mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-20 14:37:08 +01:00
Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level * g10/trustdb.c (check_trustdb_stale): Request a rebuild if pending_check_trustdb is true (set when we detect a trustdb parameter has changed). * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons listing for min_cert_level not matching. * g10/tdbio.c (tdbio_update_version_record, create_version_record, tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record, tdbio_write_record): Add a byte for min_cert_level in the tdbio version record.
This commit is contained in:
parent
27a1e8d620
commit
333b870929
@ -1,6 +1,6 @@
|
|||||||
/* gpgv.c - The GnuPG signature verify utility
|
/* gpgv.c - The GnuPG signature verify utility
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005,
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2005, 2006,
|
||||||
* 2006, 2008 Free Software Foundation, Inc.
|
* 2008, 2009, 2012 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -232,7 +232,8 @@ check_signatures_trust( PKT_signature *sig )
|
|||||||
|
|
||||||
void
|
void
|
||||||
read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
|
read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
|
||||||
byte *marginals, byte *completes, byte *cert_depth)
|
byte *marginals, byte *completes, byte *cert_depth,
|
||||||
|
byte *min_cert_level)
|
||||||
{
|
{
|
||||||
(void)trust_model;
|
(void)trust_model;
|
||||||
(void)created;
|
(void)created;
|
||||||
@ -240,6 +241,7 @@ read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
|
|||||||
(void)marginals;
|
(void)marginals;
|
||||||
(void)completes;
|
(void)completes;
|
||||||
(void)cert_depth;
|
(void)cert_depth;
|
||||||
|
(void)min_cert_level;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Stub:
|
/* Stub:
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* keylist.c - print keys
|
/* keylist.c - print keys
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
||||||
* 2008 Free Software Foundation, Inc.
|
* 2008, 2012 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -65,11 +65,11 @@ public_key_list( strlist_t list, int locate_mode )
|
|||||||
{
|
{
|
||||||
if (opt.with_colons)
|
if (opt.with_colons)
|
||||||
{
|
{
|
||||||
byte trust_model,marginals,completes,cert_depth;
|
byte trust_model,marginals,completes,cert_depth,min_cert_level;
|
||||||
ulong created,nextcheck;
|
ulong created,nextcheck;
|
||||||
|
|
||||||
read_trust_options(&trust_model,&created,&nextcheck,
|
read_trust_options(&trust_model,&created,&nextcheck,
|
||||||
&marginals,&completes,&cert_depth);
|
&marginals,&completes,&cert_depth,&min_cert_level);
|
||||||
|
|
||||||
printf("tru:");
|
printf("tru:");
|
||||||
|
|
||||||
@ -85,6 +85,8 @@ public_key_list( strlist_t list, int locate_mode )
|
|||||||
printf("c");
|
printf("c");
|
||||||
if(cert_depth!=opt.max_cert_depth)
|
if(cert_depth!=opt.max_cert_depth)
|
||||||
printf("d");
|
printf("d");
|
||||||
|
if(min_cert_level!=opt.min_cert_level)
|
||||||
|
printf("l");
|
||||||
}
|
}
|
||||||
|
|
||||||
printf(":%d:%lu:%lu",trust_model,created,nextcheck);
|
printf(":%d:%lu:%lu",trust_model,created,nextcheck);
|
||||||
|
18
g10/tdbio.c
18
g10/tdbio.c
@ -1,5 +1,5 @@
|
|||||||
/* tdbio.c - trust databse I/O operations
|
/* tdbio.c - trust database I/O operations
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2012 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -438,6 +438,7 @@ tdbio_update_version_record (void)
|
|||||||
