security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

See ChangeLog ;-). Key validation should now be faster

Browse source
This commit is contained in:
Werner Koch 1998-11-13 19:41:41 +00:00
parent 95217d480d
commit 17ea875ab0
23 changed files with 535 additions and 190 deletions
Download patch file Download diff file Expand all files Collapse all files

22
g10/ChangeLog
View file

@ -1,3 +1,25 @@
Fri Nov 13 07:39:58 1998 Werner Koch <werner.koch@guug.de>
* trustdb.c (collect_paths): Removed a warning message.
(enum_trust_web): Removed.
(enum_cert_paths): New.
* pkclist.c (add_ownertrust): Changed to use enum_cert_paths.
(edit_ownertrust): Now list ceritficates on request.
(show_paths): New.
Wed Nov 11 18:05:44 1998 Werner Koch <werner.koch@guug.de>
* g10.c (main): New option --max-cert-depth
* tdbio.h: add new fields to ver and dir record.
* tdbio.c: read/write/dump of these fields.
(tdbio_db_matches_options): New.
* trustdb.c: replaced MAC_CERT_DEPTH by opt.max_cert_depth.
(do_check): cache validity and changed other functions
to reset the cached value.
* keylist.c (list_one): Now lists the ownertrust.
* mainproc.c (list_node): Ditto.
Tue Nov 10 10:08:59 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (g10_exit): Now looks at the new g10_errors_seen.

6
g10/g10.c
View file

@ -114,6 +114,7 @@ enum cmd_and_opt_values { aNull = 0,
oNoComment,
oCompletesNeeded,
oMarginalsNeeded,
oMaxCertDepth,
oLoadExtension,
oRFC1991,
oCipherAlgo,
@ -230,6 +231,7 @@ static ARGPARSE_OPTS opts[] = {
{ oNoComment, "no-comment", 0, N_("do not write comment packets")},
{ oCompletesNeeded, "completes-needed", 1, N_("(default is 1)")},
{ oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")},
{ oMaxCertDepth, "max-cert-depth", 1, "@" },
{ oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
@ -533,6 +535,7 @@ main( int argc, char **argv )
opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.max_cert_depth = 5;
opt.homedir = getenv("GNUPGHOME");
if( !opt.homedir || !*opt.homedir ) {
#ifdef __MINGW32__
@ -699,6 +702,7 @@ main( int argc, char **argv )
case oNoComment: opt.no_comment=1; break;
case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
case oNoOptions: break; /* no-options */
@ -819,6 +823,8 @@ main( int argc, char **argv )
log_error(_("completes-needed must be greater than 0\n"));
if( opt.marginals_needed < 2 )
log_error(_("marginals-needed must be greater than 1\n"));
if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
log_error(_("max-cert-depth must be in range 1 to 255\n"));
switch( opt.s2k_mode ) {
case 0:
log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));

3
g10/keylist.c
View file

@ -207,7 +207,8 @@ list_keyblock( KBNODE keyblock, int secret )
if( pk->local_id )
printf("%lu", pk->local_id );
putchar(':');
/* fixme: add ownertrust here */
if( pk->local_id )
putchar( get_ownertrust_info( pk->local_id ) );
putchar(':');
}
else

3
g10/mainproc.c
View file

@ -483,7 +483,8 @@ list_node( CTX c, KBNODE node )
if( c->local_id )
printf("%lu", c->local_id );
putchar(':');
/* fixme: add ownertrust here */
if( c->local_id )
putchar( get_ownertrust_info( c->local_id ) );
putchar(':');
}
else

1
g10/options.h
View file

@ -49,6 +49,7 @@ struct {
int no_comment;
int marginals_needed;
int completes_needed;
int max_cert_depth;
const char *homedir;
int skip_verify;
int compress_keys;

5
g10/options.skel
View file

@ -41,3 +41,8 @@ compress-algo 1
#charset koi8-r
# You may define aliases like this:
# alias mynames -u 0x12345678 -u 0x456789ab -z 9
# everytime you use --mynames, it will be expanded to the options
# in the above defintion. The name of the alias may not be abbreviated.

