From 333b870929b9f6f65d9b229d301c0b38719da430 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Thu, 19 Jan 2012 22:33:51 -0500 Subject: [PATCH] Changes to --min-cert-level should cause a trustdb rebuild (issue 1366) * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level * g10/trustdb.c (check_trustdb_stale): Request a rebuild if pending_check_trustdb is true (set when we detect a trustdb parameter has changed). * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons listing for min_cert_level not matching. * g10/tdbio.c (tdbio_update_version_record, create_version_record, tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record, tdbio_write_record): Add a byte for min_cert_level in the tdbio version record. --- g10/gpgv.c | 8 +++++--- g10/keylist.c | 8 +++++--- g10/tdbio.c | 18 ++++++++++++------ g10/tdbio.h | 3 ++- g10/trustdb.c | 10 +++++++--- g10/trustdb.h | 5 +++-- 6 files changed, 34 insertions(+), 18 deletions(-) diff --git a/g10/gpgv.c b/g10/gpgv.c index 747b05ff2..42452b721 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -1,6 +1,6 @@ /* gpgv.c - The GnuPG signature verify utility - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, - * 2006, 2008 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2006, + * 2008, 2009, 2012 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -232,7 +232,8 @@ check_signatures_trust( PKT_signature *sig ) void read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck, - byte *marginals, byte *completes, byte *cert_depth) + byte *marginals, byte *completes, byte *cert_depth, + byte *min_cert_level) { (void)trust_model; (void)created; @@ -240,6 +241,7 @@ read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck, (void)marginals; (void)completes; (void)cert_depth; + (void)min_cert_level; } /* Stub: diff --git a/g10/keylist.c b/g10/keylist.c index 4a76ee065..8201260d0 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1,6 +1,6 @@ /* keylist.c - print keys * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2008 Free Software Foundation, Inc. + * 2008, 2012 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -65,11 +65,11 @@ public_key_list( strlist_t list, int locate_mode ) { if (opt.with_colons) { - byte trust_model,marginals,completes,cert_depth; + byte trust_model,marginals,completes,cert_depth,min_cert_level; ulong created,nextcheck; read_trust_options(&trust_model,&created,&nextcheck, - &marginals,&completes,&cert_depth); + &marginals,&completes,&cert_depth,&min_cert_level); printf("tru:"); @@ -85,6 +85,8 @@ public_key_list( strlist_t list, int locate_mode ) printf("c"); if(cert_depth!=opt.max_cert_depth) printf("d"); + if(min_cert_level!=opt.min_cert_level) + printf("l"); } printf(":%d:%lu:%lu",trust_model,created,nextcheck); diff --git a/g10/tdbio.c b/g10/tdbio.c index 306935c06..3e6091c1a 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -1,5 +1,5 @@ -/* tdbio.c - trust databse I/O operations - * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. +/* tdbio.c - trust database I/O operations + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2012 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -438,6 +438,7 @@ tdbio_update_version_record (void) rec.r.ver.completes = opt.completes_needed; rec.r.ver.cert_depth = opt.max_cert_depth; rec.r.ver.trust_model = opt.trust_model; + rec.r.ver.min_cert_level = opt.min_cert_level; rc=tdbio_write_record(&rec); } @@ -460,6 +461,7 @@ create_version_record (void) rec.r.ver.trust_model = opt.trust_model; else rec.r.ver.trust_model = TM_PGP; + rec.r.ver.min_cert_level = opt.min_cert_level; rec.rectype = RECTYPE_VER; rec.recnum = 0; rc = tdbio_write_record( &rec ); @@ -681,7 +683,8 @@ tdbio_db_matches_options() yes_no = vr.r.ver.marginals == opt.marginals_needed && vr.r.ver.completes == opt.completes_needed && vr.r.ver.cert_depth == opt.max_cert_depth - && vr.r.ver.trust_model == opt.trust_model; + && vr.r.ver.trust_model == opt.trust_model + && vr.r.ver.min_cert_level == opt.min_cert_level; } return yes_no; @@ -1111,13 +1114,14 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp ) case 0: fprintf(fp, "blank\n"); break; case RECTYPE_VER: fprintf(fp, - "version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d nc=%lu (%s)\n", + "version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d mcl=%d nc=%lu (%s)\n", rec->r.ver.trusthashtbl, rec->r.ver.firstfree, rec->r.ver.marginals, rec->r.ver.completes, rec->r.ver.cert_depth, rec->r.ver.trust_model, + rec->r.ver.min_cert_level, rec->r.ver.nextcheck, strtimestamp(rec->r.ver.nextcheck) ); @@ -1213,7 +1217,8 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) rec->r.ver.completes = *p++; rec->r.ver.cert_depth = *p++; rec->r.ver.trust_model = *p++; - p += 3; + rec->r.ver.min_cert_level = *p++; + p += 2; rec->r.ver.created = buftoulong(p); p += 4; rec->r.ver.nextcheck = buftoulong(p); p += 4; p += 4; @@ -1300,7 +1305,8 @@ tdbio_write_record( TRUSTREC *rec ) *p++ = rec->r.ver.completes; *p++ = rec->r.ver.cert_depth; *p++ = rec->r.ver.trust_model; - p += 3; + *p++ = rec->r.ver.min_cert_level; + p += 2; ulongtobuf(p, rec->r.ver.created); p += 4; ulongtobuf(p, rec->r.ver.nextcheck); p += 4; p += 4; diff --git a/g10/tdbio.h b/g10/tdbio.h index ddc5afccf..b99b491f3 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -1,5 +1,5 @@ /* tdbio.h - Trust database I/O functions - * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2012 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -54,6 +54,7 @@ struct trust_record { byte completes; byte cert_depth; byte trust_model; + byte min_cert_level; ulong created; /* timestamp of trustdb creation */ ulong nextcheck; /* timestamp of next scheduled check */ ulong reserved; diff --git a/g10/trustdb.c b/g10/trustdb.c index c83e16984..fe8b83334 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1,6 +1,6 @@ /* trustdb.c * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008 Free Software Foundation, Inc. + * 2008, 2012 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -656,7 +656,8 @@ trustdb_check_or_update(void) void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, - byte *marginals,byte *completes,byte *cert_depth) + byte *marginals,byte *completes,byte *cert_depth, + byte *min_cert_level) { TRUSTREC opts; @@ -676,6 +677,8 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, *completes=opts.r.ver.completes; if(cert_depth) *cert_depth=opts.r.ver.cert_depth; + if(min_cert_level) + *min_cert_level=opts.r.ver.min_cert_level; } /*********************************************** @@ -1041,7 +1044,8 @@ check_trustdb_stale(void) did_nextcheck = 1; scheduled = tdbio_read_nextcheck (); - if (scheduled && scheduled <= make_timestamp ()) + if ((scheduled && scheduled <= make_timestamp ()) + || pending_check_trustdb) { if (opt.no_auto_check_trustdb) { diff --git a/g10/trustdb.h b/g10/trustdb.h index e2202f38f..0a9ce335a 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -1,6 +1,6 @@ /* trustdb.h - Trust database * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2005 Free Software Foundation, Inc. + * 2005, 2012 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -70,7 +70,8 @@ void enum_cert_paths_print( void **context, FILE *fp, int refresh, ulong selected_lid ); void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, - byte *marginals,byte *completes,byte *cert_depth); + byte *marginals,byte *completes,byte *cert_depth, + byte *min_cert_level); unsigned int get_ownertrust (PKT_public_key *pk); unsigned int get_min_ownertrust (PKT_public_key *pk);