mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-28 02:12:46 +02:00
gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark): Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--
This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used. It just does
not make sense to create a trustdb if there is no need for it.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1
)
Resolved conflicts:
g10/gpg.c
g10/tdbio.h
g10/trustdb.c
(indentation fixes)
This commit is contained in:
parent
0a10f1f91e
commit
2528178e7e
2
NEWS
2
NEWS
|
@ -1,6 +1,8 @@
|
||||||
Noteworthy changes in version 1.4.16 (unreleased)
|
Noteworthy changes in version 1.4.16 (unreleased)
|
||||||
-------------------------------------------------
|
-------------------------------------------------
|
||||||
|
|
||||||
|
* Do not create a trustdb file if --trust-model=always is used.
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 1.4.15 (2013-10-04)
|
Noteworthy changes in version 1.4.15 (2013-10-04)
|
||||||
-------------------------------------------------
|
-------------------------------------------------
|
||||||
|
|
|
@ -3318,14 +3318,12 @@ main (int argc, char **argv )
|
||||||
case aFixTrustDB:
|
case aFixTrustDB:
|
||||||
case aExportOwnerTrust: rc = setup_trustdb( 0, trustdb_name ); break;
|
case aExportOwnerTrust: rc = setup_trustdb( 0, trustdb_name ); break;
|
||||||
case aListTrustDB: rc = setup_trustdb( argc? 1:0, trustdb_name ); break;
|
case aListTrustDB: rc = setup_trustdb( argc? 1:0, trustdb_name ); break;
|
||||||
case aEncr:
|
default:
|
||||||
case aEncrFiles:
|
/* No need to create the trust model if we are using the
|
||||||
/* No need to create the trust model if we are using the
|
|
||||||
* always trust model. */
|
* always trust model. */
|
||||||
rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
|
rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
|
||||||
break;
|
break;
|
||||||
default: rc = setup_trustdb(1, trustdb_name ); break;
|
}
|
||||||
}
|
|
||||||
if( rc )
|
if( rc )
|
||||||
log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
|
log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
|
||||||
|
|
||||||
|
|
|
@ -471,7 +471,7 @@ create_version_record (void)
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
tdbio_set_dbname( const char *new_dbname, int create )
|
tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile)
|
||||||
{
|
{
|
||||||
char *fname;
|
char *fname;
|
||||||
static int initialized = 0;
|
static int initialized = 0;
|
||||||
|
@ -481,6 +481,8 @@ tdbio_set_dbname( const char *new_dbname, int create )
|
||||||
initialized = 1;
|
initialized = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
*r_nofile = 0;
|
||||||
|
|
||||||
if(new_dbname==NULL)
|
if(new_dbname==NULL)
|
||||||
fname=make_filename(opt.homedir,"trustdb" EXTSEP_S "gpg", NULL);
|
fname=make_filename(opt.homedir,"trustdb" EXTSEP_S "gpg", NULL);
|
||||||
else if (*new_dbname != DIRSEP_C )
|
else if (*new_dbname != DIRSEP_C )
|
||||||
|
@ -499,7 +501,9 @@ tdbio_set_dbname( const char *new_dbname, int create )
|
||||||
xfree(fname);
|
xfree(fname);
|
||||||
return G10ERR_TRUSTDB;
|
return G10ERR_TRUSTDB;
|
||||||
}
|
}
|
||||||
if( create ) {
|
if (!create)
|
||||||
|
*r_nofile = 1;
|
||||||
|
else {
|
||||||
FILE *fp;
|
FILE *fp;
|
||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
|
@ -90,7 +90,7 @@ typedef struct trust_record TRUSTREC;
|
||||||
|
|
||||||
/*-- tdbio.c --*/
|
/*-- tdbio.c --*/
|
||||||
int tdbio_update_version_record(void);
|
int tdbio_update_version_record(void);
|
||||||
int tdbio_set_dbname( const char *new_dbname, int create );
|
int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile);
|
||||||
const char *tdbio_get_dbname(void);
|
const char *tdbio_get_dbname(void);
|
||||||
void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
|
void tdbio_dump_record( TRUSTREC *rec, FILE *fp );
|
||||||
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
|
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
|
||||||
|
|
204
g10/trustdb.c
204
g10/trustdb.c
|
@ -48,7 +48,7 @@
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* A structure to store key identification as well as some stuff needed
|
* A structure to store key identification as well as some stuff needed
|
||||||
* for validation
|
* for validation
|
||||||
*/
|
*/
|
||||||
struct key_item {
|
struct key_item {
|
||||||
struct key_item *next;
|
struct key_item *next;
|
||||||
|
@ -64,7 +64,7 @@ typedef struct key_item **KeyHashTable; /* see new_key_hash_table() */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Structure to keep track of keys, this is used as an array wherre
|
* Structure to keep track of keys, this is used as an array wherre
|
||||||
* the item right after the last one has a keyblock set to NULL.
|
* the item right after the last one has a keyblock set to NULL.
