security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-16 00:29:50 +02:00
Code Activity

* packet.h, trustdb.h, trustdb.c (trust_string): New. Return a string

Browse Source 
like "fully trusted", "marginally trusted", etc. (get_min_ownertrust):
New.  Return minimum ownertrust. (update_min_ownertrust): New.  Set
minimum ownertrust. (check_regexp): New.  Check a regular epression
against a user ID. (ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when returning a
letter. (clear_validity): Remove minimum ownertrust when a key becomes
invalid. (release_key_items): Release regexp along with the rest of the
info. (validate_one_keyblock, validate_keys): Build a trust sig chain
while validating.  Call check_regexp for regexps.  Use the minimum
ownertrust if the user does not specify a genuine ownertrust.

* pkclist.c (do_edit_ownertrust): Only allow user to select a trust level
greater than the minimum value.

* parse-packet.c (can_handle_critical): Can handle critical trust and
regexp subpackets.

* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c (do_delete_key),
import.c (import_one): Rename clear_ownertrust to clear_ownertrusts and
have it clear the min_ownertrust value as well.

* keylist.c (list_keyblock_print): Indent uid to match pub and sig.
This commit is contained in:
David Shaw 2002-10-30 03:11:57 +00:00
parent de9c6b3169
commit 09158d1e99
9 changed files with 334 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
g10/ChangeLog
View File

@ -1,5 +1,35 @@
2002-10-29 David Shaw <dshaw@jabberwocky.com> 2002-10-29 David Shaw <dshaw@jabberwocky.com>
* packet.h, trustdb.h, trustdb.c (trust_string): New. Return a
string like "fully trusted", "marginally trusted", etc.
(get_min_ownertrust): New. Return minimum ownertrust.
(update_min_ownertrust): New. Set minimum ownertrust.
(check_regexp): New. Check a regular epression against a user ID.
(ask_ownertrust): Allow specifying a minimum value.
(get_ownertrust_info): Follow the minimum ownertrust when
returning a letter.
(clear_validity): Remove minimum ownertrust when a key becomes
invalid.
(release_key_items): Release regexp along with the rest of the
info.
(validate_one_keyblock, validate_keys): Build a trust sig chain
while validating. Call check_regexp for regexps. Use the minimum
ownertrust if the user does not specify a genuine ownertrust.
* pkclist.c (do_edit_ownertrust): Only allow user to select a
trust level greater than the minimum value.
* parse-packet.c (can_handle_critical): Can handle critical trust
and regexp subpackets.
* trustdb.h, trustdb.c (clear_ownertrusts), delkey.c
(do_delete_key), import.c (import_one): Rename clear_ownertrust to
clear_ownertrusts and have it clear the min_ownertrust value as
well.
* keylist.c (list_keyblock_print): Indent uid to match pub and
sig.
* keyedit.c (print_and_check_one_sig, show_key_and_fingerprint, * keyedit.c (print_and_check_one_sig, show_key_and_fingerprint,
menu_addrevoker), keylist.c (list_keyblock_print, menu_addrevoker), keylist.c (list_keyblock_print,
print_fingerprint): Show "T" or the trust depth for trust print_fingerprint): Show "T" or the trust depth for trust

2
g10/delkey.c
View File

@ -161,7 +161,7 @@ do_delete_key( const char *username, int secret, int *r_sec_avail )
revalidation_mark(). This makes sense - only deleting keys revalidation_mark(). This makes sense - only deleting keys
that have ownertrust set should trigger this. */ that have ownertrust set should trigger this. */
if (!secret && pk && clear_ownertrust (pk)) { if (!secret && pk && clear_ownertrusts (pk)) {
if (opt.verbose) if (opt.verbose)
log_info (_("ownertrust information cleared\n")); log_info (_("ownertrust information cleared\n"));
} }

2
g10/import.c
View File

@ -671,7 +671,7 @@ import_one( const char *fname, KBNODE keyblock,
the keyring and trustdb are out of sync. It can also the keyring and trustdb are out of sync. It can also
be made to happen with the trusted-key command. */ be made to happen with the trusted-key command. */
clear_ownertrust (pk); clear_ownertrusts (pk);
revalidation_mark (); revalidation_mark ();
} }
keydb_release (hd); keydb_release (hd);

