security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

gpg: Pass CTRL object down to the trust functions 

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-05-21 11:41:49 +02:00
parent fd973ee1c1
commit 027c4e5552
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
16 changed files with 180 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/gpg.c
View File

@ -4432,12 +4432,12 @@ main (int argc, char **argv)
case aUpdateTrustDB: case aUpdateTrustDB:
if( argc ) if( argc )
wrong_args("--update-trustdb"); wrong_args("--update-trustdb");
update_trustdb(); update_trustdb (ctrl);
break; break;
case aCheckTrustDB: case aCheckTrustDB:
/* Old versions allowed for arguments - ignore them */ /* Old versions allowed for arguments - ignore them */
check_trustdb(); check_trustdb (ctrl);
break; break;
case aFixTrustDB: case aFixTrustDB:

17
g10/gpgv.c
View File

@ -247,8 +247,9 @@ g10_exit( int rc )
* this utility assumes that all keys in the keyring are trustworthy * this utility assumes that all keys in the keyring are trustworthy
*/ */
int int
check_signatures_trust( PKT_signature *sig ) check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
{ {
(void)ctrl;
(void)sig; (void)sig;
return 0; return 0;
} }
@ -280,22 +281,25 @@ cache_disabled_value(PKT_public_key *pk)
} }
void void
check_trustdb_stale(void) check_trustdb_stale (ctrl_t ctrl)
{ {
(void)ctrl;
} }
int int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid) get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{ {
(void)ctrl;
(void)pk; (void)pk;
(void)uid; (void)uid;
return '?'; return '?';
} }
unsigned int unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig, get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
int may_ask) PKT_signature *sig, int may_ask)
{ {
(void)ctrl;
(void)pk; (void)pk;
(void)uid; (void)uid;
(void)sig; (void)sig;
@ -311,8 +315,9 @@ trust_value_to_string (unsigned int value)
} }
const char * const char *
uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid) uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
{ {
(void)ctrl;
(void)key; (void)key;
(void)uid; (void)uid;
return "err"; return "err";

2
g10/import.c
View File

@ -249,7 +249,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames,
interactive or by not setting no-auto-check-trustdb */ interactive or by not setting no-auto-check-trustdb */
if (!(options & IMPORT_FAST)) if (!(options & IMPORT_FAST))
check_or_update_trustdb (); check_or_update_trustdb (ctrl);
return rc; return rc;
} }

2
g10/keydb.h
View File

@ -222,7 +222,7 @@ gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
/*-- pkclist.c --*/ /*-- pkclist.c --*/
void show_revocation_reason( PKT_public_key *pk, int mode ); void show_revocation_reason( PKT_public_key *pk, int mode );
int check_signatures_trust( PKT_signature *sig ); int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
void release_pk_list (PK_LIST pk_list); void release_pk_list (PK_LIST pk_list);
int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list); int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);

