # ============================================================ --- cmd_list.cc 70ac171467d7e2101c55b8c0df2eb600c0284b71 +++ cmd_list.cc 59417255e305cd2b1f0544de3bba1a5aa9d3c968 @@ -189,7 +189,7 @@ CMD(certs, "certs", "", CMD_REF(list), " key_identity_info identity; identity.id = idx(certs, i).key; - project.complete_key_identity_from_id(keys, app.lua, branch_name(), identity); + project.complete_key_identity_from_id(keys, app.lua, identity); cout << string(guess_terminal_width(), '-') << '\n' << (i18n_format(str) @@ -332,7 +332,7 @@ namespace { { key_identity_info identity; identity.id = *i; - project.complete_key_identity_from_id(lua, branch_name(), identity); + project.complete_key_identity_from_id(lua, identity); items[*i].identity = identity; items[*i].public_locations.push_back("database"); } @@ -346,7 +346,7 @@ namespace { { key_identity_info identity; identity.id = *i; - project.complete_key_identity_from_id(keys, lua, branch_name(), identity); + project.complete_key_identity_from_id(keys, lua, identity); items[*i].identity = identity; items[*i].public_locations.push_back("keystore"); items[*i].private_locations.push_back("keystore"); @@ -576,7 +576,7 @@ CMD(tags, "tags", "", CMD_REF(list), "[P identity.id = i->key; if (!null_id(identity.id.inner())) { - project.complete_key_identity_from_id(app.lua, branch_name(), identity); + project.complete_key_identity_from_id(app.lua, identity); } vector certs; @@ -1055,7 +1055,7 @@ CMD_AUTOMATE(certs, N_("REV"), key_identity_info identity; identity.id = idx(certs, i).key; - project.complete_key_identity_from_id(app.lua, branch_name(), identity); + project.complete_key_identity_from_id(app.lua, identity); signers.insert(identity); bool trusted = ============================================================ --- cmd_ws_commit.cc 18ec9d2fbd1998a82889f68d174858bafc4d0e2e +++ cmd_ws_commit.cc cb6a8f8657cfaa261104e6ede8964bdac1bc81bf @@ -883,7 +883,7 @@ CMD(status, "status", "", CMD_REF(inform key_identity_info key; get_user_key(app.opts, app.lua, db, keys, project, key.id, cache_disable); - project.complete_key_identity_from_id(keys, app.lua, app.opts.branch, key); + project.complete_key_identity_from_id(keys, app.lua, key); if (!app.lua.hook_get_author(app.opts.branch, key, author)) author = key.official_name(); @@ -1502,7 +1502,7 @@ CMD(commit, "commit", "ci", CMD_REF(work { key_identity_info key; get_user_key(app.opts, app.lua, db, keys, project, key.id, cache_disable); - project.complete_key_identity_from_id(keys, app.lua, app.opts.branch, key); + project.complete_key_identity_from_id(keys, app.lua, key); if (!app.lua.hook_get_author(app.opts.branch, key, author)) author = key.official_name(); ============================================================ --- database.cc 39bf72e754eb8c4881cbadab65fa3535fa774627 +++ database.cc 9401ad58aa4fc4edcebf33d88177daef72f04ecf @@ -3949,7 +3949,7 @@ namespace { { key_identity_info identity; identity.id = *i; - project->complete_key_identity_from_id(*lua, branch_name(), identity); + project->complete_key_identity_from_id(*lua, identity); signer_identities.insert(identity); } ============================================================ --- network/netsync_session.cc d7af9e2a685303483690bfa2459f6a6a2faf49f4 +++ network/netsync_session.cc 20bcba345142191e3471abada8ba2a81c1683459 @@ -161,7 +161,7 @@ void netsync_session::on_end(size_t iden { key_identity_info identity; identity.id = *i; - project.complete_key_identity_from_id(keys, lua, branch_name(), identity); + project.complete_key_identity_from_id(keys, lua, identity); lua.hook_note_netsync_pubkey_received(identity, ident); } @@ -176,7 +176,7 @@ void netsync_session::on_end(size_t iden { key_identity_info identity; identity.id = j->key; - project.complete_key_identity_from_id(keys, lua, branch_name(), identity); + project.complete_key_identity_from_id(keys, lua, identity); certs.insert(make_pair(identity, make_pair(j->name, j->value))); } @@ -192,7 +192,7 @@ void netsync_session::on_end(size_t iden { key_identity_info identity; identity.id = i->key; - project.complete_key_identity_from_id(keys, lua, branch_name(), identity); + project.complete_key_identity_from_id(keys, lua, identity); lua.hook_note_netsync_cert_received(revision_id(i->ident), identity, i->name, i->value, ident); } @@ -225,7 +225,7 @@ void netsync_session::on_end(size_t iden { key_identity_info identity; identity.id = *i; - project.complete_key_identity_from_id(keys, lua, branch_name(), identity); + project.complete_key_identity_from_id(keys, lua, identity); lua.hook_note_netsync_pubkey_sent(identity, ident); } @@ -240,7 +240,7 @@ void netsync_session::on_end(size_t iden { key_identity_info identity; identity.id = j->key; - project.complete_key_identity_from_id(keys, lua, branch_name(), identity); + project.complete_key_identity_from_id(keys, lua, identity); certs.insert(make_pair(identity, make_pair(j->name, j->value))); } @@ -256,7 +256,7 @@ void netsync_session::on_end(size_t iden { key_identity_info identity; identity.id = i->key; - project.complete_key_identity_from_id(keys, lua, branch_name(), identity); + project.complete_key_identity_from_id(keys, lua, identity); lua.hook_note_netsync_cert_sent(revision_id(i->ident), identity, i->name, i->value, ident); } ============================================================ --- network/session.cc 892325de67eb44acf6b992f20f0e607ed61dc2cb +++ network/session.cc 1ad93d8c4273899545b5404882126281cfcd4096 @@ -416,7 +416,7 @@ session::request_netsync(protocol_role r key_identity_info remote_key; remote_key.id = remote_peer_key_id; if (!remote_key.id.inner()().empty()) - project.complete_key_identity_from_id(keys, app.lua, branch_name(), remote_key); + project.complete_key_identity_from_id(keys, app.lua, remote_key); wrapped->on_begin(session_id, remote_key); } @@ -447,7 +447,7 @@ session::request_automate() key_identity_info remote_key; remote_key.id = remote_peer_key_id; if (!remote_key.id.inner()().empty()) - project.complete_key_identity_from_id(keys, app.lua, branch_name(), remote_key); + project.complete_key_identity_from_id(keys, app.lua, remote_key); wrapped->on_begin(session_id, remote_key); } @@ -665,7 +665,7 @@ bool session::handle_service_request() { client_identity.id = client_id; if (!client_identity.id.inner()().empty()) - project.complete_key_identity_from_id(keys, app.lua, branch_name(), client_identity); + project.complete_key_identity_from_id(keys, app.lua, client_identity); } wrapped->on_begin(session_id, client_identity); ============================================================ --- project.cc 36af81e92ec20535f5c3eb627c324786824602b7 +++ project.cc d4ffa2e0e05b52b00d9ef13e683e48bfd38ae049 @@ -551,28 +551,44 @@ public: branch_name const & where, key_name & official_name) { + L(FL("looking for key %s under prefix '%s'...") % ident % where); key_lister::name_map names; walk_policies(project, policy, child_policies, key_lister(names)); typedef key_lister::name_map::const_iterator it; pair range = names.equal_range(ident); - bool found = false; + int prefix_length = -1; + bool have_dup = false; + set matched_names; for (it i = range.first; i != range.second; ++i) { - if (i->second.first.has_prefix(where)) + int my_prefix_length = 0; + if (!where.empty() && where.has_prefix(i->second.first)) + my_prefix_length = i->second.first.size(); + if (my_prefix_length >= prefix_length) { - if (found) + if (my_prefix_length > prefix_length) { - // because we list keys by ident - W(F("Key %s has multiple names.")); + matched_names.clear(); } - found = true; + prefix_length = my_prefix_length; + branch_name name_as_branch = typecast_vocab(i->second.second); official_name = typecast_vocab(i->second.first / name_as_branch); + matched_names.insert(official_name); } } - return