|
||||||
* Maybe we can drop this thing and replace it by key_item
|
* Maybe we can drop this thing and replace it by key_item
|
||||||
*/
|
*/
|
||||||
struct key_array {
|
struct key_array {
|
||||||
|
@ -77,6 +77,7 @@ static struct {
|
||||||
int init;
|
int init;
|
||||||
int level;
|
int level;
|
||||||
char *dbname;
|
char *dbname;
|
||||||
|
int no_trustdb; /* Set if a trustdb file is not available. */
|
||||||
} trustdb_args;
|
} trustdb_args;
|
||||||
|
|
||||||
/* some globals */
|
/* some globals */
|
||||||
|
@ -96,7 +97,7 @@ static struct key_item *
|
||||||
new_key_item (void)
|
new_key_item (void)
|
||||||
{
|
{
|
||||||
struct key_item *k;
|
struct key_item *k;
|
||||||
|
|
||||||
k = xmalloc_clear (sizeof *k);
|
k = xmalloc_clear (sizeof *k);
|
||||||
return k;
|
return k;
|
||||||
}
|
}
|
||||||
|
@ -118,11 +119,11 @@ release_key_items (struct key_item *k)
|
||||||
* For fast keylook up we need a hash table. Each byte of a KeyIDs
|
* For fast keylook up we need a hash table. Each byte of a KeyIDs
|
||||||
* should be distributed equally over the 256 possible values (except
|
* should be distributed equally over the 256 possible values (except
|
||||||
* for v3 keyIDs but we consider them as not important here). So we
|
* for v3 keyIDs but we consider them as not important here). So we
|
||||||
* can just use 10 bits to index a table of 1024 key items.
|
* can just use 10 bits to index a table of 1024 key items.
|
||||||
* Possible optimization: Don not use key_items but other hash_table when the
|
* Possible optimization: Don not use key_items but other hash_table when the
|
||||||
* duplicates lists gets too large.
|
* duplicates lists gets too large.
|
||||||
*/
|
*/
|
||||||
static KeyHashTable
|
static KeyHashTable
|
||||||
new_key_hash_table (void)
|
new_key_hash_table (void)
|
||||||
{
|
{
|
||||||
struct key_item **tbl;
|
struct key_item **tbl;
|
||||||
|
@ -143,7 +144,7 @@ release_key_hash_table (KeyHashTable tbl)
|
||||||
xfree (tbl);
|
xfree (tbl);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Returns: True if the keyID is in the given hash table
|
* Returns: True if the keyID is in the given hash table
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
|
@ -168,7 +169,7 @@ add_key_hash_table (KeyHashTable tbl, u32 *kid)
|
||||||
for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
|
for (k = tbl[(kid[1] & 0x03ff)]; k; k = k->next)
|
||||||
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
|
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
|
||||||
return; /* already in table */
|
return; /* already in table */
|
||||||
|
|
||||||
kk = new_key_item ();
|
kk = new_key_item ();
|
||||||
kk->kid[0] = kid[0];
|
kk->kid[0] = kid[0];
|
||||||
kk->kid[1] = kid[1];
|
kk->kid[1] = kid[1];
|
||||||
|
@ -238,7 +239,7 @@ add_utk (u32 *kid)
|
||||||
{
|
{
|
||||||
struct key_item *k;
|
struct key_item *k;
|
||||||
|
|
||||||
for (k = utk_list; k; k = k->next)
|
for (k = utk_list; k; k = k->next)
|
||||||
{
|
{
|
||||||
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
|
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
|
||||||
{
|
{
|
||||||
|
@ -273,15 +274,15 @@ verify_own_keys(void)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
/* scan the trustdb to find all ultimately trusted keys */
|
/* scan the trustdb to find all ultimately trusted keys */
|
||||||
for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
|
for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
|
||||||
{
|
{
|
||||||
if ( rec.rectype == RECTYPE_TRUST
|
if ( rec.rectype == RECTYPE_TRUST
|
||||||
&& (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
|
&& (rec.r.trust.ownertrust & TRUST_MASK) == TRUST_ULTIMATE)
|
||||||
{
|
{
|
||||||
byte *fpr = rec.r.trust.fingerprint;
|
byte *fpr = rec.r.trust.fingerprint;
|
||||||
int fprlen;
|
int fprlen;
|
||||||
u32 kid[2];
|
u32 kid[2];
|
||||||
|
|
||||||
/* Problem: We do only use fingerprints in the trustdb but
|
/* Problem: We do only use fingerprints in the trustdb but
|
||||||
* we need the keyID here to indetify the key; we can only
|
* we need the keyID here to indetify the key; we can only
|
||||||
* use that ugly hack to distinguish between 16 and 20
|
* use that ugly hack to distinguish between 16 and 20
|
||||||
|
@ -297,9 +298,9 @@ verify_own_keys(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Put any --trusted-key keys into the trustdb */
|
/* Put any --trusted-key keys into the trustdb */
|
||||||
for (k = user_utk_list; k; k = k->next)
|
for (k = user_utk_list; k; k = k->next)
