1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

started with shm coprocesses

This commit is contained in:
Werner Koch 1998-07-30 17:37:03 +00:00
parent 5ae562b41d
commit 0300d6aefc
15 changed files with 417 additions and 247 deletions

View File

@ -1,3 +1,8 @@
Thu Jul 30 19:17:07 1998 Werner Koch (wk@(none))
* acinclude.h (WK_CHECK_IPC): New
* configure.in : Add checks for SysV IPC
Thu Jun 25 11:18:49 1998 Werner Koch (wk@isil.d.shuttle.de) Thu Jun 25 11:18:49 1998 Werner Koch (wk@isil.d.shuttle.de)
* configure.in (--disable-dynload): New. * configure.in (--disable-dynload): New.

6
NEWS
View File

@ -5,7 +5,9 @@ Noteworthy changes in version 0.3.3
IMPORTANT: Use version 0.3.[12] to save your assigned ownertrusts IMPORTANT: Use version 0.3.[12] to save your assigned ownertrusts
("gpgm --list-ownertrust >saved-trust"); then build this new version ("gpgm --list-ownertrust >saved-trust"); then build this new version
and restore the ownertrust with this new version and restore the ownertrust with this new version
("gpgm --import-ownertrust saved-trust"). ("gpgm --import-ownertrust saved-trust"). Please note that
--list-ownertrust has been renamed to --export-ownertrust in this
release and it does now only export defined ownertrusts.
* The command --edit-key now provides a commandline driven menu * The command --edit-key now provides a commandline driven menu
which can be used vor vaious tasks. --sign-key is only an which can be used vor vaious tasks. --sign-key is only an
@ -15,6 +17,8 @@ Noteworthy changes in version 0.3.3
* Alternate user ids can now be created an signed. * Alternate user ids can now be created an signed.
* Owner trust values can now be changed with --edit-key (trust)
* Removed options --gen-prime and --gen-random. * Removed options --gen-prime and --gen-random.
* Removed option --add-key; use --edit-key instead. * Removed option --add-key; use --edit-key instead.

14
TODO
View File

@ -1,7 +1,3 @@
* Change the internal represenation of keyid into a struct which
can also hold the localid and extend the localid to hold information
of the subkey number because two subkeys may have the same keyid.
* Fix Oscaris problems with the trustdb. * Fix Oscaris problems with the trustdb.
* add test cases for invalid data (scrambled armor or other random data) * add test cases for invalid data (scrambled armor or other random data)
@ -19,10 +15,6 @@
* what about the CR,LF in cleartext singatures? * what about the CR,LF in cleartext singatures?
* add option --import-ownertrust
* add a way to delete subkeys (in edit-keys?)
* make preferences work * make preferences work
* rewrite --list-packets or put it into another tool. * rewrite --list-packets or put it into another tool.
@ -30,8 +22,6 @@
* add usage arguments to get_key_byname or return a PKC_LIST with * add usage arguments to get_key_byname or return a PKC_LIST with
all keys and add a selection. all keys and add a selection.
* add readline support. Must enhance libreadline - Anyone?
* Burn the buffers used by fopen(), or use read(2). Does this * Burn the buffers used by fopen(), or use read(2). Does this
really make sense? really make sense?
@ -41,6 +31,10 @@
* add checking of armor trailers * add checking of armor trailers
* remove all "Fixmes" * remove all "Fixmes"
* Change the internal represention of keyid into a struct which
can also hold the localid and extend the localid to hold information
of the subkey number because two subkeys may have the same keyid.
* add an option to re-create a public key from a secret key. Think about * add an option to re-create a public key from a secret key. Think about
a backup system of only the secret part of the secret key. a backup system of only the secret part of the secret key.