61
g10/keyedit.c
View File

@ -51,7 +51,8 @@
static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig, static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig,
int verbose); int verbose);
static void show_names (estream_t fp, KBNODE keyblock, PKT_public_key * pk, static void show_names (ctrl_t ctrl, estream_t fp,
kbnode_t keyblock, PKT_public_key * pk,
unsigned int flag, int with_prefs); unsigned int flag, int with_prefs);
static void show_key_with_all_names (ctrl_t ctrl, estream_t fp, static void show_key_with_all_names (ctrl_t ctrl, estream_t fp,
KBNODE keyblock, int only_marked, KBNODE keyblock, int only_marked,
@ -61,8 +62,8 @@ static void show_key_with_all_names (ctrl_t ctrl, estream_t fp,
static void show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys); static void show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys);
static void show_key_and_grip (kbnode_t keyblock); static void show_key_and_grip (kbnode_t keyblock);
static void subkey_expire_warning (kbnode_t keyblock); static void subkey_expire_warning (kbnode_t keyblock);
static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name, static int menu_adduid (ctrl_t ctrl, kbnode_t keyblock,
const char *uidstr); int photo, const char *photo_name, const char *uidstr);
static void menu_deluid (KBNODE pub_keyblock); static void menu_deluid (KBNODE pub_keyblock);
static int menu_delsig (KBNODE pub_keyblock); static int menu_delsig (KBNODE pub_keyblock);
static int menu_clean (KBNODE keyblock, int self_only); static int menu_clean (KBNODE keyblock, int self_only);
@ -85,13 +86,13 @@ static int count_selected_uids (KBNODE keyblock);
static int real_uids_left (KBNODE keyblock); static int real_uids_left (KBNODE keyblock);
static int count_selected_keys (KBNODE keyblock); static int count_selected_keys (KBNODE keyblock);
static int menu_revsig (KBNODE keyblock); static int menu_revsig (KBNODE keyblock);
static int menu_revuid (KBNODE keyblock); static int menu_revuid (ctrl_t ctrl, kbnode_t keyblock);
static int menu_revkey (KBNODE pub_keyblock); static int menu_revkey (KBNODE pub_keyblock);
static int menu_revsubkey (KBNODE pub_keyblock); static int menu_revsubkey (KBNODE pub_keyblock);
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
static int enable_disable_key (KBNODE keyblock, int disable); static int enable_disable_key (KBNODE keyblock, int disable);
#endif /*!NO_TRUST_MODELS*/ #endif /*!NO_TRUST_MODELS*/
static void menu_showphoto (KBNODE keyblock); static void menu_showphoto (ctrl_t ctrl, kbnode_t keyblock);
static int update_trust = 0; static int update_trust = 0;
@ -2022,7 +2023,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
and run the stale check as early as possible. Note, that for and run the stale check as early as possible. Note, that for
non- W32 platforms it is run indirectly trough a call to non- W32 platforms it is run indirectly trough a call to
get_validity (). */ get_validity (). */
check_trustdb_stale (); check_trustdb_stale (ctrl);
#endif #endif
/* Get the public key */ /* Get the public key */
@ -2295,7 +2296,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
photo = 1; photo = 1;
/* fall through */ /* fall through */
case cmdADDUID: case cmdADDUID:
if (menu_adduid (keyblock, photo, arg_string, NULL)) if (menu_adduid (ctrl, keyblock, photo, arg_string, NULL))
{ {
update_trust = 1; update_trust = 1;
redisplay = 1; redisplay = 1;
@ -2537,7 +2538,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
n1 > 1 ? _("Really revoke all selected user IDs? (y/N) ") n1 > 1 ? _("Really revoke all selected user IDs? (y/N) ")
: _("Really revoke this user ID? (y/N) "))) : _("Really revoke this user ID? (y/N) ")))
{ {
if (menu_revuid (keyblock)) if (menu_revuid (ctrl, keyblock))
{ {
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
@ -2631,7 +2632,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
show_key_with_all_names (ctrl, NULL, keyblock, 0, 0, 0, 1, 0, 0); show_key_with_all_names (ctrl, NULL, keyblock, 0, 0, 0, 1, 0, 0);
tty_printf ("\n"); tty_printf ("\n");
if (edit_ownertrust (find_kbnode (keyblock, if (edit_ownertrust (ctrl, find_kbnode (keyblock,
PKT_PUBLIC_KEY)->pkt->pkt. PKT_PUBLIC_KEY)->pkt->pkt.
public_key, 1)) public_key, 1))
{ {
@ -2648,7 +2649,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
{ {
int count = count_selected_uids (keyblock); int count = count_selected_uids (keyblock);
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY); log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
show_names (NULL, keyblock, keyblock->pkt->pkt.public_key, show_names (ctrl, NULL, keyblock, keyblock->pkt->pkt.public_key,
count ? NODFLG_SELUID : 0, 1); count ? NODFLG_SELUID : 0, 1);
} }
break; break;
@ -2657,7 +2658,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
{ {
int count = count_selected_uids (keyblock); int count = count_selected_uids (keyblock);
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY); log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
show_names (NULL, keyblock, keyblock->pkt->pkt.public_key, show_names (ctrl, NULL, keyblock, keyblock->pkt->pkt.public_key,
count ? NODFLG_SELUID : 0, 2); count ? NODFLG_SELUID : 0, 2);
} }
break; break;
@ -2733,7 +2734,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
#endif /*!NO_TRUST_MODELS*/ #endif /*!NO_TRUST_MODELS*/
case cmdSHOWPHOTO: case cmdSHOWPHOTO:
menu_showphoto (keyblock); menu_showphoto (ctrl, keyblock);
break; break;
case cmdCLEAN: case cmdCLEAN:
@ -2863,7 +2864,7 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */ /* See keyedit_menu for why we need this. */
check_trustdb_stale (); check_trustdb_stale (ctrl);
#endif #endif