|
||||||
{
|
{
|
||||||
if ( add_utk (k->kid) )
|
if ( add_utk (k->kid) )
|
||||||
{ /* not yet in trustDB as ultimately trusted */
|
{ /* not yet in trustDB as ultimately trusted */
|
||||||
PKT_public_key pk;
|
PKT_public_key pk;
|
||||||
|
|
||||||
|
@ -445,7 +446,7 @@ init_trustdb()
|
||||||
|
|
||||||
if(level==0 || level==1)
|
if(level==0 || level==1)
|
||||||
{
|
{
|
||||||
int rc = tdbio_set_dbname( dbname, !!level );
|
int rc = tdbio_set_dbname (dbname, !!level, &trustdb_args.no_trustdb);
|
||||||
if( rc )
|
if( rc )
|
||||||
log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
|
log_fatal("can't init trustdb: %s\n", g10_errstr(rc) );
|
||||||
}
|
}
|
||||||
|
@ -496,7 +497,7 @@ init_trustdb()
|
||||||
static int
|
static int
|
||||||
trust_letter (unsigned int value)
|
trust_letter (unsigned int value)
|
||||||
{
|
{
|
||||||
switch( (value & TRUST_MASK) )
|
switch( (value & TRUST_MASK) )
|
||||||
{
|
{
|
||||||
case TRUST_UNKNOWN: return '-';
|
case TRUST_UNKNOWN: return '-';
|
||||||
case TRUST_EXPIRED: return 'e';
|
case TRUST_EXPIRED: return 'e';
|
||||||
|
@ -545,7 +546,7 @@ uid_trust_string_fixed(PKT_public_key *key,PKT_user_id *uid)
|
||||||
const char *
|
const char *
|
||||||
trust_value_to_string (unsigned int value)
|
trust_value_to_string (unsigned int value)
|
||||||
{
|
{
|
||||||
switch( (value & TRUST_MASK) )
|
switch( (value & TRUST_MASK) )
|
||||||
{
|
{
|
||||||
case TRUST_UNKNOWN: return _("unknown");
|
case TRUST_UNKNOWN: return _("unknown");
|
||||||
case TRUST_EXPIRED: return _("expired");
|
case TRUST_EXPIRED: return _("expired");
|
||||||
|
@ -614,7 +615,7 @@ check_trustdb ()
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Recreate the WoT.
|
* Recreate the WoT.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
update_trustdb()
|
update_trustdb()
|
||||||
|
@ -631,6 +632,9 @@ void
|
||||||
revalidation_mark (void)
|
revalidation_mark (void)
|
||||||
{
|
{
|
||||||
init_trustdb();
|
init_trustdb();
|
||||||
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
||||||
|
return;
|
||||||
|
|
||||||
/* we simply set the time for the next check to 1 (far back in 1970)
|
/* we simply set the time for the next check to 1 (far back in 1970)
|
||||||
* so that a --update-trustdb will be scheduled */
|
* so that a --update-trustdb will be scheduled */
|
||||||
if (tdbio_write_nextcheck (1))
|
if (tdbio_write_nextcheck (1))
|
||||||
|
@ -666,8 +670,10 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
|
||||||
TRUSTREC opts;
|
TRUSTREC opts;
|
||||||
|
|
||||||
init_trustdb();
|
init_trustdb();
|
||||||
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
||||||
read_record(0,&opts,RECTYPE_VER);
|
memset (&opts, 0, sizeof opts);
|
||||||
|
else
|
||||||
|
read_record(0,&opts,RECTYPE_VER);
|
||||||
|
|
||||||
if(trust_model)
|
if(trust_model)
|
||||||
*trust_model=opts.r.ver.trust_model;
|
*trust_model=opts.r.ver.trust_model;
|
||||||
|
@ -689,29 +695,29 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
|
||||||
*********** Ownertrust et al. ****************
|
*********** Ownertrust et al. ****************
|
||||||
***********************************************/
|
***********************************************/
|
||||||
|
|
||||||
static int
|
static int
|
||||||
read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
|
read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
init_trustdb();
|
init_trustdb();
|
||||||
rc = tdbio_search_trust_bypk (pk, rec);
|
rc = tdbio_search_trust_bypk (pk, rec);
|
||||||
if (rc == -1)
|
if (rc == -1)
|
||||||
return -1; /* no record yet */
|
return -1; /* no record yet */
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error ("trustdb: searching trust record failed: %s\n",
|
log_error ("trustdb: searching trust record failed: %s\n",
|
||||||
g10_errstr (rc));
|
g10_errstr (rc));
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rec->rectype != RECTYPE_TRUST)
|
if (rec->rectype != RECTYPE_TRUST)
|
||||||
{
|
{
|
||||||
log_error ("trustdb: record %lu is not a trust record\n",
|
log_error ("trustdb: record %lu is not a trust record\n",
|
||||||
rec->recnum);
|
rec->recnum);
|
||||||
return G10ERR_TRUSTDB;
|
return G10ERR_TRUSTDB;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -719,16 +725,19 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
|
||||||
* Return the assigned ownertrust value for the given public key.
|
* Return the assigned ownertrust value for the given public key.
|
||||||
* The key should be the primary key.
|
* The key should be the primary key.