found; + if (matched_names.size() > 1) + { + W(F("key %s has multiple names") % ident); + for (set::const_iterator k = matched_names.begin(); + k != matched_names.end(); ++k) + { + W(F(" name: %s") % *k); + } + } + return prefix_length >= 0; } void find_keys_named(project_t const & project, key_name const & name, @@ -582,6 +598,9 @@ public: key_lister::name_map names; walk_policies(project, policy, child_policies, key_lister(names)); + results.clear(); + int prefix_length = -1; + typedef key_lister::name_map::const_iterator it; for (it i = names.begin(); i != names.end(); ++i) { @@ -592,12 +611,25 @@ public: if (official_name == name) { // fully-qualified exact match + results.clear(); results[official_name] = i->first; + return; } if (i->second.second != name) continue; - if (where.empty() || where.has_prefix(i->second.first)) + int my_prefix_length = 0; + if (!where.empty() && where.has_prefix(i->second.first)) + my_prefix_length = i->second.first.size(); + // This is used to interpret key names provided by the user. + // It shouldn't accidentially match on keys that aren't recognized by + // the current policy. + if (my_prefix_length == 0 && !where.empty()) + continue; + if (my_prefix_length >= prefix_length) { + if (my_prefix_length > prefix_length) + results.clear(); + prefix_length = my_prefix_length; results[official_name] = i->first; } } @@ -1319,7 +1351,7 @@ project_t::put_standard_certs_from_optio { key_identity_info key; get_user_key(opts, lua, db, keys, *this, key.id); - complete_key_identity_from_id(lua, branch, key); + complete_key_identity_from_id(0, lua, branch, key); if (!lua.hook_get_author(branch, key, author)) { @@ -1450,7 +1482,7 @@ project_t::lookup_key_by_name(key_store else found = project_policy->lookup_key_name(*this, identity.id, - branch_name(), + where, identity.official_name); if (found) { @@ -1479,7 +1511,7 @@ project_t::lookup_key_by_name(key_store else found = project_policy->lookup_key_name(*this, identity.id, - branch_name(), + where, identity.official_name); if (found) { @@ -1556,25 +1588,23 @@ project_t::complete_key_identity_from_id else project_policy->lookup_key_name(*this, info.id, - branch_name(), + where, info.official_name); } void project_t::complete_key_identity_from_id(key_store & keys, lua_hooks & lua, - branch_name const & where, key_identity_info & info) const { - complete_key_identity_from_id(&keys, lua, where, info); + complete_key_identity_from_id(&keys, lua, branch_option, info); } void project_t::complete_key_identity_from_id(lua_hooks & lua, - branch_name const & where, key_identity_info & info) const { - complete_key_identity_from_id(0, lua, where, info); + complete_key_identity_from_id(0, lua, branch_option, info); } void ============================================================ --- project.hh 7cf24214e3b5069f0b67b297fea0ca466d298a7b +++ project.hh 8cd66a0e25896e1f9da6b6357f900ce1aa11ee6b @@ -255,10 +255,8 @@ public: public: void complete_key_identity_from_id(key_store & keys, lua_hooks & lua, - branch_name const & where, key_identity_info & info) const; void complete_key_identity_from_id(lua_hooks & lua, - branch_name const & where, key_identity_info & info) const; void get_key_identity(key_store & keys, lua_hooks & lua, ============================================================ --- tests/policy-keys/__driver__.lua 401015ad52a460797d46c6920e2066ce9d13c68a +++ tests/policy-keys/__driver__.lua 27a354f55f6c5889ff759bdb0b938caa08876343 @@ -76,8 +76,3 @@ trybranch("test_project.delegated.fakebr trybranch("test_project.badbranch", 1) trybranch("test_project.delegated.otherbranch", 0) trybranch("test_project.delegated.fakebranch", 1) - - --- may need to add more checks about using the key names --- need a clearer picture of when/where/why key names are resolved first -check(false) \ No newline at end of file