View File

@ -76,6 +76,10 @@
#undef HAVE_DL_DLOPEN #undef HAVE_DL_DLOPEN
#undef HAVE_DLD_DLD_LINK #undef HAVE_DLD_DLD_LINK
#undef USE_SHM_COPROCESSING
#undef IPC_RMID_DEFERRED_RELEASE
@BOTTOM@ @BOTTOM@
#endif /*G10_CONFIG_H*/ #endif /*G10_CONFIG_H*/

View File

@ -112,6 +112,48 @@ define(WK_CHECK_CACHE,
]) ])
######################################################################
# Check for SysV IPC (from GIMP)
######################################################################
dnl WK_CHECK_IPC
dnl
define(WK_CHECK_IPC,
[ AC_CHECK_HEADERS(sys/ipc.h sys/shm.h)
if test "$ac_cv_header_sys_shm_h" = "yes"; then
AC_MSG_CHECKING(whether shmctl IPC_RMID allowes subsequent attaches)
AC_TRY_RUN([
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/shm.h>
int main()
{
int id;
char *shmaddr;
id = shmget (IPC_PRIVATE, 4, IPC_CREAT | 0777);
if (id == -1)
exit (2);
shmaddr = shmat (id, 0, 0);
shmctl (id, IPC_RMID, 0);
if ((char*) shmat (id, 0, 0) == (char*) -1)
{
shmdt (shmaddr);
exit (1);
}
shmdt (shmaddr);
shmdt (shmaddr);
exit (0);
}
],
AC_DEFINE(IPC_RMID_DEFERRED_RELEASE)
AC_MSG_RESULT(yes),
AC_MSG_RESULT(no),
AC_MSG_RESULT(assuming no))
fi
])
###################################################################### ######################################################################
# progtest.m4 from gettext 0.32 # progtest.m4 from gettext 0.32
###################################################################### ######################################################################

View File

@ -150,7 +150,6 @@ AC_HEADER_STDC
AC_CHECK_HEADERS(unistd.h) AC_CHECK_HEADERS(unistd.h)
dnl Checks for typedefs, structures, and compiler characteristics. dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST AC_C_CONST
AC_C_INLINE AC_C_INLINE
@ -184,6 +183,10 @@ AC_FUNC_VPRINTF
AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mlock mmap) AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mlock mmap)
AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit) AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime setrlimit)
WK_CHECK_IPC
if test "$ac_cv_header_sys_shm_h" = "yes"; then
AC_DEFINE(USE_SHM_COPROCESSING)
fi
dnl check whether we have a random device dnl check whether we have a random device
if test "$try_dev_random" = yes ; then if test "$try_dev_random" = yes ; then