rec.r.ver.completes = opt.completes_needed;
|
rec.r.ver.completes = opt.completes_needed;
|
||||||
rec.r.ver.cert_depth = opt.max_cert_depth;
|
rec.r.ver.cert_depth = opt.max_cert_depth;
|
||||||
rec.r.ver.trust_model = opt.trust_model;
|
rec.r.ver.trust_model = opt.trust_model;
|
||||||
|
rec.r.ver.min_cert_level = opt.min_cert_level;
|
||||||
rc=tdbio_write_record(&rec);
|
rc=tdbio_write_record(&rec);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -460,6 +461,7 @@ create_version_record (void)
|
|||||||
rec.r.ver.trust_model = opt.trust_model;
|
rec.r.ver.trust_model = opt.trust_model;
|
||||||
else
|
else
|
||||||
rec.r.ver.trust_model = TM_PGP;
|
rec.r.ver.trust_model = TM_PGP;
|
||||||
|
rec.r.ver.min_cert_level = opt.min_cert_level;
|
||||||
rec.rectype = RECTYPE_VER;
|
rec.rectype = RECTYPE_VER;
|
||||||
rec.recnum = 0;
|
rec.recnum = 0;
|
||||||
rc = tdbio_write_record( &rec );
|
rc = tdbio_write_record( &rec );
|
||||||
@ -681,7 +683,8 @@ tdbio_db_matches_options()
|
|||||||
yes_no = vr.r.ver.marginals == opt.marginals_needed
|
yes_no = vr.r.ver.marginals == opt.marginals_needed
|
||||||
&& vr.r.ver.completes == opt.completes_needed
|
&& vr.r.ver.completes == opt.completes_needed
|
||||||
&& vr.r.ver.cert_depth == opt.max_cert_depth
|
&& vr.r.ver.cert_depth == opt.max_cert_depth
|
||||||
&& vr.r.ver.trust_model == opt.trust_model;
|
&& vr.r.ver.trust_model == opt.trust_model
|
||||||
|
&& vr.r.ver.min_cert_level == opt.min_cert_level;
|
||||||
}
|
}
|
||||||
|
|
||||||
return yes_no;
|
return yes_no;
|
||||||
@ -1111,13 +1114,14 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp )
|
|||||||
case 0: fprintf(fp, "blank\n");
|
case 0: fprintf(fp, "blank\n");
|
||||||
break;
|
break;
|
||||||
case RECTYPE_VER: fprintf(fp,
|
case RECTYPE_VER: fprintf(fp,
|
||||||
"version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d nc=%lu (%s)\n",
|
"version, td=%lu, f=%lu, m/c/d=%d/%d/%d tm=%d mcl=%d nc=%lu (%s)\n",
|
||||||
rec->r.ver.trusthashtbl,
|
rec->r.ver.trusthashtbl,
|
||||||
rec->r.ver.firstfree,
|
rec->r.ver.firstfree,
|
||||||
rec->r.ver.marginals,
|
rec->r.ver.marginals,
|
||||||
rec->r.ver.completes,
|
rec->r.ver.completes,
|
||||||
rec->r.ver.cert_depth,
|
rec->r.ver.cert_depth,
|
||||||
rec->r.ver.trust_model,
|
rec->r.ver.trust_model,
|
||||||
|
rec->r.ver.min_cert_level,
|
||||||
rec->r.ver.nextcheck,
|
rec->r.ver.nextcheck,
|
||||||
strtimestamp(rec->r.ver.nextcheck)
|
strtimestamp(rec->r.ver.nextcheck)
|
||||||
);
|
);
|
||||||
@ -1213,7 +1217,8 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected )
|
|||||||
rec->r.ver.completes = *p++;
|
rec->r.ver.completes = *p++;
|
||||||
rec->r.ver.cert_depth = *p++;
|
rec->r.ver.cert_depth = *p++;
|
||||||
rec->r.ver.trust_model = *p++;
|
rec->r.ver.trust_model = *p++;
|
||||||
p += 3;
|
rec->r.ver.min_cert_level = *p++;
|
||||||
|
p += 2;
|
||||||
rec->r.ver.created = buftoulong(p); p += 4;
|
rec->r.ver.created = buftoulong(p); p += 4;
|
||||||
rec->r.ver.nextcheck = buftoulong(p); p += 4;
|
rec->r.ver.nextcheck = buftoulong(p); p += 4;
|
||||||
p += 4;
|
p += 4;
|
||||||
@ -1300,7 +1305,8 @@ tdbio_write_record( TRUSTREC *rec )
|
|||||||
*p++ = rec->r.ver.completes;
|
*p++ = rec->r.ver.completes;
|
||||||
*p++ = rec->r.ver.cert_depth;
|
*p++ = rec->r.ver.cert_depth;
|
||||||
*p++ = rec->r.ver.trust_model;
|
*p++ = rec->r.ver.trust_model;
|
||||||
p += 3;
|
*p++ = rec->r.ver.min_cert_level;
|
||||||
|
p += 2;
|
||||||
ulongtobuf(p, rec->r.ver.created); p += 4;
|
ulongtobuf(p, rec->r.ver.created); p += 4;