/* Search the key; we don't want the whole getkey stuff here. */ /* Search the key; we don't want the whole getkey stuff here. */
@ -2914,7 +2915,7 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
fix_keyblock (&keyblock); fix_keyblock (&keyblock);
if (menu_adduid (keyblock, 0, NULL, uidstring)) if (menu_adduid (ctrl, keyblock, 0, NULL, uidstring))
{ {
err = keydb_update_keyblock (kdbhd, keyblock); err = keydb_update_keyblock (kdbhd, keyblock);
if (err) if (err)
@ -2956,7 +2957,7 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */ /* See keyedit_menu for why we need this. */
check_trustdb_stale (); check_trustdb_stale (ctrl);
#endif #endif
/* We require a fingerprint because only this uniquely identifies a /* We require a fingerprint because only this uniquely identifies a
@ -3371,7 +3372,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
es_putc ('e', fp); es_putc ('e', fp);
else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks)) else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks))
{ {
int trust = get_validity_info (pk, NULL); int trust = get_validity_info (ctrl, pk, NULL);
if (trust == 'u') if (trust == 'u')
ulti_hack = 1; ulti_hack = 1;
es_putc (trust, fp); es_putc (trust, fp);
@ -3430,7 +3431,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
int uid_validity; int uid_validity;
if (primary && !ulti_hack) if (primary && !ulti_hack)
uid_validity = get_validity_info (primary, uid); uid_validity = get_validity_info (ctrl, primary, uid);
else else
uid_validity = 'u'; uid_validity = 'u';
es_fprintf (fp, "%c::::::::", uid_validity); es_fprintf (fp, "%c::::::::", uid_validity);
@ -3497,8 +3498,8 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
static void static void
show_names (estream_t fp, show_names (ctrl_t ctrl, estream_t fp,
KBNODE keyblock, PKT_public_key * pk, unsigned int flag, kbnode_t keyblock, PKT_public_key * pk, unsigned int flag,
int with_prefs) int with_prefs)
{ {
KBNODE node; KBNODE node;
@ -3513,7 +3514,7 @@ show_names (estream_t fp,
if (!flag || (flag && (node->flag & flag))) if (!flag || (flag && (node->flag & flag)))
{ {
if (!(flag & NODFLG_MARK_A) && pk) if (!(flag & NODFLG_MARK_A) && pk)
tty_fprintf (fp, "%s ", uid_trust_string_fixed (pk, uid)); tty_fprintf (fp, "%s ", uid_trust_string_fixed (ctrl, pk, uid));
if (flag & NODFLG_MARK_A) if (flag & NODFLG_MARK_A)
tty_fprintf (fp, " "); tty_fprintf (fp, " ");
@ -3600,12 +3601,12 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
* output */ * output */
static int did_warn = 0; static int did_warn = 0;
trust = get_validity_string (pk, NULL); trust = get_validity_string (ctrl, pk, NULL);
otrust = get_ownertrust_string (pk); otrust = get_ownertrust_string (pk);
/* Show a warning once */ /* Show a warning once */
if (!did_warn if (!did_warn
&& (get_validity (pk, NULL, NULL, 0) && (get_validity (ctrl, pk, NULL, NULL, 0)
& TRUST_FLAG_PENDING_CHECK)) & TRUST_FLAG_PENDING_CHECK))
{ {
did_warn = 1; did_warn = 1;
@ -3792,7 +3793,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
} }
} }
show_names (fp, show_names (ctrl, fp,
keyblock, primary, only_marked ? NODFLG_MARK_A : 0, with_prefs); keyblock, primary, only_marked ? NODFLG_MARK_A : 0, with_prefs);
if (do_warn && !nowarn) if (do_warn && !nowarn)
@ -4037,8 +4038,8 @@ subkey_expire_warning (kbnode_t keyblock)
* user id. * user id.
*/ */
static int static int
menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name, menu_adduid (ctrl_t ctrl, kbnode_t pub_keyblock,
const char *uidstring) int photo, const char *photo_name, const char *uidstring)
{ {
PKT_user_id *uid; PKT_user_id *uid;
PKT_public_key *pk = NULL; PKT_public_key *pk = NULL;
@ -4100,7 +4101,7 @@ menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name,
} }
} }
uid = generate_photo_id (pk, photo_name); uid = generate_photo_id (ctrl, pk, photo_name);
} }
else else
uid = generate_user_id (pub_keyblock, uidstring); uid = generate_user_id (pub_keyblock, uidstring);
@ -6015,7 +6016,7 @@ reloop: /* (must use this, because we are modifing the list) */
/* Revoke a user ID (i.e. revoke a user ID selfsig). Return true if /* Revoke a user ID (i.e. revoke a user ID selfsig). Return true if
keyblock changed. */ keyblock changed. */
static int static int
menu_revuid (KBNODE pub_keyblock) menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock)
{ {
PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key; PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
KBNODE node; KBNODE node;
@ -6096,7 +6097,7 @@ menu_revuid (KBNODE pub_keyblock)
/* If the trustdb has an entry for this key+uid then the /* If the trustdb has an entry for this key+uid then the
trustdb needs an update. */ trustdb needs an update. */
if (!update_trust if (!update_trust
&& (get_validity (pk, uid, NULL, 0) & TRUST_MASK) >= && (get_validity (ctrl, pk, uid, NULL, 0) & TRUST_MASK) >=
TRUST_UNDEFINED) TRUST_UNDEFINED)
update_trust = 1; update_trust = 1;
#endif /*!NO_TRUST_MODELS*/ #endif /*!NO_TRUST_MODELS*/
@ -6258,7 +6259,7 @@ enable_disable_key (KBNODE keyblock, int disable)
static void static void
menu_showphoto (KBNODE keyblock) menu_showphoto (ctrl_t ctrl, kbnode_t keyblock)
{ {
KBNODE node; KBNODE node;
int select_all = !count_selected_uids (keyblock); int select_all = !count_selected_uids (keyblock);
@ -6295,7 +6296,7 @@ menu_showphoto (KBNODE keyblock)
"key %s (uid %d)\n"), "key %s (uid %d)\n"),
image_type_to_string (type, 1), image_type_to_string (type, 1),
(ulong) size, keystr_from_pk (pk), count); (ulong) size, keystr_from_pk (pk), count);
show_photos (&uid->attribs[i], 1, pk, uid); show_photos (ctrl, &uid->attribs[i], 1, pk, uid);
} }
} }
} }