View File

@ -54,14 +54,14 @@ B<--verify> [[I<sigfile>] {I<signed-files>}]
without generating any output. With no arguments, without generating any output. With no arguments,
the signature packet is read from stdin (it may be a the signature packet is read from stdin (it may be a
detached signature when not used in batch mode). If detached signature when not used in batch mode). If
only a sigfile is given, it may be a complete signature only a sigfile is given, it may be a complete
or a detached signature, in which case the signed stuff signature or a detached signature, in which case
is expected in a file without the I<.sig> or I<.asc> the signed stuff is expected in a file without the
extension (if such a file does not exist it is expected I<.sig> or I<.asc> extension (if such a file does
at stdin - use B<-> as filename to force a read from not exist it is expected at stdin - use B<-> as
stdin). With more than 1 argument, the filename to force a read from stdin). With more than
first should be a detached signature and the remaining 1 argument, the first should be a detached signature
files are the signed stuff. and the remaining files are the signed stuff.
B<-k> [I<username>] [I<keyring>] B<-k> [I<username>] [I<keyring>]
Kludge to be somewhat compatible with PGP. Kludge to be somewhat compatible with PGP.
@ -76,11 +76,16 @@ B<-k> [I<username>] [I<keyring>]
B<-kvvc> List fingerprints and signatures B<-kvvc> List fingerprints and signatures
B<--list-keys> [I<names>] B<--list-keys> [I<names>]
List all keys from the default public keyring, or just the ones List all keys from the public keyrings, or just the
given on the command line. ones given on the command line.
B<--list-secret-keys> [I<names>]
List all keys from the secret keyrings, or just the
ones given on the command line.
B<--list-sigs> [I<names>] B<--list-sigs> [I<names>]
Same as B<--list-keys>, but the signatures are listed too. Same as B<--list-keys>, but the signatures are listed
too.
B<--check-sigs> [I<names>] B<--check-sigs> [I<names>]
Same as B<--list-sigs>, but the signatures are verified. Same as B<--list-sigs>, but the signatures are verified.
@ -112,6 +117,9 @@ B<--edit-key> I<name>
asks whether it should be signed. This asks whether it should be signed. This
question is repeated for all users specified question is repeated for all users specified
with B<-u>. with B<-u>.
B<trust>
Change the owner trust value. This updates the
trust-db immediately and no save is required.
B<adduid> B<adduid>
Create an alternate user id. Create an alternate user id.
B<deluid> B<deluid>
@ -139,6 +147,21 @@ B<--edit-key> I<name>
B<quit> B<quit>
Quit the program without updating the Quit the program without updating the
key rings. key rings.
The listing shows you the key with its secondary
keys and all user ids. Selected keys or user ids
indicated by an asterisk. The trust value is
displayed with the primary key: The first one is the
assigned owner trust and the second the calculated
trust value; letters are used for the values:
B<-> No ownertrust assigned.
B<o> Trust not yet calculated.
B<e> Trust calculation failed.
B<q> Not enough information for calculation.
B<n> Never trust this key.
B<m> Marginally trusted.
B<f> Fully trusted.
B<u> Ultimately trusted
B<--delete-key> B<--delete-key>
Remove key from the public keyring Remove key from the public keyring
@ -157,17 +180,22 @@ B<--export> [I<names>]
the file given with option "output". Use together the file given with option "output". Use together
with B<-a> to mail those keys. with B<-a> to mail those keys.
B<--export-secret-keys> [I<names>
Same as B<--export>, but does export the secret keys.
This is normally not very useful.
B<--import> B<--import>
import/merge keys import/merge keys
B<--export-ownertrust> B<--export-ownertrust>
List the assigned ownertrust values in ascii format for List the assigned ownertrust values in ascii format
backup purposes [B<gpgm> only]. for backup purposes [B<gpgm> only].
B<--import-ownertrust> [I<filename>] B<--import-ownertrust> [I<filename>]
Update the trustdb with the ownertrust values stored in Update the trustdb with the ownertrust values stored
I<filename> (or stdin if not given); existing values will be in I<filename> (or stdin if not given); existing
overwritten. [B<gpgm> only]. values will be overwritten. [B<gpgm> only].
=head1 OPTIONS =head1 OPTIONS
@ -193,8 +221,8 @@ B<-u> I<name>, B<--local-user> I<name>
B<--default-key> I<name> B<--default-key> I<name>
Use I<name> as default user-id for signatures. If this Use I<name> as default user-id for signatures. If this
is not used the default user-id is the first user-id in is not used the default user-id is the first user-id
the secret keyring. from the secret keyring.
B<-r> I<name>, B<--remote-user> I<name> B<-r> I<name>, B<--remote-user> I<name>
Use I<name> as the user-id for encryption. Use I<name> as the user-id for encryption.
@ -323,9 +351,9 @@ B<--no-default-keyring>
keyrings. keyrings.
B<--skip-verify> B<--skip-verify>
Skip the signature verification step. This may be used to Skip the signature verification step. This may be
make the encryption faster if the signature verification used to make the encryption faster if the signature
is not needed. verification is not needed.
B<--version> B<--version>
Print version information along with a list Print version information along with a list
@ -369,6 +397,8 @@ F<~/.gnupg/trustdb.gpg> The trust database
F<~/.gnupg/options> May contain options F<~/.gnupg/options> May contain options
F</usr[/local]/lib/gnupg/> Default location for extensions
=head1 SEE ALSO =head1 SEE ALSO
gpgm(1) gpgd(1) gpgm(1) gpgd(1)
@ -389,6 +419,6 @@ is B<very> easy to spy out your passphrase!
On many systems this program should be installed as setuid(root); this On many systems this program should be installed as setuid(root); this
is necessary to lock some pages of memory. If you get no warning message is necessary to lock some pages of memory. If you get no warning message
about insecure memory you have a nice OS kernel and you don't need to make about insecure memory your OS kernel supports locking without being root;
it setuid. setuid is dropped as soon as this memory is allocated.