|
||||||
*/
|
*/
|
||||||
unsigned int
|
unsigned int
|
||||||
get_ownertrust ( PKT_public_key *pk)
|
get_ownertrust ( PKT_public_key *pk)
|
||||||
{
|
{
|
||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
||||||
|
return TRUST_UNKNOWN;
|
||||||
|
|
||||||
rc = read_trust_record (pk, &rec);
|
rc = read_trust_record (pk, &rec);
|
||||||
if (rc == -1)
|
if (rc == -1)
|
||||||
return TRUST_UNKNOWN; /* no record yet */
|
return TRUST_UNKNOWN; /* no record yet */
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
tdbio_invalid ();
|
tdbio_invalid ();
|
||||||
return rc; /* actually never reached */
|
return rc; /* actually never reached */
|
||||||
|
@ -737,16 +746,19 @@ get_ownertrust ( PKT_public_key *pk)
|
||||||
return rec.r.trust.ownertrust;
|
return rec.r.trust.ownertrust;
|
||||||
}
|
}
|
||||||
|
|
||||||
unsigned int
|
unsigned int
|
||||||
get_min_ownertrust (PKT_public_key *pk)
|
get_min_ownertrust (PKT_public_key *pk)
|
||||||
{
|
{
|
||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
||||||
|
return TRUST_UNKNOWN;
|
||||||
|
|
||||||
rc = read_trust_record (pk, &rec);
|
rc = read_trust_record (pk, &rec);
|
||||||
if (rc == -1)
|
if (rc == -1)
|
||||||
return TRUST_UNKNOWN; /* no record yet */
|
return TRUST_UNKNOWN; /* no record yet */
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
tdbio_invalid ();
|
tdbio_invalid ();
|
||||||
return rc; /* actually never reached */
|
return rc; /* actually never reached */
|
||||||
|
@ -809,7 +821,10 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
|
||||||
{
|
{
|
||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
||||||
|
return;
|
||||||
|
|
||||||
rc = read_trust_record (pk, &rec);
|
rc = read_trust_record (pk, &rec);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
|
@ -841,7 +856,7 @@ update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
|
||||||
do_sync ();
|
do_sync ();
|
||||||
rc = 0;
|
rc = 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
tdbio_invalid ();
|
tdbio_invalid ();
|
||||||
}
|
}
|
||||||
|
@ -854,6 +869,9 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
|
||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
||||||
|
return;
|
||||||
|
|
||||||
pk = xmalloc_clear (sizeof *pk);
|
pk = xmalloc_clear (sizeof *pk);
|
||||||
rc = get_pubkey (pk, kid);
|
rc = get_pubkey (pk, kid);
|
||||||
if (rc)
|
if (rc)
|
||||||
|
@ -895,7 +913,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
|
||||||
do_sync ();
|
do_sync ();
|
||||||
rc = 0;
|
rc = 0;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
tdbio_invalid ();
|
tdbio_invalid ();
|
||||||
}
|
}
|
||||||
|
@ -908,7 +926,10 @@ clear_ownertrusts (PKT_public_key *pk)
|
||||||
{
|
{
|
||||||
TRUSTREC rec;
|
TRUSTREC rec;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
||||||
|
return 0;
|
||||||
|
|
||||||
rc = read_trust_record (pk, &rec);
|
rc = read_trust_record (pk, &rec);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
|
@ -936,8 +957,8 @@ clear_ownertrusts (PKT_public_key *pk)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Note: Caller has to do a sync
|
* Note: Caller has to do a sync
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
update_validity (PKT_public_key *pk, PKT_user_id *uid,
|
update_validity (PKT_public_key *pk, PKT_user_id *uid,
|
||||||
|
@ -956,7 +977,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (rc == -1) /* no record yet - create a new one */
|
if (rc == -1) /* no record yet - create a new one */
|
||||||
{
|
{
|
||||||
size_t dummy;
|
size_t dummy;
|
||||||
|
|
||||||
rc = 0;
|
rc = 0;
|
||||||
|
@ -1011,6 +1032,8 @@ cache_disabled_value(PKT_public_key *pk)
|
||||||
return (pk->is_disabled==2);
|
return (pk->is_disabled==2);
|
||||||
|
|
||||||
init_trustdb();
|
init_trustdb();
|
||||||
|
if (trustdb_args.no_trustdb)
|
||||||
|
return 0; /* No trustdb => not disabled. */
|
||||||
|
|
||||||
rc = read_trust_record (pk, &trec);
|
rc = read_trust_record (pk, &trec);
|
||||||
if (rc && rc != -1)
|
if (rc && rc != -1)
|
||||||
|
@ -1020,10 +1043,10 @@ cache_disabled_value(PKT_public_key *pk)
|
||||||
}
|
}
|
||||||
if (rc == -1) /* no record found, so assume not disabled */
|
if (rc == -1) /* no record found, so assume not disabled */
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
|
if(trec.r.trust.ownertrust & TRUST_FLAG_DISABLED)
|
||||||
disabled=1;
|
disabled=1;
|
||||||
|
|
||||||
/* Cache it for later so we don't need to look at the trustdb every
|
/* Cache it for later so we don't need to look at the trustdb every
|
||||||
time */
|
time */
|
||||||
if(disabled)
|
if(disabled)
|
||||||
|
@ -1041,6 +1064,9 @@ check_trustdb_stale(void)
|
||||||
static int did_nextcheck=0;
|
static int did_nextcheck=0;
|
||||||
|
|
||||||
init_trustdb ();
|
init_trustdb ();
|
||||||
|
if (trustdb_args.no_trustdb)
|
||||||
|
return; /* No trustdb => can't be stale. */
|
||||||
|
|
||||||
if (!did_nextcheck
|
if (!did_nextcheck
|
||||||
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
|
&& (opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC))
|
||||||
{
|
{
|
||||||
|
@ -1051,7 +1077,7 @@ check_trustdb_stale(void)
|
||||||
if ((scheduled && scheduled <= make_timestamp ())
|
if ((scheduled && scheduled <= make_timestamp ())
|
||||||
|| pending_check_trustdb)
|
|| pending_check_trustdb)
|
||||||
{
|
{
|
||||||
if (opt.no_auto_check_trustdb)
|
if (opt.no_auto_check_trustdb)
|
||||||
{
|
{
|
||||||
pending_check_trustdb = 1;
|
pending_check_trustdb = 1;
|
||||||
log_info (_("please do a --check-trustdb\n"));
|
log_info (_("please do a --check-trustdb\n"));
|
||||||
|
@ -1068,7 +1094,7 @@ check_trustdb_stale(void)
|
||||||
/*
|
/*
|
||||||
* Return the validity information for PK. If the namehash is not
|
* Return the validity information for PK. If the namehash is not
|
||||||
* NULL, the validity of the corresponsing user ID is returned,
|
* NULL, the validity of the corresponsing user ID is returned,
|
||||||
* otherwise, a reasonable value for the entire key is returned.