27
g10/keylist.c
View File

@ -130,7 +130,7 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
is very bad for W32 because of a sharing violation. For real OSes is very bad for W32 because of a sharing violation. For real OSes
it might lead to false results if we are later listing a keyring it might lead to false results if we are later listing a keyring
which is associated with the inode of a deleted file. */ which is associated with the inode of a deleted file. */
check_trustdb_stale (); check_trustdb_stale (ctrl);
#ifdef USE_TOFU #ifdef USE_TOFU
tofu_begin_batch_update (); tofu_begin_batch_update ();
@ -154,7 +154,7 @@ secret_key_list (ctrl_t ctrl, strlist_t list)
{ {
(void)ctrl; (void)ctrl;
check_trustdb_stale (); check_trustdb_stale (ctrl);
if (!list) if (!list)
list_all (ctrl, 1, 0); list_all (ctrl, 1, 0);
@ -1010,7 +1010,7 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
static void static void
list_keyblock_print (KBNODE keyblock, int secret, int fpr, list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
struct keylist_context *listctx) struct keylist_context *listctx)
{ {
int rc; int rc;
@ -1051,7 +1051,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
else else
s2k_char = ' '; s2k_char = ' ';
check_trustdb_stale (); check_trustdb_stale (ctrl);
es_fprintf (es_stdout, "%s%c %s/%s %s", es_fprintf (es_stdout, "%s%c %s/%s %s",
@ -1088,7 +1088,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
include, but it looks sort of confusing in the listing... */ include, but it looks sort of confusing in the listing... */
if (opt.list_options & LIST_SHOW_VALIDITY) if (opt.list_options & LIST_SHOW_VALIDITY)
{ {
int validity = get_validity (pk, NULL, NULL, 0); int validity = get_validity (ctrl, pk, NULL, NULL, 0);
es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity)); es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity));
} }
#endif #endif
@ -1134,9 +1134,9 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
{ {
const char *validity; const char *validity;
validity = uid_trust_string_fixed (pk, uid); validity = uid_trust_string_fixed (ctrl, pk, uid);
indent = ((keystrlen () + (opt.legacy_list_mode? 9:11)) indent = ((keystrlen () + (opt.legacy_list_mode? 9:11))
- atoi (uid_trust_string_fixed (NULL, NULL))); - atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
if (indent < 0 || indent > 40) if (indent < 0 || indent > 40)
indent = 0; indent = 0;
@ -1174,7 +1174,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
} }
if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL) if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
show_photos (uid->attribs, uid->numattribs, pk, uid); show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
} }
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{ {
@ -1390,7 +1390,8 @@ print_revokers (estream_t fp, PKT_public_key * pk)
record (i.e. requested via --list-secret-key). If HAS_SECRET a record (i.e. requested via --list-secret-key). If HAS_SECRET a
secret key is available even if SECRET is not set. */ secret key is available even if SECRET is not set. */
static void static void
list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr) list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
int secret, int has_secret, int fpr)
{ {
int rc; int rc;
KBNODE kbctx; KBNODE kbctx;
@ -1437,7 +1438,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
; ;
else else
{ {
trustletter = get_validity_info (pk, NULL); trustletter = get_validity_info (ctrl, pk, NULL);
if (trustletter == 'u') if (trustletter == 'u')
ulti_hack = 1; ulti_hack = 1;
es_putc (trustletter, es_stdout); es_putc (trustletter, es_stdout);
@ -1519,7 +1520,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
int uid_validity; int uid_validity;
if (!ulti_hack) if (!ulti_hack)
uid_validity = get_validity_info (pk, uid); uid_validity = get_validity_info (ctrl, pk, uid);
else else
uid_validity = 'u'; uid_validity = 'u';
es_fprintf (es_stdout, "%s:%c::::", str, uid_validity); es_fprintf (es_stdout, "%s:%c::::", str, uid_validity);
@ -1814,9 +1815,9 @@ list_keyblock (ctrl_t ctrl,
if (opt.print_pka_records || opt.print_dane_records) if (opt.print_pka_records || opt.print_dane_records)
list_keyblock_pka (ctrl, keyblock); list_keyblock_pka (ctrl, keyblock);
else if (opt.with_colons) else if (opt.with_colons)
list_keyblock_colon (keyblock, secret, has_secret, fpr); list_keyblock_colon (ctrl, keyblock, secret, has_secret, fpr);
else else
list_keyblock_print (keyblock, secret, fpr, listctx); list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
if (secret) if (secret)
es_fflush (es_stdout); es_fflush (es_stdout);
} }

4
g10/keyserver.c
View File

@ -1464,7 +1464,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
/* If the original options didn't have fast import, and the trustdb /* If the original options didn't have fast import, and the trustdb
is dirty, rebuild. */ is dirty, rebuild. */
if(!(opt.keyserver_options.import_options&IMPORT_FAST)) if(!(opt.keyserver_options.import_options&IMPORT_FAST))
check_or_update_trustdb (); check_or_update_trustdb (ctrl);
return err; return err;
} }
@ -1885,7 +1885,7 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
/* If the original options didn't have fast import, and the trustdb /* If the original options didn't have fast import, and the trustdb
is dirty, rebuild. */ is dirty, rebuild. */
if (!(opt.keyserver_options.import_options&IMPORT_FAST)) if (!(opt.keyserver_options.import_options&IMPORT_FAST))
check_or_update_trustdb (); check_or_update_trustdb (ctrl);
return 0; return 0;
} }