2
g10/keylist.c
View File

@ -495,7 +495,7 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
continue; continue;
if( any ) if( any )
printf("uid%*s", 28, ""); printf("uid%*s", 29, "");
if ( node->pkt->pkt.user_id->is_revoked ) if ( node->pkt->pkt.user_id->is_revoked )
fputs ("[revoked] ", stdout); fputs ("[revoked] ", stdout);

4
g10/packet.h
View File

@ -212,6 +212,10 @@ typedef struct {
PKT_user_id *user_id; /* if != NULL: found by that uid */ PKT_user_id *user_id; /* if != NULL: found by that uid */
struct revocation_key *revkey; struct revocation_key *revkey;
int numrevkeys; int numrevkeys;
u32 trust_timestamp;
byte trust_depth;
byte trust_value;
const byte *trust_regexp;
MPI pkey[PUBKEY_MAX_NPKEY]; MPI pkey[PUBKEY_MAX_NPKEY];
} PKT_public_key; } PKT_public_key;

6
g10/parse-packet.c
View File

@ -780,7 +780,7 @@ dump_sig_subpkt( int hashed, int type, int critical,
if(length!=2) if(length!=2)
p="[invalid trust subpacket]"; p="[invalid trust subpacket]";
else else
printf("trust signature of depth %d, amount %d",buffer[0],buffer[1]); printf("trust signature of depth %d, value %d",buffer[0],buffer[1]);
break; break;
case SIGSUBPKT_REGEXP: case SIGSUBPKT_REGEXP:
if(!length) if(!length)
@ -1002,6 +1002,8 @@ can_handle_critical( const byte *buffer, size_t n, int type )
case SIGSUBPKT_PRIMARY_UID: case SIGSUBPKT_PRIMARY_UID:
case SIGSUBPKT_FEATURES: case SIGSUBPKT_FEATURES:
case SIGSUBPKT_POLICY: /* Is it enough to show the policy? */ case SIGSUBPKT_POLICY: /* Is it enough to show the policy? */
case SIGSUBPKT_TRUST:
case SIGSUBPKT_REGEXP:
return 1; return 1;
default: default:
@ -1300,6 +1302,8 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
sig->trust_depth=p[0]; sig->trust_depth=p[0];
sig->trust_value=p[1]; sig->trust_value=p[1];
/* Only look for a regexp if there is also a trust
subpacket. */
sig->trust_regexp= sig->trust_regexp=
parse_sig_subpkt(sig->hashed,SIGSUBPKT_REGEXP,&len); parse_sig_subpkt(sig->hashed,SIGSUBPKT_REGEXP,&len);

28
g10/pkclist.c
View File

@ -245,7 +245,18 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
int changed=0; int changed=0;
int quit=0; int quit=0;
int show=0; int show=0;
int min_num;
int did_help=defer_help; int did_help=defer_help;
unsigned int minimum=get_min_ownertrust(pk);
switch(minimum)
{
default: min_num=0; break;
case TRUST_UNDEFINED: min_num=1; break;
case TRUST_NEVER: min_num=2; break;
case TRUST_MARGINAL: min_num=3; break;
case TRUST_FULLY: min_num=4; break;
}
keyid_from_pk (pk, keyid); keyid_from_pk (pk, keyid);
for(;;) { for(;;) {
@ -299,10 +310,14 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
"Please decide how far you trust this user to correctly\n" "Please decide how far you trust this user to correctly\n"
"verify other users' keys (by looking at passports,\n" "verify other users' keys (by looking at passports,\n"
"checking fingerprints from different sources...)?\n\n")); "checking fingerprints from different sources...)?\n\n"));
tty_printf (_(" %d = Don't know\n"), 1); if(min_num<=1)
tty_printf (_(" %d = I do NOT trust\n"), 2); tty_printf (_(" %d = I don't know\n"), 1);
tty_printf (_(" %d = I trust marginally\n"), 3); if(min_num<=2)
tty_printf (_(" %d = I trust fully\n"), 4); tty_printf (_(" %d = I do NOT trust\n"), 2);
if(min_num<=3)
tty_printf (_(" %d = I trust marginally\n"), 3);
if(min_num<=4)
tty_printf (_(" %d = I trust fully\n"), 4);
if (mode) if (mode)
tty_printf (_(" %d = I trust ultimately\n"), 5); tty_printf (_(" %d = I trust ultimately\n"), 5);
#if 0 #if 0
@ -317,6 +332,9 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
tty_printf(_(" q = quit\n")); tty_printf(_(" q = quit\n"));
} }
tty_printf("\n"); tty_printf("\n");
if(minimum)
tty_printf(_("The minimum trust level for this key is: %s\n\n"),
trust_string(minimum));
did_help = 1; did_help = 1;
} }
if( strlen(ans) != 8 ) if( strlen(ans) != 8 )
@ -328,7 +346,7 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
did_help = 0; did_help = 0;
else if( *p && p[1] ) else if( *p && p[1] )
; ;
else if( !p[1] && (*p >= '1' && *p <= (mode?'5':'4')) ) else if( !p[1] && ((*p >= '0'+min_num) && *p <= (mode?'5':'4')) )
{ {
unsigned int trust; unsigned int trust;
switch( *p ) switch( *p )