76
g10/pkclist.c
View file

@ -40,6 +40,49 @@
#define CONTROL_D ('D' - 'A' + 1)
static void
show_paths( ulong lid )
{
void *context = NULL;
unsigned otrust, validity;
int level;
while( (level=enum_cert_paths( &context, &lid, &otrust, &validity)) != -1){
char *p;
int rc;
size_t n;
u32 keyid[2];
PKT_public_key *pk ;
rc = keyid_from_lid( lid, keyid );
if( rc ) {
log_error("ooops: can't get keyid for lid %lu\n", lid);
return;
}
pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc ) {
log_error("key %08lX: public key not found: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
return;
}
tty_printf("%*s%4u%c/%08lX.%lu %s \"",
level*2,
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], lid, datestr_from_pk( pk ) );
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
m_free(p);
tty_printf("\"\n\n");
}
enum_cert_paths( &context, NULL, NULL, NULL ); /* release context */
}
/****************
* Returns true if an ownertrust has changed.
*/
@ -68,7 +111,7 @@ edit_ownertrust( ulong lid, int mode )
}
if( !mode ) {
tty_printf(_("No owner trust defined for %lu:\n"
tty_printf(_("No trust value assigned to %lu:\n"
"%4u%c/%08lX %s \""), lid,
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], datestr_from_pk( pk ) );
@ -115,7 +158,9 @@ edit_ownertrust( ulong lid, int mode )
break;
}
else if( *p == ans[0] || *p == ans[1] ) {
tty_printf(_("You will see a list of signators etc. here\n"));
tty_printf(_(
"Certificates leading to an ultimately trusted key:\n"));
show_paths( lid );
}
else if( mode && (*p == ans[2] || *p == ans[3] || *p == CONTROL_D ) ) {
break ; /* back to the menu */
@ -138,8 +183,8 @@ add_ownertrust( PKT_public_key *pk )
int rc;
void *context = NULL;
ulong lid;
unsigned trust;
int any=0;
unsigned otrust, validity;
int any=0, changed=0, any_undefined=0;
tty_printf(
_("Could not find a valid trust path to the key. Let's see whether we\n"
@ -152,22 +197,25 @@ _("Could not find a valid trust path to the key. Let's see whether we\n"
}
lid = pk->local_id;
while( !(rc=enum_trust_web( &context, &lid )) ) {
trust = get_ownertrust( lid );
if( trust == TRUST_UNDEFINED || trust == TRUST_EXPIRED ||
trust == TRUST_UNKNOWN ) {
while( enum_cert_paths( &context, &lid, &otrust, &validity ) != -1 ) {
any=1;
if( otrust == TRUST_UNDEFINED || otrust == TRUST_EXPIRED ||
otrust == TRUST_UNKNOWN ) {
any_undefined=1;
if( edit_ownertrust( lid, 0 ) )
any=1;
changed=1;
}
}
if( rc == -1 )
rc = 0;
enum_trust_web( &context, NULL ); /* close */
enum_cert_paths( &context, NULL, NULL, NULL ); /* release context */
if( !any )
tty_printf(_("No owner trust values changed.\n\n") );
tty_printf(_("No path leading to one of our keys found.\n\n") );
else if( !any_undefined )
tty_printf(_("No certificates with undefined trust found.\n\n") );
else if( !changed )
tty_printf(_("No trust values changed.\n\n") );
return rc? rc : any? 0:-1;
return any? 0:-1;
}
/****************