62
g10/mainproc.c
View File

@ -1002,7 +1002,7 @@ list_node (CTX c, kbnode_t node)
keyid_from_pk( pk, keyid ); keyid_from_pk( pk, keyid );
if (mainkey) if (mainkey)
c->trustletter = (opt.fast_list_mode? c->trustletter = (opt.fast_list_mode?
0 : get_validity_info( pk, NULL)); 0 : get_validity_info (c->ctrl, pk, NULL));
es_printf ("%s:", mainkey? "pub":"sub" ); es_printf ("%s:", mainkey? "pub":"sub" );
if (c->trustletter) if (c->trustletter)
es_putc (c->trustletter, es_stdout); es_putc (c->trustletter, es_stdout);
@ -1603,31 +1603,31 @@ check_sig_and_print (CTX c, kbnode_t node)
} }
/* Check that the message composition is valid. /* Check that the message composition is valid.
*
Per RFC-2440bis (-15) allowed: * Per RFC-2440bis (-15) allowed:
*
S{1,n} -- detached signature. * S{1,n} -- detached signature.
S{1,n} P -- old style PGP2 signature * S{1,n} P -- old style PGP2 signature
O{1,n} P S{1,n} -- standard OpenPGP signature. * O{1,n} P S{1,n} -- standard OpenPGP signature.
C P S{1,n} -- cleartext signature. * C P S{1,n} -- cleartext signature.
*
*
O = One-Pass Signature packet. * O = One-Pass Signature packet.
S = Signature packet. * S = Signature packet.
P = OpenPGP Message packet (Encrypted | Compressed | Literal) * P = OpenPGP Message packet (Encrypted | Compressed | Literal)
(Note that the current rfc2440bis draft also allows * (Note that the current rfc2440bis draft also allows
for a signed message but that does not work as it * for a signed message but that does not work as it
introduces ambiguities.) * introduces ambiguities.)
We keep track of these packages using the marker packet * We keep track of these packages using the marker packet
CTRLPKT_PLAINTEXT_MARK. * CTRLPKT_PLAINTEXT_MARK.
C = Marker packet for cleartext signatures. * C = Marker packet for cleartext signatures.
*
We reject all other messages. * We reject all other messages.
*
Actually we are calling this too often, i.e. for verification of * Actually we are calling this too often, i.e. for verification of
each message but better have some duplicate work than to silently * each message but better have some duplicate work than to silently
introduce a bug here. * introduce a bug here.
*/ */
{ {
kbnode_t n; kbnode_t n;
int n_onepass, n_sig; int n_onepass, n_sig;
@ -1871,7 +1871,7 @@ check_sig_and_print (CTX c, kbnode_t node)
does not print a LF we need to compute the validity does not print a LF we need to compute the validity
before calling that function. */ before calling that function. */
if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY)) if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
valid = get_validity (pk, un->pkt->pkt.user_id, NULL, 0); valid = get_validity (c->ctrl, pk, un->pkt->pkt.user_id, NULL, 0);
else else
valid = 0; /* Not used. */ valid = 0; /* Not used. */
@ -1950,7 +1950,8 @@ check_sig_and_print (CTX c, kbnode_t node)
dump_attribs (un->pkt->pkt.user_id, pk); dump_attribs (un->pkt->pkt.user_id, pk);
if (opt.verify_options&VERIFY_SHOW_PHOTOS) if (opt.verify_options&VERIFY_SHOW_PHOTOS)
show_photos (un->pkt->pkt.user_id->attribs, show_photos (c->ctrl,
un->pkt->pkt.user_id->attribs,
un->pkt->pkt.user_id->numattribs, un->pkt->pkt.user_id->numattribs,
pk ,un->pkt->pkt.user_id); pk ,un->pkt->pkt.user_id);
} }
@ -1973,7 +1974,8 @@ check_sig_and_print (CTX c, kbnode_t node)
actually ask the user to update any trust actually ask the user to update any trust
information. */ information. */
valid = (trust_value_to_string valid = (trust_value_to_string
(get_validity (pk, un->pkt->pkt.user_id, sig, 0))); (get_validity (c->ctrl, pk,
un->pkt->pkt.user_id, sig, 0)));
log_printf (" [%s]\n",valid); log_printf (" [%s]\n",valid);
} }
else else
@ -2061,7 +2063,7 @@ check_sig_and_print (CTX c, kbnode_t node)
{ {
if ((opt.verify_options & VERIFY_PKA_LOOKUPS)) if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */ pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
rc = check_signatures_trust (sig); rc = check_signatures_trust (c->ctrl, sig);
} }
/* Print extra information about the signature. */ /* Print extra information about the signature. */

13
g10/photoid.c
View File

@ -48,7 +48,7 @@
/* Generate a new photo id packet, or return NULL if canceled. /* Generate a new photo id packet, or return NULL if canceled.
FIXME: Should we add a duplicates check similar to generate_user_id? */ FIXME: Should we add a duplicates check similar to generate_user_id? */
PKT_user_id * PKT_user_id *
generate_photo_id(PKT_public_key *pk,const char *photo_name) generate_photo_id (ctrl_t ctrl, PKT_public_key *pk,const char *photo_name)
{ {
PKT_user_id *uid; PKT_user_id *uid;
int error=1,i; int error=1,i;
@ -163,7 +163,7 @@ generate_photo_id(PKT_public_key *pk,const char *photo_name)
"user" may not be able to dismiss a viewer window! */ "user" may not be able to dismiss a viewer window! */
if(opt.command_fd==-1) if(opt.command_fd==-1)
{ {
show_photos (uid->attribs, uid->numattribs, pk, uid); show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay", switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
_("Is this photo correct (y/N/q)? "))) _("Is this photo correct (y/N/q)? ")))
{ {
@ -286,9 +286,10 @@ static const char *get_default_photo_command(void)
} }
#endif #endif
void void
show_photos(const struct user_attribute *attrs, int count, show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
PKT_public_key *pk, PKT_user_id *uid) PKT_public_key *pk, PKT_user_id *uid)
{ {
#ifdef DISABLE_PHOTO_VIEWER #ifdef DISABLE_PHOTO_VIEWER
(void)attrs; (void)attrs;
@ -303,8 +304,8 @@ show_photos(const struct user_attribute *attrs, int count,
memset (&args, 0, sizeof(args)); memset (&args, 0, sizeof(args));
args.pk = pk; args.pk = pk;
args.validity_info = get_validity_info (pk, uid); args.validity_info = get_validity_info (ctrl, pk, uid);
args.validity_string = get_validity_string (pk, uid); args.validity_string = get_validity_string (ctrl, pk, uid);
namehash_from_uid (uid); namehash_from_uid (uid);
args.namehash = uid->namehash; args.namehash = uid->namehash;

5
g10/photoid.h
View File

@ -24,10 +24,11 @@
#include "packet.h" #include "packet.h"
PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename); PKT_user_id *generate_photo_id (ctrl_t ctrl,
PKT_public_key *pk,const char *filename);
int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len); int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
char *image_type_to_string(byte type,int style); char *image_type_to_string(byte type,int style);
void show_photos (const struct user_attribute *attrs, int count, void show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
PKT_public_key *pk, PKT_user_id *uid); PKT_public_key *pk, PKT_user_id *uid);
#endif /* !_PHOTOID_H_ */ #endif /* !_PHOTOID_H_ */