|
* otherwise, a reasonable value for the entire key is returned.
|
||||||
*/
|
*/
|
||||||
unsigned int
|
unsigned int
|
||||||
get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
||||||
|
@ -1084,6 +1110,14 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
||||||
namehash_from_uid(uid);
|
namehash_from_uid(uid);
|
||||||
|
|
||||||
init_trustdb ();
|
init_trustdb ();
|
||||||
|
|
||||||
|
/* If we have no trustdb (which also means it has not been created)
|
||||||
|
and the trust-model is always, we don't know the validity -
|
||||||
|
return immediately. If we won't do that the tdbio code would try
|
||||||
|
to open the trustdb and run into a fatal error. */
|
||||||
|
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
|
||||||
|
return TRUST_UNKNOWN;
|
||||||
|
|
||||||
check_trustdb_stale();
|
check_trustdb_stale();
|
||||||
|
|
||||||
keyid_from_pk (pk, kid);
|
keyid_from_pk (pk, kid);
|
||||||
|
@ -1097,7 +1131,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
||||||
log_error ("error getting main key %s of subkey %s: %s\n",
|
log_error ("error getting main key %s of subkey %s: %s\n",
|
||||||
tempkeystr, keystr(kid), g10_errstr(rc));
|
tempkeystr, keystr(kid), g10_errstr(rc));
|
||||||
xfree(tempkeystr);
|
xfree(tempkeystr);
|
||||||
validity = TRUST_UNKNOWN;
|
validity = TRUST_UNKNOWN;
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1120,7 +1154,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
||||||
}
|
}
|
||||||
if (rc == -1) /* no record found */
|
if (rc == -1) /* no record found */
|
||||||
{
|
{
|
||||||
validity = TRUST_UNKNOWN;
|
validity = TRUST_UNKNOWN;
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1153,7 +1187,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
||||||
|
|
||||||
recno = vrec.r.valid.next;
|
recno = vrec.r.valid.next;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
|
if ( (trec.r.trust.ownertrust & TRUST_FLAG_DISABLED) )
|
||||||
{
|
{
|
||||||
validity |= TRUST_FLAG_DISABLED;
|
validity |= TRUST_FLAG_DISABLED;
|
||||||
|
@ -1172,7 +1206,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid)
|
||||||
* I initially designed it that way */
|
* I initially designed it that way */
|
||||||
if (main_pk->has_expired || pk->has_expired)
|
if (main_pk->has_expired || pk->has_expired)
|
||||||
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
|
validity = (validity & ~TRUST_MASK) | TRUST_EXPIRED;
|
||||||
|
|
||||||
if (pending_check_trustdb)
|
if (pending_check_trustdb)
|
||||||
validity |= TRUST_FLAG_PENDING_CHECK;
|
validity |= TRUST_FLAG_PENDING_CHECK;
|
||||||
|
|
||||||
|
@ -1307,7 +1341,7 @@ ask_ownertrust (u32 *kid,int minimum)
|
||||||
keystr(kid), g10_errstr(rc) );
|
keystr(kid), g10_errstr(rc) );
|
||||||
return TRUST_UNKNOWN;
|
return TRUST_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(opt.force_ownertrust)
|
if(opt.force_ownertrust)
|
||||||
{
|
{
|
||||||
log_info("force trust for key %s to %s\n",
|
log_info("force trust for key %s to %s\n",
|
||||||
|
@ -1380,7 +1414,7 @@ dump_key_array (int depth, struct key_array *keys)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -1403,7 +1437,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
|
||||||
status = TRUST_UNDEFINED;
|
status = TRUST_UNDEFINED;
|
||||||
else
|
else
|
||||||
status = 0;
|
status = 0;
|
||||||
|
|
||||||
if (status)
|
if (status)
|
||||||
{
|
{
|
||||||
update_validity (keyblock->pkt->pkt.public_key,
|
update_validity (keyblock->pkt->pkt.public_key,
|
||||||
|
@ -1418,7 +1452,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
|
||||||
|
|
||||||
if (any)
|
if (any)
|
||||||
do_sync ();
|
do_sync ();
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* check whether the signature sig is in the klist k
|
* check whether the signature sig is in the klist k
|
||||||
|
@ -1450,7 +1484,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
|
||||||
{
|
{
|
||||||
KBNODE node;
|
KBNODE node;
|
||||||
PKT_signature *sig;
|
PKT_signature *sig;
|
||||||
|
|
||||||
/* first check all signatures */
|
/* first check all signatures */
|
||||||
for (node=uidnode->next; node; node = node->next)
|
for (node=uidnode->next; node; node = node->next)
|
||||||
{
|
{
|
||||||
|
@ -1483,7 +1517,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
node->flag |= 1<<9;
|
node->flag |= 1<<9;
|
||||||
}
|
}
|
||||||
/* reset the remaining flags */