121
g10/ringedit.c
View file

@ -830,6 +830,127 @@ update_keyblock( KBPOS *kbpos, KBNODE root )
}
/****************************************************************
********** Implemenation of a user ID database **************
****************************************************************/
#if 0
/****************
* Layout of the user ID db
*
* This user ID DB provides fast lookup of user ID, but the user ids are
* not in any specific order.
*
* A string "GnuPG user db", a \n.
* user ids of one key, delimited by \t,
* a # or ^ followed by a 20 byte fingerprint, followed by an \n
* The literal characters =, \n, \t, #, ^ must be replaced by a equal sign
* and their hex value.
*
* (We use Boyer/Moore pattern matching)
*/
/****************
* This compiles pattern to the distance table, the table will be allocate
* here and must be freed by using free().
* Returns: Ptr to new allocated Table
* Caller must free the table.
*/
static size_t *
compile_bm_table( const byte *pattern, size_t len )
{
ushort *dist;
int i;
dist = m_alloc_clear( 256 * sizeof *dist );
for(i=0; i < 256; i++ )
dist[i] = len;
for(i=0; i < len-1; i++ )
dTbl[p[i]] = len-i-1;
return dist;
}
/****************
* Search BUF of BUFLEN for pattern P of length PATLEN.
* dist is the Boyer/Moore distance table of 256 Elements,
* case insensitive search is done if IGNCASE is true (In this case
* the distance table has to compiled from uppercase chacaters and
* PAT must also be uppercase.
* Returns: Prt to maching string in BUF, or NULL if not found.
*/
static const *
do_bm_search( const byte *buf, size_t buflen,
const byte *pat, size_t patlen, size_t *dist, int igncase )
{
int i, j, k;
if( igncase ) {
int c, c1;
for( i = --patlen; i < buflen; i += dist[c1] )
for( j=patlen, k=i, c1=c=toupper(buf[k]); c == pat[j];
j--, k--, c=toupper(buf[k]) ) {
if( !j )
return buf+k;
}
}
else {
for( i = --patlen; i < buflen; i += dist[buf[i]] )
for( j=patlen, k=i; buf[k] == pat[j]; j--, k-- ) {
if( !j )
return buf+k;
}
}
return NULL;
}
typedef struct {
size_t dist[256];
} *SCAN_USER_HANDLE;
static SCAN_USER_HANDLE
scan_user_file_open( const byte *name )
{
SCAN_USER_HANDLE hd;
size_t *dist;
int i;
hd = m_alloc_clear( sizeof *hd );
dist = hd->dist;
/* compile the distance table */
for(i=0; i < 256; i++ )
dist[i] = len;
for(i=0; i < len-1; i++ )
dTbl[p[i]] = len-i-1;
/* setup other things */
return hd;
}
static int
scan_user_file_close( SCAN_USER_HANDLE hd )
{
m_free( hd );
}
static int
scan_user_file_read( SCAN_USER_HANDLE hd, byte *fpr )
{
char record[1000];
/* read a record */
}
#endif
/****************************************************************
********** Functions which operates on regular keyrings ********