View File

@ -26,24 +26,13 @@ print-md algo
print-mds print-mds
# print all message digests of all give filenames # print all message digests of all give filenames
sign-key
store store
# simply packs the input data into a rfc1991 packet format # simply packs the input data into a rfc1991 packet format
list-secret-keys
#
export-secret-keys
# export secret keys (which may be usefuil in some cases)
check-trustdb check-trustdb
#----------------------------------------------- #-----------------------------------------------
#--- options #--- options
#----------------------------------------------- #-----------------------------------------------
@ -57,9 +46,3 @@ compress-sigs
# Normally, compressing of signatures does not make sense; so this # Normally, compressing of signatures does not make sense; so this
# is disabled for detached signatures unless this option is used. # is disabled for detached signatures unless this option is used.
emulate-pgp-sign-bug
# PGP 2.x can only cope with 2 byte length headers of the
# signature packets, this option forces.

View File

@ -34,6 +34,7 @@
#include "memory.h" #include "memory.h"
#include "util.h" #include "util.h"
#include "main.h" #include "main.h"
#include "trustdb.h"
#include "filter.h" #include "filter.h"
#include "ttyio.h" #include "ttyio.h"
#include "i18n.h" #include "i18n.h"
@ -541,7 +542,7 @@ keyedit_menu( const char *username, STRLIST locusr )
enum cmdids { cmdNONE = 0, enum cmdids { cmdNONE = 0,
cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN, cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY,
cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST,
cmdNOP }; cmdNOP };
static struct { const char *name; static struct { const char *name;
enum cmdids id; enum cmdids id;
@ -571,6 +572,7 @@ keyedit_menu( const char *username, STRLIST locusr )
"and public key listing") }, "and public key listing") },
{ N_("t" ) , cmdTOGGLE , 1, NULL }, { N_("t" ) , cmdTOGGLE , 1, NULL },
{ N_("passwd") , cmdPASSWD , 1, N_("change the passphrase") }, { N_("passwd") , cmdPASSWD , 1, N_("change the passphrase") },
{ N_("trust") , cmdTRUST , 0, N_("change the ownertrust") },
{ NULL, cmdNONE } }; { NULL, cmdNONE } };
enum cmdids cmd; enum cmdids cmd;
@ -805,6 +807,16 @@ keyedit_menu( const char *username, STRLIST locusr )
sec_modified = 1; sec_modified = 1;
break; break;
case cmdTRUST:
show_key_with_all_names( keyblock, 0, 0, 1 );
tty_printf("\n");
if( edit_ownertrust( find_kbnode( keyblock,
PKT_PUBLIC_KEY )->pkt->pkt.public_key->local_id, 1 ) )
redisplay = 1;
/* we don't need to set modified here, as the trustvalues
* are updated immediately */
break;
case cmdNOP: case cmdNOP:
break; break;
@ -839,7 +851,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked,
if( node->pkt->pkttype == PKT_PUBLIC_KEY if( node->pkt->pkttype == PKT_PUBLIC_KEY
|| (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ) { || (with_subkeys && node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ) {
PKT_public_key *pk = node->pkt->pkt.public_key; PKT_public_key *pk = node->pkt->pkt.public_key;
tty_printf("%s%c %4u%c/%08lX created: %s expires: %s\n", tty_printf("%s%c %4u%c/%08lX created: %s expires: %s",
node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub", node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub",
(node->flag & NODFLG_SELKEY)? '*':' ', (node->flag & NODFLG_SELKEY)? '*':' ',
nbits_from_pk( pk ), nbits_from_pk( pk ),
@ -847,9 +859,16 @@ show_key_with_all_names( KBNODE keyblock, int only_marked,
(ulong)keyid_from_pk(pk,NULL), (ulong)keyid_from_pk(pk,NULL),
datestr_from_pk(pk), datestr_from_pk(pk),
expirestr_from_pk(pk) ); expirestr_from_pk(pk) );
if( with_fpr && node->pkt->pkttype == PKT_PUBLIC_KEY ) if( node->pkt->pkttype == PKT_PUBLIC_KEY ) {
int otrust, trust;
trust = query_trust_info(pk);
otrust = get_ownertrust_info( pk->local_id );
tty_printf(" trust: %c/%c", otrust, trust );
if( with_fpr )
show_fingerprint( pk ); show_fingerprint( pk );
} }
tty_printf("\n");
}
else if( node->pkt->pkttype == PKT_SECRET_KEY else if( node->pkt->pkttype == PKT_SECRET_KEY
|| (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) ) { || (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) ) {
PKT_secret_key *sk = node->pkt->pkt.secret_key; PKT_secret_key *sk = node->pkt->pkt.secret_key;