293
g10/trustdb.c
View File

@ -24,6 +24,15 @@
#include <string.h> #include <string.h>
#include <assert.h> #include <assert.h>
#ifndef DISABLE_REGEX
#include <sys/types.h>
#ifdef USE_GNU_REGEX
#include "_regex.h"
#else
#include <regex.h>
#endif
#endif /* !DISABLE_REGEX */
#include "errors.h" #include "errors.h"
#include "iobuf.h" #include "iobuf.h"
#include "keydb.h" #include "keydb.h"
@ -43,7 +52,10 @@
*/ */
struct key_item { struct key_item {
struct key_item *next; struct key_item *next;
unsigned int ownertrust; unsigned int ownertrust,min_ownertrust;
byte trust_depth;
byte trust_value;
char *trust_regexp;
u32 kid[2]; u32 kid[2];
}; };
@ -97,6 +109,7 @@ release_key_items (struct key_item *k)
for (; k; k = k2) for (; k; k = k2)
{ {
k2 = k->next; k2 = k->next;
m_free (k->trust_regexp);
m_free (k); m_free (k);
} }
} }
@ -440,6 +453,23 @@ trust_letter (unsigned int value)
} }
} }
/* The strings here are similar to those in
pkclist.c:do_edit_ownertrust() */
const char *
trust_string (unsigned int value)
{
switch( (value & TRUST_MASK) )
{
case TRUST_UNKNOWN: return _("unknown trust");
case TRUST_EXPIRED: return _("expired");
case TRUST_UNDEFINED: return _("undefined trust");
case TRUST_NEVER: return _("do NOT trust");
case TRUST_MARGINAL: return _("marginal trust");
case TRUST_FULLY: return _("full trust");
case TRUST_ULTIMATE: return _("ultimate trust");
default: return "err";
}
}
/**************** /****************
* Recreate the WoT but do not ask for new ownertrusts. Special * Recreate the WoT but do not ask for new ownertrusts. Special
@ -525,7 +555,6 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
return 0; return 0;
} }
/**************** /****************
* Return the assigned ownertrust value for the given public key. * Return the assigned ownertrust value for the given public key.
* The key should be the primary key. * The key should be the primary key.
@ -544,20 +573,50 @@ get_ownertrust ( PKT_public_key *pk)
tdbio_invalid (); tdbio_invalid ();
return rc; /* actually never reached */ return rc; /* actually never reached */
} }
return rec.r.trust.ownertrust; return rec.r.trust.ownertrust;
} }
unsigned int
get_min_ownertrust (PKT_public_key *pk)
{
TRUSTREC rec;
int rc;
rc = read_trust_record (pk, &rec);
if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */
if (rc)
{
tdbio_invalid ();
return rc; /* actually never reached */
}
return rec.r.trust.min_ownertrust;
}
/* /*
* Same as get_ownertrust but return a trust letter instead of an value. * Same as get_ownertrust but return a trust letter instead of an value.
*/ */
int int
get_ownertrust_info (PKT_public_key *pk) get_ownertrust_info (PKT_public_key *pk)
{ {
unsigned int otrust; unsigned int otrust,otrust_min;
int c; int c;
otrust = get_ownertrust (pk); otrust = get_ownertrust (pk);
otrust_min = get_min_ownertrust (pk);
if(otrust<otrust_min)
{
/* If the trust that the user has set is less than the trust
that was calculated from a trust signature chain, use the
higher of the two. We do this here and not in
get_ownertrust since the underlying ownertrust should not
really be set - just the appearance of the ownertrust. */
otrust=otrust_min;
}
c = trust_letter( (otrust & TRUST_MASK) ); c = trust_letter( (otrust & TRUST_MASK) );
if( !c ) if( !c )
c = '?'; c = '?';
@ -611,9 +670,64 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
} }
} }
/* Clear the ownertrust value. Return true if a changed actually happend. */ static void