|
/* reset the remaining flags */
|
||||||
for (; node; node = node->next)
|
for (; node; node = node->next)
|
||||||
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
|
node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
|
||||||
|
@ -1531,7 +1565,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
|
||||||
older: if signode was older then we don't want to take n
|
older: if signode was older then we don't want to take n
|
||||||
as signode is nonrevocable. If n was older then we're
|
as signode is nonrevocable. If n was older then we're
|
||||||
automatically fine. */
|
automatically fine. */
|
||||||
|
|
||||||
if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
|
if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
|
||||||
!signode->pkt->pkt.signature->flags.revocable &&
|
!signode->pkt->pkt.signature->flags.revocable &&
|
||||||
(signode->pkt->pkt.signature->expiredate==0 ||
|
(signode->pkt->pkt.signature->expiredate==0 ||
|
||||||
|
@ -1547,7 +1581,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
|
||||||
n was older then we don't want to take signode as n is
|
n was older then we don't want to take signode as n is
|
||||||
nonrevocable. If signode was older then we're
|
nonrevocable. If signode was older then we're
|
||||||
automatically fine. */
|
automatically fine. */
|
||||||
|
|
||||||
if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
|
if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
|
||||||
!signode->pkt->pkt.signature->flags.revocable &&
|
!signode->pkt->pkt.signature->flags.revocable &&
|
||||||
(signode->pkt->pkt.signature->expiredate==0 ||
|
(signode->pkt->pkt.signature->expiredate==0 ||
|
||||||
|
@ -1578,7 +1612,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
|
||||||
|
|
||||||
sig = signode->pkt->pkt.signature;
|
sig = signode->pkt->pkt.signature;
|
||||||
if (IS_UID_SIG (sig))
|
if (IS_UID_SIG (sig))
|
||||||
{ /* this seems to be a usable one which is not revoked.
|
{ /* this seems to be a usable one which is not revoked.
|
||||||
* Just need to check whether there is an expiration time,
|
* Just need to check whether there is an expiration time,
|
||||||
* We do the expired certification after finding a suitable
|
* We do the expired certification after finding a suitable
|
||||||
* certification, the assumption is that a signator does not
|
* certification, the assumption is that a signator does not
|
||||||
|
@ -1587,7 +1621,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
|
||||||
* different expiration time */
|
* different expiration time */
|
||||||
const byte *p;
|
const byte *p;
|
||||||
u32 expire;
|
u32 expire;
|
||||||
|
|
||||||
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
|
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL );
|
||||||
expire = p? sig->timestamp + buffer_to_u32(p) : 0;
|
expire = p? sig->timestamp + buffer_to_u32(p) : 0;
|
||||||
|
|
||||||
|
@ -1674,7 +1708,7 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
|
||||||
delete_kbnode(node);
|
delete_kbnode(node);
|
||||||
deleted++;
|
deleted++;
|
||||||
}
|
}
|
||||||
|
|
||||||
return deleted;
|
return deleted;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1931,7 +1965,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
||||||
{
|
{
|
||||||
if (uid->help_full_count >= opt.completes_needed
|
if (uid->help_full_count >= opt.completes_needed
|
||||||
|| uid->help_marginal_count >= opt.marginals_needed )
|
|| uid->help_marginal_count >= opt.marginals_needed )
|
||||||
uidnode->flag |= 4;
|
uidnode->flag |= 4;
|
||||||
else if (uid->help_full_count || uid->help_marginal_count)
|
else if (uid->help_full_count || uid->help_marginal_count)
|
||||||
uidnode->flag |= 2;
|
uidnode->flag |= 2;
|
||||||
uidnode->flag |= 1;
|
uidnode->flag |= 1;
|
||||||
|
@ -1946,7 +1980,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
||||||
|
|
||||||
issigned = 0;
|
issigned = 0;
|
||||||
get_validity_counts(pk,uid);
|
get_validity_counts(pk,uid);
|
||||||
mark_usable_uid_certs (kb, uidnode, main_kid, klist,
|
mark_usable_uid_certs (kb, uidnode, main_kid, klist,
|
||||||
curtime, next_expire);
|
curtime, next_expire);
|
||||||
}
|
}
|
||||||
else if (node->pkt->pkttype == PKT_SIGNATURE
|
else if (node->pkt->pkttype == PKT_SIGNATURE
|
||||||
|
@ -1954,7 +1988,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
||||||
{
|
{
|
||||||
