mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
g10: When changing a TOFU binding's policy, update the conflict info
* g10/tofu.c (record_binding): Take an additional argument, CONFLICT. Set the binding's conflict accordingly. Update callers. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
parent
ca84f65c7c
commit
3ad17e72fa
33
g10/tofu.c
33
g10/tofu.c
@ -797,8 +797,9 @@ get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName,
|
|||||||
If SHOW_OLD is set, the binding's old policy is displayed. */
|
If SHOW_OLD is set, the binding's old policy is displayed. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
|
record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
|
||||||
const char *user_id, enum tofu_policy policy, int show_old,
|
const char *user_id, enum tofu_policy policy,
|
||||||
time_t now)
|
const char *conflict,
|
||||||
|
int show_old, time_t now)
|
||||||
{
|
{
|
||||||
char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0);
|
char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0);
|
||||||
gpg_error_t rc;
|
gpg_error_t rc;
|
||||||
@ -850,12 +851,6 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
|
|||||||
" <key: %s, user id: %s> to %s.\n",
|
" <key: %s, user id: %s> to %s.\n",
|
||||||
fingerprint, show_old ? user_id : email,
|
fingerprint, show_old ? user_id : email,
|
||||||
tofu_policy_str (policy));
|
tofu_policy_str (policy));
|
||||||
|
|
||||||
if (policy_old == policy)
|
|
||||||
{
|
|
||||||
rc = 0;
|
|
||||||
goto leave; /* Nothing to do. */
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt.dry_run)
|
if (opt.dry_run)
|
||||||
@ -868,18 +863,19 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
|
|||||||
rc = gpgsql_stepx
|
rc = gpgsql_stepx
|
||||||
(dbs->db, &dbs->s.record_binding_update, NULL, NULL, &err,
|
(dbs->db, &dbs->s.record_binding_update, NULL, NULL, &err,
|
||||||
"insert or replace into bindings\n"
|
"insert or replace into bindings\n"
|
||||||
" (oid, fingerprint, email, user_id, time, policy)\n"
|
" (oid, fingerprint, email, user_id, time, policy, conflict)\n"
|
||||||
" values (\n"
|
" values (\n"
|
||||||
/* If we don't explicitly reuse the OID, then SQLite will
|
/* If we don't explicitly reuse the OID, then SQLite will
|
||||||
reallocate a new one. We just need to search for the OID
|
reallocate a new one. We just need to search for the OID
|
||||||
based on the fingerprint and email since they are unique. */
|
based on the fingerprint and email since they are unique. */
|
||||||
" (select oid from bindings where fingerprint = ? and email = ?),\n"
|
" (select oid from bindings where fingerprint = ? and email = ?),\n"
|
||||||
" ?, ?, ?, ?, ?);",
|
" ?, ?, ?, ?, ?, ?);",
|
||||||
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
||||||
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
|
||||||
GPGSQL_ARG_STRING, user_id,
|
GPGSQL_ARG_STRING, user_id,
|
||||||
GPGSQL_ARG_LONG_LONG, (long long) now,
|
GPGSQL_ARG_LONG_LONG, (long long) now,
|
||||||
GPGSQL_ARG_INT, (int) policy,
|
GPGSQL_ARG_INT, (int) policy,
|
||||||
|
GPGSQL_ARG_STRING, conflict ? conflict : "",
|
||||||
GPGSQL_ARG_END);
|
GPGSQL_ARG_END);
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
@ -1747,7 +1743,7 @@ ask_about_binding (ctrl_t ctrl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
*policy, 0, now))
|
*policy, NULL, 0, now))
|
||||||
{
|
{
|
||||||
/* If there's an error registering the
|
/* If there's an error registering the
|
||||||
* binding, don't save the signature. */
|
* binding, don't save the signature. */
|
||||||
@ -2087,7 +2083,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
/* New binding. */
|
/* New binding. */
|
||||||
{
|
{
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_GOOD, 0, now) != 0)
|
TOFU_POLICY_GOOD, NULL, 0, now) != 0)
|
||||||
{
|
{
|
||||||
log_error (_("error setting TOFU binding's trust level"
|
log_error (_("error setting TOFU binding's trust level"
|
||||||
" to %s\n"), "good");
|
" to %s\n"), "good");
|
||||||
@ -2206,7 +2202,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
if (is_signed_by_utk)
|
if (is_signed_by_utk)
|
||||||
{
|
{
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_GOOD, 0, now) != 0)
|
TOFU_POLICY_GOOD, NULL, 0, now) != 0)
|
||||||
{
|
{
|
||||||
log_error (_("error setting TOFU binding's trust level"
|
log_error (_("error setting TOFU binding's trust level"
|
||||||
" to %s\n"), "good");
|
" to %s\n"), "good");
|
||||||
@ -2246,7 +2242,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
fingerprint, email);
|
fingerprint, email);
|
||||||
|
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_AUTO, 0, now) != 0)
|
TOFU_POLICY_AUTO, NULL, 0, now) != 0)
|
||||||
{
|
{
|
||||||
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
||||||
"auto");
|
"auto");
|
||||||
@ -2275,7 +2271,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
fingerprint, email);
|
fingerprint, email);
|
||||||
|
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_AUTO, 0, now) != 0)
|
TOFU_POLICY_AUTO, NULL, 0, now) != 0)
|
||||||
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
||||||
"auto");
|
"auto");
|
||||||
|
|
||||||
@ -2297,7 +2293,10 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
|
|||||||
log_assert (policy == TOFU_POLICY_NONE);
|
log_assert (policy == TOFU_POLICY_NONE);
|
||||||
|
|
||||||
if (record_binding (dbs, fingerprint, email, user_id,
|
if (record_binding (dbs, fingerprint, email, user_id,
|
||||||
TOFU_POLICY_ASK, 0, now) != 0)
|
TOFU_POLICY_ASK,
|
||||||
|
conflict_set && conflict_set->next
|
||||||
|
? conflict_set->next->d : NULL,
|
||||||
|
0, now) != 0)
|
||||||
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
log_error (_("error setting TOFU binding's trust level to %s\n"),
|
||||||
"ask");
|
"ask");
|
||||||
|
|
||||||
@ -3378,7 +3377,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
|
|||||||
email = email_from_user_id (user_id->name);
|
email = email_from_user_id (user_id->name);
|
||||||
|
|
||||||
err = record_binding (dbs, fingerprint, email, user_id->name,
|
err = record_binding (dbs, fingerprint, email, user_id->name,
|
||||||
policy, 1, now);
|
policy, NULL, 1, now);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error (_("error setting policy for key %s, user id \"%s\": %s"),
|
log_error (_("error setting policy for key %s, user id \"%s\": %s"),
|
||||||
|
Loading…
x
Reference in New Issue
Block a user