security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

gpg: Do not require a trustdb with --always-trust. 

* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2013-10-11 09:25:58 +02:00
parent 6286d01ba3
commit 1a0eeaacd1
5 changed files with 137 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -1,6 +1,8 @@
Noteworthy changes in version 2.0.23 (unreleased)
-------------------------------------------------
* Do not create a trustdb file if --trust-model=always is used.
Noteworthy changes in version 2.0.22 (2013-10-04)
-------------------------------------------------

6
g10/gpg.c
View File

@ -3408,15 +3408,11 @@ main (int argc, char **argv)
case aListTrustDB:
rc = setup_trustdb (argc? 1:0, trustdb_name);
break;
case aEncr:
case aEncrFiles:
default:
/* If we are using TM_ALWAYS, we do not need to create the
trustdb. */
rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
break;
default:
rc = setup_trustdb (1, trustdb_name );
break;
}
if (rc)
log_error (_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));

8
g10/tdbio.c
View File

@ -473,7 +473,7 @@ create_version_record (void)
int
tdbio_set_dbname( const char *new_dbname, int create )
tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile)
{
char *fname;
static int initialized = 0;
@ -483,6 +483,8 @@ tdbio_set_dbname( const char *new_dbname, int create )
initialized = 1;
}
*r_nofile = 0;
if(new_dbname==NULL)
fname=make_filename(opt.homedir,"trustdb" EXTSEP_S "gpg", NULL);
else if (*new_dbname != DIRSEP_C )
@ -501,7 +503,9 @@ tdbio_set_dbname( const char *new_dbname, int create )
xfree(fname);
return G10ERR_TRUSTDB;
}
if( create ) {
if (!create)
*r_nofile = 1;
else {
FILE *fp;
TRUSTREC rec;
int rc;

2
g10/tdbio.h
View File

@ -93,7 +93,7 @@ typedef struct trust_record TRUSTREC;
/*-- tdbio.c --*/
int tdbio_update_version_record(void);
int tdbio_set_dbname( const char *new_dbname, int create );
int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile);
const char *tdbio_get_dbname(void);
void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );

38
g10/trustdb.c
View File

@ -73,6 +73,7 @@ static struct {
int init;
int level;
char *dbname;
int no_trustdb; /* Set if a trustdb file is not available. */
} trustdb_args;
/* some globals */
@ -441,7 +442,7 @@ init_trustdb()
if(level==0 || level==1)
{
int rc = tdbio_set_dbname( dbname, !!level );
int rc = tdbio_set_dbname (dbname, !!level, &trustdb_args.no_trustdb);
if( rc )
log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
}
@ -627,6 +628,9 @@ void
revalidation_mark (void)
{
init_trustdb();
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
/* we simply set the time for the next check to 1 (far back in 1970)
* so that a --update-trustdb will be scheduled */
if (tdbio_write_nextcheck (1))
@ -662,7 +666,9 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
TRUSTREC opts;
init_trustdb();
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
memset (&opts, 0, sizeof opts);
else
read_record(0,&opts,RECTYPE_VER);
if(trust_model)
@ -721,6 +727,9 @@ get_ownertrust ( PKT_public_key *pk)
TRUSTREC rec;
int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
rc = read_trust_record (pk, &rec);
if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */
@ -739,6 +748,9 @@ get_min_ownertrust (PKT_public_key *pk)
TRUSTREC rec;
int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
rc = read_trust_record (pk, &rec);
if (rc == -1)
return TRUST_UNKNOWN; /* no record yet */
@ -806,6 +818,9 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
TRUSTREC rec;
int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
rc = read_trust_record (pk, &rec);
if (!rc)
{
@ -850,6 +865,9 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
TRUSTREC rec;
int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return;
pk = xmalloc_clear (sizeof *pk);
rc = get_pubkey (pk, kid);
if (rc)
@ -905,6 +923,9 @@ clear_ownertrusts (PKT_public_key *pk)
TRUSTREC rec;
int rc;
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0;
rc = read_trust_record (pk, &rec);
if (!rc)
{
@ -1007,6 +1028,8 @@ cache_disabled_value(PKT_public_key *pk)
return (pk->is_disabled==2);
init_trustdb();
if (trustdb_args.no_trustdb)
return 0; /* No trustdb => not disabled. */
rc = read_trust_record (pk, &trec);
if (rc && rc != -1)
@ -1037,6 +1060,9 @@ check_trustdb_stale(void)
static int did_nextcheck=0;
init_trustdb ();
if (trustdb_args.no_trustdb)
return; /* No trustdb => can't be stale. */
if (!did_nextcheck
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
{
@ -1080,6 +1106,14 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
namehash_from_uid(uid);
init_trustdb ();
/* If we have no trustdb (which also means it has not been created)
and the trust-model is always, we don't know the validity -
return immediately. If we won't do that the tdbio code would try
to open the trustdb and run into a fatal error. */
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
check_trustdb_stale();
keyid_from_pk (pk, kid);