View File

@ -39,8 +39,8 @@
/**************** /****************
* Returns true if an ownertrust has changed. * Returns true if an ownertrust has changed.
*/ */
static int int
query_ownertrust( ulong lid ) edit_ownertrust( ulong lid, int mode )
{ {
char *p; char *p;
int rc; int rc;
@ -63,6 +63,7 @@ query_ownertrust( ulong lid )
return 0; return 0;
} }
if( !mode ) {
tty_printf(_("No owner trust defined for %lu:\n" tty_printf(_("No owner trust defined for %lu:\n"
"%4u%c/%08lX %s \""), lid, "%4u%c/%08lX %s \""), lid,
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
@ -70,7 +71,9 @@ query_ownertrust( ulong lid )
p = get_user_id( keyid, &n ); p = get_user_id( keyid, &n );
tty_print_string( p, n ), tty_print_string( p, n ),
m_free(p); m_free(p);
tty_printf(_("\"\n\n" tty_printf("\"\n\n");
}
tty_printf(_(
"Please decide how far you trust this user to correctly\n" "Please decide how far you trust this user to correctly\n"
"verify other users' keys (by looking at passports,\n" "verify other users' keys (by looking at passports,\n"
"checking fingerprints from different sources...)?\n\n" "checking fingerprints from different sources...)?\n\n"
@ -146,7 +149,7 @@ _("Could not find a valid trust path to the key. Let's see whether we\n"
log_fatal("Ooops: couldn't get owner trust for %lu\n", lid); log_fatal("Ooops: couldn't get owner trust for %lu\n", lid);
if( trust == TRUST_UNDEFINED || trust == TRUST_EXPIRED || if( trust == TRUST_UNDEFINED || trust == TRUST_EXPIRED ||
trust == TRUST_UNKNOWN ) { trust == TRUST_UNKNOWN ) {
if( query_ownertrust( lid ) ) if( edit_ownertrust( lid, 0 ) )
any=1; any=1;
} }
} }