17
g10/pkclist.c
View File

@ -178,7 +178,7 @@ show_revocation_reason( PKT_public_key *pk, int mode )
*/ */
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
static int static int
do_edit_ownertrust (PKT_public_key *pk, int mode, do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
unsigned *new_trust, int defer_help ) unsigned *new_trust, int defer_help )
{ {
char *p; char *p;
@ -248,7 +248,8 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
if((opt.verify_options&VERIFY_SHOW_PHOTOS) if((opt.verify_options&VERIFY_SHOW_PHOTOS)
&& un->pkt->pkt.user_id->attrib_data) && un->pkt->pkt.user_id->attrib_data)
show_photos (un->pkt->pkt.user_id->attribs, show_photos (ctrl,
un->pkt->pkt.user_id->attribs,
un->pkt->pkt.user_id->numattribs, pk, un->pkt->pkt.user_id->numattribs, pk,
un->pkt->pkt.user_id); un->pkt->pkt.user_id);
@ -376,14 +377,14 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
*/ */
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
int int
edit_ownertrust (PKT_public_key *pk, int mode ) edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode )
{ {
unsigned int trust = 0; unsigned int trust = 0;
int no_help = 0; int no_help = 0;
for(;;) for(;;)
{ {
switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) ) switch ( do_edit_ownertrust (ctrl, pk, mode, &trust, no_help ) )
{ {
case -1: /* quit */ case -1: /* quit */
return -1; return -1;
@ -526,7 +527,7 @@ write_trust_status (int statuscode, int trustlevel)
* Returns an error code if we should not trust this signature. * Returns an error code if we should not trust this signature.
*/ */
int int
check_signatures_trust( PKT_signature *sig ) check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
{ {
PKT_public_key *pk = xmalloc_clear( sizeof *pk ); PKT_public_key *pk = xmalloc_clear( sizeof *pk );
unsigned int trustlevel = TRUST_UNKNOWN; unsigned int trustlevel = TRUST_UNKNOWN;
@ -553,7 +554,7 @@ check_signatures_trust( PKT_signature *sig )
log_info(_("WARNING: this key might be revoked (revocation key" log_info(_("WARNING: this key might be revoked (revocation key"
" not present)\n")); " not present)\n"));
trustlevel = get_validity (pk, NULL, sig, 1); trustlevel = get_validity (ctrl, pk, NULL, sig, 1);
if ( (trustlevel & TRUST_FLAG_REVOKED) ) if ( (trustlevel & TRUST_FLAG_REVOKED) )
{ {
@ -845,7 +846,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
} }
/* Key found and usable. Check validity. */ /* Key found and usable. Check validity. */
trustlevel = get_validity (pk, pk->user_id, NULL, 1); trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1);
if ( (trustlevel & TRUST_FLAG_DISABLED) ) if ( (trustlevel & TRUST_FLAG_DISABLED) )
{ {
/* Key has been disabled. */ /* Key has been disabled. */
@ -1183,7 +1184,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
{ /* Check validity of this key. */ { /* Check validity of this key. */
int trustlevel; int trustlevel;
trustlevel = get_validity (pk, pk->user_id, NULL, 1); trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1);
if ( (trustlevel & TRUST_FLAG_DISABLED) ) if ( (trustlevel & TRUST_FLAG_DISABLED) )
{ {
tty_printf (_("Public key is disabled.\n") ); tty_printf (_("Public key is disabled.\n") );

3
g10/seskey.c
View File

@ -347,6 +347,9 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
return NULL; return NULL;
if ( gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, asn, &asnlen) ) if ( gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, asn, &asnlen) )
BUG(); BUG();
log_debug ("%s: hash_algo=%d pk=%p\n", __func__, hash_algo, pk);
log_debug ("%s: pk->pkey[0]=%p\n", __func__, pk->pkey[0]);
gcry_log_debugmpi ("pkey[0]", pk->pkey[0]);
frame = do_encode_md (md, hash_algo, gcry_md_get_algo_dlen (hash_algo), frame = do_encode_md (md, hash_algo, gcry_md_get_algo_dlen (hash_algo),
gcry_mpi_get_nbits (pk->pkey[0]), asn, asnlen); gcry_mpi_get_nbits (pk->pkey[0]), asn, asnlen);
xfree (asn); xfree (asn);

17
g10/test-stubs.c
View File

@ -58,8 +58,9 @@ g10_exit( int rc )
* this utility assumes that all keys in the keyring are trustworthy * this utility assumes that all keys in the keyring are trustworthy
*/ */
int int
check_signatures_trust( PKT_signature *sig ) check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
{ {
(void)ctrl;
(void)sig; (void)sig;
return 0; return 0;
} }
@ -91,22 +92,25 @@ cache_disabled_value(PKT_public_key *pk)
} }
void void
check_trustdb_stale(void) check_trustdb_stale (ctrl_t ctrl)
{ {
(void)ctrl;
} }
int int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid) get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{ {
(void)ctrl;
(void)pk; (void)pk;
(void)uid; (void)uid;
return '?'; return '?';
} }
unsigned int unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig, get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
int may_ask) PKT_signature *sig, int may_ask)
{ {
(void)ctrl;
(void)pk; (void)pk;
(void)uid; (void)uid;
(void)sig; (void)sig;
@ -122,8 +126,9 @@ trust_value_to_string (unsigned int value)
} }
const char * const char *
uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid) uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
{ {
(void)ctrl;
(void)key; (void)key;
(void)uid; (void)uid;
return "err"; return "err";