update_min_ownertrust (u32 *kid, unsigned int new_trust )
{
PKT_public_key *pk;
TRUSTREC rec;
int rc;
pk = m_alloc_clear (sizeof *pk);
rc = get_pubkey (pk, kid);
if (rc)
{
log_error (_("public key %08lX not found: %s\n"),
(ulong)kid[1], g10_errstr(rc) );
return;
}
rc = read_trust_record (pk, &rec);
if (!rc)
{
if (DBG_TRUST)
log_debug ("key %08lX: update min_ownertrust from %u to %u\n",
(ulong)kid[1],(unsigned int)rec.r.trust.min_ownertrust,
new_trust );
if (rec.r.trust.min_ownertrust != new_trust)
{
rec.r.trust.min_ownertrust = new_trust;
write_record( &rec );
revalidation_mark ();
do_sync ();
}
}
else if (rc == -1)
{ /* no record yet - create a new one */
size_t dummy;
if (DBG_TRUST)
log_debug ("insert min_ownertrust %u\n", new_trust );
memset (&rec, 0, sizeof rec);
rec.recnum = tdbio_new_recnum ();
rec.rectype = RECTYPE_TRUST;
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.min_ownertrust = new_trust;
write_record (&rec);
revalidation_mark ();
do_sync ();
rc = 0;
}
else
{
tdbio_invalid ();
}
}
/* Clear the ownertrust and min_ownertrust values. Return true if a
change actually happened. */
int int
clear_ownertrust (PKT_public_key *pk) clear_ownertrusts (PKT_public_key *pk)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
@ -622,11 +736,16 @@ clear_ownertrust (PKT_public_key *pk)
if (!rc) if (!rc)
{ {
if (DBG_TRUST) if (DBG_TRUST)
log_debug ("clearing ownertrust (old value %u)\n", {
(unsigned int)rec.r.trust.ownertrust); log_debug ("clearing ownertrust (old value %u)\n",
if (rec.r.trust.ownertrust) (unsigned int)rec.r.trust.ownertrust);
log_debug ("clearing min_ownertrust (old value %u)\n",
(unsigned int)rec.r.trust.min_ownertrust);
}
if (rec.r.trust.ownertrust || rec.r.trust.min_ownertrust)
{ {
rec.r.trust.ownertrust = 0; rec.r.trust.ownertrust = 0;
rec.r.trust.min_ownertrust = 0;
write_record( &rec ); write_record( &rec );
revalidation_mark (); revalidation_mark ();
do_sync (); do_sync ();
@ -710,9 +829,16 @@ clear_validity (PKT_public_key *pk)
tdbio_invalid (); tdbio_invalid ();
return 0; return 0;
} }
if (rc == -1) /* no record yet - no need to clerar it then ;-) */ if (rc == -1) /* no record yet - no need to clear it then ;-) */
return 0; return 0;
/* Clear minimum ownertrust, if any */
if(trec.r.trust.min_ownertrust)
{
trec.r.trust.min_ownertrust=0;
write_record(&trec);
}
/* reset validity for all user IDs */ /* reset validity for all user IDs */
recno = trec.r.trust.validlist; recno = trec.r.trust.validlist;
while (recno) while (recno)
@ -730,8 +856,6 @@ clear_validity (PKT_public_key *pk)
return any; return any;
} }
/*********************************************** /***********************************************
********* Query trustdb values ************** ********* Query trustdb values **************
***********************************************/ ***********************************************/
@ -912,7 +1036,7 @@ enum_cert_paths_print( void **context, FILE *fp,
****************************************/ ****************************************/
static int static int
ask_ownertrust (u32 *kid) ask_ownertrust (u32 *kid,int minimum)
{ {
PKT_public_key *pk; PKT_public_key *pk;
int rc; int rc;
@ -931,10 +1055,11 @@ ask_ownertrust (u32 *kid)
if(ot>0) if(ot>0)
ot = get_ownertrust (pk); ot = get_ownertrust (pk);
else if(ot==0) else if(ot==0)
ot = TRUST_UNDEFINED; ot = minimum?minimum:TRUST_UNDEFINED;
else else
ot = -1; /* quit */ ot = -1; /* quit */