View File

@ -734,19 +734,40 @@ tdbio_new_recnum()
* The local_id of PK is set to the correct value * The local_id of PK is set to the correct value
*/ */
int int
tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec ) tdbio_search_dir_bypk( PKT_public_key *pk, TRUSTREC *rec )
{ {
ulong recnum;
u32 keyid[2];
byte *fingerprint; byte *fingerprint;
size_t fingerlen; size_t fingerlen;
u32 keyid[2];
int rc;
keyid_from_pk( pk, keyid );
fingerprint = fingerprint_from_pk( pk, NULL, &fingerlen );
rc = tdbio_search_dir_byfpr( fingerprint, fingerlen,
pk->pubkey_algo, rec );
if( !rc ) {
if( pk->local_id && pk->local_id != rec->recnum )
log_error_f(db_name,
"found record, but LID from memory does "
"not match recnum (%lu,%lu)\n",
pk->local_id, rec->recnum );
pk->local_id = rec->recnum;
}
return rc;
}
int
tdbio_search_dir_byfpr( const byte *fingerprint, size_t fingerlen,
int pubkey_algo, TRUSTREC *rec )
{
ulong recnum;
int rc; int rc;
ulong hashrec, item; ulong hashrec, item;
int msb; int msb;
int level=0; int level=0;
keyid_from_pk( pk, keyid );
fingerprint = fingerprint_from_pk( pk, NULL, &fingerlen );
assert( fingerlen == 20 || fingerlen == 16 ); assert( fingerlen == 20 || fingerlen == 16 );
/* locate the key using the hash table */ /* locate the key using the hash table */
@ -794,7 +815,7 @@ tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec )
g10_errstr(rc) ); g10_errstr(rc) );
return rc; return rc;
} }
if( tmp.r.key.pubkey_algo == pk->pubkey_algo if( (!pubkey_algo || tmp.r.key.pubkey_algo == pubkey_algo)
&& tmp.r.key.fingerprint_len == fingerlen && tmp.r.key.fingerprint_len == fingerlen
&& !memcmp(tmp.r.key.fingerprint, && !memcmp(tmp.r.key.fingerprint,
fingerprint, fingerlen) ) { fingerprint, fingerlen) ) {
@ -820,7 +841,7 @@ tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec )
} }
else if( rec->rectype == RECTYPE_KEY ) { else if( rec->rectype == RECTYPE_KEY ) {
/* must check that it is the requested key */ /* must check that it is the requested key */
if( rec->r.key.pubkey_algo != pk->pubkey_algo if( (pubkey_algo && rec->r.key.pubkey_algo != pubkey_algo)
|| rec->r.key.fingerprint_len != fingerlen || rec->r.key.fingerprint_len != fingerlen
|| memcmp(rec->r.key.fingerprint, fingerprint, fingerlen) ) || memcmp(rec->r.key.fingerprint, fingerprint, fingerlen) )
return -1; /* no: not found */ return -1; /* no: not found */
@ -832,14 +853,6 @@ tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec )
} }
recnum = rec->r.key.lid; recnum = rec->r.key.lid;
if( pk->local_id && pk->local_id != recnum )
log_error_f(db_name,
"found record, but LID from memory does "
"not match recnum (%lu,%lu)\n",
pk->local_id, recnum );
pk->local_id = recnum;
/* Now read the dir record */ /* Now read the dir record */
rc = tdbio_read_record( recnum, rec, RECTYPE_DIR); rc = tdbio_read_record( recnum, rec, RECTYPE_DIR);
if( rc ) if( rc )

View File

@ -143,7 +143,9 @@ int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
int tdbio_write_record( TRUSTREC *rec ); int tdbio_write_record( TRUSTREC *rec );
int tdbio_delete_record( ulong recnum ); int tdbio_delete_record( ulong recnum );
ulong tdbio_new_recnum(void); ulong tdbio_new_recnum(void);
int tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec ); int tdbio_search_dir_bypk( PKT_public_key *pk, TRUSTREC *rec );
int tdbio_search_dir_byfpr( const byte *fingerprint, size_t fingerlen,
int pubkey_algo, TRUSTREC *rec );
int tdbio_delete_uidrec( ulong dirlid, ulong uidlid ); int tdbio_delete_uidrec( ulong dirlid, ulong uidlid );