75
g10/tdbio.c
View file

@ -419,6 +419,9 @@ tdbio_set_dbname( const char *new_dbname, int create )
memset( &rec, 0, sizeof rec );
rec.r.ver.version = 2;
rec.r.ver.created = make_timestamp();
rec.r.ver.marginals = opt.marginals_needed;
rec.r.ver.completes = opt.completes_needed;
rec.r.ver.cert_depth = opt.max_cert_depth;
rec.rectype = RECTYPE_VER;
rec.recnum = 0;
rc = tdbio_write_record( &rec );
@ -511,6 +514,41 @@ create_hashtable( TRUSTREC *vr, int type )
}
int
tdbio_db_matches_options()
{
static int yes_no = -1;
if( yes_no == -1 ) {
TRUSTREC vr;
int rc;
rc = tdbio_read_record( 0, &vr, RECTYPE_VER );
if( rc )
log_fatal( _("%s: error reading version record: %s\n"),
db_name, g10_errstr(rc) );
if( !vr.r.ver.marginals && !vr.r.ver.completes
&& !vr.r.ver.cert_depth )
{ /* special hack for trustdbs created by old versions of GnuPG */
vr.r.ver.marginals = opt.marginals_needed;
vr.r.ver.completes = opt.completes_needed;
vr.r.ver.cert_depth = opt.max_cert_depth;
rc = tdbio_write_record( &vr );
if( !rc && !in_transaction )
rc = tdbio_sync();
if( rc )
log_error( _("%s: error writing version record: %s\n"),
db_name, g10_errstr(rc) );
}
yes_no = vr.r.ver.marginals == opt.marginals_needed
&& vr.r.ver.completes == opt.completes_needed
&& vr.r.ver.cert_depth == opt.max_cert_depth;
}
return yes_no;
}
/****************
* Return the record number of the keyhash tbl or create a new one.
@ -839,19 +877,24 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp )
switch( rec->rectype ) {
case 0: fprintf(fp, "blank\n");
break;
case RECTYPE_VER: fprintf(fp, "version, kd=%lu, sd=%lu, free=%lu\n",
case RECTYPE_VER: fprintf(fp,
"version, kd=%lu, sd=%lu, free=%lu, m/c/d=%d/%d/%d\n",
rec->r.ver.keyhashtbl, rec->r.ver.sdirhashtbl,
rec->r.ver.firstfree );
rec->r.ver.firstfree,
rec->r.ver.marginals,
rec->r.ver.completes,
rec->r.ver.cert_depth );
break;
case RECTYPE_FREE: fprintf(fp, "free, next=%lu\n", rec->r.free.next );
break;
case RECTYPE_DIR:
fprintf(fp, "dir %lu, keys=%lu, uids=%lu, cach=%lu, ot=%02x",
fprintf(fp, "dir %lu, keys=%lu, uids=%lu, t=%02x",
rec->r.dir.lid,
rec->r.dir.keylist,
rec->r.dir.uidlist,
rec->r.dir.cacherec,
rec->r.dir.ownertrust );
if( rec->r.dir.dirflags & DIRF_VALVALID )
fprintf( fp, ", v=%02x", rec->r.dir.validity );
if( rec->r.dir.dirflags & DIRF_CHECKED ) {
if( rec->r.dir.dirflags & DIRF_VALID )
fputs(", valid", fp );
@ -863,7 +906,7 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp )
putc('\n', fp);
break;
case RECTYPE_KEY:
fprintf(fp, "key %lu, next=%lu, algo=%d, ",
fprintf(fp, "key %lu, n=%lu a=%d ",
rec->r.key.lid,
rec->r.key.next,
rec->r.key.pubkey_algo );
@ -1005,7 +1048,9 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
}
p += 2; /* skip "pgp" */
rec->r.ver.version = *p++;
p += 3; /* reserved bytes */
rec->r.ver.marginals = *p++;
rec->r.ver.completes = *p++;
rec->r.ver.cert_depth = *p++;
p += 4; /* lock flags */
rec->r.ver.created = buftoulong(p); p += 4;
rec->r.ver.modified = buftoulong(p); p += 4;
@ -1034,6 +1079,18 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
rec->r.dir.cacherec = buftoulong(p); p += 4;
rec->r.dir.ownertrust = *p++;
rec->r.dir.dirflags = *p++;
rec->r.dir.validity = *p++;
switch( rec->r.dir.validity ) {
case 0:
case TRUST_UNDEFINED:
case TRUST_NEVER:
case TRUST_MARGINAL:
case TRUST_FULLY:
case TRUST_ULTIMATE:
break;
default:
log_info("lid %lu: invalid validity value - cleared\n", recnum);
}
if( rec->r.dir.lid != recnum ) {
log_error( "%s: dir LID != recnum (%lu,%lu)\n",
db_name, rec->r.dir.lid, (ulong)recnum );
@ -1137,7 +1194,10 @@ tdbio_write_record( TRUSTREC *rec )
BUG();
memcpy(p-1, "gpg", 3 ); p += 2;
*p++ = rec->r.ver.version;
p += 7; /* skip reserved bytes and lock flags */
*p++ = rec->r.ver.marginals;
*p++ = rec->r.ver.completes;
*p++ = rec->r.ver.cert_depth;
p += 4; /* skip lock flags */
ulongtobuf(p, rec->r.ver.created); p += 4;
ulongtobuf(p, rec->r.ver.modified); p += 4;
ulongtobuf(p, rec->r.ver.validated); p += 4;
@ -1157,6 +1217,7 @@ tdbio_write_record( TRUSTREC *rec )
ulongtobuf(p, rec->r.dir.cacherec); p += 4;
*p++ = rec->r.dir.ownertrust;
*p++ = rec->r.dir.dirflags;
*p++ = rec->r.dir.validity;
assert( rec->r.dir.lid == recnum );
break;

8
g10/tdbio.h
View file

@ -47,11 +47,12 @@
#define RECTYPE_FREE 254
#define DIRF_CHECKED 1 /* has been checkd - other bits are valid */
#define DIRF_CHECKED 1 /* has been checked - bits 1,2,3 are valid */
#define DIRF_VALID 2 /* This key is valid: There is at least */
/* one uid with a selfsignature or an revocation */
#define DIRF_EXPIRED 4 /* the complete key has expired */
#define DIRF_REVOKED 8 /* the complete key has been revoked */
#define DIRF_VALVALID 16 /* The validity field is valid */
#define KEYF_CHECKED 1 /* This key has been checked */
#define KEYF_VALID 2 /* This is a valid (sub)key */
@ -77,6 +78,9 @@ struct trust_record {
union {
struct { /* version record: */
byte version; /* should be 2 */
byte marginals;
byte completes;
byte cert_depth;
ulong created; /* timestamp of trustdb creation */
ulong modified; /* timestamp of last modification */
ulong validated; /* timestamp of last validation */
@ -94,6 +98,7 @@ struct trust_record {
ulong cacherec; /* the cache record */
byte ownertrust;
byte dirflags;
byte validity; /* calculated trustlevel */
} dir;
struct { /* primary public key record */
ulong lid;
@ -168,6 +173,7 @@ const char *tdbio_get_dbname(void);
void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
int tdbio_write_record( TRUSTREC *rec );
int tdbio_db_matches_options(void);
int tdbio_is_dirty(void);
int tdbio_sync(void);
int tdbio_begin_transaction(void);