/* Note that we are only seeing unrevoked sigs here */
|
/* Note that we are only seeing unrevoked sigs here */
|
||||||
PKT_signature *sig = node->pkt->pkt.signature;
|
PKT_signature *sig = node->pkt->pkt.signature;
|
||||||
|
|
||||||
kr = is_in_klist (klist, sig);
|
kr = is_in_klist (klist, sig);
|
||||||
/* If the trust_regexp does not match, it's as if the sig
|
/* If the trust_regexp does not match, it's as if the sig
|
||||||
did not exist. This is safe for non-trust sigs as well
|
did not exist. This is safe for non-trust sigs as well
|
||||||
|
@ -2047,7 +2081,7 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
||||||
{
|
{
|
||||||
if (uid->help_full_count >= opt.completes_needed
|
if (uid->help_full_count >= opt.completes_needed
|
||||||
|| uid->help_marginal_count >= opt.marginals_needed )
|
|| uid->help_marginal_count >= opt.marginals_needed )
|
||||||
uidnode->flag |= 4;
|
uidnode->flag |= 4;
|
||||||
else if (uid->help_full_count || uid->help_marginal_count)
|
else if (uid->help_full_count || uid->help_marginal_count)
|
||||||
uidnode->flag |= 2;
|
uidnode->flag |= 2;
|
||||||
uidnode->flag |= 1;
|
uidnode->flag |= 1;
|
||||||
|
@ -2070,7 +2104,7 @@ search_skipfnc (void *opaque, u32 *kid, PKT_user_id *dummy)
|
||||||
* kllist. The caller has to pass keydb handle so that we don't use
|
* kllist. The caller has to pass keydb handle so that we don't use
|
||||||
* to create our own. Returns either a key_array or NULL in case of
|
* to create our own. Returns either a key_array or NULL in case of
|
||||||
* an error. No results found are indicated by an empty array.
|
* an error. No results found are indicated by an empty array.
|
||||||
* Caller hast to release the returned array.
|
* Caller hast to release the returned array.
|
||||||
*/
|
*/
|
||||||
static struct key_array *
|
static struct key_array *
|
||||||
validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
|
validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
|
||||||
|
@ -2081,11 +2115,11 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
|
||||||
size_t nkeys, maxkeys;
|
size_t nkeys, maxkeys;
|
||||||
int rc;
|
int rc;
|
||||||
KEYDB_SEARCH_DESC desc;
|
KEYDB_SEARCH_DESC desc;
|
||||||
|
|
||||||
maxkeys = 1000;
|
maxkeys = 1000;
|
||||||
keys = xmalloc ((maxkeys+1) * sizeof *keys);
|
keys = xmalloc ((maxkeys+1) * sizeof *keys);
|
||||||
nkeys = 0;
|
nkeys = 0;
|
||||||
|
|
||||||
rc = keydb_search_reset (hd);
|
rc = keydb_search_reset (hd);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
|
@ -2110,21 +2144,21 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
|
||||||
xfree (keys);
|
xfree (keys);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
|
desc.mode = KEYDB_SEARCH_MODE_NEXT; /* change mode */
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
|
|
||||||
rc = keydb_get_keyblock (hd, &keyblock);
|
rc = keydb_get_keyblock (hd, &keyblock);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
|
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
|
||||||
xfree (keys);
|
xfree (keys);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
|
if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
|
||||||
{
|
{
|
||||||
log_debug ("ooops: invalid pkttype %d encountered\n",
|
log_debug ("ooops: invalid pkttype %d encountered\n",
|
||||||
keyblock->pkt->pkttype);
|
keyblock->pkt->pkttype);
|
||||||
|
@ -2134,7 +2168,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* prepare the keyblock for further processing */
|
/* prepare the keyblock for further processing */
|
||||||
merge_keys_and_selfsig (keyblock);
|
merge_keys_and_selfsig (keyblock);
|
||||||
clear_kbnode_flags (keyblock);
|
clear_kbnode_flags (keyblock);
|
||||||
pk = keyblock->pkt->pkt.public_key;
|
pk = keyblock->pkt->pkt.public_key;
|
||||||
if (pk->has_expired || pk->is_revoked)
|
if (pk->has_expired || pk->is_revoked)
|
||||||
|
@ -2171,9 +2205,9 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
|
||||||
|
|
||||||
release_kbnode (keyblock);
|
release_kbnode (keyblock);
|
||||||
keyblock = NULL;
|
keyblock = NULL;
|
||||||
}
|
}
|
||||||
while ( !(rc = keydb_search (hd, &desc, 1)) );
|
while ( !(rc = keydb_search (hd, &desc, 1)) );
|
||||||
if (rc && rc != -1)
|
if (rc && rc != -1)
|
||||||
{
|
{
|
||||||
log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
|
log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