View File

@ -193,7 +193,7 @@ set_signature_packets_lid( PKT_signature *sig )
if( rc) if( rc)
goto leave; goto leave;
if( !pk->local_id ) { if( !pk->local_id ) {
rc = tdbio_search_dir_record( pk, &rec ); rc = tdbio_search_dir_bypk( pk, &rec );
if( rc == -1 ) if( rc == -1 )
rc = insert_trust_record( pk ); rc = insert_trust_record( pk );
if( rc ) if( rc )
@ -935,6 +935,7 @@ update_sigs( TRUSTREC *dir )
rec->r.sig.sig[sigidx].lid = sig->local_id; rec->r.sig.sig[sigidx].lid = sig->local_id;
rec->r.sig.sig[sigidx].flag = 0; rec->r.sig.sig[sigidx].flag = 0;
sigidx++; sigidx++;
if( DBG_TRUST )
log_debug("key %08lX.%lu, uid %02X%02X: " log_debug("key %08lX.%lu, uid %02X%02X: "
"signed by LID %lu\n", "signed by LID %lu\n",
(ulong)keyid[1], lid, urec.r.uid.namehash[18], (ulong)keyid[1], lid, urec.r.uid.namehash[18],
@ -1263,7 +1264,7 @@ list_trustdb( const char *username )
if( (rc = get_pubkey_byname( pk, username )) ) if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) ); log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
else if( (rc=tdbio_search_dir_record( pk, &rec )) && rc != -1 ) else if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n", log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc)); username, g10_errstr(rc));
else if( rc == -1 ) else if( rc == -1 )
@ -1343,6 +1344,9 @@ import_ownertrust( const char *fname )
} }
while( fgets( line, DIM(line)-1, fp ) ) { while( fgets( line, DIM(line)-1, fp ) ) {
TRUSTREC rec;
int rc;
if( !*line || *line == '#' ) if( !*line || *line == '#' )
continue; continue;
n = strlen(line); n = strlen(line);
@ -1373,7 +1377,44 @@ import_ownertrust( const char *fname )
line[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]); line[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
line[fprlen] = 0; line[fprlen] = 0;
log_hexdump("found: ", line, fprlen ); repeat:
rc = tdbio_search_dir_byfpr( line, fprlen, 0, &rec );
if( !rc ) { /* found: update */
if( rec.r.dir.ownertrust )
log_info("LID %lu: changing trust from %u to %u\n",
rec.r.dir.lid, rec.r.dir.ownertrust, otrust );
else
log_info("LID %lu: setting trust to %u\n",
rec.r.dir.lid, otrust );
rec.r.dir.ownertrust = otrust;
rc = tdbio_write_record( &rec );
if( rc )
log_error_f(fname, "error updating otrust: %s\n",
g10_errstr(rc));
}
else if( rc == -1 ) { /* not found; get the key from the ring */
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
log_info_f(fname, "key not in trustdb, searching ring.\n");
rc = get_pubkey_byfprint( pk, line, fprlen );
if( rc )
log_info_f(fname, "key not in ring: %s\n", g10_errstr(rc));
else {
rc = query_trust_record( pk ); /* only as assertion */
if( rc != -1 )
log_error_f(fname, "Oops: key is now in trustdb???\n");
else {
rc = insert_trust_record( pk );
if( !rc )
goto repeat; /* update the ownertrust */
log_error_f(fname, "insert trust record failed: %s\n",
g10_errstr(rc) );
}
}
}
else /* error */
log_error_f(fname, "error finding dir record: %s\n",
g10_errstr(rc));
} }
if( ferror(fp) ) if( ferror(fp) )
log_error_f(fname, _("read error: %s\n"), strerror(errno) ); log_error_f(fname, _("read error: %s\n"), strerror(errno) );
@ -1398,7 +1439,7 @@ list_trust_path( int max_depth, const char *username )
if( (rc = get_pubkey_byname( pk, username )) ) if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) ); log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
else if( (rc=tdbio_search_dir_record( pk, &rec )) && rc != -1 ) else if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n", log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc)); username, g10_errstr(rc));
else if( rc == -1 ) { else if( rc == -1 ) {
@ -1495,7 +1536,7 @@ check_trustdb( const char *username )
if( (rc = get_pubkey_byname( pk, username )) ) if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) ); log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
else if( (rc=tdbio_search_dir_record( pk, &rec )) && rc != -1 ) else if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n", log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc)); username, g10_errstr(rc));
else if( rc == -1 ) else if( rc == -1 )
@ -1564,7 +1605,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
} }
} }
else { /* no local_id: scan the trustdb */ else { /* no local_id: scan the trustdb */
if( (rc=tdbio_search_dir_record( pk, &rec )) && rc != -1 ) { if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 ) {
log_error("check_trust: search dir record failed: %s\n", log_error("check_trust: search dir record failed: %s\n",
g10_errstr(rc)); g10_errstr(rc));
return rc; return rc;
@ -1702,6 +1743,25 @@ get_ownertrust( ulong lid, unsigned *r_otrust )
return 0; return 0;
} }
int
get_ownertrust_info( ulong lid )
{
unsigned otrust;
int c;
if( get_ownertrust( lid, &otrust ) )
return '?';
switch( (otrust & TRUST_MASK) ) {
case TRUST_NEVER: c = 'n'; break;
case TRUST_MARGINAL: c = 'm'; break;
case TRUST_FULLY: c = 'f'; break;
case TRUST_ULTIMATE: c = 'u'; break;
default: c = '-'; break;
}
return c;
}
/**************** /****************
* This function simply looks for the key in the trustdb * This function simply looks for the key in the trustdb
@ -1723,7 +1783,7 @@ query_trust_record( PKT_public_key *pk )
} }
} }
else { /* no local_id: scan the trustdb */ else { /* no local_id: scan the trustdb */
if( (rc=tdbio_search_dir_record( pk, &rec )) && rc != -1 ) { if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 ) {
log_error("query_trust_record: search_record failed: %s\n", log_error("query_trust_record: search_record failed: %s\n",
g10_errstr(rc)); g10_errstr(rc));
return rc; return rc;
@ -1774,6 +1834,9 @@ insert_trust_record( PKT_public_key *orig_pk )
size_t fingerlen; size_t fingerlen;
int rc = 0; int rc = 0;
keylist_head = NULL; keylist_tail = &keylist_head; keylist = NULL;
uidlist_head = NULL; uidlist_tail = &uidlist_head; uidlist = NULL;
/* prepare dir record */ /* prepare dir record */
memset( &dirrec, 0, sizeof dirrec ); memset( &dirrec, 0, sizeof dirrec );
dirrec.rectype = RECTYPE_DIR; dirrec.rectype = RECTYPE_DIR;
@ -1796,8 +1859,6 @@ insert_trust_record( PKT_public_key *orig_pk )
} }
/* build data structure as linked lists in memory */ /* build data structure as linked lists in memory */
keylist_head = NULL; keylist_tail = &keylist_head; keylist = NULL;
uidlist_head = NULL; uidlist_tail = &uidlist_head; uidlist = NULL;
keyid[0] = keyid[1] = 0; keyid[0] = keyid[1] = 0;
for( node=keyblock; node; node = node->next ) { for( node=keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_PUBLIC_KEY if( node->pkt->pkttype == PKT_PUBLIC_KEY