116
g10/trustdb.c
View file

@ -42,8 +42,6 @@
#include "i18n.h"
#include "tdbio.h"
#define MAX_CERT_DEPTH 5
#if MAX_FINGERPRINT_LEN > 20
#error Must change structure of trustdb
#endif
@ -67,7 +65,7 @@ typedef struct trust_info TRUST_INFO;
struct trust_info {
ulong lid;
byte otrust; /* ownertrust (assigned trust) */
byte trust; /* calculated trust (validity) */
byte trust; /* calculated trust (validity) */
};
typedef struct trust_seg_list *TRUST_SEG_LIST;
@ -806,14 +804,15 @@ collect_paths( int depth, int max_depth, int all, TRUSTREC *drec,
continue; /* skip revoked signatures */
/* visit every signer only once (a signer may have
* signed multizple user IDs */
* signed more than one user ID) */
if( sigs_seen && ins_lid_table_item( sigs_seen,
rec.r.sig.sig[i].lid, 0) )
continue; /* we alread have this one */
continue; /* we already have this one */
read_record( rec.r.sig.sig[i].lid, &tmp, 0 );
if( tmp.rectype != RECTYPE_DIR ) {
log_info("oops: lid %lu: sig %lu has rectype %d"
if( tmp.rectype != RECTYPE_SDIR )
log_info("oops: lid %lu: sig %lu has rectype %d"
" - skipped\n",
drec->r.dir.lid, tmp.recnum, tmp.rectype );
continue;
@ -892,7 +891,7 @@ verify_key( int max_depth, TRUSTREC *drec )
* but nothing more is known.
*/
static int
do_check( TRUSTREC *dr, unsigned *trustlevel )
do_check( TRUSTREC *dr, unsigned *validity )
{
if( !dr->r.dir.keylist ) {
log_error(_("Ooops, no keys\n"));
@ -903,10 +902,23 @@ do_check( TRUSTREC *dr, unsigned *trustlevel )
return G10ERR_TRUSTDB;
}
*trustlevel = verify_key( MAX_CERT_DEPTH, dr );
if( tdbio_db_matches_options()
&& (dr->r.dir.dirflags & DIRF_VALVALID)
&& dr->r.dir.validity )
*validity = dr->r.dir.validity;
else {
*validity = verify_key( opt.max_cert_depth, dr );
if( (*validity & TRUST_MASK) >= TRUST_UNDEFINED
&& tdbio_db_matches_options() ) {
/* update the cached validity value */
dr->r.dir.validity = (*validity & TRUST_MASK);
dr->r.dir.dirflags |= DIRF_VALVALID;
write_record( dr );
}
}
if( dr->r.dir.dirflags & DIRF_REVOKED )
*trustlevel |= TRUST_FLAG_REVOKED;
*validity |= TRUST_FLAG_REVOKED;
return 0;
}
@ -1496,7 +1508,10 @@ query_trust_info( PKT_public_key *pk )
/****************
* Enumerate all keys, which are needed to build all trust paths for
* the given key. This function does not return the key itself or
* the ultimate key.
* the ultimate key (the last point in cerificate chain). Only
* certificate chains which ends up at an ultimately trusted key
* are listed. If ownertrust or validity is not NULL, the corresponding
* value for the returned LID is also returned in these variable(s).
*
* 1) create a void pointer and initialize it to NULL
* 2) pass this void pointer by reference to this function.
@ -1505,51 +1520,73 @@ query_trust_info( PKT_public_key *pk )
* to indicate EOF. LID does contain the next key used to build the web
* 4) Always call this function a last time with LID set to NULL,
* so that it can free its context.
*
* Returns: -1 on EOF or the level of the returned LID
*/
int
enum_trust_web( void **context, ulong *lid )
enum_cert_paths( void **context, ulong *lid,
unsigned *ownertrust, unsigned *validity )