30
g10/trust.c
View File

@ -131,7 +131,7 @@ string_to_trust_value (const char *str)
const char * const char *
uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid) uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
{ {
if (!key && !uid) if (!key && !uid)
{ {
@ -151,7 +151,7 @@ uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
return _("[ expired]"); return _("[ expired]");
else if(key) else if(key)
{ {
switch (get_validity (key, uid, NULL, 0) & TRUST_MASK) switch (get_validity (ctrl, key, uid, NULL, 0) & TRUST_MASK)
{ {
case TRUST_UNKNOWN: return _("[ unknown]"); case TRUST_UNKNOWN: return _("[ unknown]");
case TRUST_EXPIRED: return _("[ expired]"); case TRUST_EXPIRED: return _("[ expired]");
@ -275,19 +275,23 @@ revalidation_mark (void)
void void
check_trustdb_stale (void) check_trustdb_stale (ctrl_t ctrl)
{ {
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
tdb_check_trustdb_stale (); tdb_check_trustdb_stale (ctrl);
#else
(void)ctrl;
#endif #endif
} }
void void
check_or_update_trustdb (void) check_or_update_trustdb (ctrl_t ctrl)
{ {
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
tdb_check_or_update (); tdb_check_or_update (ctrl);
#else
(void)ctrl;
#endif #endif
} }
@ -298,8 +302,8 @@ check_or_update_trustdb (void)
* otherwise, a reasonable value for the entire key is returned. * otherwise, a reasonable value for the entire key is returned.
*/ */
unsigned int unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig, get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
int may_ask) PKT_signature *sig, int may_ask)
{ {
int rc; int rc;
unsigned int validity; unsigned int validity;
@ -331,7 +335,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
#ifdef NO_TRUST_MODELS #ifdef NO_TRUST_MODELS
validity = TRUST_UNKNOWN; validity = TRUST_UNKNOWN;
#else #else
validity = tdb_get_validity_core (pk, uid, main_pk, sig, may_ask); validity = tdb_get_validity_core (ctrl, pk, uid, main_pk, sig, may_ask);
#endif #endif
leave: leave:
@ -353,14 +357,14 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
int int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid) get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{ {
int trustlevel; int trustlevel;
if (!pk) if (!pk)
return '?'; /* Just in case a NULL PK is passed. */ return '?'; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (pk, uid, NULL, 0); trustlevel = get_validity (ctrl, pk, uid, NULL, 0);
if ((trustlevel & TRUST_FLAG_REVOKED)) if ((trustlevel & TRUST_FLAG_REVOKED))
return 'r'; return 'r';
return trust_letter (trustlevel); return trust_letter (trustlevel);
@ -368,14 +372,14 @@ get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
const char * const char *
get_validity_string (PKT_public_key *pk, PKT_user_id *uid) get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{ {
int trustlevel; int trustlevel;
if (!pk) if (!pk)
return "err"; /* Just in case a NULL PK is passed. */ return "err"; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (pk, uid, NULL, 0); trustlevel = get_validity (ctrl, pk, uid, NULL, 0);
if ((trustlevel & TRUST_FLAG_REVOKED)) if ((trustlevel & TRUST_FLAG_REVOKED))
return _("revoked"); return _("revoked");
return trust_value_to_string (trustlevel); return trust_value_to_string (trustlevel);

41
g10/trustdb.c
View File

@ -70,7 +70,7 @@ static struct key_item *utk_list; /* all ultimately trusted keys */
static int pending_check_trustdb; static int pending_check_trustdb;
static int validate_keys (int interactive); static int validate_keys (ctrl_t ctrl, int interactive);
/********************************************** /**********************************************
@ -494,7 +494,7 @@ init_trustdb ()
* when a check is due. This can be used to run the check from a crontab * when a check is due. This can be used to run the check from a crontab
*/ */
void void
check_trustdb () check_trustdb (ctrl_t ctrl)
{ {
init_trustdb(); init_trustdb();
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
@ -519,7 +519,7 @@ check_trustdb ()
} }
} }
validate_keys (0); validate_keys (ctrl, 0);
} }
else else
log_info (_("no need for a trustdb check with '%s' trust model\n"), log_info (_("no need for a trustdb check with '%s' trust model\n"),
@ -531,12 +531,12 @@ check_trustdb ()
* Recreate the WoT. * Recreate the WoT.
*/ */
void void
update_trustdb() update_trustdb (ctrl_t ctrl)
{ {
init_trustdb(); init_trustdb ();
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU) || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (1); validate_keys (ctrl, 1);
else else
log_info (_("no need for a trustdb update with '%s' trust model\n"), log_info (_("no need for a trustdb update with '%s' trust model\n"),
trust_model_string(opt.trust_model)); trust_model_string(opt.trust_model));
@ -565,14 +565,14 @@ trustdb_pending_check(void)
/* If the trustdb is dirty, and we're interactive, update it. /* If the trustdb is dirty, and we're interactive, update it.
Otherwise, check it unless no-auto-check-trustdb is set. */ Otherwise, check it unless no-auto-check-trustdb is set. */
void void
tdb_check_or_update (void) tdb_check_or_update (ctrl_t ctrl)
{ {
if(trustdb_pending_check()) if (trustdb_pending_check ())
{ {
if(opt.interactive) if (opt.interactive)
update_trustdb(); update_trustdb (ctrl);
else if(!opt.no_auto_check_trustdb) else if (!opt.no_auto_check_trustdb)
check_trustdb(); check_trustdb (ctrl);
} }
} }
@ -938,7 +938,7 @@ tdb_cache_disabled_value (PKT_public_key *pk)
void void
tdb_check_trustdb_stale (void) tdb_check_trustdb_stale (ctrl_t ctrl)
{ {
static int did_nextcheck=0; static int did_nextcheck=0;
@ -968,7 +968,7 @@ tdb_check_trustdb_stale (void)
{ {
if (!opt.quiet) if (!opt.quiet)
log_info (_("checking the trustdb\n")); log_info (_("checking the trustdb\n"));
validate_keys (0); validate_keys (ctrl, 0);
} }
} }
} }
@ -981,7 +981,8 @@ tdb_check_trustdb_stale (void)
* by the TOFU code to record statistics. * by the TOFU code to record statistics.
*/ */
unsigned int unsigned int
tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, tdb_get_validity_core (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk, PKT_public_key *main_pk,
PKT_signature *sig, PKT_signature *sig,
int may_ask) int may_ask)
@ -1008,7 +1009,7 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN; return TRUST_UNKNOWN;
check_trustdb_stale(); check_trustdb_stale (ctrl);
if(opt.trust_model==TM_DIRECT) if(opt.trust_model==TM_DIRECT)
{ {
@ -1267,7 +1268,7 @@ enum_cert_paths_print (void **context, FILE *fp,
****************************************/ ****************************************/
static int static int
ask_ownertrust (u32 *kid,int minimum) ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
{ {
PKT_public_key *pk; PKT_public_key *pk;
int rc; int rc;
@ -1291,7 +1292,7 @@ ask_ownertrust (u32 *kid,int minimum)
} }
else else
{ {
ot=edit_ownertrust(pk,0); ot=edit_ownertrust (ctrl, pk, 0);
if(ot>0) if(ot>0)
ot = tdb_get_ownertrust (pk); ot = tdb_get_ownertrust (pk);
else if(ot==0) else if(ot==0)
@ -1881,7 +1882,7 @@ reset_trust_records(void)
* *
*/ */
static int static int
validate_keys (int interactive) validate_keys (ctrl_t ctrl, int interactive)
{ {
int rc = 0; int rc = 0;
int quit=0; int quit=0;
@ -1989,7 +1990,7 @@ validate_keys (int interactive)
if (interactive && k->ownertrust == TRUST_UNKNOWN) if (interactive && k->ownertrust == TRUST_UNKNOWN)
{ {
k->ownertrust = ask_ownertrust (k->kid,min); k->ownertrust = ask_ownertrust (ctrl, k->kid,min);
if (k->ownertrust == (unsigned int)(-1)) if (k->ownertrust == (unsigned int)(-1))
{ {