|
||||||
xfree (keys);
|
xfree (keys);
|
||||||
|
@ -2182,7 +2216,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
|
||||||
|
|
||||||
keys[nkeys].keyblock = NULL;
|
keys[nkeys].keyblock = NULL;
|
||||||
return keys;
|
return keys;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Caller must sync */
|
/* Caller must sync */
|
||||||
static void
|
static void
|
||||||
|
@ -2192,7 +2226,7 @@ reset_trust_records(void)
|
||||||
ulong recnum;
|
ulong recnum;
|
||||||
int count = 0, nreset = 0;
|
int count = 0, nreset = 0;
|
||||||
|
|
||||||
for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
|
for (recnum=1; !tdbio_read_record (recnum, &rec, 0); recnum++ )
|
||||||
{
|
{
|
||||||
if(rec.rectype==RECTYPE_TRUST)
|
if(rec.rectype==RECTYPE_TRUST)
|
||||||
{
|
{
|
||||||
|
@ -2231,7 +2265,7 @@ reset_trust_records(void)
|
||||||
* Step 2: loop max_cert_times
|
* Step 2: loop max_cert_times
|
||||||
* Step 3: if OWNERTRUST of any key in klist is undefined
|
* Step 3: if OWNERTRUST of any key in klist is undefined
|
||||||
* ask user to assign ownertrust
|
* ask user to assign ownertrust
|
||||||
* Step 4: Loop over all keys in the keyDB which are not marked seen
|
* Step 4: Loop over all keys in the keyDB which are not marked seen
|
||||||
* Step 5: if key is revoked or expired
|
* Step 5: if key is revoked or expired
|
||||||
* mark key as seen
|
* mark key as seen
|
||||||
* continue loop at Step 4
|
* continue loop at Step 4
|
||||||
|
@ -2243,7 +2277,7 @@ reset_trust_records(void)
|
||||||
* End Loop
|
* End Loop
|
||||||
* Step 8: Build a new klist from all fully trusted keys from step 6
|
* Step 8: Build a new klist from all fully trusted keys from step 6
|
||||||
* End Loop
|
* End Loop
|
||||||
* Ready
|
* Ready
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
|
@ -2313,7 +2347,7 @@ validate_keys (int interactive)
|
||||||
if ( pk->expiredate && pk->expiredate >= start_time
|
if ( pk->expiredate && pk->expiredate >= start_time
|
||||||
&& pk->expiredate < next_expire)
|
&& pk->expiredate < next_expire)
|
||||||
next_expire = pk->expiredate;
|
next_expire = pk->expiredate;
|
||||||
|
|
||||||
release_kbnode (keyblock);
|
release_kbnode (keyblock);
|
||||||
do_sync ();
|
do_sync ();
|
||||||
}
|
}
|
||||||
|
@ -2389,7 +2423,7 @@ validate_keys (int interactive)
|
||||||
/* Find all keys which are signed by a key in kdlist */
|
/* Find all keys which are signed by a key in kdlist */
|
||||||
keys = validate_key_list (kdb, full_trust, klist,
|
keys = validate_key_list (kdb, full_trust, klist,
|
||||||
start_time, &next_expire);
|
start_time, &next_expire);
|
||||||
if (!keys)
|
if (!keys)
|
||||||
{
|
{
|
||||||
log_error ("validate_key_list failed\n");
|
log_error ("validate_key_list failed\n");
|
||||||
rc = G10ERR_GENERAL;
|
rc = G10ERR_GENERAL;
|
||||||
|
@ -2407,9 +2441,9 @@ validate_keys (int interactive)
|
||||||
store_validation_status (depth, kar->keyblock, stored);
|
store_validation_status (depth, kar->keyblock, stored);
|
||||||
|
|
||||||
log_info (_("depth: %d valid: %3d signed: %3d"
|
log_info (_("depth: %d valid: %3d signed: %3d"
|
||||||
" trust: %d-, %dq, %dn, %dm, %df, %du\n"),
|
" trust: %d-, %dq, %dn, %dm, %df, %du\n"),
|
||||||
depth, valids, key_count, ot_unknown, ot_undefined,
|
depth, valids, key_count, ot_unknown, ot_undefined,
|
||||||
ot_never, ot_marginal, ot_full, ot_ultimate );
|
ot_never, ot_marginal, ot_full, ot_ultimate );
|
||||||
|
|
||||||
/* Build a new kdlist from all fully valid keys in KEYS */
|
/* Build a new kdlist from all fully valid keys in KEYS */
|
||||||
if (klist != utk_list)
|
if (klist != utk_list)
|
||||||
|
@ -2471,10 +2505,10 @@ validate_keys (int interactive)
|
||||||
if (!rc && !quit) /* mark trustDB as checked */
|
if (!rc && !quit) /* mark trustDB as checked */
|
||||||
{
|
{
|
||||||
if (next_expire == 0xffffffff || next_expire < start_time )
|
if (next_expire == 0xffffffff || next_expire < start_time )
|
||||||
tdbio_write_nextcheck (0);
|
tdbio_write_nextcheck (0);
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
tdbio_write_nextcheck (next_expire);
|
tdbio_write_nextcheck (next_expire);
|
||||||
log_info (_("next trustdb check due at %s\n"),
|
log_info (_("next trustdb check due at %s\n"),
|
||||||
strtimestamp (next_expire));
|
strtimestamp (next_expire));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user