free_public_key( pk ); free_public_key( pk );
return ot; return ot;
} }
@ -1196,6 +1321,33 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
} }
} }
/* Used by validate_one_keyblock to confirm a regexp within a trust
signature. Returns 1 for match, and 0 for no match or regex
error. */
static int
check_regexp(const char *exp,const char *string)
{
#ifdef DISABLE_REGEXP
/* When DISABLE_REGEXP is defined, assume all regexps do not
match. */
return 0;
#else
int ret;
regex_t pat;
if(regcomp(&pat,exp,REG_ICASE|REG_NOSUB)!=0)
return 0;
ret=regexec(&pat,string,0,NULL,0);
regfree(&pat);
if(DBG_TRUST)
log_debug("regexp \"%s\" on \"%s\": %s\n",exp,string,ret==0?"YES":"NO");
return (ret==0);
#endif
}
/* /*
* Return true if the key is signed by one of the keys in the given * Return true if the key is signed by one of the keys in the given
@ -1243,19 +1395,72 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
else if (node->pkt->pkttype == PKT_SIGNATURE else if (node->pkt->pkttype == PKT_SIGNATURE
&& (node->flag & (1<<8)) ) && (node->flag & (1<<8)) )
{ {
/* Note that we are only seeing unrevoked sigs here */
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
kr = is_in_klist (klist, sig); kr = is_in_klist (klist, sig);
if (kr) /* If the trust_regexp does not match, it's as if the sig
did not exist. This is safe for non-trust sigs as well
since we don't accept a regexp on the sig unless it's a
trust sig. */
if (kr && (kr->trust_regexp==NULL ||
(uidnode && check_regexp(kr->trust_regexp,
uidnode->pkt->pkt.user_id->name))))
{ {
if (kr->ownertrust == TRUST_ULTIMATE) if(DBG_TRUST && sig->trust_depth)
log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
uidnode->pkt->pkt.user_id->name,sig->trust_depth,
kr->trust_depth);
/* Are we part of a trust sig chain? We always favor
the latest trust sig, rather than the greater or
lesser trust sig or value. I could make a decent
argument for any of these cases, but this seems to be
what PGP does, and I'd like to be compatible. -dms */
if(sig->trust_depth &&
pk->trust_timestamp<=sig->timestamp &&
(sig->trust_depth<=kr->trust_depth ||
kr->ownertrust==TRUST_ULTIMATE))
{
/* If we got here, we know that:
this is a trust sig.
it's a newer trust sig than any previous trust
sig on this key (not uid).
it is legal in that it was either generated by an
ultimate key, or a key that was part of a trust
chain, and the depth does not violate the
original trust sig.
if there is a regexp attached, it matched
successfully.
*/
if(DBG_TRUST)
log_debug("replacing trust value %d with %d and "
"depth %d with %d\n",
pk->trust_value,sig->trust_value,
pk->trust_depth,sig->trust_depth);
pk->trust_value=sig->trust_value;
pk->trust_depth=sig->trust_depth-1;
/* If the trust sig contains a regexp, record it
on the pk for the next round. */
if(sig->trust_regexp)
pk->trust_regexp=sig->trust_regexp;
}
if (kr->ownertrust == TRUST_ULTIMATE)
fully_count = opt.completes_needed; fully_count = opt.completes_needed;
else if (kr->ownertrust == TRUST_FULLY) else if (kr->ownertrust == TRUST_FULLY)
fully_count++; fully_count++;
else if (kr->ownertrust == TRUST_MARGINAL) else if (kr->ownertrust == TRUST_MARGINAL)
marginal_count++; marginal_count++;
issigned = 1; issigned = 1;
} }
} }
} }
@ -1494,7 +1699,6 @@ validate_keys (int interactive)
goto leave; goto leave;
} }
/* mark all UTKs as visited and set validity to ultimate */ /* mark all UTKs as visited and set validity to ultimate */
