mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-20 14:37:08 +01:00
gpg: Validate the trustdb after the import of a trusted key.
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk. If not set after chk_self_sigs check whether the imported key is an ultimately trusted key. -- The revalidation mark was only set if the imported key had a new key signature. This is in general correct but not if the imported key is a trusted key. GnuPG-bug-id: 7200
This commit is contained in:
parent
3dd6887f13
commit
23d4e7f0a7
20
g10/import.c
20
g10/import.c
@ -1857,7 +1857,7 @@ import_one_real (ctrl_t ctrl,
|
|||||||
int new_key = 0;
|
int new_key = 0;
|
||||||
int mod_key = 0;
|
int mod_key = 0;
|
||||||
int same_key = 0;
|
int same_key = 0;
|
||||||
int non_self = 0;
|
int non_self_or_utk = 0;
|
||||||
size_t an;
|
size_t an;
|
||||||
char pkstrbuf[PUBKEY_STRING_SIZE];
|
char pkstrbuf[PUBKEY_STRING_SIZE];
|
||||||
int merge_keys_done = 0;
|
int merge_keys_done = 0;
|
||||||
@ -1959,9 +1959,21 @@ import_one_real (ctrl_t ctrl,
|
|||||||
if ((options & IMPORT_REPAIR_KEYS))
|
if ((options & IMPORT_REPAIR_KEYS))
|
||||||
key_check_all_keysigs (ctrl, 1, keyblock, 0, 0);
|
key_check_all_keysigs (ctrl, 1, keyblock, 0, 0);
|
||||||
|
|
||||||
if (chk_self_sigs (ctrl, keyblock, keyid, &non_self))
|
if (chk_self_sigs (ctrl, keyblock, keyid, &non_self_or_utk))
|
||||||
return 0; /* Invalid keyblock - error already printed. */
|
return 0; /* Invalid keyblock - error already printed. */
|
||||||
|
|
||||||
|
/* If the imported key is marked as ultimately trusted key (using
|
||||||
|
* --trusted-key), we set the flag so that we can later set the
|
||||||
|
* revalidation mark. */
|
||||||
|
if (!non_self_or_utk)
|
||||||
|
{
|
||||||
|
/* Make sure the trustdb is initialized so that the UTK list is
|
||||||
|
* available. */
|
||||||
|
init_trustdb (ctrl, 1);
|
||||||
|
if (tdb_keyid_is_utk (keyid))
|
||||||
|
non_self_or_utk = 2;
|
||||||
|
}
|
||||||
|
|
||||||
/* If we allow such a thing, mark unsigned uids as valid */
|
/* If we allow such a thing, mark unsigned uids as valid */
|
||||||
if (opt.allow_non_selfsigned_uid)
|
if (opt.allow_non_selfsigned_uid)
|
||||||
{
|
{
|
||||||
@ -2127,7 +2139,7 @@ import_one_real (ctrl_t ctrl,
|
|||||||
importing and locally exported key. */
|
importing and locally exported key. */
|
||||||
|
|
||||||
clear_ownertrusts (ctrl, pk);
|
clear_ownertrusts (ctrl, pk);
|
||||||
if (non_self)
|
if (non_self_or_utk)
|
||||||
revalidation_mark (ctrl);
|
revalidation_mark (ctrl);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2220,7 +2232,7 @@ import_one_real (ctrl_t ctrl,
|
|||||||
if (err)
|
if (err)
|
||||||
log_error (_("error writing keyring '%s': %s\n"),
|
log_error (_("error writing keyring '%s': %s\n"),
|
||||||
keydb_get_resource_name (hd), gpg_strerror (err));
|
keydb_get_resource_name (hd), gpg_strerror (err));
|
||||||
else if (non_self)
|
else if (non_self_or_utk)
|
||||||
revalidation_mark (ctrl);
|
revalidation_mark (ctrl);
|
||||||
|
|
||||||
/* Release the handle and thus unlock the keyring asap. */
|
/* Release the handle and thus unlock the keyring asap. */
|
||||||
|
Loading…
x
Reference in New Issue
Block a user