27
g10/trustdb.h
View File

@ -83,20 +83,22 @@ void register_trusted_key (const char *string);
const char *trust_value_to_string (unsigned int value); const char *trust_value_to_string (unsigned int value);
int string_to_trust_value (const char *str); int string_to_trust_value (const char *str);
const char *uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid); const char *uid_trust_string_fixed (ctrl_t ctrl,
PKT_public_key *key, PKT_user_id *uid);
unsigned int get_ownertrust (PKT_public_key *pk); unsigned int get_ownertrust (PKT_public_key *pk);
void update_ownertrust (PKT_public_key *pk, unsigned int new_trust); void update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
int clear_ownertrusts (PKT_public_key *pk); int clear_ownertrusts (PKT_public_key *pk);
void revalidation_mark (void); void revalidation_mark (void);
void check_trustdb_stale (void); void check_trustdb_stale (ctrl_t ctrl);
void check_or_update_trustdb (void); void check_or_update_trustdb (ctrl_t ctrl);
unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid, unsigned int get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask); PKT_signature *sig, int may_ask);
int get_validity_info (PKT_public_key *pk, PKT_user_id *uid); int get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid);
const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid); const char *get_validity_string (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid);
void mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode, void mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
u32 *main_kid, struct key_item *klist, u32 *main_kid, struct key_item *klist,
@ -115,22 +117,23 @@ void tdb_register_trusted_keyid (u32 *keyid);
void tdb_register_trusted_key (const char *string); void tdb_register_trusted_key (const char *string);
/* Returns whether KID is on the list of ultimately trusted keys. */ /* Returns whether KID is on the list of ultimately trusted keys. */
int tdb_keyid_is_utk (u32 *kid); int tdb_keyid_is_utk (u32 *kid);
void check_trustdb (void); void check_trustdb (ctrl_t ctrl);
void update_trustdb (void); void update_trustdb (ctrl_t ctrl);
int setup_trustdb( int level, const char *dbname ); int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void); void how_to_fix_the_trustdb (void);
const char *trust_model_string (int model); const char *trust_model_string (int model);
void init_trustdb( void ); void init_trustdb( void );
void tdb_check_trustdb_stale (void); void tdb_check_trustdb_stale (ctrl_t ctrl);
void sync_trustdb( void ); void sync_trustdb( void );
void tdb_revalidation_mark (void); void tdb_revalidation_mark (void);
int trustdb_pending_check(void); int trustdb_pending_check(void);
void tdb_check_or_update (void); void tdb_check_or_update (ctrl_t ctrl);
int tdb_cache_disabled_value (PKT_public_key *pk); int tdb_cache_disabled_value (PKT_public_key *pk);
unsigned int tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, unsigned int tdb_get_validity_core (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk, PKT_public_key *main_pk,
PKT_signature *sig, int may_ask); PKT_signature *sig, int may_ask);
@ -158,6 +161,6 @@ void export_ownertrust(void);
void import_ownertrust(const char *fname); void import_ownertrust(const char *fname);
/*-- pkclist.c --*/ /*-- pkclist.c --*/
int edit_ownertrust (PKT_public_key *pk, int mode ); int edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode);
#endif /*G10_TRUSTDB_H*/ #endif /*G10_TRUSTDB_H*/