View File

@ -46,9 +46,13 @@ int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
int query_trust_info( PKT_public_key *pk ); int query_trust_info( PKT_public_key *pk );
int enum_trust_web( void **context, ulong *lid ); int enum_trust_web( void **context, ulong *lid );
int get_ownertrust( ulong lid, unsigned *r_otrust ); int get_ownertrust( ulong lid, unsigned *r_otrust );
int get_ownertrust_info( ulong lid );
int keyid_from_lid( ulong lid, u32 *keyid ); int keyid_from_lid( ulong lid, u32 *keyid );
int query_trust_record( PKT_public_key *pk ); int query_trust_record( PKT_public_key *pk );
int insert_trust_record( PKT_public_key *pk ); int insert_trust_record( PKT_public_key *pk );
int update_ownertrust( ulong lid, unsigned new_trust ); int update_ownertrust( ulong lid, unsigned new_trust );
/*-- pkclist.c --*/
int edit_ownertrust( ulong lid, int mode );
#endif /*G10_TRUSTDB_H*/ #endif /*G10_TRUSTDB_H*/

View File

@ -4,7 +4,7 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
needed_libs = ../cipher/libcipher.a ../util/libutil.a \ needed_libs = ../cipher/libcipher.a ../util/libutil.a \
../mpi/libmpi.a ../util/libutil.a ../mpi/libmpi.a ../util/libutil.a
noinst_PROGRAMS = mpicalc bftest clean-sat mk-tdata noinst_PROGRAMS = mpicalc bftest clean-sat mk-tdata shmtest
mpicalc_SOURCES = mpicalc.c mpicalc_SOURCES = mpicalc.c
@ -12,10 +12,13 @@ bftest_SOURCES = bftest.c
clean_sat_SOURCES = clean-sat.c clean_sat_SOURCES = clean-sat.c
mk_tdata_SOURCES = mk-tdata.c mk_tdata_SOURCES = mk-tdata.c
shmtest_SOURCES = shmtest.c
mpicalc_LDADD = @INTLLIBS@ $(needed_libs) mpicalc_LDADD = @INTLLIBS@ $(needed_libs)
bftest_LDADD = @INTLLIBS@ $(needed_libs) bftest_LDADD = @INTLLIBS@ $(needed_libs)
shmtest_LDADD = @INTLLIBS@ $(needed_libs)
mpicalc bftest: $(needed_libs) mpicalc bftest: $(needed_libs)