|
||||||
ulongtobuf(p, rec->r.ver.nextcheck); p += 4;
|
ulongtobuf(p, rec->r.ver.nextcheck); p += 4;
|
||||||
p += 4;
|
p += 4;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/* tdbio.h - Trust database I/O functions
|
/* tdbio.h - Trust database I/O functions
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2012 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -54,6 +54,7 @@ struct trust_record {
|
|||||||
byte completes;
|
byte completes;
|
||||||
byte cert_depth;
|
byte cert_depth;
|
||||||
byte trust_model;
|
byte trust_model;
|
||||||
|
byte min_cert_level;
|
||||||
ulong created; /* timestamp of trustdb creation */
|
ulong created; /* timestamp of trustdb creation */
|
||||||
ulong nextcheck; /* timestamp of next scheduled check */
|
ulong nextcheck; /* timestamp of next scheduled check */
|
||||||
ulong reserved;
|
ulong reserved;
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* trustdb.c
|
/* trustdb.c
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
|
||||||
* 2008 Free Software Foundation, Inc.
|
* 2008, 2012 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -656,7 +656,8 @@ trustdb_check_or_update(void)
|
|||||||
|
|
||||||
void
|
void
|
||||||
read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
|
read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
|
||||||
byte *marginals,byte *completes,byte *cert_depth)
|
byte *marginals,byte *completes,byte *cert_depth,
|
||||||
|
byte *min_cert_level)
|
||||||
{
|
{
|
||||||
TRUSTREC opts;
|
TRUSTREC opts;
|
||||||
|
|
||||||
@ -676,6 +677,8 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
|
|||||||
*completes=opts.r.ver.completes;
|
*completes=opts.r.ver.completes;
|
||||||
if(cert_depth)
|
if(cert_depth)
|
||||||
*cert_depth=opts.r.ver.cert_depth;
|
*cert_depth=opts.r.ver.cert_depth;
|
||||||
|
if(min_cert_level)
|
||||||
|
*min_cert_level=opts.r.ver.min_cert_level;
|
||||||
}
|
}
|
||||||
|
|
||||||
/***********************************************
|
/***********************************************
|
||||||
@ -1041,7 +1044,8 @@ check_trustdb_stale(void)
|
|||||||
|
|
||||||
did_nextcheck = 1;
|
did_nextcheck = 1;
|
||||||
scheduled = tdbio_read_nextcheck ();
|
scheduled = tdbio_read_nextcheck ();
|
||||||
if (scheduled && scheduled <= make_timestamp ())
|
if ((scheduled && scheduled <= make_timestamp ())
|
||||||
|
|| pending_check_trustdb)
|
||||||
{
|
{
|
||||||
if (opt.no_auto_check_trustdb)
|
if (opt.no_auto_check_trustdb)
|
||||||
{
|
{
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* trustdb.h - Trust database
|
/* trustdb.h - Trust database
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
|
||||||
* 2005 Free Software Foundation, Inc.
|
* 2005, 2012 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -70,7 +70,8 @@ void enum_cert_paths_print( void **context, FILE *fp,
|
|||||||
int refresh, ulong selected_lid );
|
int refresh, ulong selected_lid );
|
||||||
|
|
||||||
void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
|
void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
|
||||||
byte *marginals,byte *completes,byte *cert_depth);
|
byte *marginals,byte *completes,byte *cert_depth,
|
||||||
|
byte *min_cert_level);
|
||||||
|
|
||||||
unsigned int get_ownertrust (PKT_public_key *pk);
|
unsigned int get_ownertrust (PKT_public_key *pk);
|
||||||
unsigned int get_min_ownertrust (PKT_public_key *pk);
|
unsigned int get_min_ownertrust (PKT_public_key *pk);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user