for (k=utk_list; k; k = k->next) for (k=utk_list; k; k = k->next)
{ {
@ -1532,7 +1736,6 @@ validate_keys (int interactive)
do_sync (); do_sync ();
} }
klist = utk_list; klist = utk_list;
kdb = keydb_new (0); kdb = keydb_new (0);
@ -1544,14 +1747,43 @@ validate_keys (int interactive)
ot_marginal = ot_full = ot_ultimate = 0; ot_marginal = ot_full = ot_ultimate = 0;
for (k=klist; k; k = k->next) for (k=klist; k; k = k->next)
{ {
int min=0;
/* 120 and 60 are as per RFC2440 */
if(k->trust_value>=120)
min=TRUST_FULLY;
else if(k->trust_value>=60)
min=TRUST_MARGINAL;
if(min!=k->min_ownertrust)
update_min_ownertrust(k->kid,min);
if (interactive && k->ownertrust == TRUST_UNKNOWN) if (interactive && k->ownertrust == TRUST_UNKNOWN)
k->ownertrust = ask_ownertrust (k->kid);
if (k->ownertrust == -1)
{ {
quit=1; k->ownertrust = ask_ownertrust (k->kid,min);
goto leave;
if (k->ownertrust == -1)
{
quit=1;
goto leave;
}
} }
else if (k->ownertrust == TRUST_UNKNOWN)
/* This can happen during transition from an old trustdb
before trust sigs. It can also happen if a user uses two
different versions of GnuPG. */
if(k->ownertrust<min)
{
if(DBG_TRUST)
log_debug("key %08lX: "
"overriding ownertrust \"%s\" with \"%s\"\n",
(ulong)k->kid[1],
trust_string(k->ownertrust),trust_string(min));
k->ownertrust=min;
}
if (k->ownertrust == TRUST_UNKNOWN)
ot_unknown++; ot_unknown++;
else if (k->ownertrust == TRUST_UNDEFINED) else if (k->ownertrust == TRUST_UNDEFINED)
ot_undefined++; ot_undefined++;
@ -1574,7 +1806,6 @@ validate_keys (int interactive)
goto leave; goto leave;
} }
for (key_count=0, kar=keys; kar->keyblock; kar++, key_count++) for (key_count=0, kar=keys; kar->keyblock; kar++, key_count++)
; ;
@ -1604,6 +1835,16 @@ validate_keys (int interactive)
keyid_from_pk (kar->keyblock->pkt->pkt.public_key, k->kid); keyid_from_pk (kar->keyblock->pkt->pkt.public_key, k->kid);
k->ownertrust = get_ownertrust (kar->keyblock k->ownertrust = get_ownertrust (kar->keyblock
->pkt->pkt.public_key); ->pkt->pkt.public_key);
k->min_ownertrust = get_min_ownertrust (kar->keyblock
->pkt->pkt.public_key);
k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value=
kar->keyblock->pkt->pkt.public_key->trust_value;
if(kar->keyblock->pkt->pkt.public_key->trust_regexp)
k->trust_regexp=
m_strdup(kar->keyblock->pkt->
pkt.public_key->trust_regexp);
k->next = klist; k->next = klist;
klist = k; klist = k;
break; break;
@ -1638,5 +1879,3 @@ validate_keys (int interactive)
} }
return rc; return rc;
} }

4
g10/trustdb.h
View File

@ -46,6 +46,7 @@ void init_trustdb( void );
void sync_trustdb( void ); void sync_trustdb( void );
int trust_letter( unsigned value ); int trust_letter( unsigned value );
const char *trust_string (unsigned int value);
void revalidation_mark (void); void revalidation_mark (void);
@ -60,9 +61,10 @@ void enum_cert_paths_print( void **context, FILE *fp,
int refresh, ulong selected_lid ); int refresh, ulong selected_lid );
unsigned int get_ownertrust (PKT_public_key *pk); unsigned int get_ownertrust (PKT_public_key *pk);
unsigned int get_min_ownertrust (PKT_public_key *pk);
int get_ownertrust_info (PKT_public_key *pk); int get_ownertrust_info (PKT_public_key *pk);
void update_ownertrust (PKT_public_key *pk, unsigned int new_trust ); void update_ownertrust (PKT_public_key *pk, unsigned int new_trust );
int clear_ownertrust (PKT_public_key *pk); int clear_ownertrusts (PKT_public_key *pk);
/*-- tdbdump.c --*/ /*-- tdbdump.c --*/