{
#if 0
struct {
int init;
TRUST_SEG_LIST tsl_head;
TRUST_SEG_LIST tsl;
int idx;
} *ctx;
int rc;
int wipe=0;
TRUSTREC rec;
TRUST_INFO *tmppath;
TRUST_SEG_LIST trust_seg_list, tsl, tsl2;
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
TRUST_SEG_LIST tsl;
if( !lid ) { /* release the context */
if( *context ) {
TRUST_SEG_LIST tsl2;
ctx = *context;
for(tsl = ctx->tsl_head; tsl; tsl = tsl2 ) {
tsl2 = tsl->next;
m_free( tsl );
}
*context = NULL;
}
return -1;
}
if( !*context ) {
asssert( *lid );
TRUST_INFO *tmppath;
TRUSTREC rec;
if( !lid )
return -1;
ctx = m_alloc_clear( sizeof *ctx );
*context = ctx;
/* collect the paths */
read_record( *lid, &rec, RECTYPE_DIR );
tmppath = m_alloc_clear( (MAX_CERT_DEPTH+1)* sizeof *tmppath );
trust_seg_list = NULL;
collect_paths( 0, MAX_CERT_DEPTH, 1, &rec, tmppath, &trust_seg_list );
tmppath = m_alloc_clear( (opt.max_cert_depth+1)* sizeof *tmppath );
tsl = NULL;
collect_paths( 0, opt.max_cert_depth, 1, &rec, tmppath, &tsl );
m_free( tmppath );
/* and now print them */
for(tsl = trust_seg_list; tsl; tsl = tsl->next ) {
print_path( tsl->pathlen, tsl->path );
}
ctx->tsl_head = tsl;
ctx->tsl = ctx->tsl_head;
ctx->idx = 0;
}
else
ctx = *context;
if( !lid ) { /* release the context */
if( *
/* release the list */
for(tsl = trust_seg_list; tsl; tsl = tsl2 ) {
tsl2 = tsl->next;
m_free( tsl );
}
trust_seg_list = NULL;
while( ctx->tsl && ctx->idx >= tsl->pathlen ) {
ctx->tsl = ctx->tsl->next;
ctx->idx = 0;
}
#endif
return -1; /* eof */
tsl = ctx->tsl;
if( !tsl )
return -1; /* eof */
if( ownertrust )
*ownertrust = tsl->path[ctx->idx].otrust;
if( validity )
*validity = tsl->path[ctx->idx].trust;
*lid = tsl->path[ctx->idx].lid;
ctx->idx++;
return ctx->idx-1;
}
@ -1671,7 +1708,7 @@ query_trust_record( PKT_public_key *pk )
return get_dir_record( pk, &rec );
}
/* FIXME: Brauchen wir das?? */
int
clear_trust_checked_flag( PKT_public_key *pk )
{
@ -1682,11 +1719,14 @@ clear_trust_checked_flag( PKT_public_key *pk )
if( rc )
return rc;
if( !(rec.r.dir.dirflags & DIRF_CHECKED) )
/* check whether they are already reset */
if( !(rec.r.dir.dirflags & DIRF_CHECKED)
&& !(rec.r.dir.dirflags & DIRF_VALVALID) )
return 0;
/* reset the flag */
rec.r.dir.dirflags &= ~DIRF_CHECKED;
rec.r.dir.dirflags &= ~DIRF_VALVALID;
write_record( &rec );
do_sync();
return 0;
@ -2735,6 +2775,8 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
if( rc )
rc = tdbio_cancel_transaction();
else {
drec.r.dir.dirflags |= DIRF_CHECKED;
drec.r.dir.dirflags &= ~DIRF_VALVALID;
write_record( &drec );
if( modified && tdbio_is_dirty() )
*modified = 1;

3
g10/trustdb.h
View file

@ -50,7 +50,8 @@ void update_trustdb( void );
int init_trustdb( int level, const char *dbname );
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
int query_trust_info( PKT_public_key *pk );
int enum_trust_web( void **context, ulong *lid );
int enum_cert_paths( void **context, ulong *lid,
unsigned *ownertrust, unsigned *validity );
unsigned get_ownertrust( ulong lid );
int get_ownertrust_info( ulong lid );
byte *get_pref_data( ulong lid, const byte *namehash, size_t *ret_n );